Hi Tyler, > Can you elaborate some on the use case you have? On many modern embedded SoCs, there are multiple implementations of the same crypto algorithm---usually a CPU-based implementation using ISA extensions and a "security engine" implementation that implements crypto primitives on dedicated silicon. There are a few tradeoffs involved (performance, CPU overhead, resistance to side-channels attacks, etc), so it is not always clear which implementation is best. An SoC that I've been working on has both the CPU implementation and the security engine implementation of the cbc(aes) algorithm at the same priority, so the one picked to perform the encryption for a given ecryptfs mount is somewhat random. My intention with this patch is to be able to select which implementation gets used for the mount using the ecryptfs_cipher_driver option instead of having the kernel pick. The fact that this would also effectively override the ecryptfs_cipher option is an unintended side effect, since the crypto_alloc_skcipher() function will take either the algorithm name or the driver name. Maybe there is a better way to do this? Thanks, Brian
