On Wed, Jul 31, 2024 at 10:48:15AM -0400, John Baldwin wrote:
> On 7/31/24 08:15, void wrote:
> > Hi,
> >
> > Looking at man 4 aesni it appears this pertains to intel and AMD only?
> > is its prescence on arm64 a bug?
> >
> > It seems to be added to /boot/loader.conf by default.
> >
> > The method I used to install is to boot to the latest snapshot at
> > the time, then plug in a usb3 disk, ran bsdinstall to that disk,
> > rebooted (this booted initially to the installer image), mounted the
> > msdos partition on /mnt. moved the /boot/efi/efi from the installed-to
> > disk out of the way, copied everything in /mnt to /boot/efi,
> > moved the /boot/efi/efi back to where it originally was, halted the machine
> > and
> > removed the installer image. This was to achieve zfs-on-root.
> >
> > Maybe something about the way I installed meant aesni was added?
>
> Looks like bsdinstall hardcodes aesni without doing an architecture
> check for both ZFS and geli.
>
> Probably the bits of the zfsboot script referencing aesni need to
> switch on the architecture. The trick is that depending on the
> architecture you may want to load more than one module. For 14
> I think you could get by with something like:
>
> crypto_kld()
> {
> case `uname -m` in
> amd64|i386)
> echo "aesni"
> ;;
> arm64)
> echo "armv8crypto"
> ;;
> *)
> echo ""
> }
>
> Then in the other parts of zfsboot call this function and treat it as
> a list of modules. On main I think you would want 32-bit arm and
> powerpc64 to list ossl, and you might want to include ossl for
> x86 and arm64 as well (eventually ossl should replace aesni and
> armv8crypto IMO).
Note that aesni has been compiled into amd64 kernels for a while, so
it's not really necessary to load aesni.ko explicitly unless one is
using a custom kernel. But yes, your proposal is better than loading
nothing at all.
> Side topic: the ossl(4) manpage in main is stale and needs to be updated
> to reflect armv7 and powerpc64 support. I'm not sure yet if it supports
> AES-GCM for armv8 as well.
No, I don't believe AES-GCM is supported on arm64. I'll work on getting
the man page updated this week.
