DragonFly On-Line Manual Pages
SAFE(4) DragonFly Kernel Interfaces Manual SAFE(4)
NAME
safe -- SafeNet crypto accelerator
SYNOPSIS
To compile this driver into the kernel, place the following lines in your
kernel configuration file:
device crypto
device cryptodev
device safe
Alternatively, to load the driver as a module at boot time, place the
following line in loader.conf(5):
safe_load="YES"
sysctl hw.safe.debug
sysctl hw.safe.dump
sysctl hw.safe.rnginterval
sysctl hw.safe.rngbufsize
sysctl hw.safe.rngmaxalarm
DESCRIPTION
The safe driver supports cards containing SafeNet crypto accelerator
chips.
The safe driver registers itself to accelerate DES, Triple-DES, AES,
MD5-HMAC, SHA1-HMAC, and NULL operations for crypto(4).
On all models, the driver registers itself to provide random data to the
random(4) subsystem. Periodically the driver will poll the hardware RNG
and retrieve data for use by the system. If the driver detects that the
hardware RNG is resonating with any local signal, it will reset the
oscillators that generate random data. Three sysctl(8) settings control
this procedure: hw.safe.rnginterval specifies the time, in seconds,
between polling operations, hw.safe.rngbufsize specifies the number of
32-bit words to retrieve on each poll, and hw.safe.rngmaxalarm specifies
the threshold for resetting the oscillators.
When the driver is compiled with SAFE_DEBUG defined, two sysctl(8)
variables are provided for debugging purposes: hw.safe.debug can be set
to a non-zero value to enable debugging messages to be sent to the
console for each cryptographic operation, hw.safe.dump is a write-only
variable that can be used to force driver state to be sent to the
console. Set this variable to ``ring'' to dump the current state of the
descriptor ring, to ``dma'' to dump the hardware DMA registers, or to
``int'' to dump the hardware interrupt registers.
HARDWARE
The safe driver supports cards containing any of the following chips:
SafeNet 1141 The original chipset. Supports DES, Triple-DES, AES,
MD5, and SHA-1 symmetric crypto operations, RNG,
public key operations, and full IPsec packet
processing.
SafeNet 1741 A faster version of the 1141.
SEE ALSO
crypt(3), crypto(4), intro(4), random(4), crypto(9)
BUGS
Public key support is not implemented.
DragonFly 5.1 April 21, 2018 DragonFly 5.1
Safe Tk(n) Tk Built-In Commands Safe Tk(n)
______________________________________________________________________________
NAME
safe::loadTk - Load Tk into a safe interpreter.
SYNOPSIS
safe::loadTk child ?-use windowId? ?-display displayName?
______________________________________________________________________________
DESCRIPTION
Safe Tk is based on Safe Tcl, which provides a mechanism that allows
restricted and mediated access to auto-loading and packages for safe
interpreters. Safe Tk adds the ability to configure the interpreter
for safe Tk operations and load Tk into safe interpreters.
The safe::loadTk command initializes the required data structures in
the named safe interpreter and then loads Tk into it. The interpreter
must have been created with safe::interpCreate or have been initialized
with safe::interpInit. The command returns the name of the safe
interpreter. If -use is specified, the window identified by the
specified system dependent identifier windowId is used to contain the
"." window of the safe interpreter; it can be any valid id, eventually
referencing a window belonging to another application. As a
convenience, if the window you plan to use is a Tk Window of the
application you can use the window name (e.g., ".x.y") instead of its
window Id (e.g., from winfo id .x.y). When -use is not specified, a
new toplevel window is created for the "." window of the safe
interpreter. On X11 if you want the embedded window to use another
display than the default one, specify it with -display. See the
SECURITY ISSUES section below for implementation details.
SECURITY ISSUES
Please read the safe manual page for Tcl to learn about the basic
security considerations for Safe Tcl.
safe::loadTk adds the value of tk_library taken from the parent
interpreter to the virtual access path of the safe interpreter so that
auto-loading will work in the safe interpreter.
Tk initialization is now safe with respect to not trusting the child's
state for startup. safe::loadTk registers the child's name so when the
Tk initialization (Tk_SafeInit) is called and in turn calls the
parent's safe::InitTk it will return the desired argv equivalent (-use
windowId, correct -display, etc.)
When -use is not used, the new toplevel created is specially decorated
so the user is always aware that the user interface presented comes
from a potentially unsafe code and can easily delete the corresponding
interpreter.
On X11, conflicting -use and -display are likely to generate a fatal X
error.
SEE ALSO
safe(n), interp(n), library(n), load(n), package(n), source(n),
unknown(n)
KEYWORDS
alias, auto-loading, auto_mkindex, load, parent interpreter, safe
interpreter, child interpreter, source
Tk 8.0 Safe Tk(n)