[dm-crypt] [RFC] dm-crypt and hardware-optimized crypto modules

Milan Broz mbroz at redhat.com
Mon Oct 24 08:29:57 CEST 2011


On 10/24/2011 01:30 AM, Jonas Meurer wrote:

> In the Debian bugreport #639832 [1], Simon Mackinlay pointed out, that
> hardware-optimized crypto driver modules aren't loaded automatically
> at cryptsetup invokation in the boot process (initramfs) in Debian.
> 
> I verified this. At least for setups with aes support compiled into
> the kernel, and hardware-optimized aes drivers (aes-x86_64,
> aesni-intel) built as modules (which is the default for Debian and
> Ubuntu kernels), the hardware-optimized aes modules aren't loaded at
> cryptsetup invokation. (Sure, this is tested with aes-encrypted
> volumes.) I didn't have time to check other setups (e.g. everything
> built as modules) yet.

If the modules are present at this time (either compiled-in or as separate
modules) this seems to be kernel cryptoAPI bug.

If it is not present (in intramfs) then available module is used and later
it is not replaced by hw accelerated driver.

Anyway, I am using aesni_intel loaded from Debian initramfs and it works
with no hacks. Wonder what is the difference...
(kernel 3.0.3 but compiled with own config to own kernel deb package.)

> I'm happy to extend the initramfs scripts to load hardware-optimized
> modules in case they're available before cryptsetup is invoked. But
> that an implementation would be ugly and hard to maintain as it needs
> to be updated for possible kernel crypto driver changes. I would
> prefer a solution where the kernel crypto api took responsibility for
> this task.

I think it should load modules automatically according to its priorities
(hw has always higher priority). Anyway, this is the question
for linux-crypto (kernel) list.

There is no way how to force dm-crypt load specific driver.

Milan


More information about the dm-crypt mailing list