Thor Lancelot Simon | 31 Mar 08:12 2009

VIA C3 probe wrong; VIA C3 AES support broken?

The patch below does four things:

	1) It fixes cpu_probe_c3 so it uses the correct CPU
	   family and thus actually matches C3 and C7 (and possibly
	   Nano) CPUs.

	2) It enables the crypto features of these processors if they
	   are not already enabled.

	3) It attaches the VIA RNG as a source of entropy.

	4) It changes the padlock OCF driver so that it registers
	   as type "software" not type "hardware" and thus doesn't
	   pointlessly suck crypto operations into the kernel -- the
	   PadLock instructions are not privileged and can be used
	   directly by OpenSSL applications via the "padlock" engine.

Unfortunately, the resulting kernel has dysfunctional FAST_IPSEC ESP; it
seems to get both the AES encryption and decryption of packets wrong.
Since the Padlock code hasn't actually been enabled on anyone's
systems in some time (because of the identcpu bug) I suspect it has
not worked for a while.

The same kernel minus options VIA_PADLOCK does ESP fine via the
cryptosoft backend.  I put a bunch of work into this but I am out
of time (have to do actual, you know, "job" type work) so if anyone
can see what's wrong with the VIA AES driver I'd sure appreciate it!

Index: arch/i386/i386/machdep.c
(Continue reading)