Re: aesni_load present in /boot/loader.conf on arm64

On 7/31/24 08:15, void wrote:
> Hi,
> 
> Looking at man 4 aesni it appears this pertains to intel and AMD only?
> is its prescence on arm64 a bug?
> 
> It seems to be added to /boot/loader.conf by default.
> 
> The method I used to install is to boot to the latest snapshot at
> the time, then plug in a usb3 disk, ran bsdinstall to that disk,
> rebooted (this booted initially to the installer image), mounted the
> msdos partition on /mnt. moved the /boot/efi/efi from the installed-to
> disk out of the way, copied everything in /mnt to /boot/efi,
> moved the /boot/efi/efi back to where it originally was, halted the machine and
> removed the installer image. This was to achieve zfs-on-root.
> 
> Maybe something about the way I installed meant aesni was added?

Looks like bsdinstall hardcodes aesni without doing an architecture
check for both ZFS and geli.

Probably the bits of the zfsboot script referencing aesni need to
switch on the architecture.  The trick is that depending on the
architecture you may want to load more than one module.  For 14
I think you could get by with something like:

crypto_kld()
{
     case `uname -m` in
     amd64|i386)
         echo "aesni"
         ;;
     arm64)
         echo "armv8crypto"
         ;;
     *)
         echo ""
}

Then in the other parts of zfsboot call this function and treat it as
a list of modules.  On main I think you would want 32-bit arm and
powerpc64 to list ossl, and you might want to include ossl for
x86 and arm64 as well (eventually ossl should replace aesni and
armv8crypto IMO).

Side topic: the ossl(4) manpage in main is stale and needs to be updated
to reflect armv7 and powerpc64 support.  I'm not sure yet if it supports
AES-GCM for armv8 as well.

-- 
John Baldwin