Manual Reference Pages - AESNI (4)
- driver for the AES accelerator on Intel CPUs
To compile this driver into the kernel,
place the following lines in your
kernel configuration file:
.Cd device crypto
.Cd device aesni
Alternatively, to load the driver as a
module at boot time, place the following line in
Starting with some models of Core i5/i7, Intel processors implement
a new set of instructions called AESNI.
The set of six instructions accelerates the calculation of the key
schedule for key lengths of 128, 192, and 256 of the Advanced
Encryption Standard (AES) symmetric cipher, and provides a hardware
implementation of the regular and the last encryption and decryption
The processor capability is reported as AESNI in the Features2 line at boot.
driver does not attach on systems that lack the required CPU capability.
driver registers itself to accelerate AES operations for
Besides speed, the advantage of using the
driver is that the AESNI operation
is data-independent, thus eliminating some attack vectors based on
measuring cache use and timings typically present in table-driven
driver first appeared in
.Fx 9.0 .
driver was written by
.An Konstantin Belousov Aq kib@FreeBSD.org .
The key schedule calculation code was adopted from the sample provided
by Intel and used in the analogous
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.