search

linuxboot / heads

A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations and servers.
https://osresearch.net/
GNU General Public License v2.0
1.42k stars 187 forks source link

Review Linux configs and unify ---- @tlaurion I checked out CONFIG_CRYPTO_AES and CONFIG_PCIEASPM_PERFORMANCE. #1598

Closed tlaurion closed 7 months ago

tlaurion commented 10 months ago

@tlaurion I checked out CONFIG_CRYPTO_AES and CONFIG_PCIEASPM_PERFORMANCE.

CONFIG_CRYPTO_AES adds the "generic" implementation of AES. We already get the AES-NI implementation from CONFIG_CRYPTO_AES_NI_INTEL, which is preferred over the generic implementation, and all of the boards using this kernel support AES-NI. So I don't see any reason this would be needed (cryptsetup reencrypt works as-is). We didn't get it before this PR either, it was set to 'm' and we weren't shipping the module.

CONFIG_PCIEASPM_PERFORMANCE increases idle power draw too much. On Librem 11 (smallest battery, most sensitive to power consumption), the idle power draw increased from 7.5 W to 8.1 W. I did not check for any change in reencrypt throughput but I don't want to enable it across the board due to the increased power. Again, no change compared to the state prior to the MR here either.

So no changes are needed. Unless you have something else to discuss, I'll assume the existing approval stands and merge :+1:

Originally posted by @JonathonHall-Purism in https://github.com/linuxboot/heads/pull/1590#issuecomment-1920013970

tlaurion commented 7 months ago

Verified:

user@heads-tests-deb12-clean:~/heads$ grep "CONFIG_CRYPTO_AES=y" config/linux-*
config/linux-kgpe-d16_server.config:CONFIG_CRYPTO_AES=y
config/linux-kgpe-d16_server-whiptail.config:CONFIG_CRYPTO_AES=y
config/linux-kgpe-d16_workstation.config:CONFIG_CRYPTO_AES=y
config/linux-qemu.config:CONFIG_CRYPTO_AES=y
config/linux-qemu.config.orig:CONFIG_CRYPTO_AES=y
config/linux-talos-2.config:CONFIG_CRYPTO_AES=y
config/linux-x230-maximized.config:CONFIG_CRYPTO_AES=y

user@heads-tests-deb12-clean:~/heads$ grep "CONFIG_CRYPTO_AES_NI_INTEL=y" config/linux-*
config/linux-c216.config:CONFIG_CRYPTO_AES_NI_INTEL=y
config/linux-librem_common-6.1.8.config:CONFIG_CRYPTO_AES_NI_INTEL=y
config/linux-librem_common.config:CONFIG_CRYPTO_AES_NI_INTEL=y
config/linux-linuxboot.config:CONFIG_CRYPTO_AES_NI_INTEL=y
config/linux-nitropad-x.config:CONFIG_CRYPTO_AES_NI_INTEL=y
config/linux-qemu.config:CONFIG_CRYPTO_AES_NI_INTEL=y
config/linux-qemu.config.orig:CONFIG_CRYPTO_AES_NI_INTEL=y
config/linux-t440p.config:CONFIG_CRYPTO_AES_NI_INTEL=y
config/linux-w541.config:CONFIG_CRYPTO_AES_NI_INTEL=y
config/linux-x230-legacy.config:CONFIG_CRYPTO_AES_NI_INTEL=y
config/linux-x230-maximized.config:CONFIG_CRYPTO_AES_NI_INTEL=y

user@heads-tests-deb12-clean:~/heads$ grep "CONFIG_PCIEASPM_PERFORMANCE" config/linux-*
config/linux-kgpe-d16_server.config:# CONFIG_PCIEASPM_PERFORMANCE is not set
config/linux-kgpe-d16_server-whiptail.config:# CONFIG_PCIEASPM_PERFORMANCE is not set
config/linux-kgpe-d16_workstation.config:# CONFIG_PCIEASPM_PERFORMANCE is not set
config/linux-librem_common-6.1.8.config:# CONFIG_PCIEASPM_PERFORMANCE is not set
config/linux-librem_common.config:# CONFIG_PCIEASPM_PERFORMANCE is not set
config/linux-nitropad-x.config:# CONFIG_PCIEASPM_PERFORMANCE is not set
config/linux-qemu.config:# CONFIG_PCIEASPM_PERFORMANCE is not set
config/linux-qemu.config.orig:# CONFIG_PCIEASPM_PERFORMANCE is not set
config/linux-t440p.config:# CONFIG_PCIEASPM_PERFORMANCE is not set
config/linux-talos-2.config:# CONFIG_PCIEASPM_PERFORMANCE is not set
config/linux-w541.config:# CONFIG_PCIEASPM_PERFORMANCE is not set

under WiP #1541 (so verified master: all good) Closing