I’m trying to get AES-GCM, rfc4106(gcm(aes)), enabled in the Linux kernel with the Jetpack SDK. However, I’ve so far not been able to find the correct kernel config to get that working. After quite a bit of searching, I found this guide. However, it looks like that option is only available for linux 4.12+ whereas I’m stuck with 4.9 (not to mention that I’m pretty sure that I don’t have the hardware support for it anyway). Any ideas what I need to do to get that enabled?
After quite a bit of digging I believe I understand the cause of this problem. This line requires that the CTR algorithm for GCM have a block size of one. The generic linux CTR(AES) algorithm has a block size of one as can be seen here, so it works just fine.
However, it looks like nvidia has its own custom CTR(AES) module that has a block size of 16 (ctr-aes-tegra). As a result, so long as we use that CTR(AES) module, we can’t load AES-GCM.
Any ideas on how to resolve this? Do I just have to disable the nvidia driver that loads the ctr-aes-tegra crypto algorithm? Will the only consequences of this be decreased performance or are there other potential issues (especially potential security holes)? It seems like that driver loads quite a few other crypto algorithms that would also be removed if I disable the driver entirely. I’d much prefer a less drastic measure, if possible. Maybe I can just mess with the priority of the ctr-aes-tegra module such that it is less than the generic CTR(AES) algorithm? Thanks!
We can’t answer this, may other developers help to share experiences if they done something similar.
Sorry for that.
I got it working by applying a patch to bump the priorities of the ctr-aes-ce and ctr-aes-neon modules (found in /arch/arm64/crypto/aes-glue.c) such that they exceeded the priority of ctr-aes-tegra. This unblocked me.
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.