Crypto engine module loading and breakage

Bug #355384 reported by mikez on 2009-04-05
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Nominated for Intrepid by mikez
Nominated for Jaunty by mikez

Bug Description

Linux cb01 2.6.28-11-generic #40-Ubuntu SMP Fri Apr 3 17:39:51 UTC 2009 i686 GNU/Linux
A.K.A: Ubuntu 9.04-beta, today's date.

Processor Specific (VIA processors with padlock engine) - found on C7M-ULV

Auto-load problems:
The kernel modules:
via-rng
padlock-aes
padlock-sha
are present in the kernel module build but are not being auto-loaded on boot.

Specific modules:
via-rng: can be loaded by "modprobe" or listing in /etc/modules
padlock-aes: can be loaded by "modprobe" or listing in /etc/modules
padlock-sha:
*) If loaded with "modprobe" - terminal will hang, requires "ctrl-c" to continue
*) if loaded by listing in /etc/modules - will "hang" the boot at "loading manual drivers"

Need padlock-sha fixed and all three added to the auto-load automation for supporting VIA processors.

mikez (mini-note) on 2009-04-05
tags: added: processor-specific
removed: process-specific
mikez (mini-note) wrote :

Possible hint:
sha256_generic and sha1_generic are shown as loaded (after modprobing padlock-sha)
**BUT** They are not shown in the "depends" of padlock-sha by modinfo command.

mikez (mini-note) wrote :

The following difference with current 2.6.29.1 is present:
[code]
--- linux-source-2.6.28/drivers/crypto/padlock-sha.c 2008-12-24 17:26:37.000000000 -0600
+++ linux-2.6.29.1/drivers/crypto/padlock-sha.c 2009-04-02 15:55:27.000000000 -0500
@@ -304,7 +304,7 @@
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Michal Ludvig");

-MODULE_ALIAS("sha1");
-MODULE_ALIAS("sha256");
+MODULE_ALIAS("sha1-all");
+MODULE_ALIAS("sha256-all");
 MODULE_ALIAS("sha1-padlock");
 MODULE_ALIAS("sha256-padlock");
[/code]

mikez (mini-note) wrote :

Confirmed - padlock-sha is fixed upstream in 2.6.29.1 - -
Please backport as this will break the boot process if the current version is included in /etc/modules

Dirk Kraft (dirk-kraft) wrote :

I can confirm the problems.

$ uname -a
Linux xxxxx 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 GNU/Linux

AKA
Ubuntu 9.04-rc

on VIA C7 processor (EPIA-SN18000G board)

Dirk Kraft (dirk-kraft) on 2009-05-17
affects: ubuntu → linux (Ubuntu)

Architecture: i386
DistroRelease: Ubuntu 9.04
HibernationDevice: RESUME=UUID=505d751d-1bf4-4f44-bb59-b4c1547800f9
Lsusb:
 Bus 001 Device 002: ID 067b:2507 Prolific Technology, Inc. PL2507 Hi-speed USB to IDE bridge controller
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M.
Package: linux-image-2.6.28-12-generic 2.6.28-12.43
PackageArchitecture: i386
ProcCmdLine: root=UUID=486c7989-4b56-43de-95fd-27ac5a386777 ro console=ttyS0,115200n8 quiet splash crashkernel=384M-2G:64M@16M,2G-:128M@16M
ProcEnviron:
 SHELL=/bin/bash
 LANG=en_US.UTF-8
ProcVersionSignature: Ubuntu 2.6.28-12.43-generic
Uname: Linux 2.6.28-12-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Dirk Kraft (dirk-kraft) wrote :
Dirk Kraft (dirk-kraft) wrote :
Dirk Kraft (dirk-kraft) wrote :
Dirk Kraft (dirk-kraft) wrote :
Dirk Kraft (dirk-kraft) wrote :
Dirk Kraft (dirk-kraft) wrote :
Dirk Kraft (dirk-kraft) wrote :
Dirk Kraft (dirk-kraft) wrote :
Dirk Kraft (dirk-kraft) wrote :

Bug still exists with version in proposed-updates for jaunty:
Linux nas 2.6.28-12-generic #43-Ubuntu SMP Fri May 1 19:27:06 UTC 2009 i686 GNU/Linux
(all of my above messages of today relate to this version)

I could not reproduce the solution proposed by mikez above. Two possible reasons:
- I did not get what upstream is here (debian or kernel.org)
- I applied the diff to the ubuntu 2.6.28-11-generic, recompile and then use that module. That did not work. Likely reason here is that I have not enough experience how to do this. (A pointer to some documentation would be appreciated).

mikez (mini-note) wrote :

"Upstream" as in kernel.org versions 2.6.29.Y and 2.6.30-rcX - - -

A work-around has also been posted on the 'net (no link handy, ask Google) -
where you can edit in the required symbols in the module alias file and re-run depmod.
No kernel building required.

