From: Eric Biggers <ebiggers@kernel.org>
To: Diederik de Haas <didi.debian@cknow.org>
Cc: linux-crypto@vger.kernel.org,
Herbert Xu <herbert@gondor.apana.org.au>,
linux-kernel@vger.kernel.org,
Ingo Franzki <ifranzki@linux.ibm.com>
Subject: Re: [PATCH] crypto: testmgr - reinstate kconfig support for fast tests only
Date: Wed, 11 Jun 2025 20:14:08 +0000 [thread overview]
Message-ID: <20250611201408.GB4097002@google.com> (raw)
In-Reply-To: <DAJYOYMK9UJD.LB0N2L64FFA@cknow.org>
On Wed, Jun 11, 2025 at 09:47:27PM +0200, Diederik de Haas wrote:
> On Wed Jun 11, 2025 at 9:04 PM CEST, Eric Biggers wrote:
> > On Wed, Jun 11, 2025 at 08:53:17PM +0200, Diederik de Haas wrote:
> >> I was about to respond to your reply, but I guess this may be a better
> >> fit for it. The TL;DR: version is this:
> >>
> >> If you think distros shouldn't enable it, as you initially clearly
> >> described and it seems to me you still think so, the right thing for
> >> distros to do, is to disable those test. Which in turn means the fast
> >> tests should not be reinstated (?).
> >
> > I mean, not enabling the tests in production is how it should be.
> >
> > But Fedora already enabled CRYPTO_SELFTESTS, apparently because of FIPS
> > (https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3886).
>
> That is recent and there's at least 1 person I recognize as having
> proper expertise in this matter ;-)
FWIW, here's an example from just today where the crypto self-tests prevented a
buggy driver from being used in Debian:
https://lore.kernel.org/linux-crypto/20250611101750.6839-1-AlanSong-oc@zhaoxin.com/
> > throw untested and broken hardware drivers over the wall at users. As long as
>
> Only speaking for myself, my *assumption* is that crypto functionality
> in hardware is/should be faster and would lessen the load on the CPU
> (which with several SBCs seems really worthwhile).
Often the hardware offloads are actually slower. They require sending the CPU
an interrupt once the operation is done, which has a lot of overhead. They also
tend to be optimized for throughput rather than latency, and only provide good
throughput when given a large number of concurrent requests.
Inline encryption does actually work, but that is a separate type of accelerator
and not what we're talking about here.
- Eric
next prev parent reply other threads:[~2025-06-11 20:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-11 17:55 [PATCH] crypto: testmgr - reinstate kconfig support for fast tests only Eric Biggers
2025-06-11 18:53 ` Diederik de Haas
2025-06-11 19:04 ` Eric Biggers
2025-06-11 19:47 ` Diederik de Haas
2025-06-11 20:14 ` Eric Biggers [this message]
2025-06-12 5:55 ` Herbert Xu
2025-06-12 6:09 ` Eric Biggers
2025-06-12 9:03 ` Herbert Xu
2025-06-12 17:20 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250611201408.GB4097002@google.com \
--to=ebiggers@kernel.org \
--cc=didi.debian@cknow.org \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.