linux-qcom-next/linux-yocto-dev: enable more use cases #1180
Conversation
koenkooi
requested review from
lumag,
ndechesne,
ricardosalveti,
sbanerjee-quic and
vkraleti
as code owners
lumag
left a comment
lumag
left a comment
There was a problem hiding this comment.
Should it be also enabled for linux-yocto / linux-yocto-dev?
Also, please rebase to fix build issue.
koenkooi
force-pushed
the
koen/qcom-next-zram
branch
from
396edd4 to
3a9b16a
Compare
I've added it to linux-yocto-dev and rebased. Do we want this in linux-yocto non-dev as well? The current .scc is empty, so it seems to be out of sync already :/ |
The scc is there to pull out the rest of the files. |
koenkooi
force-pushed
the
koen/qcom-next-zram
branch
from
3a9b16a to
37dfcd3
Compare
koenkooi
changed the title
|
How likely are we to get these config changes accepted upstream? |
I am unsure, Linus himself has been pushing back against various additions to the defconfigs saying distros should enable and test the features they want. I don't know where he draws the line and how much attention he pays to this. |
This sums up the situation quite nicely, https://lwn.net/Articles/1026337/, especially this excerpt:
|
I had Yocto as an upstream in mind here :) |
| CONFIG_ZRAM_MULTI_COMP=y | ||
|
|
||
| # Wifi | ||
| CONFIG_ASYMMETRIC_KEY_TYPE=y |
There was a problem hiding this comment.
I think most of these should be built as modules already. Could you please check / confirm?
There was a problem hiding this comment.
I'll check later today, this section of the config is a copy/paste of what iwd told me to enable. I can turn all tristate options in =m, but I'd like to keep this list of options to make it easier to lift it into different kernels, that won't have anything enabled yet.
There was a problem hiding this comment.
I'd rather not keep the full list here. It is ridiculously long and verbose. Most of the options are enabled by default. If you list all of them, for me it means that all of them are set incorrectly in the qcom-next config or in the defconfig.
There was a problem hiding this comment.
The options that are enabled in linux-qcom-next in its current form are these:
CONFIG_ASYMMETRIC_KEY_TYPE=y
CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
CONFIG_CFG80211_CRDA_SUPPORT=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_CBC=m
CONFIG_CRYPTO_CMAC=m
CONFIG_CRYPTO_DES=m
CONFIG_CRYPTO_ECB=y
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_MD5=m
CONFIG_CRYPTO_RSA=y
CONFIG_CRYPTO_SHA1=m
CONFIG_CRYPTO_SHA256=m
CONFIG_CRYPTO_SHA512=y
CONFIG_PKCS7_MESSAGE_PARSER=y
CONFIG_X509_CERTIFICATE_PARSER=y
Which means that this specific kernel only needs the following:
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_USER_API_AEAD=m
CONFIG_CRYPTO_USER_API_HASH=m
CONFIG_CRYPTO_USER_API_SKCIPHER=m
CONFIG_KEY_DH_OPERATIONS=y
CONFIG_PKCS8_PRIVATE_KEY_PARSER=y
I'd still like to keep the complete list, since that makes it easier and less error-prone to copy this between kernels (linux-qcom-next, linux-yocto-dev, linux-yocto and vendor kernels).
I also don't trust upstream linux to not regress defconfigs, especially for things we currently don't test.
There was a problem hiding this comment.
If you want a comprehensive list, please also enable ARM-specific crypto acceleration options.
At the same time, enabling obsolete & broken algorithms (DES, MD4, MD5) sounds very strange to me.
There was a problem hiding this comment.
EAP-PEAP with MsCHAPv2 still uses MD4, EAP-MD5 uses, well MD5 and 3DES is sadly still allowed as an alternative to AES when using 802.1x :(
I'll have a look at the ARM-specific crypto options.
| CONFIG_VETH=m | ||
|
|
||
| # ZRAM | ||
| CONFIG_ZRAM=y |
There was a problem hiding this comment.
Likewise. Is CONFIG_ZRAM=y not enough?
