Re: cgd and aes instruction set

To: port-arm%NetBSD.org@localhost
Subject: Re: cgd and aes instruction set
From: Leonardo Taccari <leot%NetBSD.org@localhost>
Date: Sun, 02 Dec 2018 23:44:45 +0100

Hello Alexander,
(I will comment only about the former because adding cgd was probably
the only reason that I had to have a GENERIC64.local (but I no
longer do that :)))

Alexander Nasonov writes:
> [...]
> I'd like to bring up two things on this list. The first one is
> trivial, the second will take some time to implement but it should
> be pretty straightforward.
>
> 1. cgd isn't enabled in GENERIC64. Given a recent progress on getting
>    aarch64 support on cloud platforms (Scaleway & AWS clouds, for
>    instance), disk encryption should be readily available for people
>    who don't want to leave valuable information on someone else's
>    disks.
> [...]

At least with GENERIC64 I see that the cgd module is automa{gi,ti}cally
loaded:

 % modstat | grep cgd
 cgd                     driver   filesys  a        0       - blowfish,des,dk_subr,bufq_fcfs

(But I'm not sure that's always the case (e.g. if no /etc/cgd/cgd.conf
is not present and cgd is later needed when the secure level is
set to 1 I guess that this won't work and cgd needs to be added to
/etc/modules.conf. So, yes, probably having it in GENERIC64 is good))

Follow-Ups:
- Re: cgd and aes instruction set
  - From: Paul Goyette

References:
- cgd and aes instruction set
  - From: Alexander Nasonov

Prev by Date: Re: arm_sync_icache on aarch64
Next by Date: Re: cgd and aes instruction set
Previous by Thread: Re: cgd and aes instruction set
Next by Thread: Re: cgd and aes instruction set
Indexes:

Home | Main Index | Thread Index | Old Index