I noticed the other day that VIA has introduced their x86 compatible C7 processor “Esther.” Well, they’ve made a press release. We might have to wait a bit to get the actual CPU, I suspect. We’ve had good luck with VIA’s C3. VIA was even kind enough to send us several single-board M10000 systems gratis. One interesting feature of the C3 is its onboard support for AES encryption (that is, the chip implements the AES algorithm in silicon).
Esther takes this support further, providing SHA-1 and SHA-256 hashes in hardware, and what looks like some helper support for implementing RSA. If the numbers VIA quotes are accurate, I’d guesstimate that C7 should be able to drive 100Mb/s saturated IPsec without a problem. All of this in a very low power package, and
VIA’s CPUs paired with Solaris might make a really nice high-security appliance. Maybe without the need for fans?
Tonight at the OpenSolaris User’s Group, Darren gave an overview of Solaris security technologies. Coincidentally, C3 and C7 represent great chances for us to show off the Solaris Encryption Framework, which could allow us to transparently take advantage of these features when available (IPsec, IKE, PKCS#11, Java and others would automatically benefit). To whit, we have two RFEs open:
5063711 /dev/random should use RNG on VIA processors and other X86 processors
5076069 Offer an optimized AES leveraging the VIA-PadLock’s ACE engine
For those interested in security technologies, this might make a great candidate project for OpenSolaris.