How to enable xts(ecb(aes-generic))
by foxite from LinuxQuestions.org on (#5MSQP)
xts(ecb(aes-generic)) is not present in /proc/crypto, but I need it to fix a serious problem with my computer. How can I enable it?
Background, if you're curious why I need such a specific thing:
Quote:
Background, if you're curious why I need such a specific thing:
Quote:
| Up until last month I have been using arch linux on an unencrypted drive. Since then, my drives have been encrypted using dm-crypt. Soon after I implemented encryption, I noticed a problem: whenever a process writes a lot of data to the disk, my system grinds to a halt. After some research, I found out that Cloudflare had the exact same problem, and they wrote a kernel patch to fix it. You can read more about that here. https://blog.cloudflare.com/speeding...sk-encryption/ Their patch adds a cipher which acts as a proxy to two other ciphers. One is aes-ni which uses hardware acceleration, the other is aes-generic -- specifically, xts(ecb(aes-generic)) -- which is slower but has the benefit of not requiring the use of a CPU register which is not safe to use in an interrupt context. Cloudflare's cipher decides which one to use based on whether or not the current context is an interrupt context. In the article, they demonstrate the effectiveness of their patch by creating an encrypted ramdisk and benchmarking it. With the standard cipher, the problem is apparent. When they execute this command: Code:sudo dmsetup table encrypted-ram0 --showkeys | sed 's/aes-xts-plain64/capi:xts-aes-xtsproxy-plain64/' | sed 's/$/ 1 force_inline/' | sudo dmsetup reload encrypted-ram0Which tells dm-crypt to use Cloudflare's cipher instead, after benchmarking the encrypted ramdisk again, the problem is completely gone. So I downloaded the kernel source code, applied Cloudflare's patch, and compiled the kernel and rebooted using it. I retrace Cloudflare's steps and create an encrypted ramdisk. However, when I try to execute the above command, I get this error: Code:device-mapper: reload ioctl on encrypted-ram0 failed: Invalid argument Command failed.Some deeper investigation has shown that xts(ecb(aes-generic)) is not present inside /proc/crypto, while Cloudflare does have access to it in their kernels, which appears to be linux-lts, which is what I'm using. Cloudflare makes no mention of the need to enable this cipher in their article. I'm pretty much stumped as to why I am missing this cipher, the one person who I know personally that also uses linux does not have the cipher either, and I don't know where to look for how to enable it. So I turn to linuxquestions. |