Am Freitag, 11. September 2015, 11:49:32 schrieb Tim Chen: Hi Tim, >On Fri, 2015-09-11 at 19:02 +0200, Stephan Mueller wrote: >> Am Donnerstag, 10. September 2015, 17:04:31 schrieb Tim Chen: >> >> Hi Tim, >> >> >Is there a scenario you can think of >> >when a lower performing sha1 transform needs to >> >be exposed as a separate driver? >> >> My immediate concern is testing: it is hard to test the individual >> implementations. > >Not hard, just one line in the glue code to set the transform >to the one you need it you really want to test individual >implementation. Usually user of sha don't care which sha driver >they got, but just the highest priority one. >So you will anyway need to patch and change the priority of the sha >driver to expose a specific one for testing. Sure, it is not hard when you recompile. But when you have to test one given kernel binary, it is a challenge. > >> >Otherwise the glue code logic will only expose the >> >best performing one for a cpu and hide the others, which was intentional >> >on our part to prevent a lower performing sha from getting used. >> >> Agreed, but the kernel crypto API does that already using the priorities -- >> IMHO a very clean and easy to interpret solution. >> >> Furthermore, if somebody really has a need to not use the fastest HW >> implementation, the kernel crypto API allows him to do that. With the hard- >> wired approach in the glue file, you are stuck. > >Still, why would some kernel module specifically not want to >use the fastest HW implementation, and explicitly ask for >a slower driver? I have seen one instance where a hardware driver was broken on one particular hardware. So, the only way was to disable it. In our case here, disabling means to go back to the software implementation of SHA. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html