Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> wrote:
TL;DR: CONFIG_CRYPTO_DH=y is reported to cause boot delays of several
minutes on old and slow machines.
Why is it doing that? It doesn't do anything unless it is called, so
something must be calling it.
I don't know. Enabling initcall_debug shows that dh_init() takes a very long
time.
Ah... The bit that handles keyctl_dh_compute() doesn't do anything unless
asked, but the bit in the crypto layer that does dh does (ie. dh_init()). I
guess it's doing some sort of self-test, but I can't see how it effects that.
I think you need to consult the author/maintainer of crypto/dh.c.
It might be possible to make CONFIG_KEY_DH_OPERATIONS not depend on
CONFIG_CRYPTO_DH and have crypto_alloc_kpp() load the *crypto* part on
demand. Failing that, I can look into demand-loading keyctl operations.
David
