| Message ID | 20230904160254.429863-1-dimitri.ledkov@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [MANTIC] UBUNTU: [Config] Default module signing algo should be accelerated | expand |
On 04-09-2023 18:02, Dimitri John Ledkov wrote: > Default module signing algo should be accelerated. This is to ensure > the most optimal boot speed of lockedown systems that enforce kernel > module signature verification. Usually the accelerated version of > sha512 is loaded, but possibly much later during the boot. > > BugLink: https://bugs.launchpad.net/bugs/2034061 > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> > --- > debian.master/config/annotations | 20 +++++++++++++++----- > 1 file changed, 15 insertions(+), 5 deletions(-) > > diff --git a/debian.master/config/annotations b/debian.master/config/annotations > index 60be644b2e..ef9dc2ba82 100644 > --- a/debian.master/config/annotations > +++ b/debian.master/config/annotations > @@ -117,6 +117,21 @@ CONFIG_CRASH_DUMP note<'LP: #1363180'> > CONFIG_CRYPTO_SHA512 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> > CONFIG_CRYPTO_SHA512 note<'module signing'> > > +CONFIG_CRYPTO_SHA512_ARM policy<{'armhf': 'y'}> > +CONFIG_CRYPTO_SHA512_ARM note<'LP: #2034061'> > + > +CONFIG_CRYPTO_SHA512_ARM64 policy<{'arm64': 'y'}> > +CONFIG_CRYPTO_SHA512_ARM64 note<'LP: #2034061'> > + > +CONFIG_CRYPTO_SHA512_ARM64_CE policy<{'arm64': 'y'}> > +CONFIG_CRYPTO_SHA512_ARM64_CE note<'LP: #2034061'> > + > +CONFIG_CRYPTO_SHA512_S390 policy<{'s390x': 'y'}> > +CONFIG_CRYPTO_SHA512_S390 note<'LP: #2034061'> > + > +CONFIG_CRYPTO_SHA512_SSSE3 policy<{'amd64': 'y'}> > +CONFIG_CRYPTO_SHA512_SSSE3 note<'LP: #2034061'> > + > CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> > CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE note<'Obsolete w/ no known userspace dependencies'> > > @@ -3481,11 +3496,6 @@ CONFIG_CRYPTO_SHA3 policy<{'amd64': 'y', 'arm64': ' > CONFIG_CRYPTO_SHA3_256_S390 policy<{'s390x': 'm'}> > CONFIG_CRYPTO_SHA3_512_S390 policy<{'s390x': 'm'}> > CONFIG_CRYPTO_SHA3_ARM64 policy<{'arm64': 'm'}> > -CONFIG_CRYPTO_SHA512_ARM policy<{'armhf': 'm'}> > -CONFIG_CRYPTO_SHA512_ARM64 policy<{'arm64': 'm'}> > -CONFIG_CRYPTO_SHA512_ARM64_CE policy<{'arm64': 'm'}> > -CONFIG_CRYPTO_SHA512_S390 policy<{'s390x': 'm'}> > -CONFIG_CRYPTO_SHA512_SSSE3 policy<{'amd64': 'm'}> > CONFIG_CRYPTO_SIG2 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> > CONFIG_CRYPTO_SIMD policy<{'amd64': 'm', 'armhf': 'm'}> > CONFIG_CRYPTO_SKCIPHER policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
On Mon, Sep 04, 2023 at 05:02:54PM +0100, Dimitri John Ledkov wrote: > Default module signing algo should be accelerated. This is to ensure > the most optimal boot speed of lockedown systems that enforce kernel > module signature verification. Usually the accelerated version of > sha512 is loaded, but possibly much later during the boot. > > BugLink: https://bugs.launchpad.net/bugs/2034061 > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> > --- Applied to mantic/linux. Thanks! -Andrea > debian.master/config/annotations | 20 +++++++++++++++----- > 1 file changed, 15 insertions(+), 5 deletions(-) > > diff --git a/debian.master/config/annotations b/debian.master/config/annotations > index 60be644b2e..ef9dc2ba82 100644 > --- a/debian.master/config/annotations > +++ b/debian.master/config/annotations > @@ -117,6 +117,21 @@ CONFIG_CRASH_DUMP note<'LP: #1363180'> > CONFIG_CRYPTO_SHA512 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> > CONFIG_CRYPTO_SHA512 