Skip to content

O
OpnSense
Commit 6abb7dfa authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

system: add option to load cryptodev, but don't do it as the new defaut

parent d74c2749
Hide whitespace changes
Inline Side-by-side
Showing with 35 additions and 0 deletions
src/etc/inc/pfsense-utils.inc
View file @ 6abb7dfa
......@@ -383,6 +383,12 @@ function load_crypto_module()
log_error(sprintf(gettext('Loading %s cryptographic accelerator module.'), $config['system']['crypto_hardware']));
mwexecf('/sbin/kldload %s', $config['system']['crypto_hardware']);
}
if (isset($config['system']['cryptodev_enable'])) {
mwexecf('/sbin/kldload %s', 'cryptodev', true);
} else {
mwexecf('/sbin/kldunload %s', 'cryptodev', true);
}
}
function load_thermal_module()
......
src/www/system_advanced_misc.php
View file @ 6abb7dfa
......@@ -87,6 +87,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['gw_switch_default'] = isset($config['system']['gw_switch_default']);
$pconfig['powerd_enable'] = isset($config['system']['powerd_enable']);
$pconfig['crypto_hardware'] = !empty($config['system']['crypto_hardware']) ? $config['system']['crypto_hardware'] : null;
$pconfig['cryptodev_enable'] = isset($config['system']['cryptodev_enable']);
$pconfig['thermal_hardware'] = !empty($config['system']['thermal_hardware']) ? $config['system']['thermal_hardware'] : null;
$pconfig['schedule_states'] = isset($config['system']['schedule_states']);
$pconfig['kill_states'] = isset($config['system']['kill_states']);
......@@ -107,6 +108,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors = array();
$pconfig = $_POST;
if (!empty($pconfig['crypto_hardware']) && !array_key_exists($pconfig['crypto_hardware'], crypto_modules())) {
$input_errors[] = gettext("Please select a valid Cryptographic Accelerator.");
}
if (!empty($pconfig['thermal_hardware']) && !array_key_exists($pconfig['thermal_hardware'], thermal_modules())) {
$input_errors[] = gettext("Please select a valid Thermal Hardware Sensor.");
}
if (count($input_errors) == 0) {
if (!empty($pconfig['proxyurl'])) {
$config['system']['proxyurl'] = $_POST['proxyurl'];
......@@ -170,6 +179,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['crypto_hardware']);
}
if (!empty($pconfig['cryptodev_enable'])) {
$config['system']['cryptodev_enable'] = true;
} elseif (isset($config['system']['cryptodev_enable'])) {
unset($config['system']['cryptodev_enable']);
}
if (!empty($pconfig['thermal_hardware'])) {
$config['system']['thermal_hardware'] = $pconfig['thermal_hardware'];
} elseif (isset($config['system']['thermal_hardware'])) {
......@@ -458,6 +473,20 @@ include("head.inc");
"effect. To unload the selected module, set this option to 'none' and then reboot."); ?>
</td>
</tr>
<tr>
<td><a id="help_for_cryptodev_enable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Use /dev/crypto");?> </td>
<td>
<input name="cryptodev_enable" type="checkbox" id="cryptodev_enable" value="yes" <?= !empty($pconfig['cryptodev_enable']) ? "checked=\"checked\"" : "";?> />
<strong><?=gettext("Enable old userland device node for cryptographic accelleration"); ?></strong>
<div class="hidden" for="help_for_cryptodev_enable">
<?=gettext("Old hardware accellerators may only provide userland accelleration to e.g. OpenVPN " .
"by means of the /dev/crypto interface, which can be accessed via the OpenSSL " .
"engine framework. Note that LibreSSL does not have support for this device and " .
"instead solely relies on embedded acceleration methods e.g. AES-NI. The default is " .
"to disable this device as it is likely not needed on modern systems."); ?>
</div>
</td>
</tr>
<tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Thermal Sensors"); ?></th>
</tr>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023