| Message ID | 20230425104835.655946-4-Quirin.Gylstorff@siemens.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Fixes for secure boot | expand |
On 25.04.23 12:48, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > cryptsetup uses the user api of `CONFIG_CRYPTO_USER_API_SKCIPHER` > to generate the keys. > But why does this only affect buster? Jan > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > recipes-kernel/linux/files/buster-crypt.cfg | 2 ++ > recipes-kernel/linux/linux-cip-common.inc | 1 + > 2 files changed, 3 insertions(+) > create mode 100644 recipes-kernel/linux/files/buster-crypt.cfg > > diff --git a/recipes-kernel/linux/files/buster-crypt.cfg b/recipes-kernel/linux/files/buster-crypt.cfg > new file mode 100644 > index 0000000..e3ca518 > --- /dev/null > +++ b/recipes-kernel/linux/files/buster-crypt.cfg > @@ -0,0 +1,2 @@ > +CONFIG_CRYPTO_USER_API_SKCIPHER=y > + > diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc > index 2d878a1..762a86b 100644 > --- a/recipes-kernel/linux/linux-cip-common.inc > +++ b/recipes-kernel/linux/linux-cip-common.inc > @@ -24,5 +24,6 @@ SRC_URI:append = " ${@ "git://gitlab.com/cip-project/cip-kernel/cip-kernel-confi > }" > > SRCREV_cip-kernel-config ?= "0188d9a54615767c00b77116146409edfa35497c" > +SRC_URI:append:encrypt-partitions:buster = " file://buster-crypt.cfg" > > S = "${WORKDIR}/linux-cip-${PV}"
On 4/26/23 14:00, Jan Kiszka wrote: > On 25.04.23 12:48, Quirin Gylstorff wrote: >> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> >> cryptsetup uses the user api of `CONFIG_CRYPTO_USER_API_SKCIPHER` >> to generate the keys. >> > > But why does this only affect buster? > > Jan cryptsetup 2.1(used by Debian Buster) requires `algif_skcipher` to generate a cipher. cryptsetup 2.3(used by Debian bullseye) and later does not require the kernel interface as can use openssl as the backend for the cipher. I can add the option `CONFIG_CRYPTO_USER_API_SKCIPHER` to the cip-kernel-config as it is necessary to run the cryptsetup benchmarks. Quirin > >> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> --- >> recipes-kernel/linux/files/buster-crypt.cfg | 2 ++ >> recipes-kernel/linux/linux-cip-common.inc | 1 + >> 2 files changed, 3 insertions(+) >> create mode 100644 recipes-kernel/linux/files/buster-crypt.cfg >> >> diff --git a/recipes-kernel/linux/files/buster-crypt.cfg b/recipes-kernel/linux/files/buster-crypt.cfg >> new file mode 100644 >> index 0000000..e3ca518 >> --- /dev/null >> +++ b/recipes-kernel/linux/files/buster-crypt.cfg >> @@ -0,0 +1,2 @@ >> +CONFIG_CRYPTO_USER_API_SKCIPHER=y >> + >> diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc >> index 2d878a1..762a86b 100644 >> --- a/recipes-kernel/linux/linux-cip-common.inc >> +++ b/recipes-kernel/linux/linux-cip-common.inc >> @@ -24,5 +24,6 @@ SRC_URI:append = " ${@ "git://gitlab.com/cip-project/cip-kernel/cip-kernel-confi >> }" >> >> SRCREV_cip-kernel-config ?= "0188d9a54615767c00b77116146409edfa35497c" >> +SRC_URI:append:encrypt-partitions:buster = " file://buster-crypt.cfg" >> >> S = "${WORKDIR}/linux-cip-${PV}" >
diff --git a/recipes-kernel/linux/files/buster-crypt.cfg b/recipes-kernel/linux/files/buster-crypt.cfg new file mode 100644 index 0000000..e3ca518 --- /dev/null +++ b/recipes-kernel/linux/files/buster-crypt.cfg @@ -0,0 +1,2 @@ +CONFIG_CRYPTO_USER_API_SKCIPHER=y + diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc index 2d878a1..762a86b 100644 --- a/recipes-kernel/linux/linux-cip-common.inc +++ b/recipes-kernel/linux/linux-cip-common.inc @@ -24,5 +24,6 @@ SRC_URI:append = " ${@ "git://gitlab.com/cip-project/cip-kernel/cip-kernel-confi }" SRCREV_cip-kernel-config ?= "0188d9a54615767c00b77116146409edfa35497c" +SRC_URI:append:encrypt-partitions:buster = " file://buster-crypt.cfg" S = "${WORKDIR}/linux-cip-${PV}"