FreeBSD Manual Pages
SAFE(4) Kernel Interfaces Manual SAFE(4) NAME safe -- SafeNet SafeXcel 1141/1741 crypto accelerator SYNOPSIS To compile this driver into the kernel, place the following lines in your kernel configuration file: device crypto device cryptodev device safe Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5): safe_load="YES" In sysctl.conf(5): hw.safe.debug hw.safe.dump hw.safe.rnginterval hw.safe.rngbufsize hw.safe.rngmaxalarm DESCRIPTION The safe driver supports cards containing SafeNet crypto accelerator chips. The safe driver registers itself to accelerate AES, SHA1-HMAC, and NULL operations for ipsec(4) and crypto(4). On all models, the driver registers itself to provide random data to the random(4) subsystem. Periodically the driver will poll the hard- ware RNG and retrieve data for use by the system. If the driver de- tects that the hardware RNG is resonating with any local signal, it will reset the oscillators that generate random data. Three sysctl(8) settings control this procedure: hw.safe.rnginterval specifies the time, in seconds, between polling operations, hw.safe.rngbufsize speci- fies the number of 32-bit words to retrieve on each poll, and hw.safe.rngmaxalarm specifies the threshold for resetting the oscilla- tors. When the driver is compiled with SAFE_DEBUG defined, two sysctl(8) variables are provided for debugging purposes: hw.safe.debug can be set to a non-zero value to enable debugging messages to be sent to the con- sole for each cryptographic operation, hw.safe.dump is a write-only variable that can be used to force driver state to be sent to the con- sole. Set this variable to "ring" to dump the current state of the de- scriptor ring, to "dma" to dump the hardware DMA registers, or to "int" to dump the hardware interrupt registers. HARDWARE The safe driver supports the following SafeXcel chips: SafeNet 1141 The original chipset. Supports DES, Triple-DES, AES, MD5, and SHA-1 symmetric crypto opera- tions, RNG, public key op- erations, and full IPsec packet process- ing. SafeNet 1741 A faster version of the 1141. SEE ALSO crypt(3), crypto(4), intro(4), ipsec(4), random(4), crypto(7), crypto(9) BUGS Public key support is not implemented. FreeBSD 14.3 November 22, 2024 SAFE(4)
NAME | SYNOPSIS | DESCRIPTION | HARDWARE | SEE ALSO | BUGS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=safe&sektion=4&manpath=FreeBSD+14.3-RELEASE+and+Ports>