FreeBSD Manual Pages

home | help

SAFE(4)			    Kernel Interfaces Manual		       SAFE(4)

NAME
       safe -- SafeNet SafeXcel	1141/1741 crypto accelerator

SYNOPSIS
       To  compile  this  driver into the kernel, place	the following lines in
       your kernel configuration file:

	     device crypto
	     device cryptodev
	     device safe

       Alternatively, to load the driver as a module at	boot time,  place  the
       following line in loader.conf(5):

	     safe_load="YES"

       In sysctl.conf(5):

	     hw.safe.debug
	     hw.safe.dump
	     hw.safe.rnginterval
	     hw.safe.rngbufsize
	     hw.safe.rngmaxalarm

DESCRIPTION
       The  safe  driver  supports cards containing SafeNet crypto accelerator
       chips.

       The safe	driver registers itself	to accelerate AES, SHA1-HMAC, and NULL
       operations for ipsec(4) and crypto(4).

       On all models, the driver registers itself to provide  random  data  to
       the  random(4)  subsystem.  Periodically	the driver will	poll the hard-
       ware RNG	and retrieve data for use by the system.  If  the  driver  de-
       tects  that  the	 hardware  RNG is resonating with any local signal, it
       will reset the oscillators that generate	random data.  Three  sysctl(8)
       settings	 control  this	procedure:  hw.safe.rnginterval	 specifies the
       time, in	seconds, between polling operations, hw.safe.rngbufsize	speci-
       fies the	 number	 of  32-bit  words  to	retrieve  on  each  poll,  and
       hw.safe.rngmaxalarm  specifies the threshold for	resetting the oscilla-
       tors.

       When the	driver is compiled  with  SAFE_DEBUG  defined,	two  sysctl(8)
       variables are provided for debugging purposes: hw.safe.debug can	be set
       to a non-zero value to enable debugging messages	to be sent to the con-
       sole  for  each	cryptographic  operation, hw.safe.dump is a write-only
       variable	that can be used to force driver state to be sent to the  con-
       sole.  Set this variable	to "ring" to dump the current state of the de-
       scriptor	ring, to "dma" to dump the hardware DMA	registers, or to "int"
       to dump the hardware interrupt registers.

HARDWARE
       The safe	driver supports	the following SafeXcel chips:

	     SafeNet  1141    The  original chipset. Supports DES, Triple-DES,
							       AES,  MD5,  and
							       SHA-1 symmetric
							       crypto	opera-
							       tions,	  RNG,
							       public  key op-
							       erations,   and
							       full	 IPsec
							       packet process-
							       ing.
	     SafeNet 1741    A faster version of the 1141.

SEE ALSO
       crypt(3),  crypto(4),   intro(4),   ipsec(4),   random(4),   crypto(7),
       crypto(9)

BUGS
       Public key support is not implemented.

FreeBSD	14.3		       November	22, 2024		       SAFE(4)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=safe&sektion=4&manpath=FreeBSD+14.3-RELEASE+and+Ports>

home | help

Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages