Re: [Qemu-devel] [PATCH v2 00/15] virtio-crypto: introduce framework and device emulation

[Daniel P. Berrange]

On Tue, Sep 13, 2016 at 12:58:59PM +0200, Paolo Bonzini wrote:
> 
> 
> On 13/09/2016 11:54, Daniel P. Berrange wrote:
> > > OK, I agree with you :)  But if we support multiple backends, can
> > > we keep cryptodev-linux module as one option?
> >
> > I'm personally against any support for out of tree kernel modules
> > in QEMU, regardless of whether QEMU also implements alternative
> > backends, unless there is a strong sign that the module in question
> > is on the verge of being accepted into mainline Linux. That does
> > not seem to be the case there - mainline settled on AF_ALG as the
> > only supported approach AFAICT.
> 
> Is there any reason to embed knowledge of AF_ALG directly in QEMU,
> rather than delegating that to gcrypt/nettle?

Actually looking at the code again, neither of those libraries will
ever delegate to the kernel. So if we did want AF_ALG, we would have
to provide a backend in QEMU to use that.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|