mbox series

[v2,0/2] relax crypto Kconfig dependencies for fsverity/fscrypt

Message ID 20210421075511.45321-1-ardb@kernel.org
Headers show
Series relax crypto Kconfig dependencies for fsverity/fscrypt | expand

Message

Ard Biesheuvel April 21, 2021, 7:55 a.m. UTC 
Relax 'select' dependencies to 'imply' for crypto algorithms that are
fulfilled only at runtime, and which may be implemented by other drivers
than the generic ones implemented in C. This permits, e.g., arm64 builds
to omit the generic CRYPTO_SHA256 and CRYPTO_AES drivers, both of which
are superseded by optimized scalar versions at the very least,

Changes since v1:
- use Eric's suggested comment text in patch #1
- add Eric's ack to partch #2

Cc: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: Eric Biggers <ebiggers@kernel.org>

Ard Biesheuvel (2):
  fscrypt: relax Kconfig dependencies for crypto API algorithms
  fsverity: relax build time dependency on CRYPTO_SHA256

 fs/crypto/Kconfig | 30 ++++++++++++++------
 fs/verity/Kconfig |  8 ++++--
 2 files changed, 28 insertions(+), 10 deletions(-)

Comments

Eric Biggers April 21, 2021, 6:18 p.m. UTC | #1 
On Wed, Apr 21, 2021 at 09:55:10AM +0200, Ard Biesheuvel wrote:
> Even if FS encryption has strict functional dependencies on various
> crypto algorithms and chaining modes. those dependencies could potentially
> be satisified by other implementations than the generic ones, and no link
> time dependency exists on the 'depends on' claused defined by
> CONFIG_FS_ENCRYPTION_ALGS.
> 
> So let's relax these clauses to 'imply', so that the default behavior
> is still to pull in those generic algorithms, but in a way that permits
> them to be disabled again in Kconfig.
> 
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---

Acked-by: Eric Biggers <ebiggers@google.com>

Herbert, is there still time for you to take these two patches through the
crypto tree for 5.13?  There aren't any other fscrypt or fsverity patches for
5.13, so that would be easiest for me.

- Eric
Herbert Xu April 22, 2021, 12:01 a.m. UTC | #2 
On Wed, Apr 21, 2021 at 11:18:05AM -0700, Eric Biggers wrote:
>

> Herbert, is there still time for you to take these two patches through the

> crypto tree for 5.13?  There aren't any other fscrypt or fsverity patches for

> 5.13, so that would be easiest for me.


Sure, I can take these patches.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu April 22, 2021, 7:48 a.m. UTC | #3 
Ard Biesheuvel <ardb@kernel.org> wrote:
> Relax 'select' dependencies to 'imply' for crypto algorithms that are

> fulfilled only at runtime, and which may be implemented by other drivers

> than the generic ones implemented in C. This permits, e.g., arm64 builds

> to omit the generic CRYPTO_SHA256 and CRYPTO_AES drivers, both of which

> are superseded by optimized scalar versions at the very least,

> 

> Changes since v1:

> - use Eric's suggested comment text in patch #1

> - add Eric's ack to partch #2

> 

> Cc: "Theodore Y. Ts'o" <tytso@mit.edu>

> Cc: Jaegeuk Kim <jaegeuk@kernel.org>

> Cc: Eric Biggers <ebiggers@kernel.org>

> 

> Ard Biesheuvel (2):

>  fscrypt: relax Kconfig dependencies for crypto API algorithms

>  fsverity: relax build time dependency on CRYPTO_SHA256

> 

> fs/crypto/Kconfig | 30 ++++++++++++++------

> fs/verity/Kconfig |  8 ++++--

> 2 files changed, 28 insertions(+), 10 deletions(-)


All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt