Just incase you missed the official press release from Sun at RSA last week we announced the new SCA-6000 crypto key store and accelerator card.
This is going to be a very cool card. It is the natural evolution of
the SCA-4000 card and for many people the key difference will be its support of AES which the SCA-1000 and SCA-4000 did not have. I'm also really pleased that it will be supported both on SPARC and x64 hardware.
My team had some additional crypto framework mini projects to do to help support this new hardware. We have a policy in our group that for any algorithm, keylength and mode that is supported by any Sun shipped hardware we must provide a software provider that does the same. This ensures that in key by value situations, which is true for Kerberized NFS and for IPsec (note that for IKE the key is by reference), we can fallback to software if the hardware is removed or breaks. The changes we added should all be in the second update release for Solaris 10, which ships around about the same time frame as the SCA-6000 hardware is released.