From patchwork Mon Sep  4 16:02:54 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
X-Patchwork-Id: 1829679
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=canonical.com header.i=@canonical.com
 header.a=rsa-sha256 header.s=20210705 header.b=WJg9azvw;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=185.125.189.65; helo=lists.ubuntu.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com;
 receiver=patchwork.ozlabs.org)
Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4RfYMc5qCRz1yh1
	for <incoming@patchwork.ozlabs.org>; Tue,  5 Sep 2023 02:03:24 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com)
	by lists.ubuntu.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1qdC2h-0002H0-2I; Mon, 04 Sep 2023 16:03:11 +0000
Received: from smtp-relay-internal-0.internal ([10.131.114.225]
 helo=smtp-relay-internal-0.canonical.com)
 by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.86_2) (envelope-from <dimitri.ledkov@canonical.com>)
 id 1qdC2f-0002Gp-9O
 for kernel-team@lists.ubuntu.com; Mon, 04 Sep 2023 16:03:09 +0000
Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com
 [209.85.210.198])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 77F933F186
 for <kernel-team@lists.ubuntu.com>; Mon,  4 Sep 2023 16:03:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1693843388;
 bh=DalsegQim5j/u4p/jdrwHLlQ8wNQbLsWWQ5efAQU1IM=;
 h=From:To:Subject:Date:Message-Id:MIME-Version;
 b=WJg9azvwUdyHQhWmalrS4JkXUQioTMD3NxmINTquYOZ/jTGHAbS/ChVvaHunYJVwH
 kXRFuTcrK7mw5uIbT1D2M5zKtl6k9B711fgEQM1ZU5Lzt13CeYpHM9UEHcCNlgDV0N
 ERRqtT2TQtN9XNJVtNBW5V81vaU950/77VKR3ZYopy9wnFG3EUiRdtq/9Jx310gN/K
 eDprXWo1+y/9wEsdSJ1HAnddhYwTqbQV/LT+5y/hzYDhRiLKv6ShetAeBN0Rv3jaJt
 6GKVavrPcZmfvDHp5Nay8r2VHNSFPGyhk4TBaxiGnT/laktMIp7gj2LFKDghK31kFx
 1rHqXVT0lVznA==
Received: by mail-pf1-f198.google.com with SMTP id
 d2e1a72fcca58-68c0ca8ba94so1549770b3a.1
 for <kernel-team@lists.ubuntu.com>; Mon, 04 Sep 2023 09:03:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1693843387; x=1694448187;
 h=content-transfer-encoding:mime-version:message-id:date:subject:to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=DalsegQim5j/u4p/jdrwHLlQ8wNQbLsWWQ5efAQU1IM=;
 b=WAStJt5Chg0n9ym2nRXGBopGgNMG6y4XPk4sd/x3Gl5xQSAFQ4IQz3n+VyJpW/oEC3
 jbS8+VRUusAAJFF17VUdEqQ3AKYnaNAbXsff+516+GDzJ3FoIS3QwH0d8hGFLpYvdRkn
 FW/CZiMh70f4KKZ0pwj0oyo9VQ9R2mYYI4xqCEfVSODs9zTX80AoY8HKqXlPrAhKDj5A
 gxy/cDxavbqdjwWnIm3IfMq6c+MmbgDZmlsrlXiQdnc7wVoV7MhtEhg1LpD8GYADzGkP
 IQSCreRbX1t4zwXToqw3JU/aoDYzFu47Xjau/jEymXrbNnW64U/duLx5R4UToSXZarPx
 6qJw==
X-Gm-Message-State: AOJu0YyvJdhgKiYiiBVROOmiI33qER/x6bQ99J73gJoK2qyNqT/8Ojaq
 73VhGQiS88eun3b+v6GDLOxXiYiBJUo7C6va18rS49zEP2UUySv66RRYk7n5J3PWU6iW2IKv0ps
 mc/UrCEbTdXBP494R+ShjElBVHJvfWdBBm+B8YTVaCPy+8jq8CA==
X-Received: by 2002:a05:6a00:2d04:b0:68b:ff3b:e140 with SMTP id
 fa4-20020a056a002d0400b0068bff3be140mr9913749pfb.8.1693843386537;
 Mon, 04 Sep 2023 09:03:06 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGoUrOmE5tB0phGt/W1ER3PYGA97WpjCndmhztDALqC42PjuUCOFj9IeXOX4zXKmwNy9p9+lg==
X-Received: by 2002:a05:6a00:2d04:b0:68b:ff3b:e140 with SMTP id
 fa4-20020a056a002d0400b0068bff3be140mr9913711pfb.8.1693843386067;
 Mon, 04 Sep 2023 09:03:06 -0700 (PDT)
Received: from localhost ([2001:67c:1560:8007::aac:c15c])
 by smtp.gmail.com with ESMTPSA id
 e22-20020aa78256000000b0068c97a4eb0fsm7518249pfn.210.2023.09.04.09.03.04
 for <kernel-team@lists.ubuntu.com>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 04 Sep 2023 09:03:05 -0700 (PDT)
From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [MANTIC][PATCH] UBUNTU: [Config] Default module signing algo should
 be accelerated
Date: Mon,  4 Sep 2023 17:02:54 +0100
Message-Id: <20230904160254.429863-1-dimitri.ledkov@canonical.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Default module signing algo should be accelerated. This is to ensure
the most optimal boot speed of lockedown systems that enforce kernel
module signature verification. Usually the accelerated version of
sha512 is loaded, but possibly much later during the boot.

