Re: [PATCH 1/2] crypto: Delete Qualcomm crypto engine driver

Next message: Jason Gunthorpe: "Re: [PATCH] RDMA/rtrs: Use flexible array for client path stats"
Previous message: pr-tracker-bot: "Re: [GIT PULL] IRQ fixes"
In reply to: Dmitry Baryshkov: "Re: [PATCH 1/2] crypto: Delete Qualcomm crypto engine driver"
Next in thread: Krzysztof Kozlowski: "Re: [PATCH 1/2] crypto: Delete Qualcomm crypto engine driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Demi Marie Obenour

Date: Sun May 24 2026 - 16:15:52 EST

On 5/24/26 12:42, Dmitry Baryshkov wrote:
> On Sat, May 23, 2026 at 03:03:56PM -0400, Demi Marie Obenour via B4 Relay wrote:
>> From: Demi Marie Obenour <demiobenour@xxxxxxxxx>
>>
>> It's slower than the generic C code and causes problems.
>
> Which problems?

See https://lore.kernel.org/all/20260522024912.GC5937@quark/.

Also, if there are no systems in which the QCE driver is actually
the highest priority, then unless someone adjusts priorities manually
it's unused code.

> Also in the security world faster and safer are two orthogonal axis with
> very limited correlation.

If by "safer" you mean protection against physical side-channel
attacks, then my understanding is that all operations on secret keys
need to be masked. This includes copying and storage.

Linux only supports this for protected keys, and even then sometimes
uses the kernel's own RNG for key generation. There is no support
for using the QCE for protected keys.

Linux does support using hardware-wrapped keys with inline crypto
engines, which are what are actually used on Android.
--
Sincerely,
Demi Marie Obenour (she/her/hers)

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature