[LU-17138] Avoid poor performing crypto engines for client-side encryption - Whamcloud Community JIRA

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: Lustre 2.16.0
Affects Version/s: Lustre 2.16.0
Labels:
- encryption
- patch

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

Lustre client encryption relies on the llcrypt lib to carry out encryption/decryption. This lib leverages the kernel Crypto API to choose the crypto cipher to use. By default it looks for generic implementations of xts(aes), cts(cbc(aes)) and cbc(aes).

While this is fine most of the time, we might want to avoid using some cipher implementations that register under the generic name. For instance, if a cipher is provided by an external accelerator card, we might want to avoid it and prefer in-CPU engines.

Attachments

Activity

[LU-17138] Avoid poor performing crypto engines for client-side encryption

Peter Jones made changes - 28/Oct/23 1:09 AM

Fix Version/s		New: Lustre 2.16.0 [ 15190 ]
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Sebastien Buisson made changes - 22/Sep/23 4:42 PM

Link

New: This issue is related to DDN-4263 [ DDN-4263 ]

Sebastien Buisson created issue - 22/Sep/23 4:32 PM

People

Assignee:: Sebastien Buisson

Reporter:: Sebastien Buisson

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 22/Sep/23 4:32 PM

Updated:: 28/Oct/23 1:09 AM

Resolved:: 28/Oct/23 1:09 AM