BugLink: https://bugs.launchpad.net/bugs/2034061

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
---
 debian.master/config/annotations | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index 60be644b2e..ef9dc2ba82 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -117,6 +117,21 @@ CONFIG_CRASH_DUMP                               note<'LP: #1363180'>
 CONFIG_CRYPTO_SHA512                            policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
 CONFIG_CRYPTO_SHA512                            note<'module signing'>
 
+CONFIG_CRYPTO_SHA512_ARM                        policy<{'armhf': 'y'}>
+CONFIG_CRYPTO_SHA512_ARM                        note<'LP: #2034061'>
+
+CONFIG_CRYPTO_SHA512_ARM64                      policy<{'arm64': 'y'}>
+CONFIG_CRYPTO_SHA512_ARM64                      note<'LP: #2034061'>
+
+CONFIG_CRYPTO_SHA512_ARM64_CE                   policy<{'arm64': 'y'}>
+CONFIG_CRYPTO_SHA512_ARM64_CE                   note<'LP: #2034061'>
+
+CONFIG_CRYPTO_SHA512_S390                       policy<{'s390x': 'y'}>
+CONFIG_CRYPTO_SHA512_S390                       note<'LP: #2034061'>
+
+CONFIG_CRYPTO_SHA512_SSSE3                      policy<{'amd64': 'y'}>
+CONFIG_CRYPTO_SHA512_SSSE3                      note<'LP: #2034061'>
+
 CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE          policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
 CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE          note<'Obsolete w/ no known userspace dependencies'>
 
@@ -3481,11 +3496,6 @@ CONFIG_CRYPTO_SHA3                              policy<{'amd64': 'y', 'arm64': '
 CONFIG_CRYPTO_SHA3_256_S390                     policy<{'s390x': 'm'}>
 CONFIG_CRYPTO_SHA3_512_S390                     policy<{'s390x': 'm'}>
 CONFIG_CRYPTO_SHA3_ARM64                        policy<{'arm64': 'm'}>
-CONFIG_CRYPTO_SHA512_ARM                        policy<{'armhf': 'm'}>
-CONFIG_CRYPTO_SHA512_ARM64                      policy<{'arm64': 'm'}>
-CONFIG_CRYPTO_SHA512_ARM64_CE                   policy<{'arm64': 'm'}>
-CONFIG_CRYPTO_SHA512_S390                       policy<{'s390x': 'm'}>
-CONFIG_CRYPTO_SHA512_SSSE3                      policy<{'amd64': 'm'}>
 CONFIG_CRYPTO_SIG2                              policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
 CONFIG_CRYPTO_SIMD                              policy<{'amd64': 'm', 'armhf': 'm'}>
 CONFIG_CRYPTO_SKCIPHER                          policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>