From: Eric Biggers <ebiggers@kernel.org>
To: Maxime MERE <maxime.mere@foss.st.com>
Cc: linux-fscrypt@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-mtd@lists.infradead.org,
linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
ceph-devel@vger.kernel.org
Subject: Re: [PATCH] fscrypt: don't use hardware offload Crypto API drivers
Date: Wed, 25 Jun 2025 19:36:29 -0700 [thread overview]
Message-ID: <20250626023629.GA4797@sol> (raw)
In-Reply-To: <c1671c5e-d824-4131-861e-470d09371e05@foss.st.com>
On Wed, Jun 25, 2025 at 06:29:17PM +0200, Maxime MERE wrote:
> Regarding robustness and maintenance, ST ensures regular updates of its
> drivers and can fix any reported bugs. We have conducted internal tests with
> dm-crypt that demonstrate the proper functioning of these drivers for this
> type of application.
In addition to the bug I mentioned earlier where the STM32 crypto driver
produced incorrect ciphertext (https://github.com/google/fscryptctl/issues/32),
the following fix shows that the STM32 crypto driver computed incorrect hash
values for years (2017 through 2023):
https://git.kernel.org/linus/e6af5c0c4d32a27e
While these bugs may be fixed now, they show a serious lack of testing. They
also show that these sorts of drivers are really hard to get right.
I absolutely do not want fscrypt using anything like this. I want the crypto to
be done correctly.
(And also efficiently, which clearly these offloads don't actually do either.)
BTW, it seems all the hardware offload crypto drivers have quality issues like
this. I gave other examples in the thread, for example the Intel QAT driver
causing data corruption. So my intent isn't to single out the STM32 driver per
se. (And of course this patch applies to all drivers.) I'm just responding to
STM32 because of the people pushing it in this thread for some reason.
- Eric
prev parent reply other threads:[~2025-06-26 2:37 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-11 20:58 [PATCH] fscrypt: don't use hardware offload Crypto API drivers Eric Biggers
2025-06-12 0:21 ` Simon Richter
2025-06-12 0:59 ` Eric Biggers
2025-06-12 6:25 ` Eric Biggers
2025-06-12 8:50 ` Giovanni Cabiddu
2025-06-12 15:57 ` Eric Biggers
2025-06-13 1:23 ` Eric Biggers
2025-06-13 11:10 ` Giovanni Cabiddu
2025-06-25 6:32 ` Eric Biggers
2025-06-25 12:44 ` Theodore Ts'o
2025-06-25 18:38 ` Eric Biggers
2025-06-25 16:29 ` Maxime MERE
2025-06-25 19:17 ` Eric Biggers
2025-06-13 9:01 ` Maxime MERE
2025-06-13 14:42 ` Eric Biggers
2025-06-25 16:29 ` Maxime MERE
2025-06-25 18:57 ` Eric Biggers
2025-06-26 2:36 ` Eric Biggers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250626023629.GA4797@sol \
--to=ebiggers@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=maxime.mere@foss.st.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).