* [PATCH] openssl: disable cryptodev by default
@ 2017-03-08 16:57 Ross Burton
2017-03-08 17:05 ` Martin Jansa
2017-03-08 17:28 ` Mark Hatle
0 siblings, 2 replies; 7+ messages in thread
From: Ross Burton @ 2017-03-08 16:57 UTC (permalink / raw)
To: openembedded-core
Cryptodev is a way for userspace to access the kernel crypto drivers (and so,
hardware crypto).
Not all hardware supports cryptodev so this is something that should be enabled
in a BSP layer instead of in oe-core.
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
meta/recipes-connectivity/openssl/openssl.inc | 2 ++
meta/recipes-connectivity/openssl/openssl_1.0.2k.bb | 5 -----
2 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 9afa5bd..03dee0e 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -15,7 +15,9 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
"
S = "${WORKDIR}/openssl-${PV}"
+PACKAGECONFIG ??= ""
PACKAGECONFIG[perl] = ",,,"
+PACKAGECONFIG[cryptodev] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,-UHAVE_CRYPTODEV,cryptodev-linux"
AR_append = " r"
TERMIO_libc-musl = "-DTERMIOS"
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
index 1973f81..4436ba3 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
@@ -1,10 +1,5 @@
require openssl.inc
-# For target side versions of openssl enable support for OCF Linux driver
-# if they are available.
-DEPENDS += "cryptodev-linux"
-
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
CFLAG_append_class-native = " -fPIC"
LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
--
2.8.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] openssl: disable cryptodev by default
2017-03-08 16:57 [PATCH] openssl: disable cryptodev by default Ross Burton
@ 2017-03-08 17:05 ` Martin Jansa
2017-03-08 17:28 ` Mark Hatle
1 sibling, 0 replies; 7+ messages in thread
From: Martin Jansa @ 2017-03-08 17:05 UTC (permalink / raw)
To: Ross Burton; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 2251 bytes --]
On Wed, Mar 08, 2017 at 04:57:04PM +0000, Ross Burton wrote:
> Cryptodev is a way for userspace to access the kernel crypto drivers (and so,
> hardware crypto).
>
> Not all hardware supports cryptodev so this is something that should be enabled
> in a BSP layer instead of in oe-core.
How is BSP layer supposed to enable this without being considered toxic
to all other layers which might support MACHINEs with the same
TUNE_PKGARCH?
> Signed-off-by: Ross Burton <ross.burton@intel.com>
> ---
> meta/recipes-connectivity/openssl/openssl.inc | 2 ++
> meta/recipes-connectivity/openssl/openssl_1.0.2k.bb | 5 -----
> 2 files changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
> index 9afa5bd..03dee0e 100644
> --- a/meta/recipes-connectivity/openssl/openssl.inc
> +++ b/meta/recipes-connectivity/openssl/openssl.inc
> @@ -15,7 +15,9 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
> "
> S = "${WORKDIR}/openssl-${PV}"
>
> +PACKAGECONFIG ??= ""
> PACKAGECONFIG[perl] = ",,,"
> +PACKAGECONFIG[cryptodev] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,-UHAVE_CRYPTODEV,cryptodev-linux"
>
> AR_append = " r"
> TERMIO_libc-musl = "-DTERMIOS"
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> index 1973f81..4436ba3 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> @@ -1,10 +1,5 @@
> require openssl.inc
>
> -# For target side versions of openssl enable support for OCF Linux driver
> -# if they are available.
> -DEPENDS += "cryptodev-linux"
> -
> -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
> CFLAG_append_class-native = " -fPIC"
>
> LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
> --
> 2.8.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 201 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] openssl: disable cryptodev by default
2017-03-08 16:57 [PATCH] openssl: disable cryptodev by default Ross Burton
2017-03-08 17:05 ` Martin Jansa
@ 2017-03-08 17:28 ` Mark Hatle
2017-03-08 17:35 ` Richard Purdie
1 sibling, 1 reply; 7+ messages in thread
From: Mark Hatle @ 2017-03-08 17:28 UTC (permalink / raw)
To: openembedded-core
On 3/8/17 10:57 AM, Ross Burton wrote:
> Cryptodev is a way for userspace to access the kernel crypto drivers (and so,
> hardware crypto).
