On Fri, Jul 20, 2018 at 10:02:21AM +0900, Ard Biesheuvel wrote: > On 20 July 2018 at 00:50, Mark Brown <broonie@xxxxxxxxxx> wrote: > > Existing hardware can definitely do the IV generation and I believe that > > it can chain multiple sectors together though I'd need to confirm this, > > as mentioned elsewhere in the thread the ccree driver is for one of > > the relevant devices. I've poked some relevant people. > As far as I can infer from the ccree driver source, IV generation and > en/decryption are separate operations, and given that each sector > requires both operations to be applied in sequence, letting the crypto > layer handle an entire bio does not have any benefit *at the moment*. Interesting... they were reporting some benefits from that with their out of tree driver prior to upstreaming (and there are other implementations out there, that's the only one I definitely know about). I have to confess I didn't look at their in tree driver, looking briefly now it looks awfully like the hardware should be able to chain IV generation together with encryption without bothering the CPU which would be good enough. > In fact, it seems to me that the ability to use protected AES keys is > much more appealing than any performance argument (including 'it may > be slower but at least it does not load the CPU'), so some background > on how such a change would enable this use case would be beneficial as > well to getting this adopted. Right, that's another benefit which was on the radar for followup work. > So my recommendation would be to focus on moving the IV generation > into the crypto layer, but conservatively, and not confuse people by > making additional changes that could theoretically improve > performance, but only on hardware that does not exist. It certainly seems like splitting things up will at least allow things to progress.
Attachment:
signature.asc
Description: PGP signature
-- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel