From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jqo4ipIV1LLt for ; Mon, 24 Oct 2011 16:25:16 +0200 (CEST) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Mon, 24 Oct 2011 16:25:15 +0200 (CEST) Received: from gatewagner.dyndns.org (84-74-163-71.dclient.hispeed.ch [84.74.163.71]) by v4.tansi.org (Postfix) with ESMTPA id 6C71B2063C1 for ; Mon, 24 Oct 2011 16:25:15 +0200 (CEST) Date: Mon, 24 Oct 2011 16:25:14 +0200 From: Arno Wagner Message-ID: <20111024142514.GA12878@tansi.org> References: <4EA4A3B0.3030000@freesources.org> <20111024062115.GA5324@tansi.org> <4EA555F1.9090506@freesources.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4EA555F1.9090506@freesources.org> Subject: Re: [dm-crypt] [RFC] dm-crypt and hardware-optimized crypto modules List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Mon, Oct 24, 2011 at 02:11:29PM +0200, Jonas Meurer wrote: > Am 24.10.2011 08:21, schrieb Arno Wagner: > > Hi Jonas, > > Hey Arno, > > > the definite authority on this is Milan, but as far as I understand > > module autoloading, as long as an implementation for a requested > > cipher is already loaded, that will be used. Now, I expect it would > > be possible to not build the normal AES module and thereby have the > > HW-supported AES module loade automatically when needed. As the > > Debian distro-kernel cannot know HW-support would be there, it > > obviously defaults to the software implementation. > > Nope, the Debian distro-kernel has software implementation built into > the kernel, and hardware-accelerated drivers built as modules. So > according to Milans answers, the kernel crypto engine should load and > use the hardware-optimised drivers in case they're supported. Hmm. If the software-version is already compiled-in, that could prevent auto-loading of the hw-version. I would expect that you need both as modules or both compiled-in. Should be easy to test though. > > AFAIK, if both HW and SW support are loaded, HW support is used as > > default. I think there is some kind of priority system in place. > > But I am really only guessing here. > > I guess you're correct here ;) > > > I see two ways around this: > > > > 1. Load the HW module manually (or scripted). While I have not used > > a Debian Distro kernel for a long time, I think adding the > > HW-module to /etc/modules should accomplish that. Noneed to mess > > with the initrd, unless possibly if you have encrypted root. > > > > 2. Roll your own kernel, possibly with HW support statically > > compiled in. I have used Debian with kernels from kernel.org and > > module-support turned off with good success for about 10 years now. > > (I don't like initrds. Good for distros, but they complicate things > > and complexity is the enemy of reliablity and efficiency. Also, I > > like to mess around with my installatons and initrds make that > > harder. I also do not like to use kernel modules very much, > > although it is definitely good that they are there.) > > > > To use your own kernel with Debian, just boot it and tell it the > > root partition. Of course you have to make sure it somehow has the > > drivers it needs to fnd and mount the root partition. > > As I'm the maintainer of cryptsetup in Debian, I'm searching for a > solution for default setups. Ah, sorry. That gives you a different perspective obviously. > I know how to manually tweak setups to > use the hardware-optimized crypto drivers. But I need a solution for > the default setup with default distro-kernel. Thus building custom > kernels is out of scope in my case. I can see that, yes. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier