Message ID | 1488992224-2962-1-git-send-email-ross.burton@intel.com |
---|---|
State | New |
Headers | show |
On Wed, Mar 08, 2017 at 04:57:04PM +0000, Ross Burton wrote: > Cryptodev is a way for userspace to access the kernel crypto drivers (and so, > hardware crypto). > > Not all hardware supports cryptodev so this is something that should be enabled > in a BSP layer instead of in oe-core. How is BSP layer supposed to enable this without being considered toxic to all other layers which might support MACHINEs with the same TUNE_PKGARCH? > Signed-off-by: Ross Burton <ross.burton@intel.com> > --- > meta/recipes-connectivity/openssl/openssl.inc | 2 ++ > meta/recipes-connectivity/openssl/openssl_1.0.2k.bb | 5 ----- > 2 files changed, 2 insertions(+), 5 deletions(-) > > diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc > index 9afa5bd..03dee0e 100644 > --- a/meta/recipes-connectivity/openssl/openssl.inc > +++ b/meta/recipes-connectivity/openssl/openssl.inc > @@ -15,7 +15,9 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ > " > S = "${WORKDIR}/openssl-${PV}" > > +PACKAGECONFIG ??= "" > PACKAGECONFIG[perl] = ",,," > +PACKAGECONFIG[cryptodev] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,-UHAVE_CRYPTODEV,cryptodev-linux" > > AR_append = " r" > TERMIO_libc-musl = "-DTERMIOS" > diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb > index 1973f81..4436ba3 100644 > --- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb > +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb > @@ -1,10 +1,5 @@ > require openssl.inc > > -# For target side versions of openssl enable support for OCF Linux driver > -# if they are available. > -DEPENDS += "cryptodev-linux" > - > -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" > CFLAG_append_class-native = " -fPIC" > > LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" > -- > 2.8.1 > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
On 3/8/17 10:57 AM, Ross Burton wrote: > Cryptodev is a way for userspace to access the kernel crypto drivers (and so, > hardware crypto). If the BSP does not support crypto dev, what is the harm in this? It should fall back to standard behaviors. > Not all hardware supports cryptodev so this is something that should be enabled > in a BSP layer instead of in oe-core. This would make the package be machine specific, which I'm not sure is good for a package like openssl. (Distro specific, I'm fine with -- machine I've got concerns.) --Mark > Signed-off-by: Ross Burton <ross.burton@intel.com> > --- > meta/recipes-connectivity/openssl/openssl.inc | 2 ++ > meta/recipes-connectivity/openssl/openssl_1.0.2k.bb | 5 ----- > 2 files changed, 2 insertions(+), 5 deletions(-) > > diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc > index 9afa5bd..03dee0e 100644 > --- a/meta/recipes-connectivity/openssl/openssl.inc > +++ b/meta/recipes-connectivity/openssl/openssl.inc > @@ -15,7 +15,9 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ > " > S = "${WORKDIR}/openssl-${PV}" > > +PACKAGECONFIG ??= "" > PACKAGECONFIG[perl] = ",,," > +PACKAGECONFIG[cryptodev] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,-UHAVE_CRYPTODEV,cryptodev-linux" > > AR_append = " r" > TERMIO_libc-musl = "-DTERMIOS" > diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb > index 1973f81..4436ba3 100644 > --- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb > +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb > @@ -1,10 +1,5 @@ > require openssl.inc > > -# For target side versions of openssl enable support for OCF Linux driver > -# if they are available. > -DEPENDS += "cryptodev-linux" > - > -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" > CFLAG_append_class-native = " -fPIC" > > LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" > -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
On Wed, 2017-03-08 at 11:28 -0600, Mark Hatle wrote: > On 3/8/17 10:57 AM, Ross Burton wrote: > > > > Cryptodev is a way for userspace to access the kernel crypto > > drivers (and so, > > hardware crypto). > If the BSP does not support crypto dev, what is the harm in this? It > should fall back to standard behaviors. Note that the implication here is that openssl depends on the kernel building and many other pieces of the system depend on openssl so it does bottleneck the build somewhat. It also means a kernel rebuild ends up triggering half the userspace to rebuild which is annoying for users. > > Not all hardware supports cryptodev so this is something that > > should be enabled > > in a BSP layer instead of in oe-core. > This would make the package be machine specific, which I'm not sure > is good for > a package like openssl. (Distro specific, I'm fine with -- machine > I've got > concerns.) How commonly are kernel crypto drivers used? Cheers, Richard
