* [HELP] cryptomount is slow, what is the proper way to [PATCH] libgcrypt-grub?
@ 2018-01-25 13:56 tomli
2018-01-27 0:42 ` Vladimir 'phcoder' Serbinenko
0 siblings, 1 reply; 3+ messages in thread
From: tomli @ 2018-01-25 13:56 UTC (permalink / raw)
To: grub-devel; +Cc: phcoder
phcoder and everyone else on the list, hello.
As many of you know, the builtin LUKS decryption in GRUB is a major feature
that enables many advanced setups, such as coreboot-based Full Disk Encryption.
However, it has been reported [1] the speed of cryptomount is extremely slow.
On my box, if a large number of iterations is used (by default), GNU/Linux takes
2 seconds to derive the LUKS master key, while on GRUB, it takes about 40 seconds.
It strongly affects the usability of LUKS on GRUB. On one hand, if user chooses
a large number of iterations, GRUB will take at least 40 seconds to unlock an
encrypted partition. If a typo is made while entering the passphrase, it will
be even slower. It forces many users to choose a smaller number of iterations, but
it makes the passphrase more vulnerable to brute-force attacks from modern CPUs
and GPUs with their ever-increasing computational power, and thus discouraged by
LUKS developers. The performance issue must be solved.
I've investigated the cause of the issue, and I found the culprit is the
C-implementation of SHA-512 hash function, which is essential for a 256-bit
encryption setup. Since SHA-512 manipulates 64-bit integers, its performance is
very poor on x86.
Now, I'm working on some GRUB hacking to integrate a SSE2-optimized version of
SHA512 hash function for GRUB on x86. It would boost the performance of key
derivation by 400%. I've already added the implementation to libgcrypt-grub, and
it would be automatically selected based on CPUID, in the same way as libgcrypt
does it in the upstream.
The problem is, when I has finished these improvements, and tried to compile
GRUB, I realized the libgcrypt in GRUB is somehow automatically imported from
the upstream, and preprocessed by import_gcry.py. I've read import_gcry.py and
found it was complicated, it generates new code, compiler flags, etc, and pack
different algorithms to loadable modules.
I have no idea about how to integrate my changes. For example, how to link .c
and .S assembly together in the same GRUB module by changing import_gcry.py?
I can't understand. From some comments, modifications of libgcrypt itself is not
allowed at all, and import_gcry.py should do all the additional fixups?
So what is the proper way to add new code and optimizations to libgcrypt-grub,
and integrate it to GRUB?
Happy Hacking,
Tom Li
[1] http://lists.gnu.org/archive/html/grub-devel/2016-10/msg00018.html
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [HELP] cryptomount is slow, what is the proper way to [PATCH] libgcrypt-grub?
2018-01-25 13:56 [HELP] cryptomount is slow, what is the proper way to [PATCH] libgcrypt-grub? tomli
@ 2018-01-27 0:42 ` Vladimir 'phcoder' Serbinenko
2018-01-28 9:03 ` tomli
0 siblings, 1 reply; 3+ messages in thread
From: Vladimir 'phcoder' Serbinenko @ 2018-01-27 0:42 UTC (permalink / raw)
To: tomli; +Cc: grub-devel
[-- Attachment #1: Type: text/plain, Size: 2848 bytes --]
On Thu, 25 Jan 2018, 14:57 , <tomli@tomli.me> wrote:
> phcoder and everyone else on the list, hello.
>
> As many of you know, the builtin LUKS decryption in GRUB is a major feature
> that enables many advanced setups, such as coreboot-based Full Disk
> Encryption.
>
> However, it has been reported [1] the speed of cryptomount is extremely
> slow.
> On my box, if a large number of iterations is used (by default), GNU/Linux
> takes
> 2 seconds to derive the LUKS master key, while on GRUB, it takes about 40
> seconds.
>
> It strongly affects the usability of LUKS on GRUB. On one hand, if user
> chooses
> a large number of iterations, GRUB will take at least 40 seconds to unlock
> an
> encrypted partition. If a typo is made while entering the passphrase, it
> will
> be even slower. It forces many users to choose a smaller number of
> iterations, but
> it makes the passphrase more vulnerable to brute-force attacks from modern
> CPUs
> and GPUs with their ever-increasing computational power, and thus
> discouraged by
> LUKS developers. The performance issue must be solved.
>
> I've investigated the cause of the issue, and I found the culprit is the
> C-implementation of SHA-512 hash function, which is essential for a 256-bit
> encryption setup. Since SHA-512 manipulates 64-bit integers, its
> performance is
> very poor on x86.
>
> Now, I'm working on some GRUB hacking to integrate a SSE2-optimized
> version of
> SHA512 hash function for GRUB on x86. It would boost the performance of key
> derivation by 400%. I've already added the implementation to
> libgcrypt-grub, and
> it would be automatically selected based on CPUID, in the same way as
> libgcrypt
> does it in the upstream.
>
In GRUB SSE registers are disabled. If you want to use SSE, you need to
make sure you enable them and that they are disabled again before kernel
handoff
>
> The problem is, when I has finished these improvements, and tried to
> compile
> GRUB, I realized the libgcrypt in GRUB is somehow automatically imported
> from
> the upstream, and preprocessed by import_gcry.py. I've read import_gcry.py
> and
> found it was complicated, it generates new code, compiler flags, etc, and
> pack
> different algorithms to loadable modules.
>
> I have no idea about how to integrate my changes. For example, how to link
> .c
> and .S assembly together in the same GRUB module by changing
> import_gcry.py?
> I can't understand. From some comments, modifications of libgcrypt itself
> is not
> allowed at all, and import_gcry.py should do all the additional fixups?
>
Yes, just put your version of libgcrypt there and rerun ./autogen.sh
>
> So what is the proper way to add new code and optimizations to
> libgcrypt-grub,
> and integrate it to GRUB?
>
> Happy Hacking,
> Tom Li
>
> [1] http://lists.gnu.org/archive/html/grub-devel/2016-10/msg00018.html
>
[-- Attachment #2: Type: text/html, Size: 3611 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [HELP] cryptomount is slow, what is the proper way to [PATCH] libgcrypt-grub?
2018-01-27 0:42 ` Vladimir 'phcoder' Serbinenko
@ 2018-01-28 9:03 ` tomli
0 siblings, 0 replies; 3+ messages in thread
From: tomli @ 2018-01-28 9:03 UTC (permalink / raw)
To: The development of GNU GRUB
> In GRUB SSE registers are disabled. If you want to use SSE, you need to
> make sure you enable them and that they are disabled again before kernel
> handoff
Thanks for the tip.
>> I have no idea about how to integrate my changes. For example, how to link
>> .c and .S assembly together in the same GRUB module by changing import_gcry.py?
>> I can't understand. From some comments, modifications of libgcrypt itself
>> is not
>> allowed at all, and import_gcry.py should do all the additional fixups?
> Yes, just put your version of libgcrypt there and rerun ./autogen.sh
I've added a .S file for the additional assembly code to be link with
sha512.c, but apparently import_gcry.py doesn't know how to preprocess
this file:
WARNING: unknown file sha512-sse2-x86.S
gcry_sha512
I've read import_gcry.py but the preprocessing is pretty complicated.
What is the correct way to make my assembly code be recognized and
preprocessed as a grub module by the script?
Cheers,
Tom Li
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-01-28 9:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-25 13:56 [HELP] cryptomount is slow, what is the proper way to [PATCH] libgcrypt-grub? tomli
2018-01-27 0:42 ` Vladimir 'phcoder' Serbinenko
2018-01-28 9:03 ` tomli
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).