VIA PadLock is a central processing unit (CPU) instruction set extension to the x86 microprocessor instruction set architecture (ISA) found on processors produced by VIA Technologies and Zhaoxin. Introduced in 2003 with the VIA Centaur CPUs, the additional instructions provide hardware-accelerated random number generation (RNG), Advanced Encryption Standard (AES), SHA-1, SHA256, and Montgomery modular multiplication.
The PadLock instruction set can be divided into four subsets:
- Random number generation (RNG)
XSTORE: Store Available Random Bytes (aka
REP XSTORE: Store ECX Random Bytes
- Advanced cryptography engine (ACE) - for AES crypto; two versions
- SHA hash engine (PHE)
REP XSHA1: Hash Function SHA-1
REP XSHA256: Hash Function SHA-256
- Montgomery multiplier (PMM)
The padlock capability is indicated via a
CPUID instruction with
EAX = 0xC0000000. If the resultant
EAX >= 0xC0000001, the CPU is aware of Centaur features. An additional request with
EAX = 0xC0000001 then returns PadLock support in
EDX. The padlock capability can be toggled on or off with
CPUs with PadLock
- All VIA Nano CPUs support SHA, AES, and RNG.
- All VIA Eden CPUs since 2003 (C3 Nehemiah) support AES and RNG. All these released since 2006 support AES, RNG, SHA, and PMM.
- All VIA C7 CPUs support AES, RNG, SHA, and PMM.
- Linux kernel since 2.6.11 has PadLock AES. PadLock SHA was introduced in 2.6.19. These are handled as "hardware crypto devices".
- OpenBSD and FreeBSD support PadLock.
- OpenSSL supports PadLock AES and SHA since 2004 (0.9.7f/0.9.8a).
- GNU assembler supports PadLock since 2004.
- "VIA PadLock Programming Guide". August 4, 2005.
- "VIA PadLock - Wicked Fast Encryption". www.logix.cz.
- "Kaixian ZX-C+ Series 4-core CPU". Shanghai Zhaoxin Semiconductor Co., Ltd.
- "VIA PadLock support for Linux". www.logix.cz.
- FreeBSD Kernel Interfaces Manual –
- "openssl/engines/e_padlock.c". GitHub.
- "Added new instructions for next version of VIA PadLock core. · bminor/binutils-gdb@30d1c83". GitHub.