At start I only set qualcommax to use the Crypto Extensions optimized
version of SHA256 as I knew it supports the optional Crypto Extensions.
However, after looking into the tree there are more targets/subtargets
that I could find at least a specification sheet that says the support
Cryptographic Extensions, so lets add them.
Signed-off-by: Robert Marko <robimarko@gmail.com>
At start I only set qualcommax to use the Crypto Extensions optimized
version of SHA1 as I knew it supports the optional Crypto Extensions.
However, after looking into the tree there are more targets/subtargets
that I could find at least a specification sheet that says the support
Cryptographic Extensions, so lets add them.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has an ASM optimized version of SHA512 that was ported from
OpenSSL, so lets package it as it provides significant perfomance
improvement compared to the generic implementation.
There is a Cryptographic Extension based version as well, but that relies
on ARMv8.2 ISA which I am not aware any of the OpenWrt supported SoC-s use.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has optimized version of SHA2(224 and 256) using the ARMv8 Crypto
Extensions, so lets package it.
Use it by default for qualcommax as it uses Cortex-A53 core and has ARMv8
CE extensions present.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has an ASM optimized version of SHA256 that was ported from
OpenSSL, so lets package it as it provides significant perfomance
improvement compared to the generic implementation.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has optimized version of SHA1 using the ARMv8 Crypto Extensions,
so lets package it.
Use it by default for qualcommax as it uses Cortex-A53 core and has ARMv8
CE extensions present.
Signed-off-by: Robert Marko <robimarko@gmail.com>
SHA3 is now required by jitterentropy_rng in kernel 6.6, so lets start
preparing by packaging SHA3 support as its supported in 5.15 and 6.1
kernels as well.
AFAIK, only ARMv8.2 has a crypto extension for SHA3, however I am not aware
of any SoC we support that uses ARMv8.2 ISA so its not enabled currently.
Signed-off-by: Robert Marko <robimarko@gmail.com>
The IXP4xx crypto module must be loaded after the rootfs is
up as it depends on loading some NPE microcode from the file
system.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
The lib-chacha20 library is missing build rules for big endian
ARM, and since IXP4xx is big endian ARM we need those rules to
build for IXP4xx.
Suggested-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Mediatek EIP93 Crypto engine is a crypto accelerator which
is available in the Mediatek MT7621 SoC.
Signed-off-by: Aviana Cruz <gwencroft@proton.me>
Co-authored-by: Richard van Schagen <vschagen@icloud.com>
Co-authored-by: Chukun Pan <amadeus@jmu.edu.cn>
The x86_64 UML target wants to include SSSE3 optimized
crypto code which lives under /arch/x86/crypto.
However, these are not built and this causes an error.
| ERROR: module '[...]/arch/x86/crypto/sha512-ssse3.ko' is missing.
| make[3]: *** [modules/crypto.mk:990: [...]/kmod-crypto-sha512_5.15.112-1_x86_64.ipk] Error 1
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
We only use 5.15 kernel. So remove all those unnecessary symbols
referencing 5.10 or 5.15 kernel.
Can be found with:
git grep -E 'LINUX_5_1(0|5)'
Note that we remove the dependency from "sound-soc-chipdip-dac" instead
of removing the complete kernel package. The 5.15 version bump forgot to
delete the "@LINUX_5_10" dependency. The kernel package is still needed
in 5.15 kernel.
Signed-off-by: Nick Hainke <vincent@systemli.org>
CRYPTO_USER_API_ENABLE_OBSOLETE config symbol depends on CRYPTO_USER so
lets add this dependency to relevant modules.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
While tracking one bug report related to wrong package dependencies I've
noticed, that a bunch of the crypto modules are actually not
architecture specific, but either board/subtarget (x86/64) or board
(mpc85xx) specific.
So lets fix it, by making those modules architecture specific:
x86/64 -> x86_64
mpc85xx -> powerpc
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Older MT7623 ARMv7 SoC as well as new Filogic platforms come with
inside-secure,safexcel-eip97 units. Enable them in DTS and select the
driver kernel module by default on those platforms.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
These narrowments are no longer useful, since there's no lower version
than 5.10 supported in tree.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800, x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
Needed by strongSwan IPsec VPN for strongswan-mod-chapoly. Not to be confused with
kmod-crypto-LIB-chacha20poly1305, which is an 8-byte nonce version used
by wireguard.
Signed-off-by: Xu Wang <xwang1498@gmx.com>
Add new module require in 5.15
- Changes in block module
- Changes in netfilter module (log module unified)
- Changes in fs module (mainly new depends for cifs and new ntfs3 module)
- Changes in lib add shared lib now used by more than 1 kmod
- Changes in crypto, dropped one crypto algo added arm crypto accellerator
- Changes in other, add zram default compressor choice and missing lib
by tpm module
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
CONFIG_CRYPTO_DEV_HIFN_795X depends on PCI. This driver only makes sense on
devices with pci support.
