On Sun, May 10, 2020 at 07:54:06AM -0700, Paul Goyette wrote:
Prior to the encrypted-swap commit, a kernel configured without the
``pseudo-device crypto'' was able to link and run successfully. (Any
attempt to use rijndael results in an auto-load of the crypto module.)
Even without 'pseudo-device crypto' some kernels still build, as long
as the dependency to the rijndael files exists in the kernel configuration.
This is e.g. true if you built with wlan drivers or cgd.
Here is a patch that makes encrypted swap (but not rijndael) optional:
http://ftp.netbsd.org/pub/NetBSD/misc/mlelstv/uvm_swap.diff
which might be useful to create small kernels (it's just about 16kB).
Otherwise you could just add the dependency to uvm unconditionally.
Seems to me that any attempt to enable encrypted-swap should also
trigger an auto-load for the crypto module. Appropriate module hooks
should be used to avoid the undefined symbols.
The rijndael code is not a module, and the crypto module is neither used
nor referenced, it shouldn't be loaded then.
You would be perfectly right if it wasn't rijndael but e.g. des.