From: Jonas Meurer <jonas@freesources.org>
To: dm-crypt <dm-crypt@saout.de>
Subject: [dm-crypt] [RFC] dm-crypt and hardware-optimized crypto modules
Date: Mon, 24 Oct 2011 01:30:56 +0200 [thread overview]
Message-ID: <4EA4A3B0.3030000@freesources.org> (raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
In the Debian bugreport #639832 [1], Simon Mackinlay pointed out, that
hardware-optimized crypto driver modules aren't loaded automatically
at cryptsetup invokation in the boot process (initramfs) in Debian.
I verified this. At least for setups with aes support compiled into
the kernel, and hardware-optimized aes drivers (aes-x86_64,
aesni-intel) built as modules (which is the default for Debian and
Ubuntu kernels), the hardware-optimized aes modules aren't loaded at
cryptsetup invokation. (Sure, this is tested with aes-encrypted
volumes.) I didn't have time to check other setups (e.g. everything
built as modules) yet.
Is this behaviour intended, or should the kernel select
hardware-optimized drivers by default in case they're available (even
as modules) and supported by hardware?
I'm happy to extend the initramfs scripts to load hardware-optimized
modules in case they're available before cryptsetup is invoked. But
that an implementation would be ugly and hard to maintain as it needs
to be updated for possible kernel crypto driver changes. I would
prefer a solution where the kernel crypto api took responsibility for
this task.
Greetings,
jonas
[1] http://bugs.debian.org/639832
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJOpKOwAAoJEFJi5/9JEEn+NEMP/RYIryt4pw/4ROxHUIZVJEi7
gsPNzLbqCjwQ89uRsbN6BHrwrLeR7/s8xNUU2e4ppFj34069PI//0/KkY5BwnrQt
LTxg9yiyWeQc0ajVfxTClq2ZtgL3pcN6FclXKTE+ffjYMxbfBbM5AT1ATAkI4AOy
A3KhiT3KzG0sXs0P1o+sP+/JB//QBj6uJcIfMy2lbI0yqhl39rs5U97eueSImwEw
6ZuRVm4MD4zXQVfufAeEAHrXcPJAUd4DQyINQcFv+Ar75bSVtqsyzxsfaJXABOjZ
E+o06Zfs0i4rCfH5S08Wsqdcywua69NSnsmYJZlaOgA16uxVqcLvjw9M8DYFnBWT
clUuEXIquqQInX/bEgtq6eLgJR/BHSxv4GRJ07fVeQMae5xYPNelnEaiov6ikRs2
jNODQ2EHr3vgXsR4k6VDN/ffXybtUkndulk42vEi+a5u9eNBXYLNe1tYwmX/Ylyx
qQmAbKZ0KS3jbBFKU8rUJxlL4BetYpH1+EUDmRAIX99y4SjxdV2/SG5WZHK+scOF
cf/durQK13jGu5SGT7cSodmnFo6lgdvFUm1F+fTz4Kou0Jlgl031byG0aX6cETQD
oTMyr1z2ToUKD0hI6HMdOXYQLydlnE3U94OwV7ph+CQsvcv02qCrKBTX6zUuZNeL
cqYw/o7Yao9lVKmeCNkk
=86Vz
-----END PGP SIGNATURE-----
next reply other threads:[~2011-10-24 0:01 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-23 23:30 Jonas Meurer [this message]
2011-10-24 6:21 ` [dm-crypt] [RFC] dm-crypt and hardware-optimized crypto modules Arno Wagner
2011-10-24 12:11 ` Jonas Meurer
2011-10-24 14:25 ` Arno Wagner
2011-10-24 6:29 ` Milan Broz
2011-10-24 6:42 ` Arno Wagner
2011-10-24 12:05 ` Jonas Meurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EA4A3B0.3030000@freesources.org \
--to=jonas@freesources.org \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox