linux-drivers/
drivers/net/ethernet/mellanox/mlx5/core/en_accel

NVIDIA Mellanox ConnectX and BlueField crypto offload engine

Hardware crypto acceleration support for NVIDIA Mellanox ConnectX high-speed Ethernet adapters and BlueField data processing units, letting the NICs themselves perform TLS, IPsec, MACsec, and PSP encryption inline at line rate. These adapters are mainstream datacenter and cloud networking hardware sold today, with speeds up to 400/800 Gbps.

keep conf=0.92 deploy=medium replacement=none subsystem=net category=networking-ethernet
92%

recommendation

It should stay because this is the in-kernel glue that lets current NVIDIA ConnectX-6 Dx, ConnectX-7, ConnectX-8, and BlueField DPU adapters offload TLS, IPsec, MACsec, and PSP encryption in hardware. The code is part of the actively maintained mlx5 driver, with public patches still landing in early 2026, and NVIDIA continues to sell and document these adapters as flagship datacenter networking products.

repository signals

25 files
12,714 source lines
345 commits, 5y
+14,219 / −7,047 lines added / removed, 5y
44 authors, 5y
monthly commits · 2021-04-21 → 2026-04-21 · 345 total · active in 52/61 months
2021 2022 2023 2024 2025 2026 2021-04: 6 commits · +80 −49 2021-05: 2 commits · +1 −6 2021-06: 2 commits · +79 −25 2021-07: 3 commits · +19 −18 2021-08: 0 commits · +0 −0 2021-09: 2 commits · +18 −29 2021-10: 2 commits · +53 −24 2021-11: 1 commit · +1 −1 2021-12: 3 commits · +18 −6 2022-01: 7 commits · +133 −139 2022-02: 0 commits · +0 −0 2022-03: 16 commits · +417 −764 2022-04: 19 commits · +847 −1,455 2022-05: 4 commits · +57 −59 2022-06: 3 commits · +3 −5 2022-07: 5 commits · +500 −95 2022-08: 4 commits · +20 −16 2022-09: 27 commits · +3,875 −323 2022-10: 18 commits · +96 −123 2022-11: 9 commits · +98 −1,519 2022-12: 32 commits · +1,663 −624 2023-01: 14 commits · +230 −180 2023-02: 4 commits · +5 −5 2023-03: 16 commits · +1,070 −326 2023-04: 15 commits · +482 −98 2023-05: 2 commits · +26 −20 2023-06: 6 commits · +33 −16 2023-07: 16 commits · +711 −245 2023-08: 5 commits · +109 −63 2023-09: 8 commits · +518 −78 2023-10: 10 commits · +97 −88 2023-11: 3 commits · +25 −9 2023-12: 0 commits · +0 −0 2024-01: 0 commits · +0 −0 2024-02: 2 commits · +6 −6 2024-03: 0 commits · +0 −0 2024-04: 4 commits · +43 −60 2024-05: 3 commits · +13 −15 2024-06: 3 commits · +41 −15 2024-07: 1 commit · +4 −3 2024-08: 1 commit · +1 −0 2024-09: 1 commit · +7 −1 2024-10: 0 commits · +0 −0 2024-11: 1 commit · +4 −4 2024-12: 4 commits · +32 −35 2025-01: 3 commits · +25 −20 2025-02: 9 commits · +546 −118 2025-03: 2 commits · +137 −74 2025-04: 3 commits · +13 −18 2025-05: 0 commits · +0 −0 2025-06: 0 commits · +0 −0 2025-07: 4 commits · +86 −5 2025-08: 1 commit · +4 −5 2025-09: 12 commits · +1,431 −23 2025-10: 6 commits · +122 −37 2025-11: 2 commits · +237 −16 2025-12: 3 commits · +16 −6 2026-01: 6 commits · +36 −40 2026-02: 5 commits · +103 −108 2026-03: 3 commits · +24 −29 2026-04: 0 commits · +0 −0

sources

  1. spinics.net

    Public upstream patch traffic hit en_accel PSP code in January 2026, showing active maintenance rather than abandonment.

  2. spinics.net

    Public upstream patch traffic hit en_accel MACsec code in February 2026, again indicating ongoing fixes/features.

  3. nvidia.com

    NVIDIA still markets current ConnectX NICs, including ConnectX-7 and ConnectX-8, and explicitly advertises inline TLS/IPsec/MACsec acceleration.

  4. docs.nvidia.com

    NVIDIA documents IPsec full offload support on BlueField-2, ConnectX-6 Dx/Lx, and ConnectX-7, with future generations expected to support it.

  5. docs.nvidia.com

    NVIDIA documents MACsec full offload as supported from ConnectX-7 onward, requiring kernel/firmware support.

  6. docs.nvidia.com

    NVIDIA still publishes a current TLS offload guide that depends on Linux kTLS/MLX5 support, indicating active deployment and product relevance.

codex reasoning notes (technical)

Local shell inspection of mlx5 Kconfig/Makefile shows en_accel is the mlx5 offload block for TLS, IPsec, MACsec, and PSP inside the main mlx5 driver, not a standalone obsolete side driver. Recent upstream activity was evidenced via web search of exact patch subjects, which surfaced 2026 public mailing-list threads on spinics for PSP and MACsec fixes; I found no removal/deprecation hits in the lore/spinics searches I ran. Vendor deployment evidence came from web search results on NVIDIA product/docs pages: current ConnectX NIC marketing pages still sell ConnectX-7/8 and explicitly list TLS/IPsec/MACsec acceleration, while NVIDIA docs show these offloads on ConnectX-6 Dx/7 and BlueField families. Because the code is actively maintained and maps to currently sold datacenter NIC/DPU features, this should be kept; there is no separate replacement driver because en_accel is part of mlx5_core.