I think you're missing the point that software support exists; pfSense supports software AES *now*, and this is being removed. New technology is cool; things not working anymore is not.
Anyway, what are are other projects such as the TLS libraries doing about this? Is hardware acceleration really the only solution? On 02/15/2018 01:39 PM, Walter Parker wrote: > Well, both Intel and AMD starting shipping the AES-NI instructions 8 years > ago... > > How long does a project need to wait before it can require a feature found > on all major x64 processors? Waiting 8-9 years seems reasonable to me. > > Given the fact that the project is only supporting 64-bit and suggests > using a modern processor this requirement should be a non issue for most > users. > > The only place where the AES-NI instructions are not found is in a small > number of embedded/dev boards using older Celeron processors. > > > Walter > > On Thu, Feb 15, 2018 at 9:37 AM, Kyle Marek <[email protected]> wrote: > >> This is silly. I shouldn't have to replace my hardware to support a >> feature I will not use... >> >> I shame Netgate for such an artificial limitation... >> >> Thank you for the information. >> >> On 02/15/2018 12:20 PM, Eero Volotinen wrote: >>> Well: >>> >>> https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html so we are >> talking >>> about 2.5 not 3.x ? >>> >>> "While we’re not revealing the extent of our plans, we do want to give >>> early notice that, in order to support the increased cryptographic loads >>> that we see as part of pfSense verison 2.5, pfSense Community Edition >>> version 2.5 will include a requirement that the CPU supports AES-NI. On >>> ARM-based systems, the additional load from AES operations will be >>> offloaded to on-die cryptographic accelerators, such as the one found on >>> our SG-1000 <https://www.netgate.com/products/sg-1000.html>. ARM v8 CPUs >>> include instructions like AES-NI >>> <https://www.arm.com/files/downloads/ARMv8_Architecture.pdf> that can be >>> used to increase performance of the AES algorithm on these platforms." >>> >>> >>> Eero >>> >>> On Thu, Feb 15, 2018 at 7:18 PM, Edwin Pers <[email protected]> wrote: >>> >>>> I believe I read somewhere that the new version that requires aes-ni >> will >>>> be 3.x, and they plan to continue the 2.x line alongside it, as 3.x >> will be >>>> a major rewrite >>>> >>>> >>>> -Ed >>>> >>>> -----Original Message----- >>>> From: List [mailto:[email protected]] On Behalf Of Eero >>>> Volotinen >>>> Sent: Thursday, February 15, 2018 12:14 PM >>>> To: Kyle Marek <[email protected]> >>>> Cc: pfSense Support and Discussion Mailing List <[email protected] >>>> Subject: Re: [pfSense] Configs or hardware? >>>> >>>> Well. Next version of pfsense (2.5) will not install into hardware that >>>> does not support AES-NI, so buying such hardware is not wise ? >>>> >>>> Eero >>>> >>>> >>>> _______________________________________________ >>>> pfSense mailing list >>>> https://lists.pfsense.org/mailman/listinfo/list >>>> Support the project with Gold! https://pfsense.org/gold >>>> >>> _______________________________________________ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
