From: Milan Broz <mbroz@redhat.com>
To: Jonas Meurer <jonas@freesources.org>
Cc: dm-crypt <dm-crypt@saout.de>
Subject: Re: [dm-crypt] [RFC] dm-crypt and hardware-optimized crypto modules
Date: Mon, 24 Oct 2011 08:29:57 +0200 [thread overview]
Message-ID: <4EA505E5.5080205@redhat.com> (raw)
In-Reply-To: <4EA4A3B0.3030000@freesources.org>
On 10/24/2011 01:30 AM, Jonas Meurer wrote:
> In the Debian bugreport #639832 [1], Simon Mackinlay pointed out, that
> hardware-optimized crypto driver modules aren't loaded automatically
> at cryptsetup invokation in the boot process (initramfs) in Debian.
>
> I verified this. At least for setups with aes support compiled into
> the kernel, and hardware-optimized aes drivers (aes-x86_64,
> aesni-intel) built as modules (which is the default for Debian and
> Ubuntu kernels), the hardware-optimized aes modules aren't loaded at
> cryptsetup invokation. (Sure, this is tested with aes-encrypted
> volumes.) I didn't have time to check other setups (e.g. everything
> built as modules) yet.
If the modules are present at this time (either compiled-in or as separate
modules) this seems to be kernel cryptoAPI bug.
If it is not present (in intramfs) then available module is used and later
it is not replaced by hw accelerated driver.
Anyway, I am using aesni_intel loaded from Debian initramfs and it works
with no hacks. Wonder what is the difference...
(kernel 3.0.3 but compiled with own config to own kernel deb package.)
> I'm happy to extend the initramfs scripts to load hardware-optimized
> modules in case they're available before cryptsetup is invoked. But
> that an implementation would be ugly and hard to maintain as it needs
> to be updated for possible kernel crypto driver changes. I would
> prefer a solution where the kernel crypto api took responsibility for
> this task.
I think it should load modules automatically according to its priorities
(hw has always higher priority). Anyway, this is the question
for linux-crypto (kernel) list.
There is no way how to force dm-crypt load specific driver.
Milan
next prev parent reply other threads:[~2011-10-24 6:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-23 23:30 [dm-crypt] [RFC] dm-crypt and hardware-optimized crypto modules Jonas Meurer
2011-10-24 6:21 ` Arno Wagner
2011-10-24 12:11 ` Jonas Meurer
2011-10-24 14:25 ` Arno Wagner
2011-10-24 6:29 ` Milan Broz [this message]
2011-10-24 6:42 ` Arno Wagner
2011-10-24 12:05 ` Jonas Meurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EA505E5.5080205@redhat.com \
--to=mbroz@redhat.com \
--cc=dm-crypt@saout.de \
--cc=jonas@freesources.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox