The '--hw-accel' option has been added to cryptomount to speed up decryption by temporarily enabling hardware-specific instruction sets (e.g., AVX, SSE) in libgcrypt.
A new feature, "feature_gcry_hw_accel", is also introduced to mark the availability of the new option. Signed-off-by: Gary Lin <[email protected]> Reviewed-by: Daniel Kiper <[email protected]> --- docs/grub.texi | 5 +++-- grub-core/disk/cryptodisk.c | 26 +++++++++++++++++++++++--- grub-core/normal/main.c | 3 ++- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi index 52a98a97d..99f583f9b 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -7134,7 +7134,7 @@ The option @option{--quiet} can be given to suppress the output. @node cryptomount @subsection cryptomount -@deffn Command cryptomount [ [@option{-p} password] | [@option{-k} keyfile [@option{-O} keyoffset] [@option{-S} keysize] ] | [@option{-P} protector] ] [@option{-H} file] device|@option{-u} uuid|@option{-a}|@option{-b} +@deffn Command cryptomount [ [@option{-p} password] | [@option{-k} keyfile [@option{-O} keyoffset] [@option{-S} keysize] ] | [@option{-P} protector] | [@option{-A}] ] [@option{-H} file] device|@option{-u} uuid|@option{-a}|@option{-b} Setup access to encrypted device. A passphrase will be requested interactively, if neither the @option{-p} nor @option{-k} options are given. The option @option{-p} can be used to supply a passphrase (useful for scripts). @@ -7142,7 +7142,8 @@ Alternatively the @option{-k} option can be used to supply a keyfile with options @option{-O} and @option{-S} optionally supplying the offset and size, respectively, of the key data in the given key file. Besides the keyfile, the key can be stored in a key protector, and option @option{-P} configures -specific key protector, e.g. tpm2, to retrieve the key from. +specific key protector, e.g. tpm2, to retrieve the key from. The option @option{-A} +enables hardware acceleration in libgcrypt to speed up decryption. The @option{-H} options can be used to supply cryptomount backends with an alternative header file (aka detached header). Not all backends have headers nor support alternative header files (currently only LUKS1 and LUKS2 support them). diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index 9af665df3..290821bb6 100644 --- a/grub-core/disk/cryptodisk.c +++ b/grub-core/disk/cryptodisk.c @@ -29,6 +29,7 @@ #include <grub/partition.h> #include <grub/key_protector.h> #include <grub/safemath.h> +#include <grub/hwfeatures-gcry.h> #ifdef GRUB_UTIL #include <grub/emu/hostdisk.h> @@ -48,7 +49,8 @@ enum OPTION_KEYFILE_OFFSET, OPTION_KEYFILE_SIZE, OPTION_HEADER, - OPTION_PROTECTOR + OPTION_PROTECTOR, + OPTION_HWACCEL }; static const struct grub_arg_option options[] = @@ -64,6 +66,7 @@ static const struct grub_arg_option options[] = {"header", 'H', 0, N_("Read header from file"), 0, ARG_TYPE_STRING}, {"protector", 'P', GRUB_ARG_OPTION_REPEATABLE, N_("Unlock volume(s) using key protector(s)."), 0, ARG_TYPE_STRING}, + {"hw-accel", 'A', 0, N_("Enable hardware acceleration."), 0, 0}, {0, 0, 0, 0, 0, 0} }; @@ -1420,7 +1423,7 @@ grub_cryptodisk_clear_key_cache (struct grub_cryptomount_args *cargs) } static grub_err_t -grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) +__grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) { struct grub_arg_list *state = ctxt->state; struct grub_cryptomount_args cargs = {0}; @@ -1629,6 +1632,23 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) } } +static grub_err_t +grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) +{ + struct grub_arg_list *state = ctxt->state; + grub_err_t err; + + if (state[OPTION_HWACCEL].set) + grub_enable_gcry_hwf (); + + err = __grub_cmd_cryptomount (ctxt, argc, args); + + if (state[OPTION_HWACCEL].set) + grub_reset_gcry_hwf (); + + return err; +} + static struct grub_disk_dev grub_cryptodisk_dev = { .name = "cryptodisk", .id = GRUB_DISK_DEVICE_CRYPTODISK_ID, @@ -1898,7 +1918,7 @@ GRUB_MOD_INIT (cryptodisk) cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0, N_("[ [-p password] | [-k keyfile" " [-O keyoffset] [-S keysize] ] ] [-H file]" - " [-P protector [-P protector ...]]" + " [-P protector [-P protector ...]] | [-A]" " <SOURCE|-u UUID|-a|-b>"), N_("Mount a crypto device."), options); grub_procfs_register ("luks_script", &luks_script); diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c index 01b79ac32..8c2acf938 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -518,7 +518,8 @@ static const char *features[] = { "feature_default_font_path", "feature_all_video_module", "feature_menuentry_id", "feature_menuentry_options", "feature_200_final", "feature_nativedisk_cmd", "feature_timeout_style", - "feature_search_cryptodisk_only", "feature_tpm2_cap_pcrs" + "feature_search_cryptodisk_only", "feature_tpm2_cap_pcrs", + "feature_gcry_hw_accel" }; GRUB_MOD_INIT(normal) -- 2.51.0 _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