note<'module signing'> > > +CONFIG_CRYPTO_SHA512_ARM policy<{'armhf': 'y'}> > +CONFIG_CRYPTO_SHA512_ARM note<'LP: #2034061'> > + > +CONFIG_CRYPTO_SHA512_ARM64 policy<{'arm64': 'y'}> > +CONFIG_CRYPTO_SHA512_ARM64 note<'LP: #2034061'> > + > +CONFIG_CRYPTO_SHA512_ARM64_CE policy<{'arm64': 'y'}> > +CONFIG_CRYPTO_SHA512_ARM64_CE note<'LP: #2034061'> > + > +CONFIG_CRYPTO_SHA512_S390 policy<{'s390x': 'y'}> > +CONFIG_CRYPTO_SHA512_S390 note<'LP: #2034061'> > + > +CONFIG_CRYPTO_SHA512_SSSE3 policy<{'amd64': 'y'}> > +CONFIG_CRYPTO_SHA512_SSSE3 note<'LP: #2034061'> > + > CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> > CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE note<'Obsolete w/ no known userspace dependencies'> > > @@ -3481,11 +3496,6 @@ CONFIG_CRYPTO_SHA3 policy<{'amd64': 'y', 'arm64': ' > CONFIG_CRYPTO_SHA3_256_S390 policy<{'s390x': 'm'}> > CONFIG_CRYPTO_SHA3_512_S390 policy<{'s390x': 'm'}> > CONFIG_CRYPTO_SHA3_ARM64 policy<{'arm64': 'm'}> > -CONFIG_CRYPTO_SHA512_ARM policy<{'armhf': 'm'}> > -CONFIG_CRYPTO_SHA512_ARM64 policy<{'arm64': 'm'}> > -CONFIG_CRYPTO_SHA512_ARM64_CE policy<{'arm64': 'm'}> > -CONFIG_CRYPTO_SHA512_S390 policy<{'s390x': 'm'}> > -CONFIG_CRYPTO_SHA512_SSSE3 policy<{'amd64': 'm'}> > CONFIG_CRYPTO_SIG2 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> > CONFIG_CRYPTO_SIMD policy<{'amd64': 'm', 'armhf': 'm'}> > CONFIG_CRYPTO_SKCIPHER policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 60be644b2e..ef9dc2ba82 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -117,6 +117,21 @@ CONFIG_CRASH_DUMP note<'LP: #1363180'> CONFIG_CRYPTO_SHA512 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> CONFIG_CRYPTO_SHA512 note<'module signing'> +CONFIG_CRYPTO_SHA512_ARM policy<{'armhf': 'y'}> +CONFIG_CRYPTO_SHA512_ARM note<'LP: #2034061'> + +CONFIG_CRYPTO_SHA512_ARM64 policy<{'arm64': 'y'}> +CONFIG_CRYPTO_SHA512_ARM64 note<'LP: #2034061'> + +CONFIG_CRYPTO_SHA512_ARM64_CE policy<{'arm64': 'y'}> +CONFIG_CRYPTO_SHA512_ARM64_CE note<'LP: #2034061'> + +CONFIG_CRYPTO_SHA512_S390 policy<{'s390x': 'y'}> +CONFIG_CRYPTO_SHA512_S390 note<'LP: #2034061'> + +CONFIG_CRYPTO_SHA512_SSSE3 policy<{'amd64': 'y'}> +CONFIG_CRYPTO_SHA512_SSSE3 note<'LP: #2034061'> + CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE note<'Obsolete w/ no known userspace dependencies'> @@ -3481,11 +3496,6 @@ CONFIG_CRYPTO_SHA3 policy<{'amd64': 'y', 'arm64': ' CONFIG_CRYPTO_SHA3_256_S390 policy<{'s390x': 'm'}> CONFIG_CRYPTO_SHA3_512_S390 policy<{'s390x': 'm'}> CONFIG_CRYPTO_SHA3_ARM64 policy<{'arm64': 'm'}> -CONFIG_CRYPTO_SHA512_ARM policy<{'armhf': 'm'}> -CONFIG_CRYPTO_SHA512_ARM64 policy<{'arm64': 'm'}> -CONFIG_CRYPTO_SHA512_ARM64_CE policy<{'arm64': 'm'}> -CONFIG_CRYPTO_SHA512_S390 policy<{'s390x': 'm'}> -CONFIG_CRYPTO_SHA512_SSSE3 policy<{'amd64': 'm'}> CONFIG_CRYPTO_SIG2 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> CONFIG_CRYPTO_SIMD policy<{'amd64': 'm', 'armhf': 'm'}> CONFIG_CRYPTO_SKCIPHER policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
Default module signing algo should be accelerated. This is to ensure the most optimal boot speed of lockedown systems that enforce kernel module signature verification. Usually the accelerated version of sha512 is loaded, but possibly much later during the boot. BugLink: https://bugs.launchpad.net/bugs/2034061 Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- debian.master/config/annotations | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-)