Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> wrote: > > > TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several > > > minutes on old and slow machines. > > > > Why is it doing that? It doesn't do anything unless it is called, so > > something must be calling it. > > I don't know. Enabling initcall_debug shows that dh_init() takes a very long > time. Ah... The bit that handles keyctl_dh_compute() doesn't do anything unless asked, but the bit in the crypto layer that does dh does (ie. dh_init()). I guess it's doing some sort of self-test, but I can't see how it effects that. I think you need to consult the author/maintainer of crypto/dh.c. It might be possible to make CONFIG_KEY_DH_OPERATIONS not depend on CONFIG_CRYPTO_DH and have crypto_alloc_kpp() load the *crypto* part on demand. Failing that, I can look into demand-loading keyctl operations. David