663548 – Add CONFIG_CRYPTO_AES_X86_64 to genkernel config by default on amd64

Bug 663548 - Add CONFIG_CRYPTO_AES_X86_64 to genkernel config by default on amd64

Summary: Add CONFIG_CRYPTO_AES_X86_64 to genkernel config by default on amd64

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Hosted Projects
Classification:	Unclassified
Component:	genkernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Genkernel Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-08-13 22:24 UTC by Mason Loring Bliss
Modified:	2019-07-15 10:32 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mason Loring Bliss 2018-08-13 22:24:07 UTC

On a fresh system, I see:

root@gbuild /root# gzip -cd /proc/config.gz | grep CONFIG_CRYPTO_AES
CONFIG_CRYPTO_AES=y
# CONFIG_CRYPTO_AES_TI is not set
# CONFIG_CRYPTO_AES_X86_64 is not set
# CONFIG_CRYPTO_AES_NI_INTEL is not set

This is problematic because by default cryptsetup uses aes-xts-plain64, which
comes from CONFIG_CRYPTO_AES_X86_64. Hence, using the stock genkernel to build
a kernel, one gets a kernel that can't actually unlock LUKS volumes on boot.

Looking at Freenode #gentoo logs, a number of people have run into this. While
it's not hard to reconfigure the kernel for it, it would be better still to have
CONFIG_CRYPTO_AES_X86_64 and maybe CONFIG_CRYPTO_AES_NI_INTEL turned on by
default.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2019-07-15 10:32:43 UTC

While these modules were enabled in our generic config as well, especially when calling `genkernel --luks` now, we make sure that these options are present (https://gitweb.gentoo.org/proj/genkernel.git/commit/?id=3d071ae86e9b3a08250382f970b2eaea0db85090).