[pkg-cryptsetup-devel] Bug#714326: Bug#714326: cryptsetup: cryptroot aesni
Jonas Meurer
jonas at freesources.org
Fri Jun 28 09:51:47 UTC 2013
Hello Christoph,
Am 28.06.2013 01:26, schrieb Christoph Anton Mitterer:
> In the cryptroot hook script:
>
> 1) Shouldn't the check for the AES cpu feature be better:
> grep -q '^flags[[:space:]]*:[[:space:]]*.*aes /proc/cpuinfo
> or something similar that makes sure just the flags line are checked?
I added your regex. You're correct, it is slighly more secure against
false positives.
> 2) If found it does
> if cpu_has_aesni; then
> echo aesni
> fi
> So the aesni module is copied to the initrd, right?
> But does such module still exist? I at least only have aesni_intel.
> Or is there some modules magic that takes the right aesni modules for the platform?
If I remember correctly, aesni is an alias for the aesni hardware
implementation in question. Would you mind checking whether the aesni
module is in the initramfs in your case?
Kind regards,
jonas
More information about the pkg-cryptsetup-devel
mailing list