If the BSP does not support crypto dev, what is the harm in this? It should
fall back to standard behaviors.
> Not all hardware supports cryptodev so this is something that should be enabled
> in a BSP layer instead of in oe-core.
This would make the package be machine specific, which I'm not sure is good for
a package like openssl. (Distro specific, I'm fine with -- machine I've got
concerns.)
--Mark
> Signed-off-by: Ross Burton <ross.burton@intel.com>
> ---
> meta/recipes-connectivity/openssl/openssl.inc | 2 ++
> meta/recipes-connectivity/openssl/openssl_1.0.2k.bb | 5 -----
> 2 files changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
> index 9afa5bd..03dee0e 100644
> --- a/meta/recipes-connectivity/openssl/openssl.inc
> +++ b/meta/recipes-connectivity/openssl/openssl.inc
> @@ -15,7 +15,9 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
> "
> S = "${WORKDIR}/openssl-${PV}"
>
> +PACKAGECONFIG ??= ""
> PACKAGECONFIG[perl] = ",,,"
> +PACKAGECONFIG[cryptodev] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,-UHAVE_CRYPTODEV,cryptodev-linux"
>
> AR_append = " r"
> TERMIO_libc-musl = "-DTERMIOS"
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> index 1973f81..4436ba3 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> @@ -1,10 +1,5 @@
> require openssl.inc
>
> -# For target side versions of openssl enable support for OCF Linux driver
> -# if they are available.
> -DEPENDS += "cryptodev-linux"
> -
> -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
> CFLAG_append_class-native = " -fPIC"
>
> LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] openssl: disable cryptodev by default
2017-03-08 17:28 ` Mark Hatle
@ 2017-03-08 17:35 ` Richard Purdie
2017-03-08 17:43 ` Burton, Ross
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Richard Purdie @ 2017-03-08 17:35 UTC (permalink / raw)
To: Mark Hatle, openembedded-core
On Wed, 2017-03-08 at 11:28 -0600, Mark Hatle wrote:
> On 3/8/17 10:57 AM, Ross Burton wrote:
> >
> > Cryptodev is a way for userspace to access the kernel crypto
> > drivers (and so,
> > hardware crypto).
> If the BSP does not support crypto dev, what is the harm in this? It
> should fall back to standard behaviors.
Note that the implication here is that openssl depends on the kernel
building and many other pieces of the system depend on openssl so it
does bottleneck the build somewhat.
It also means a kernel rebuild ends up triggering half the userspace to
rebuild which is annoying for users.
> > Not all hardware supports cryptodev so this is something that
> > should be enabled
> > in a BSP layer instead of in oe-core.
> This would make the package be machine specific, which I'm not sure
> is good for
> a package like openssl. (Distro specific, I'm fine with -- machine
> I've got
> concerns.)
How commonly are kernel crypto drivers used?
Cheers,
Richard
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] openssl: disable cryptodev by default
2017-03-08 17:35 ` Richard Purdie
@ 2017-03-08 17:43 ` Burton, Ross
2017-03-08 17:44 ` Richard Purdie
2017-03-08 17:44 ` Mark Hatle
2 siblings, 0 replies; 7+ messages in thread
From: Burton, Ross @ 2017-03-08 17:43 UTC (permalink / raw)
To: Richard Purdie; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 579 bytes --]
On 8 March 2017 at 17:35, Richard Purdie <richard.purdie@linuxfoundation.org
> wrote:
> Note that the implication here is that openssl depends on the kernel
> building and many other pieces of the system depend on openssl so it
> does bottleneck the build somewhat.
