From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OA8S3L7OkzUc for ; Mon, 24 Oct 2011 14:11:35 +0200 (CEST) Received: from mail01.freesources.org (mail01.freesources.org [80.237.252.149]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Mon, 24 Oct 2011 14:11:34 +0200 (CEST) Received: from ip-94-79-161-2.unitymediagroup.de ([94.79.161.2] helo=[192.168.0.102]) by mail01.freesources.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1RIJNL-00032I-Pv for dm-crypt@saout.de; Mon, 24 Oct 2011 12:11:34 +0000 Message-ID: <4EA555F1.9090506@freesources.org> Date: Mon, 24 Oct 2011 14:11:29 +0200 From: Jonas Meurer MIME-Version: 1.0 References: <4EA4A3B0.3030000@freesources.org> <20111024062115.GA5324@tansi.org> In-Reply-To: <20111024062115.GA5324@tansi.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] [RFC] dm-crypt and hardware-optimized crypto modules List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 24.10.2011 08:21, schrieb Arno Wagner: > Hi Jonas, Hey Arno, > the definite authority on this is Milan, but as far as I understand > module autoloading, as long as an implementation for a requested > cipher is already loaded, that will be used. Now, I expect it would > be possible to not build the normal AES module and thereby have the > HW-supported AES module loade automatically when needed. As the > Debian distro-kernel cannot know HW-support would be there, it > obviously defaults to the software implementation. Nope, the Debian distro-kernel has software implementation built into the kernel, and hardware-accelerated drivers built as modules. So according to Milans answers, the kernel crypto engine should load and use the hardware-optimised drivers in case they're supported. > AFAIK, if both HW and SW support are loaded, HW support is used as > default. I think there is some kind of priority system in place. > But I am really only guessing here. I guess you're correct here ;) > I see two ways around this: > > 1. Load the HW module manually (or scripted). While I have not used > a Debian Distro kernel for a long time, I think adding the > HW-module to /etc/modules should accomplish that. Noneed to mess > with the initrd, unless possibly if you have encrypted root. > > 2. Roll your own kernel, possibly with HW support statically > compiled in. I have used Debian with kernels from kernel.org and > module-support turned off with good success for about 10 years now. > (I don't like initrds. Good for distros, but they complicate things > and complexity is the enemy of reliablity and efficiency. Also, I > like to mess around with my installatons and initrds make that > harder. I also do not like to use kernel modules very much, > although it is definitely good that they are there.) > > To use your own kernel with Debian, just boot it and tell it the > root partition. Of course you have to make sure it somehow has the > drivers it needs to fnd and mount the root partition. As I'm the maintainer of cryptsetup in Debian, I'm searching for a solution for default setups. I know how to manually tweak setups to use the hardware-optimized crypto drivers. But I need a solution for the default setup with default distro-kernel. Thus building custom kernels is out of scope in my case. Greetings, jonas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOpVXxAAoJEFJi5/9JEEn+rAcP+gMbUNbx4/YkZzD2CEEUfJsr QFgUth+B5znHs7YCo9ndR+uDNyiYu0/EQA9xvjvp/lz8ageynrCiawaClTfytIJW lpA+qL89WX3gPtKIK/W8TKVor1ArWS6ZqzLZvO4avxt0bqTxfHRR7dilWgvtlWQt AcA2VeiBwDp7JtTTyKSPgIFYaVDsWo/GhPShQ4fMMQOH0HeuyLOYUgcuP4TlKrPN 17U7AlfkMPwDc1asoMdyAev+0G+3NT8vY+0ppd+aiQygpEJgafJj+UrXjlEb8qBl s8Byff44+FtyKVbG5q6njS6EWlTygwkVH2YJs5pSqNyJG+EALuj/Mwv8JAzefoYE GoF1xImNJPLdWf5SfuWw8t+6pOEydtkSKIBAxvaNpTuB8T122iei+GI33RIkH8eR q6cmdP9Kxau+Hsa6WEMB0fqjzNdekNdtzQHLKqEHjW9Fu4UekzKcV1bslU4hntvh KA2UTCOxkmopLmWSty2dAfqgVALzSRLBJjC/V6bjWoY/vUCQDOFjexv2vIf4F4Zq jISypLfsFytZQqOSTcd2gEBOOXEyua+D02Wq6H3SRzxqPRzxAPMFxAO1aVD/Y7lh 64cLd2bfEiDW+IgTUOQAAouOIVIWYRAsmFwEsmP+NDvLDf6b14cHs+Q2m5JY8exX WP7+vC+GW4zyfxWEKoS8 =elNz -----END PGP SIGNATURE-----