From: Eric Biggers <ebiggers@kernel.org>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: linux-crypto@vger.kernel.org, linux-fscrypt@vger.kernel.org,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>
Subject: Re: [PATCH 2/2] fsverity: relax build time dependency on CRYPTO_SHA256
Date: Mon, 19 Apr 2021 15:05:24 -0700 [thread overview]
Message-ID: <YH3+pEyzcON8eEKJ@gmail.com> (raw)
In-Reply-To: <20210416160642.85387-3-ardb@kernel.org>
On Fri, Apr 16, 2021 at 06:06:42PM +0200, Ard Biesheuvel wrote:
> CONFIG_CRYPTO_SHA256 denotes the generic C implementation of the SHA-256
> shash algorithm, which is selected as the default crypto shash provider
> for fsverity. However, fsverity has no strict link time dependency, and
> the same shash could be exposed by an optimized implementation, and arm64
> has a number of those (scalar, NEON-based and one based on special crypto
> instructions). In such cases, it makes little sense to require that the
> generic C implementation is incorporated as well, given that it will never
> be called.
>
> To address this, relax the 'select' clause to 'imply' so that the generic
> driver can be omitted from the build if desired.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> fs/verity/Kconfig | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig
> index 88fb25119899..24d1b54de807 100644
> --- a/fs/verity/Kconfig
> +++ b/fs/verity/Kconfig
> @@ -3,9 +3,13 @@
> config FS_VERITY
> bool "FS Verity (read-only file-based authenticity protection)"
> select CRYPTO
> - # SHA-256 is selected as it's intended to be the default hash algorithm.
> + # SHA-256 is implied as it's intended to be the default hash algorithm.
> # To avoid bloat, other wanted algorithms must be selected explicitly.
> - select CRYPTO_SHA256
> + # Note that CRYPTO_SHA256 denotes the generic C implementation, but
> + # some architectures provided optimized implementations of the same
> + # algorithm that may be used instead. In this case, CRYPTO_SHA256 may
> + # be omitted even if SHA-256 is being used.
> + imply CRYPTO_SHA256
> help
> This option enables fs-verity. fs-verity is the dm-verity
> mechanism implemented at the file level. On supported
Looks fine,
Acked-by: Eric Biggers <ebiggers@google.com>
- Eric
prev parent reply other threads:[~2021-04-19 22:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-16 16:06 [PATCH 0/2] relax crypto Kconfig dependencies for fsverity/fscrypt Ard Biesheuvel
2021-04-16 16:06 ` [PATCH 1/2] fscrypt: relax Kconfig dependencies for crypto API algorithms Ard Biesheuvel
2021-04-19 22:03 ` Eric Biggers
2021-04-16 16:06 ` [PATCH 2/2] fsverity: relax build time dependency on CRYPTO_SHA256 Ard Biesheuvel
2021-04-19 22:05 ` Eric Biggers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YH3+pEyzcON8eEKJ@gmail.com \
--to=ebiggers@kernel.org \
--cc=ardb@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.