Re: aesni_load present in /boot/loader.conf on arm64

In reply to: John Baldwin : "Re: aesni_load present in /boot/loader.conf on arm64"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Mark Johnston <markj_at_freebsd.org>
Date: Wed, 31 Jul 2024 14:54:27 UTC

On Wed, Jul 31, 2024 at 10:48:15AM -0400, John Baldwin wrote:
> On 7/31/24 08:15, void wrote:
> > Hi,
> > 
> > Looking at man 4 aesni it appears this pertains to intel and AMD only?
> > is its prescence on arm64 a bug?
> > 
> > It seems to be added to /boot/loader.conf by default.
> > 
> > The method I used to install is to boot to the latest snapshot at
> > the time, then plug in a usb3 disk, ran bsdinstall to that disk,
> > rebooted (this booted initially to the installer image), mounted the
> > msdos partition on /mnt. moved the /boot/efi/efi from the installed-to
> > disk out of the way, copied everything in /mnt to /boot/efi,
> > moved the /boot/efi/efi back to where it originally was, halted the machine and
> > removed the installer image. This was to achieve zfs-on-root.
> > 
> > Maybe something about the way I installed meant aesni was added?
> 
> Looks like bsdinstall hardcodes aesni without doing an architecture
> check for both ZFS and geli.
> 
> Probably the bits of the zfsboot script referencing aesni need to
> switch on the architecture.  The trick is that depending on the
> architecture you may want to load more than one module.  For 14
> I think you could get by with something like:
> 
> crypto_kld()
> {
>     case `uname -m` in
>     amd64|i386)
>         echo "aesni"
>         ;;
>     arm64)
>         echo "armv8crypto"
>         ;;
>     *)
>         echo ""
> }
> 
> Then in the other parts of zfsboot call this function and treat it as
> a list of modules.  On main I think you would want 32-bit arm and
> powerpc64 to list ossl, and you might want to include ossl for
> x86 and arm64 as well (eventually ossl should replace aesni and
> armv8crypto IMO).

Note that aesni has been compiled into amd64 kernels for a while, so
it's not really necessary to load aesni.ko explicitly unless one is
using a custom kernel.  But yes, your proposal is better than loading
nothing at all.

> Side topic: the ossl(4) manpage in main is stale and needs to be updated
> to reflect armv7 and powerpc64 support.  I'm not sure yet if it supports
> AES-GCM for armv8 as well.

No, I don't believe AES-GCM is supported on arm64.  I'll work on getting
the man page updated this week.