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
CONFIG_CRYPTO_DEV_TALITOS depends on FSL_SOC. This driver only makes sense
on Freescale(NXP) SoCs.
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
CONFIG_CRYPTO_DEV_GEODE depends on X86_32. This driver only makes sense
on X86\geode.
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
CONFIG_CRYPTO_PCOMP and CONFIG_CRYPTO_PCOMP2 have been removed in upstream commit[1].
This symbol doesn't exist since kernel 4.6 and this package is empty.
1. [ crypto: compress - remove unused pcomp interface ]
(110492183c)
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
CONFIG_CRYPTO_WORKQUEUE was removed in upstream commit[1]. This symbol doesn't
exist since kernel 5.3 and this package is empty.
1. [ crypto: cryptd - move kcrypto_wq into cryptd ]
(3e56e16863)
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
CRYPTO_DEV_CCP depends on X86 or ARM64
CRYPTO_DEV_CCP_DD depends on CPU_SUP_AMD or ARM64
Compiling this driver makes sense for x86 mainly. If one day support for
ARM64 board with AMD Secure Processor gets added this package may be
updated.
Trying to build this package on bcm4908 was causing:
ERROR: module 'build_dir/target-aarch64_cortex-a53_musl/linux-bcm4908_generic/linux-5.4.110/drivers/crypto/ccp/ccp-crypto.ko' is missing.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
CHACHA_MIPS depends on CPU_MIPS32_R2. Therefore,
kmod-crypto-lib-chacha20 should not contain chacha-mips.ko on MIPS32 R1
targets. Enforce that in the target-specific definition.
Fixes bcm47xx, bcm63xx, lantiq/ase, ath25 builds.
Fixes: 06351f1 ("kernel: migrate wireguard into the kernel tree")
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
On Linux 5.4, build WireGuard from backports. Linux 5.10 contains
wireguard in-tree.
Add in-kernel crypto libraries required by WireGuard along with
arch-specific optimizations.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Modify existing modules to reflect their new location in Linux 5.10. Add
missing dependenices.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
[enable CRYPTO_USER_API_ENABLE_OBSOLETE; add kmod-crypto-hash dependency
to usb-net-rtl8152]
Signed-off-by: David Bauer <mail@david-bauer.net>
This removes switches dependent on kernel version 4.19 as well as
several packages/modules selected only for that version.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This removes switches dependent on kernel version 4.14 as well as
several packages/modules selected only for that version.
This also removes sched-cake-virtual, which is not required anymore
now that we have only one variant of cake.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Quoting part of original message from eefb5f741015 commit in
linux-firmware repository:
This adds the "minifw" version of the EIP197 firmware, which the inside-
secure driver will use as a fallback if the original full-featured
firmware cannot be found. This allows for using the inside-secure driver
and hardware without access to "official" firmware only available under
NDA.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
This patch fixes the regression caused by adding the NEON
variant of the ghash as the default ghash package package:
> ERROR: module '[...]/arch/arm/crypto/ghash-arm-ce.ko' is missing.
> modules/crypto.mk:286: recipe for target
> '[...]/kmod-crypto-ghash_4.19.106-1_aarch64_cortex-a53.ipk' failed
This patch limits the scope to the ARM32/cortexa9 target of mvebu.
Fixes: 285df63efc ("kernel: build neon-asm version of ghash module")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This builds the regular arm and arm-neon asm optmized modules for sha1
and sha512, for targets that set CONFIG_ARM_CRYPTO.
On ip40xx, the arm-asm version of sha1 improves performance by 5% over
the generic C implementation; sha1-neon is 25% faster than generic,
and sha512-neon, 259%.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This alone improves AES-GCM performance by up to 50% on ipq40xx. This
is enabled for targets that support neon and set CONFIG_ARM_CRYPTO:
imx6, ipq40xx, and mvebu.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
In kernel 5.3 and 5.4 some crypto modules were split into two modules,
one implementing the crypto algorithm and the other integrating it
into the Linux crypto framework.
Adapt OpenWrt to support this split.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
After kernel 4.9 has been removed, this removes all (now obsolete)
kernel version switches that deal with versions before 4.14.
Package kmod-crypto-iv is empty now and thus removed entirely.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is needed to export crypto information to netfilter, allowing
the alt. afalg openssl engine to obtain information about the drivers
being used.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Supports EIP97 and EIP197 found on Armada 37xx, 7k and 8k SoCs.
Unfortunately firmware for EIP197 is not easily obtainable, therefore
to not cause lot of user requests directed at OpenWrt, package it as
module with explanation where to obtain the firmware.
Cc: Marek Behún <marek.behun@nic.cz>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.
The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>