>
> It also means a kernel rebuild ends up triggering half the userspace to
> rebuild which is annoying for users.
>
I swear I was seeing this, but can't see how it would happen now. The bulk
of this patch is a sensible cleanup anyway so I shall verify my tests and
most likely resubmit.
Ross
[-- Attachment #2: Type: text/html, Size: 1014 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] openssl: disable cryptodev by default
2017-03-08 17:35 ` Richard Purdie
2017-03-08 17:43 ` Burton, Ross
@ 2017-03-08 17:44 ` Richard Purdie
2017-03-08 17:44 ` Mark Hatle
2 siblings, 0 replies; 7+ messages in thread
From: Richard Purdie @ 2017-03-08 17:44 UTC (permalink / raw)
To: Mark Hatle, openembedded-core
On Wed, 2017-03-08 at 17:35 +0000, Richard Purdie wrote:
> On Wed, 2017-03-08 at 11:28 -0600, Mark Hatle wrote:
> >
> > On 3/8/17 10:57 AM, Ross Burton wrote:
> > >
> > >
> > > Cryptodev is a way for userspace to access the kernel crypto
> > > drivers (and so,
> > > hardware crypto).
> > If the BSP does not support crypto dev, what is the harm in
> > this? It
> > should fall back to standard behaviors.
> Note that the implication here is that openssl depends on the kernel
> building and many other pieces of the system depend on openssl so it
> does bottleneck the build somewhat.
>
> It also means a kernel rebuild ends up triggering half the userspace
> to rebuild which is annoying for users.
Just to clarify, it doesn't depend on the kernel module, only on a
header so it shouldn't be triggering kernel dependencies. I was getting
some recipe names confused.
I think Ross is going to take another look at this patch...
Cheers,
Richard
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] openssl: disable cryptodev by default
2017-03-08 17:35 ` Richard Purdie
2017-03-08 17:43 ` Burton, Ross
2017-03-08 17:44 ` Richard Purdie
@ 2017-03-08 17:44 ` Mark Hatle
2 siblings, 0 replies; 7+ messages in thread
From: Mark Hatle @ 2017-03-08 17:44 UTC (permalink / raw)
To: Richard Purdie, openembedded-core
On 3/8/17 11:35 AM, Richard Purdie wrote:
> On Wed, 2017-03-08 at 11:28 -0600, Mark Hatle wrote:
>> On 3/8/17 10:57 AM, Ross Burton wrote:
>>>
>>> Cryptodev is a way for userspace to access the kernel crypto
>>> drivers (and so,
>>> hardware crypto).
>> If the BSP does not support crypto dev, what is the harm in this? It
>> should fall back to standard behaviors.
>
> Note that the implication here is that openssl depends on the kernel
> building and many other pieces of the system depend on openssl so it
> does bottleneck the build somewhat.
I thought the crypto dev interface had been standardized and no longer required
a specific kernel-specific instance. If this is not true, then it's effectively
machine specific already.
> It also means a kernel rebuild ends up triggering half the userspace to
> rebuild which is annoying for users.
>
>
>>> Not all hardware supports cryptodev so this is something that
>>> should be enabled
>>> in a BSP layer instead of in oe-core.
>> This would make the package be machine specific, which I'm not sure
>> is good for
>> a package like openssl. (Distro specific, I'm fine with -- machine
>> I've got
>> concerns.)
>
> How commonly are kernel crypto drivers used?
We are seeing it used a lot, especially on IA platforms. (I have seen some
usage on an arm platform, but don't remember which.)
--Mark
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-03-08 17:44 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-08 16:57 [PATCH] openssl: disable cryptodev by default Ross Burton
2017-03-08 17:05 ` Martin Jansa
2017-03-08 17:28 ` Mark Hatle
2017-03-08 17:35 ` Richard Purdie
2017-03-08 17:43 ` Burton, Ross
2017-03-08 17:44 ` Richard Purdie
2017-03-08 17:44 ` Mark Hatle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.