On 18 July 2017 at 06:25, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > On Tue, Jun 20, 2017 at 11:28:53AM +0200, Ard Biesheuvel wrote: >> The generic AES driver uses 16 lookup tables of 1 KB each, and has >> encryption and decryption routines that are fully unrolled. Given how >> the dependencies between this code and other drivers are declared in >> Kconfig files, this code is always pulled into the core kernel, even >> if it is usually superseded at runtime by accelerated drivers that >> exist for many architectures. > > Why can't we simply replace aes-generic with aes-ti? > Because it is slower, and how much slower is architecture dependent (if your arch has slow multiplication, aes-ti decryption will be dog slow compared to aes-generic) Also, quite a few architectures have table based implementations that reuse crypto_ft_tab/crypto_fl_tab etc so we'd need to factor out those into a separate module if we were to remove aes-generic.