On 8 March 2017 at 17:35, Richard Purdie <richard.purdie@linuxfoundation.org > wrote: > Note that the implication here is that openssl depends on the kernel > building and many other pieces of the system depend on openssl so it > does bottleneck the build somewhat. > > It also means a kernel rebuild ends up triggering half the userspace to > rebuild which is annoying for users. > I swear I was seeing this, but can't see how it would happen now. The bulk of this patch is a sensible cleanup anyway so I shall verify my tests and most likely resubmit. Ross -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
On Wed, 2017-03-08 at 17:35 +0000, Richard Purdie wrote: > On Wed, 2017-03-08 at 11:28 -0600, Mark Hatle wrote: > > > > On 3/8/17 10:57 AM, Ross Burton wrote: > > > > > > > > > Cryptodev is a way for userspace to access the kernel crypto > > > drivers (and so, > > > hardware crypto). > > If the BSP does not support crypto dev, what is the harm in > > this? It > > should fall back to standard behaviors. > Note that the implication here is that openssl depends on the kernel > building and many other pieces of the system depend on openssl so it > does bottleneck the build somewhat. > > It also means a kernel rebuild ends up triggering half the userspace > to rebuild which is annoying for users. Just to clarify, it doesn't depend on the kernel module, only on a header so it shouldn't be triggering kernel dependencies. I was getting some recipe names confused. I think Ross is going to take another look at this patch... Cheers, Richard
On 3/8/17 11:35 AM, Richard Purdie wrote: > On Wed, 2017-03-08 at 11:28 -0600, Mark Hatle wrote: >> On 3/8/17 10:57 AM, Ross Burton wrote: >>> >>> Cryptodev is a way for userspace to access the kernel crypto >>> drivers (and so, >>> hardware crypto). >> If the BSP does not support crypto dev, what is the harm in this? It >> should fall back to standard behaviors. > > Note that the implication here is that openssl depends on the kernel > building and many other pieces of the system depend on openssl so it > does bottleneck the build somewhat. I thought the crypto dev interface had been standardized and no longer required a specific kernel-specific instance. If this is not true, then it's effectively machine specific already. > It also means a kernel rebuild ends up triggering half the userspace to > rebuild which is annoying for users. > > >>> Not all hardware supports cryptodev so this is something that >>> should be enabled >>> in a BSP layer instead of in oe-core. >> This would make the package be machine specific, which I'm not sure >> is good for >> a package like openssl. (Distro specific, I'm fine with -- machine >> I've got >> concerns.) > > How commonly are kernel crypto drivers used? We are seeing it used a lot, especially on IA platforms. (I have seen some usage on an arm platform, but don't remember which.) --Mark > Cheers, > > Richard > -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc index 9afa5bd..03dee0e 100644 --- a/meta/recipes-connectivity/openssl/openssl.inc +++ b/meta/recipes-connectivity/openssl/openssl.inc @@ -15,7 +15,9 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ " S = "${WORKDIR}/openssl-${PV}" +PACKAGECONFIG ??= "" PACKAGECONFIG[perl] = ",,," +PACKAGECONFIG[cryptodev] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,-UHAVE_CRYPTODEV,cryptodev-linux" AR_append = " r" TERMIO_libc-musl = "-DTERMIOS" diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb index 1973f81..4436ba3 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb @@ -1,10 +1,5 @@ require openssl.inc -# For target side versions of openssl enable support for OCF Linux driver -# if they are available. -DEPENDS += "cryptodev-linux" - -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" CFLAG_append_class-native = " -fPIC" LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
Cryptodev is a way for userspace to access the kernel crypto drivers (and so, hardware crypto). Not all hardware supports cryptodev so this is something that should be enabled in a BSP layer instead of in oe-core. Signed-off-by: Ross Burton <ross.burton@intel.com> --- meta/recipes-connectivity/openssl/openssl.inc | 2 ++ meta/recipes-connectivity/openssl/openssl_1.0.2k.bb | 5 ----- 2 files changed, 2 insertions(+), 5 deletions(-) -- 2.8.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core