ZRAM, when configured by userspace, can provide a compressed swapspace backed by regular RAM. This generally increases the amount of available memory, avoiding the need for disk-backed swap. When it isn't configured by userspace, this does nothing. Signed-off-by: Koen Kooi <[email protected]>
ZRAM, when configured by userspace, can provide a compressed swapspace backed by regular RAM. This generally increases the amount of available memory, avoiding the need for disk-backed swap. When it isn't configured by userspace, this does nothing. Signed-off-by: Koen Kooi <[email protected]>
This also enables accelerated crypto drivers for Arm, the wifi features use a subset of these.
When starting iwd:
Starting Wireless service...
No HMAC(SHA1) support found
No HMAC(MD5) support found
No CMAC(AES) support found
No HMAC(SHA256) support not found
No HMAC(SHA512) support found, certain TLS connections might fail
DES support not found
AES support not found
No CBC(DES3_EDE) support found, certain TLS connections might fail
No CBC(AES) support found, WPS will not be available
No Diffie-Hellman support found, WPS will not be available
The following options are missing in the kernel:
CONFIG_CRYPTO_USER_API_HASH
CONFIG_CRYPTO_USER_API_SKCIPHER
CONFIG_KEY_DH_OPERATIONS
CONFIG_CRYPTO_ECB
CONFIG_CRYPTO_MD5
CONFIG_CRYPTO_CBC
CONFIG_CRYPTO_SHA256
CONFIG_CRYPTO_AES
CONFIG_CRYPTO_DES
CONFIG_CRYPTO_CMAC
CONFIG_CRYPTO_HMAC
CONFIG_CRYPTO_SHA512
CONFIG_CRYPTO_SHA1
The following optimized implementations might be available:
CONFIG_CRYPTO_SHA1_SSSE3
CONFIG_CRYPTO_AES_NI_INTEL
CONFIG_CRYPTO_SHA512_SSSE3
CONFIG_CRYPTO_AES_X86_64
CONFIG_CRYPTO_DES3_EDE_X86_64
CONFIG_CRYPTO_SHA256_SSSE3
iwd.service: Main process exited, code=exited, status=1/FAILURE
Signed-off-by: Koen Kooi <[email protected]>
SQUASH ME: linux-yocto-dev: wifi, part 2
Signed-off-by: Koen Kooi <[email protected]>
This also enables accelerated crypto drivers for Arm, the wifi features use a subset of these.
When starting iwd:
Starting Wireless service...
No HMAC(SHA1) support found
No HMAC(MD5) support found
No CMAC(AES) support found
No HMAC(SHA256) support not found
No HMAC(SHA512) support found, certain TLS connections might fail
DES support not found
AES support not found
No CBC(DES3_EDE) support found, certain TLS connections might fail
No CBC(AES) support found, WPS will not be available
No Diffie-Hellman support found, WPS will not be available
The following options are missing in the kernel:
CONFIG_CRYPTO_USER_API_HASH
CONFIG_CRYPTO_USER_API_SKCIPHER
CONFIG_KEY_DH_OPERATIONS
CONFIG_CRYPTO_ECB
CONFIG_CRYPTO_MD5
CONFIG_CRYPTO_CBC
CONFIG_CRYPTO_SHA256
CONFIG_CRYPTO_AES
CONFIG_CRYPTO_DES
CONFIG_CRYPTO_CMAC
CONFIG_CRYPTO_HMAC
CONFIG_CRYPTO_SHA512
CONFIG_CRYPTO_SHA1
The following optimized implementations might be available:
CONFIG_CRYPTO_SHA1_SSSE3
CONFIG_CRYPTO_AES_NI_INTEL
CONFIG_CRYPTO_SHA512_SSSE3
CONFIG_CRYPTO_AES_X86_64
CONFIG_CRYPTO_DES3_EDE_X86_64
CONFIG_CRYPTO_SHA256_SSSE3
iwd.service: Main process exited, code=exited, status=1/FAILURE
Signed-off-by: Koen Kooi <[email protected]>
Signed-off-by: Koen Kooi <[email protected]>
Only half were enabled, enable them all. Signed-off-by: Koen Kooi <[email protected]>
koenkooi
force-pushed
the
koen/qcom-next-zram
branch
from
37dfcd3 to
5663248
Compare
Test run workflowTest jobs for commit 5663248
|
Test Results 14 files ±0 27 suites - 1 45m 31s ⏱️ + 11m 31s For more details on these failures, see this check. Results for commit 5663248. ± Comparison against base commit edaaaf0. |
4 participants
Enable the following kernel features:
iwdbackend for connman/networkmanager/systemd work