On Wed, October 3, 2007 22:52, Reinhard Tartler wrote:
In ubuntu, we have patched cryptsetup so that it looks for
optimized ciphers kernel modules and loads them if
available. Please consider merging this patch to debian.
In general a good idea, some comments below:
diff -pruN 2:1.0.5-2/debian/cryptdisks.functions
2:1.0.5-2ubuntu1/debian/cryptdisks.functions
--- 2:1.0.5-2/debian/cryptdisks.functions 2007-10-03 00:08:07.0
+0100
+++ 2:1.0.5-2ubuntu1/debian/cryptdisks.functions 2007-10-03
00:07:57.0 +0100
@@ -1,3 +1,8 @@
+#
+# This file is for inclusion with
+#. /lib/cryptsetup/cryptdisks.functions
+# and should not be executed directly.
+
PATH=/sbin:/bin
TABFILE=/etc/crypttab
CRYPTDISKS_ENABLE=Yes
@@ -391,6 +412,18 @@ do_close () {
return $?
}
+load_optimized_aes_module () {
+local asm_module modulesdir
+
+# find directory with kernel modules
+modulesdir=/lib/modules/`uname -r`
+# Add assembly optimized AES module if it exists
+asm_module=`ls -1 $modulesdir/kernel/arch/*/*/aes*.ko`
+if [ $asm_module ];then
if [ -n $asm_module ]; thenbut see below
+ insmod $asm_module 2/dev/null || true
+fi
+}
It seems unnecessary to have an aes-specific function, why not:
load_optimized_module() {
local module optmodule
module=$1
optmodule=$(find /lib/modules/$(uname -r)/kernel/arch -name
${module}*.ko 2 /dev/null)
if [ -n $optmodule ] [ $(echo -n $optmodule | wc -l) -eq
1 ]; then
modprobe $optmodule 2/dev/null return 0
fi
modprobe $module 2/dev/null || return 1
return 0
}
(I haven't tested that code, I just wrote it up to show the idea)
Advantages:
* works for all kinds of modules (twofish for example).
* use of modprobe allows blacklists to work
* falls back on non-optimized module automatically
* detects if more than one candidate is found (most likely an error) and
falls back to unoptimized
# Sets up all entries in crypttab
do_start () {
local dst src key opts result
@@ -399,6 +432,7 @@ do_start () {
modprobe -qb dm-crypt || true
dmsetup mknodes /dev/null 21 || true
log_action_begin_msg Starting $INITSTATE crypto disks
+ load_optimized_aes_module
With the above function, the function call could go someplace else
(probably to the cipher part of the big switch statement in parse_opts.
--- 2:1.0.5-2/debian/initramfs/cryptroot-hook 2007-10-03
00:08:07.0 +0100
+++ 2:1.0.5-2ubuntu1/debian/initramfs/cryptroot-hook 2007-10-03
00:07:57.0 +0100
@@ -357,9 +371,18 @@ add_device() {
# Unless MODULES = dep, we always add a basic subset of modules/tools
if [ $MODULES != dep ]; then
- for mod in dm_mod dm_crypt aes sha256 cbc; do
+ for mod in dm_mod dm_crypt sha256 cbc; do
manual_add_modules $mod
done
+
+ # Add assembly optimized AES module if it exists
+ asm_module=`find $MODULESDIR/kernel/arch/ -name aes\*`
+ if [ $asm_module ];then
+ manual_add_modules `basename $asm_module|sed s/.ko//`
+ else
+ manual_add_modules aes
+ fi
+
And then a copy of the function above, but with manual_add_modules instead
of modprobe, can be added to the initramfs hook.
--
David Härdeman
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
