-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Milan, Am 24.10.2011 08:29, schrieb Milan Broz: > On 10/24/2011 01:30 AM, Jonas Meurer wrote: > >> In the Debian bugreport #639832 [1], Simon Mackinlay pointed out, >> that hardware-optimized crypto driver modules aren't loaded >> automatically at cryptsetup invokation in the boot process >> (initramfs) in Debian. >> >> I verified this. At least for setups with aes support compiled >> into the kernel, and hardware-optimized aes drivers (aes-x86_64, >> aesni-intel) built as modules (which is the default for Debian >> and Ubuntu kernels), the hardware-optimized aes modules aren't >> loaded at cryptsetup invokation. (Sure, this is tested with >> aes-encrypted volumes.) I didn't have time to check other setups >> (e.g. everything built as modules) yet. > > If the modules are present at this time (either compiled-in or as > separate modules) this seems to be kernel cryptoAPI bug. It seems like this is the case, yes. I verified that hardware-optimized modules are present in the initramfs both in Debian and Ubuntu. I tested the 3.0.0-12-generic kernel in Ubuntu so far, will check other kernels and setups later. > If it is not present (in intramfs) then available module is used > and later it is not replaced by hw accelerated driver. Yes, that makes a lot of sense to me. But as written above, the hardware-optimized drivers are available as modules at the time of cryptsetup invokation. > Anyway, I am using aesni_intel loaded from Debian initramfs and it > works with no hacks. Wonder what is the difference... (kernel 3.0.3 > but compiled with own config to own kernel deb package.) Do you have crypto drivers compiled into the kernel? Or built as modules? I guess that software drivers built into the kernel and hardware drivers available as modules is the only setup with problems, but didn't test it yet. >> I'm happy to extend the initramfs scripts to load >> hardware-optimized modules in case they're available before >> cryptsetup is invoked. But that an implementation would be ugly >> and hard to maintain as it needs to be updated for possible >> kernel crypto driver changes. I would prefer a solution where the >> kernel crypto api took responsibility for this task. > > I think it should load modules automatically according to its > priorities (hw has always higher priority). Anyway, this is the > question for linux-crypto (kernel) list. > > There is no way how to force dm-crypt load specific driver. Yes, I see the point that this is a issue for linux-crypto, and will move the discussion to this list as soon as I did further investigation. Thanks for your answers! Greetings, jonas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOpVRwAAoJEFJi5/9JEEn+LAMQAKLyIr8YZZMF2vYC/2pwN9WG PI295FhABcdXCMuaD2GFbbW4euF7DSaknQF0uOFpxevm1wpXtlxOPFDPb6cD6YS2 9/n12quqVnfcgCsUo7cyWmZqZQylfQyuA6Xs/iamoaF7Y8SKXzLcazlNSRYHhCt9 lT03CdkTSGAR0g4Kbek8CT/lEjcjZ/DMO4OBCaPPZi9GppauW5eTu3yRvLZexZe7 xtiD2ZZoVu7YHIimMs/zbOvzi3Yo+nEPj6uQOeFkFjxHX/eMScKOcPzKX+KqvYqO mDSMiMeDyxv5AVc8jdvgJUftbAIZ9mOPGxvIrI61v006KMHftC0NOlnlIz7xC7RG E0XW+956sHLfDBRnfTe4dxuZYPHy4RjgwVJVBHvacSHl6IKu/jZHowadDglaF8NT EJGdKRgnlkgAK3rb0APmBzd4WM/PY2Cew43Z5Ux1vLyH7/ZtXv6NlK6l7k6SBkoB q4QChUlVzpLTKgZ5QCesMtyI/TVqjSHv3WEVOOwW3FLTT6riexYe6BzaHvoJUQXq 1DqmzCHhNjr6Fq5f++PuiKQSvb0MPn4dk+ZK7gXHshoNG05uSmXgTKr3l13oP9/5 XdiecNJF0eQjfSttLkc+T/LYVRlTanbyWODwlgPZaugDyDgBmUJsSyGV5xTt2w23 mZ4Rl1Au3UofuudPqf10 =Cu6i -----END PGP SIGNATURE----- _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
