DragonFly On-Line Manual Pages
SAFE(4) DragonFly Kernel Interfaces Manual SAFE(4)
safe -- SafeNet crypto accelerator
To compile this driver into the kernel, place the following lines in your
kernel configuration file:
Alternatively, to load the driver as a module at boot time, place the
following line in loader.conf(5):
The safe driver supports cards containing SafeNet crypto accelerator
The safe driver registers itself to accelerate DES, Triple-DES, AES,
MD5-HMAC, SHA1-HMAC, and NULL operations for crypto(4).
On all models, the driver registers itself to provide random data to the
random(4) subsystem. Periodically the driver will poll the hardware RNG
and retrieve data for use by the system. If the driver detects that the
hardware RNG is resonating with any local signal, it will reset the
oscillators that generate random data. Three sysctl(8) settings control
this procedure: hw.safe.rnginterval specifies the time, in seconds,
between polling operations, hw.safe.rngbufsize specifies the number of
32-bit words to retrieve on each poll, and hw.safe.rngmaxalarm specifies
the threshold for resetting the oscillators.
When the driver is compiled with SAFE_DEBUG defined, two sysctl(8)
variables are provided for debugging purposes: hw.safe.debug can be set
to a non-zero value to enable debugging messages to be sent to the
console for each cryptographic operation, hw.safe.dump is a write-only
variable that can be used to force driver state to be sent to the
console. Set this variable to ``ring'' to dump the current state of the
descriptor ring, to ``dma'' to dump the hardware DMA registers, or to
``int'' to dump the hardware interrupt registers.
The safe driver supports cards containing any of the following chips:
SafeNet 1141 The original chipset. Supports DES, Triple-DES, AES,
MD5, and SHA-1 symmetric crypto operations, RNG,
public key operations, and full IPsec packet
SafeNet 1741 A faster version of the 1141.
crypt(3), crypto(4), intro(4), random(4), crypto(9)
Public key support is not implemented.
DragonFly 5.1 April 21, 2018 DragonFly 5.1
Safe Tk(n) Tk Built-In Commands Safe Tk(n)
safe::loadTk - Load Tk into a safe interpreter.
safe::loadTk child ?-use windowId? ?-display displayName?
Safe Tk is based on Safe Tcl, which provides a mechanism that allows
restricted and mediated access to auto-loading and packages for safe
interpreters. Safe Tk adds the ability to configure the interpreter
for safe Tk operations and load Tk into safe interpreters.
The safe::loadTk command initializes the required data structures in
the named safe interpreter and then loads Tk into it. The interpreter
must have been created with safe::interpCreate or have been initialized
with safe::interpInit. The command returns the name of the safe
interpreter. If -use is specified, the window identified by the
specified system dependent identifier windowId is used to contain the
"." window of the safe interpreter; it can be any valid id, eventually
referencing a window belonging to another application. As a
convenience, if the window you plan to use is a Tk Window of the
application you can use the window name (e.g., ".x.y") instead of its
window Id (e.g., from winfo id .x.y). When -use is not specified, a
new toplevel window is created for the "." window of the safe
interpreter. On X11 if you want the embedded window to use another
display than the default one, specify it with -display. See the
SECURITY ISSUES section below for implementation details.
Please read the safe manual page for Tcl to learn about the basic
security considerations for Safe Tcl.
safe::loadTk adds the value of tk_library taken from the parent
interpreter to the virtual access path of the safe interpreter so that
auto-loading will work in the safe interpreter.
Tk initialization is now safe with respect to not trusting the child's
state for startup. safe::loadTk registers the child's name so when the
Tk initialization (Tk_SafeInit) is called and in turn calls the
parent's safe::InitTk it will return the desired argv equivalent (-use
windowId, correct -display, etc.)
When -use is not used, the new toplevel created is specially decorated
so the user is always aware that the user interface presented comes
from a potentially unsafe code and can easily delete the corresponding
On X11, conflicting -use and -display are likely to generate a fatal X
safe(n), interp(n), library(n), load(n), package(n), source(n),
alias, auto-loading, auto_mkindex, load, parent interpreter, safe
interpreter, child interpreter, source
Tk 8.0 Safe Tk(n)