Sep 1, 2025, 02:28 by g...@suse.com: > On Mon, Sep 01, 2025 at 03:42:19AM +0200, upcountry_ahead...@slmail.me wrote: > >> >> Hi, >> >> > Git repo: >> > https://github.com/lcp/grub2/tree/libgcrypt-1.11.0-argon2-hw-accel-upstream >> > >> > This patchset is based on Vladimir's libgcrypt 1.11.0 patches. >> > >> > With the newer libgcrypt code, it's possible to drop the hardware >> > acceleration code into libgcrypt-grub. I managed to build the sha256 and >> > blake2 modules with the available optimization code for grub-emu, and >> > the result looks promising. For a 20MB LUKS2 block with pbkdf2 (sha256), >> > the original decryption time is 10~11 seconds. With intel shaext, it >> > becomes 3~4 seconds. >> > >> > I also have a tentative implementation for Argon2. With AVX2 support, >> > the decryption time is down from 26 seconds to 20 seconds. >> >> This is really useful! I was able to get the decryption time from 17 s to 9 >> s for my case after cherry-picking this patch series onto >> https://lists.gnu.org/archive/html/grub-devel/2025-08/msg00226.html. >> > Thanks for testing the patch. Since you mentioned SHA512 below, you > are likely using PBKDF2. The Argon2 patches are not necessary in your use > case. > [...]> On the other hand, you could also try my PBKDF2 optimization patches: > https://lists.gnu.org/archive/html/grub-devel/2025-08/msg00080.html >
Ah, I should clarify that my partition is actually Argon2, but I explicitly set the hash to SHA512 instead of the default of SHA256 since SHA512 is _allegedly_ faster to compute (https://crypto.stackexchange.com/questions/26336/sha-512-faster-than-sha-256) and I just like SHA512. I'm more than happy to add a new PBKDF2 keyslot to my partition and benchmark that patchset though when I'm not too busy though, but since it won't be the first keyslot, the measurements will have a significant constant offset though. Will follow up _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
