[illumos-Developer] webrev: removal of closed kcfd

Garrett D'Amore garrett at nexenta.com
Sat Sep 4 00:06:11 PDT 2010


This is a first pass at removing the closed kcfd.  It removes the
daemon, and also does away with all fips and module verification, and
runs the kernel threads for crypto using lwps in the kernel rather than
relying on a daemon.  (Thanks to richlowe for the suggestion.)

http://mexico.purplecow.org/gdamore/webrev/nokcfd/

It seems to work well enough, but I've not actually exercised the kernel
crypto apart from cat /dev/random and cryptoadm list.  I did some
userland crypto and it works.

If someone has some ideas for quick tests I can use to test the kernel
crypto, please let me know ... otherwise I have to figure out how to
configure ipsec manually (ugh), or write a "test module" that exists
solely to test this.

(Some brave soul might even try applying the patch file from the above
webrev to a local system and testing that way. :-)

	-- Garrett



More information about the Developer mailing list