ACK: [MANTIC][PATCH] UBUNTU: [Config] Default module signing algo should be accelerated

Roxana Nicolescu roxana.nicolescu at canonical.com
Tue Sep 5 07:08:36 UTC 2023 

On 04-09-2023 18:02, Dimitri John Ledkov wrote:
> Default module signing algo should be accelerated. This is to ensure
> the most optimal boot speed of lockedown systems that enforce kernel
> module signature verification. Usually the accelerated version of
> sha512 is loaded, but possibly much later during the boot.
>
> BugLink: https://bugs.launchpad.net/bugs/2034061
>
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
> ---
>   debian.master/config/annotations | 20 +++++++++++++++-----
>   1 file changed, 15 insertions(+), 5 deletions(-)
>
> diff --git a/debian.master/config/annotations b/debian.master/config/annotations
> index 60be644b2e..ef9dc2ba82 100644
> --- a/debian.master/config/annotations
> +++ b/debian.master/config/annotations
> @@ -117,6 +117,21 @@ CONFIG_CRASH_DUMP                               note<'LP: #1363180'>
>   CONFIG_CRYPTO_SHA512                            policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
>   CONFIG_CRYPTO_SHA512                            note<'module signing'>
>   
> +CONFIG_CRYPTO_SHA512_ARM                        policy<{'armhf': 'y'}>
> +CONFIG_CRYPTO_SHA512_ARM                        note<'LP: #2034061'>
> +
> +CONFIG_CRYPTO_SHA512_ARM64                      policy<{'arm64': 'y'}>
> +CONFIG_CRYPTO_SHA512_ARM64                      note<'LP: #2034061'>
> +
> +CONFIG_CRYPTO_SHA512_ARM64_CE                   policy<{'arm64': 'y'}>
> +CONFIG_CRYPTO_SHA512_ARM64_CE                   note<'LP: #2034061'>
> +
> +CONFIG_CRYPTO_SHA512_S390                       policy<{'s390x': 'y'}>
> +CONFIG_CRYPTO_SHA512_S390                       note<'LP: #2034061'>
> +
> +CONFIG_CRYPTO_SHA512_SSSE3                      policy<{'amd64': 'y'}>
> +CONFIG_CRYPTO_SHA512_SSSE3                      note<'LP: #2034061'>
> +
>   CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE          policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
>   CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE          note<'Obsolete w/ no known userspace dependencies'>
>   
> @@ -3481,11 +3496,6 @@ CONFIG_CRYPTO_SHA3                              policy<{'amd64': 'y', 'arm64': '
>   CONFIG_CRYPTO_SHA3_256_S390                     policy<{'s390x': 'm'}>
>   CONFIG_CRYPTO_SHA3_512_S390                     policy<{'s390x': 'm'}>
>   CONFIG_CRYPTO_SHA3_ARM64                        policy<{'arm64': 'm'}>
> -CONFIG_CRYPTO_SHA512_ARM                        policy<{'armhf': 'm'}>
> -CONFIG_CRYPTO_SHA512_ARM64                      policy<{'arm64': 'm'}>
> -CONFIG_CRYPTO_SHA512_ARM64_CE                   policy<{'arm64': 'm'}>
> -CONFIG_CRYPTO_SHA512_S390                       policy<{'s390x': 'm'}>
> -CONFIG_CRYPTO_SHA512_SSSE3                      policy<{'amd64': 'm'}>
>   CONFIG_CRYPTO_SIG2                              policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
>   CONFIG_CRYPTO_SIMD                              policy<{'amd64': 'm', 'armhf': 'm'}>
>   CONFIG_CRYPTO_SKCIPHER                          policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>

More information about the kernel-team mailing list