[LU-17138] Avoid poor performing crypto engines for client-side encryption Created: 22/Sep/23 Updated: 28/Oct/23 Resolved: 28/Oct/23 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.16.0 |
| Fix Version/s: | Lustre 2.16.0 |
| Type: | Bug | Priority: | Minor |
| Reporter: | Sebastien Buisson | Assignee: | Sebastien Buisson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | encryption, patch | ||
| Issue Links: |
|
||||
| Severity: | 3 | ||||
| Rank (Obsolete): | 9223372036854775807 | ||||
| Description |
|
Lustre client encryption relies on the llcrypt lib to carry out encryption/decryption. This lib leverages the kernel Crypto API to choose the crypto cipher to use. By default it looks for generic implementations of xts(aes), cts(cbc(aes)) and cbc(aes). While this is fine most of the time, we might want to avoid using some cipher implementations that register under the generic name. For instance, if a cipher is provided by an external accelerator card, we might want to avoid it and prefer in-CPU engines. |
| Comments |
| Comment by Gerrit Updater [ 22/Sep/23 ] |
|
"Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/52477 |
| Comment by Gerrit Updater [ 25/Oct/23 ] |
|
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/52477/ |
| Comment by Peter Jones [ 28/Oct/23 ] |
|
Landed for 2.16 |