Re: [dm-crypt] [RFC] dm-crypt and hardware-optimized crypto modules

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] [RFC] dm-crypt and hardware-optimized crypto modules
Date: Mon, 24 Oct 2011 08:42:44 +0200	[thread overview]
Message-ID: <20111024064244.GB5324@tansi.org> (raw)
In-Reply-To: <4EA505E5.5080205@redhat.com>

On Mon, Oct 24, 2011 at 08:29:57AM +0200, Milan Broz wrote:
> On 10/24/2011 01:30 AM, Jonas Meurer wrote:
[...]
> If the modules are present at this time (either compiled-in or as separate
> modules) this seems to be kernel cryptoAPI bug.

So if it is loaded by the autoloader it should try the HW module first
and only if that fails load the SW module? Makes sense.

> If it is not present (in intramfs) then available module is used and later
> it is not replaced by hw accelerated driver.
> 
> Anyway, I am using aesni_intel loaded from Debian initramfs and it works
> with no hacks. Wonder what is the difference...
> (kernel 3.0.3 but compiled with own config to own kernel deb package.)

Ah, yes, I fogot: There is an organized and documented process for 
rolling your own Debian kernel package. I have not used it though.

> > I'm happy to extend the initramfs scripts to load hardware-optimized
> > modules in case they're available before cryptsetup is invoked. But
> > that an implementation would be ugly and hard to maintain as it needs
> > to be updated for possible kernel crypto driver changes. I would
> > prefer a solution where the kernel crypto api took responsibility for
> > this task.
> 
> I think it should load modules automatically according to its priorities
> (hw has always higher priority). Anyway, this is the question
> for linux-crypto (kernel) list.
> 
> There is no way how to force dm-crypt load specific driver.

You could do a wrapper and unload the software AES module if loaded. 
That would be a pretty dirty hack though.

BTW, nice to see RH folks using Debian ;-)

Arno
 
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

next prev parent reply	other threads:[~2011-10-24  6:42 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-10-23 23:30 [dm-crypt] [RFC] dm-crypt and hardware-optimized crypto modules Jonas Meurer
2011-10-24  6:21 ` Arno Wagner
2011-10-24 12:11   ` Jonas Meurer
2011-10-24 14:25     ` Arno Wagner
2011-10-24  6:29 ` Milan Broz
2011-10-24  6:42   ` Arno Wagner [this message]
2011-10-24 12:05   ` Jonas Meurer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20111024064244.GB5324@tansi.org \
    --to=arno@wagner.name \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.