I am essentially asking the same question that Eirik Overby asked a couple of years ago. Is anyone aware of PCI-X/PCIe hardware security modules that are supported on FreeBSD? I have not seen any on the FreeBSD hardware compatibility lists. Again, as Eirik noted in his question, HSMs are not simply crypto accelerators (which are supported on FreeBSD), they also are a means of storing keys with physical, tamper-resistant security. Thanks. Ed Sykes
On 11. mars. 2009, at 21.59, Ed Sykes wrote:> I am essentially asking the same question that Eirik Overby asked a > couple of years ago. Is anyone aware of PCI-X/PCIe hardware > security modules that are supported on FreeBSD? I have not seen any > on the FreeBSD hardware compatibility lists. Again, as Eirik noted > in his question, HSMs are not simply crypto accelerators (which are > supported on FreeBSD), they also are a means of storing keys with > physical, tamper-resistant security.Thanks for re-iterating this question. I now work for the software developer I previously accused of leaving us in the dust, and have managed to convert the company to using FreeBSD as our primary hosting platform ;) The problem with supported HSM devices, however, lingers. For one device (Thales RG8000), we've done our own software (Java) implementation of their communications library, specific to our application. This is a network-attached device. For the other device we use (Thales WebSentry), we're using the Linux pkcs#11/openssl engine implementation and associated openssl binaries, along with our internal tools compiled on Linux. All this under Linux emulation on FreeBSD. This works - so far - well, however it is impossible to use Java JNI to interface with Linux binaries, so we're still at a disadvantage. So the question still stands - Are there HSM devies out there, internal or external, with proper FreeBSD support? /Eirik
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AFAIR nCipher have had drivers for FreeBSD but now it is not listed. http://www.ncipher.com/en/Products/Hardware Security Modules/nShield.aspx http://www.mail-archive.com/freebsd-hackers%40freebsd.org/msg18436.html Ed Sykes wrote:> I am essentially asking the same question that Eirik Overby asked a > couple of years ago. Is anyone aware of PCI-X/PCIe hardware security > modules that are supported on FreeBSD? I have not seen any on the > FreeBSD hardware compatibility lists. Again, as Eirik noted in his > question, HSMs are not simply crypto accelerators (which are supported > on FreeBSD), they also are a means of storing keys with physical, > tamper-resistant security. > > Thanks. > > Ed Sykes > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFJuMnlxJBWvpalMpkRAtVjAJ9cHO2KLzkB+WZ4yh/2rk+ZhQfJPQCfanIL 0AQucILSKzgqkamVvjW1yNc=xmc+ -----END PGP SIGNATURE-----