Port-arm archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cgd and aes instruction set

Hello Alexander,
(I will comment only about the former because adding cgd was probably
the only reason that I had to have a GENERIC64.local (but I no
longer do that :)))

Alexander Nasonov writes:
> [...]
> I'd like to bring up two things on this list. The first one is
> trivial, the second will take some time to implement but it should
> be pretty straightforward.
> 1. cgd isn't enabled in GENERIC64. Given a recent progress on getting
>    aarch64 support on cloud platforms (Scaleway & AWS clouds, for
>    instance), disk encryption should be readily available for people
>    who don't want to leave valuable information on someone else's
>    disks.
> [...]

At least with GENERIC64 I see that the cgd module is automa{gi,ti}cally

 % modstat | grep cgd
 cgd                     driver   filesys  a        0       - blowfish,des,dk_subr,bufq_fcfs

(But I'm not sure that's always the case (e.g. if no /etc/cgd/cgd.conf
is not present and cgd is later needed when the secure level is
set to 1 I guess that this won't work and cgd needs to be added to
/etc/modules.conf. So, yes, probably having it in GENERIC64 is good))

Home | Main Index | Thread Index | Old Index