On Thu, Jun 12, 2025 at 09:21:26AM +0900, Simon Richter wrote: > Hi, > > On 6/12/25 05:58, Eric Biggers wrote: > > > But > > otherwise this style of hardware offload is basically obsolete and has > > been superseded by hardware-accelerated crypto instructions directly on > > the CPU as well as inline storage encryption (UFS/eMMC). > > For desktop, yes, but embedded still has quite a few of these, for example > the STM32 crypto offload engine, and I expect quite a few FPGA based > implementations exist, so this would require vendors to maintain a fork to > keep their out-of-tree drivers functional when updating the kernel. > > POWER also has an asynchronous offload engine with AES, SHA and gzip > support, these are significantly faster than the CPU.
Do you know if anyone is actually still using a legacy-style accelerator with fscrypt, and if so what specific performance improvements are they getting? Arguing that legacy-style crypto acceleration could theoretically be useful in general isn't really relevant here. What's relevant here is whether it's actually useful and worthwhile with this specific kernel subsystem. As I mentioned, fscrypt has never been optimized for legacy-style accelerators anyway, and no one has ever tried to do so. It just hasn't been relevant. Meanwhile, the real feedback I *do* get from users is that these drivers are causing problems for users, since the Crypto API (unwisely) enables them by default and thus fscrypt uses them by default. There are people who do care about some of these drivers, but they tend to be the manufacturer of the hardware, not the users. To me it seems like more of a check-box exercise than something that is actually worth using in practice. > If a buggy engine passes self-test, can this simply be fixed by adding more > tests? :> The crypto self-tests are disabled by default, just like any other kernel subsystem. They are supposed to be run before a kernel is released, but for most of the drivers they aren't, since people don't have the hardware. Thus, a lot of drivers in-tree don't even pass the tests we do have. Some distros do enable the crypto self-tests in production kernels, but only the fast tests; the full set of tests is too slow to enable in production. But even the full tests don't properly test the hardware offload drivers, which have unique challenges that do not exist in software code. - Eric _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel