This patch series speeds up LUKS PBKDF2 unlocking by using assembly files from libgcrypt 1.11.0 to enable hardware-accelerated SHA-256 and SHA-512.
As an initial step, the scope is limited to x86_64 EFI targets. Patch 1 modifies autoconf/automake files to check the availablity of special CPU instructions. Patch 2 and 3 introduce the functions to enable/disable the hardware features. Patch 4 and 5 copy the selected assembly files. Patch 6 implements _gcry_get_hw_features() to control the hardware features detection in libgcrypt. Patch 7 fixes a potential build error when compiling the Intel SHA extention function for the gcry_sha256 module. Patch 8 and 9 build the gcry_sha256 and gcry_sha512 modules with the assembly files. Patch 10 adds a new option to cryptomount to enable hardware acceleration. NOTE: The libgcrypt patch numbering begins at 13 to follow the Argon2 patch set(*). (*) https://lists.gnu.org/archive/html/grub-devel/2025-10/msg00235.html v3: - Dropping 'inline' from the functions in grub-core/lib/x86_64/efi/hwfeatures-gcry.c v2: - Fixing the coding style issues in patch 3 - Removing 'inline' from get_cpuid_ecx() and get_cpuid_ecx() - Rebasing to the latest git master Gary Lin (10): Tweak autoconf/automake files to detect x86_64 features lib/hwfeatures-gcry: Introduce functions to manage hardware features lib/hwfeatures-gcry: Enable SSE and AVX for x86_64 EFI libgcrypt: Copy sha256 x86_64 assembly files libgcrypt: Copy sha512 x86_64 assembly files libgcrypt: Implement _gcry_get_hw_features() libgcrypt: Declare the sha256 shaext function libgcrypt: Add hardware acceleration for gcry_sha256 libgcrypt: Add hardware acceleration for gcry_sha512 disk/cryptodisk: Add '--hw-accel' to enable hardware acceleration Makefile.util.def | 1 + autogen.sh | 11 + conf/Makefile.common | 2 + conf/Makefile.extra-dist | 4 + configure.ac | 233 +++++++++++++++++ docs/grub.texi | 5 +- grub-core/Makefile.core.def | 2 + grub-core/disk/cryptodisk.c | 26 +- grub-core/lib/hwfeatures-gcry.c | 52 ++++ .../libgcrypt-patches/13_add_hwfeatures.patch | 87 +++++++ .../14_fix_build_shaext.patch | 35 +++ .../15_build_sha256_x86_64_efi_opt_code.patch | 43 +++ .../16_build_sha512_x86_64_efi_opt_code.patch | 35 +++ grub-core/lib/x86_64/efi/hwfeatures-gcry.c | 246 ++++++++++++++++++ grub-core/normal/main.c | 3 +- include/grub/crypto.h | 7 +- include/grub/hwfeatures-gcry.h | 26 ++ include/grub/x86_64/cpuid.h | 1 + include/grub/x86_64/efi/hwfeatures-gcry.h | 25 ++ 19 files changed, 836 insertions(+), 8 deletions(-) create mode 100644 grub-core/lib/hwfeatures-gcry.c create mode 100644 grub-core/lib/libgcrypt-patches/13_add_hwfeatures.patch create mode 100644 grub-core/lib/libgcrypt-patches/14_fix_build_shaext.patch create mode 100644 grub-core/lib/libgcrypt-patches/15_build_sha256_x86_64_efi_opt_code.patch create mode 100644 grub-core/lib/libgcrypt-patches/16_build_sha512_x86_64_efi_opt_code.patch create mode 100644 grub-core/lib/x86_64/efi/hwfeatures-gcry.c create mode 100644 include/grub/hwfeatures-gcry.h create mode 100644 include/grub/x86_64/cpuid.h create mode 100644 include/grub/x86_64/efi/hwfeatures-gcry.h Range-diff against v2: -: --------- > 1: 1890cf937 Tweak autoconf/automake files to detect x86_64 features -: --------- > 2: 0992871e9 lib/hwfeatures-gcry: Introduce functions to manage hardware features 1: baf25b5ad ! 3: 325befd0f lib/hwfeatures-gcry: Enable SSE and AVX for x86_64 EFI @@ grub-core/lib/x86_64/efi/hwfeatures-gcry.c (new) +static grub_uint32_t hw_features = 0; +static grub_uint64_t old_cr0, old_cr4, old_xcr0; + -+static inline grub_uint64_t ++static grub_uint64_t +read_cr0 (void) +{ + grub_uint64_t val; @@ grub-core/lib/x86_64/efi/hwfeatures-gcry.c (new) + return val; +} + -+static inline grub_uint64_t ++static grub_uint64_t +read_cr4 (void) +{ + grub_uint64_t val; @@ grub-core/lib/x86_64/efi/hwfeatures-gcry.c (new) + return val; +} + -+static inline void ++static void +write_cr0 (grub_uint64_t val) +{ + asm volatile ("mov %0,%%cr4": "+r" (val) : : "memory"); +} + -+static inline void ++static void +write_cr4 (grub_uint64_t val) +{ + asm volatile ("mov %0,%%cr4": "+r" (val) : : "memory"); @@ grub-core/lib/x86_64/efi/hwfeatures-gcry.c (new) + return true; +} + -+static inline grub_uint64_t ++static grub_uint64_t +xgetbv (grub_uint32_t index) +{ + grub_uint32_t eax, edx; @@ grub-core/lib/x86_64/efi/hwfeatures-gcry.c (new) + return eax + ((grub_uint64_t)edx << 32); +} + -+static inline void ++static void +xsetbv (grub_uint32_t index, grub_uint64_t value) +{ + grub_uint32_t eax = (grub_uint32_t)value; 2: 5195b898a = 4: 46facef36 libgcrypt: Copy sha256 x86_64 assembly files 3: 77d309e18 = 5: ab67070fc libgcrypt: Copy sha512 x86_64 assembly files 4: 61042e067 = 6: 4666f89c8 libgcrypt: Implement _gcry_get_hw_features() 5: 9a5776f31 = 7: 36054eef5 libgcrypt: Declare the sha256 shaext function 6: 2df17f531 = 8: a38b914a0 libgcrypt: Add hardware acceleration for gcry_sha256 7: ba3a8ac3a = 9: b5f6b6473 libgcrypt: Add hardware acceleration for gcry_sha512 8: 9798849dd = 10: ddd674688 disk/cryptodisk: Add '--hw-accel' to enable hardware acceleration -- 2.51.0 _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
