VIA PadLock

From Wikipedia, the free encyclopedia

VIA PadLock is a central processing unit (CPU) instruction set extension to the x86 microprocessor instruction set architecture (ISA) found on processors produced by VIA Technologies and Zhaoxin. Introduced in 2003 with the VIA Centaur CPUs, the additional instructions provide hardware-accelerated random number generation (RNG), Advanced Encryption Standard (AES), SHA-1, SHA256, and Montgomery modular multiplication.[1][2]


The PadLock instruction set can be divided into four subsets:[1]

  • Random number generation (RNG)
    • XSTORE: Store Available Random Bytes (aka XSTORERNG)
    • REP XSTORE: Store ECX Random Bytes
  • Advanced cryptography engine (ACE) - for AES crypto; two versions
  • SHA hash engine (PHE)
    • REP XSHA1: Hash Function SHA-1
    • REP XSHA256: Hash Function SHA-256
  • Montgomery multiplier (PMM)

The padlock capability is indicated via a CPUID instruction with EAX = 0xC0000000. If the resultant EAX >= 0xC0000001, the CPU is aware of Centaur features. An additional request with EAX = 0xC0000001 then returns PadLock support in EDX. The padlock capability can be toggled on or off with MSR 0X1107.[1]

VIA PadLock found on some Zhaoxin CPUs have SM3 hashing and SM4 block cipher added.[3]

CPUs with PadLock[edit]

  • All VIA Nano CPUs support SHA, AES, and RNG.
  • All VIA Eden CPUs since 2003 (C3 Nehemiah) support AES and RNG. All these released since 2006 support AES, RNG, SHA, and PMM.
  • All VIA C7 CPUs support AES, RNG, SHA, and PMM.

Supporting software[edit]

See also[edit]


  1. ^ a b c "VIA PadLock Programming Guide". August 4, 2005. Archived from the original on May 26, 2010.
  2. ^ "VIA PadLock - Wicked Fast Encryption".
  3. ^ "Kaixian ZX-C+ Series 4-core CPU". Shanghai Zhaoxin Semiconductor Co., Ltd.
  4. ^ "VIA PadLock support for Linux".
  5. ^ padlock(4) – FreeBSD Kernel Interfaces Manual
  6. ^ "openssl/engines/e_padlock.c". GitHub. 26 November 2022.
  7. ^ "Added new instructions for next version of VIA PadLock core. · bminor/binutils-gdb@30d1c83". GitHub.