PS: Don't hold your breath waiting for a major distribution to support the VIA processors.
You can follow my own efforts by hooking the rss feed at:
http://forum.netbookuser.com/viewforum.php?id=8
But, of course, that does not help Ubuntu people tied to Ubuntu kernels by a service contract.

mikez (mini-note) wrote :

Depending on what/when/how/who the developers decide to name the modules. ;)

[quote]
commit cd208bcc7cb0acd851e25c951ec2a9c14b084eab
Merge: 8646010 acd246b
Author: Linus Torvalds <email address hidden>
Date: Sun May 17 15:48:05 2009 -0700

    Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

    * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
      crypto: padlock - Revert aes-all alias to aes
      crypto: api - Fix algorithm module auto-loading
      crypto: eseqiv - Fix IV generation for sync algorithms
      crypto: ixp4xx - check firmware for crypto support
[/quote]

Jeremy Foshee (jeremyfoshee) wrote :

Hi mikez,

This bug was reported a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue? Can you try with the latest development release of Ubuntu? ISO CD images are available from http://cdimage.ubuntu.com/releases/lucid.

If it remains an issue, could you run the following command from a Terminal (Applications->Accessories->Terminal). It will automatically gather and attach updated debug information to this report.

apport-collect -p linux 355384

Also, if you could test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Once you've tested the upstream kernel, please remove the 'needs-upstream-testing' tag. This can be done by clicking on the yellow pencil icon next to the tag located at the bottom of the bug description and deleting the 'needs-upstream-testing' text. Please let us know your results.

Thanks in advance.

[This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]

tags: added: needs-kernel-logs
tags: added: needs-upstream-testing
tags: added: kj-triage
Changed in linux (Ubuntu):
status: New → Incomplete
Jeremy Foshee (jeremyfoshee) wrote :

This bug report was marked as Incomplete and has not had any updated comments for quite some time. As a result this bug is being closed. Please reopen if this is still an issue in the current Ubuntu release http://www.ubuntu.com/getubuntu/download . Also, please be sure to provide any requested information that may have been missing. To reopen the bug, click on the current status under the Status column and change the status back to "New". Thanks.

[This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]

tags: added: kj-expired
Changed in linux (Ubuntu):
status: Incomplete → Expired
Adam Sweet (adsweet76) wrote :

Hi, I'm sorry I didn't get around to commenting on this before it expired. I have an HP Mininote 2133, the short answer is yes and no :)

The module naming has settled down and the padlock-sha, padlock_aes and via_rng modules are at least loadable in Lucid, but aren't auto-loaded as requested in the bug report. I load them using the instructions here:

http://versia.com/category/linux/#padlock

dmesg shows the following output relating the those modules:

[ 1.632490] padlock: Using VIA PadLock ACE for AES algorithm.
[ 1.906926] padlock: Fallback driver 'sha1' could not be loaded!
[ 1.906941] alg: hash: Failed to load transform for sha1-padlock: -2
[ 2.026268] padlock: Fallback driver 'sha256' could not be loaded!
[ 2.026283] alg: hash: Failed to load transform for sha256-padlock: -2
[ 2.026317] padlock: Using VIA PadLock ACE for SHA1/SHA256 algorithms.
[ 2.197734] VIA RNG detected

I don't understand enough about the subject to know how much of a success or failure that is.

Taking suggestions from https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/119295

adam@gonzo:~$ /usr/bin/openssl speed -evp aes-128-cbc -engine padlock
engine "padlock" set.
<snip>
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 58657.46k 192730.14k 453469.59k 693552.61k 821348.52k

The results are comparable to those in the bug #119295 comments using patched versions of openssl with the padlock engine. I guess what remains is that these modules should automatically be loaded on the hardware they support.

Adam Sweet (adsweet76) wrote :

As a side point, dmesg output using an Ubuntu mainline kernel (linux-image-2.6.32-02063211-generic) as requested:

[ 4.093886] padlock: Using VIA PadLock ACE for AES algorithm.
[ 4.104492] padlock: Fallback driver 'sha1' could not be loaded!
[ 4.104507] alg: hash: Failed to load transform for sha1-padlock: -2
[ 4.107943] padlock: Fallback driver 'sha256' could not be loaded!
[ 4.107958] alg: hash: Failed to load transform for sha256-padlock: -2
[ 4.107991] padlock: Using VIA PadLock ACE for SHA1/SHA256 algorithms.
[ 4.114263] VIA RNG detected

Which seems the same as the default Lucid kernel. This obviously doesn't help this bug.

Changed in linux (Ubuntu):
status: Expired → New
Adam Sweet (adsweet76) wrote :

Ok, it seems that the module auto-loading does occur. I booted both the current stock Lucid kernel 2.6.32-22-generic and the latest Lucid mainline kernel 2.6.34-020634-generic after commenting out the alias lines I previously added to /etc/modprobe.d/aliases.conf and the modules are still loaded and are listed by lsmod:

dmesg | egrep -i 'rng|aes|sha|padlock'
[ 1.570984] alg: No test for stdrng (krng)
[ 1.999550] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 4.334218] padlock: Using VIA PadLock ACE for AES algorithm.
[ 4.345308] padlock: Fallback driver 'sha1' could not be loaded!
[ 4.345325] alg: hash: Failed to load transform for sha1-padlock: -2
[ 4.349040] padlock: Fallback driver 'sha256' could not be loaded!
[ 4.349056] alg: hash: Failed to load transform for sha256-padlock: -2
[ 4.349090] padlock: Using VIA PadLock ACE for SHA1/SHA256 algorithms.
[ 4.355390] VIA RNG detected

lsmod | egrep 'rng|padlock'
via_rng 1323 0
padlock_sha 3363 0
padlock_aes 5079 0
aes_generic 26863 1 padlock_aes

My bad :) Seems this bug can be closed.

Changed in linux (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers