1.\" 2.\" SPDX-License-Identifier: BSD-2-Clause 3.\" 4.\" Copyright (c) 2003 Sam Leffler, Errno Consulting 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.Dd October 31, 2025 29.Dt SAFE 4 30.Os 31.Sh NAME 32.Nm safe 33.Nd SafeNet SafeXcel 1141/1741 crypto accelerator 34.Sh SYNOPSIS 35To compile this driver into the kernel, 36place the following lines in your 37kernel configuration file: 38.Bd -ragged -offset indent 39.Cd "device crypto" 40.Cd "device cryptodev" 41.Cd "device safe" 42.Ed 43.Pp 44Alternatively, to load the driver as a 45module at boot time, place the following line in 46.Xr loader.conf 5 : 47.Bd -literal -offset indent 48safe_load="YES" 49.Ed 50.Pp 51In 52.Xr sysctl.conf 5 : 53.Bd -ragged -offset indent 54.Cd hw.safe.debug 55.Cd hw.safe.dump 56.Cd hw.safe.rnginterval 57.Cd hw.safe.rngbufsize 58.Cd hw.safe.rngmaxalarm 59.Ed 60.Sh DEPRECATION NOTICE 61The 62.Nm 63driver is deprecated and is scheduled for removal in 64.Fx 16.0 . 65.Sh DESCRIPTION 66The 67.Nm 68driver supports cards containing SafeNet crypto accelerator chips. 69.Pp 70The 71.Nm 72driver registers itself to accelerate AES, 73SHA1-HMAC, and NULL operations for 74.Xr ipsec 4 75and 76.Xr crypto 4 . 77.Pp 78On all models, the driver registers itself to provide random data to the 79.Xr random 4 80subsystem. 81Periodically the driver will poll the hardware RNG and retrieve 82data for use by the system. 83If the driver detects that the hardware RNG is resonating with any local 84signal, it will reset the oscillators that generate random data. 85Three 86.Xr sysctl 8 87settings control this procedure: 88.Va hw.safe.rnginterval 89specifies the time, in seconds, between polling operations, 90.Va hw.safe.rngbufsize 91specifies the number of 32-bit words to retrieve on each poll, 92and 93.Va hw.safe.rngmaxalarm 94specifies the threshold for resetting the oscillators. 95.Pp 96When the driver is compiled with 97.Dv SAFE_DEBUG 98defined, two 99.Xr sysctl 8 100variables are provided for debugging purposes: 101.Va hw.safe.debug 102can be set to a non-zero value to enable debugging messages to be sent 103to the console for each cryptographic operation, 104.Va hw.safe.dump 105is a write-only variable that can be used to force driver state to be sent 106to the console. 107Set this variable to 108.Dq Li ring 109to dump the current state of the descriptor ring, 110to 111.Dq Li dma 112to dump the hardware DMA registers, 113or 114to 115.Dq Li int 116to dump the hardware interrupt registers. 117.Sh HARDWARE 118The 119.Nm 120driver supports the following SafeXcel chips: 121.Bl -column "SafeNet 1141" "The original chipset. Supports" -offset indent 122.It SafeNet 1141 Ta The original chipset. 123Supports DES, Triple-DES, AES, MD5, and SHA-1 124symmetric crypto operations, RNG, public key operations, and full IPsec 125packet processing. 126.It SafeNet 1741 Ta A faster version of the 1141. 127.El 128.Sh SEE ALSO 129.Xr crypt 3 , 130.Xr crypto 4 , 131.Xr intro 4 , 132.Xr ipsec 4 , 133.Xr random 4 , 134.Xr crypto 7 , 135.Xr crypto 9 136.Sh HISTORY 137The 138.Nm 139driver first appeared in 140.Fx 5.2 . 141It is deprecated in 142.Fx 15.0 143and removed in 144.Fx 16.0 . 145.Sh BUGS 146Public key support is not implemented. 147