lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260211032935.2705841-21-alistair.francis@wdc.com>
Date: Wed, 11 Feb 2026 13:29:27 +1000
From: alistair23@...il.com
To: bhelgaas@...gle.com,
	lukas@...ner.de,
	rust-for-linux@...r.kernel.org,
	akpm@...ux-foundation.org,
	linux-pci@...r.kernel.org,
	Jonathan.Cameron@...wei.com,
	linux-cxl@...r.kernel.org,
	linux-kernel@...r.kernel.org
Cc: alex.gaynor@...il.com,
	benno.lossin@...ton.me,
	boqun.feng@...il.com,
	a.hindborg@...nel.org,
	gary@...yguo.net,
	bjorn3_gh@...tonmail.com,
	tmgross@...ch.edu,
	alistair23@...il.com,
	ojeda@...nel.org,
	wilfred.mallawa@....com,
	aliceryhl@...gle.com,
	Alistair Francis <alistair.francis@....com>
Subject: [RFC v3 20/27] crypto: sha: Load early in boot

From: Alistair Francis <alistair.francis@....com>

Work is ongoing to support PCIe device attestation and authentication.
As part of this probing a PCIe device will require generating hashes via
the SPDM protocol to the kernel.

Linux should verify the device before enabling the device, which means we
need the crypto functions to be ready before arch initilisation (where PCIe
init happens). Move the crypto init to postcore to
ensure it's loaded before PCIe devices.

This allows us to verify the certificate chain provided by a PCIe device
via SPDM before we enable it.

Signed-off-by: Alistair Francis <alistair.francis@....com>
---
 crypto/sha256.c | 2 +-
 crypto/sha3.c   | 2 +-
 crypto/sha512.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/sha256.c b/crypto/sha256.c
index fb81defe084c..0ebe96f89733 100644
--- a/crypto/sha256.c
+++ b/crypto/sha256.c
@@ -398,7 +398,7 @@ static int __init crypto_sha256_mod_init(void)
 {
 	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
 }
-module_init(crypto_sha256_mod_init);
+postcore_initcall(crypto_sha256_mod_init);
 
 static void __exit crypto_sha256_mod_exit(void)
 {
diff --git a/crypto/sha3.c b/crypto/sha3.c
index 8f364979ec89..d37ce694b50a 100644
--- a/crypto/sha3.c
+++ b/crypto/sha3.c
@@ -145,7 +145,7 @@ static int __init crypto_sha3_mod_init(void)
 {
 	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
 }
-module_init(crypto_sha3_mod_init);
+postcore_initcall(crypto_sha3_mod_init);
 
 static void __exit crypto_sha3_mod_exit(void)
 {
diff --git a/crypto/sha512.c b/crypto/sha512.c
index d320fe53913f..6effa6043b55 100644
--- a/crypto/sha512.c
+++ b/crypto/sha512.c
@@ -404,7 +404,7 @@ static int __init crypto_sha512_mod_init(void)
 {
 	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
 }
-module_init(crypto_sha512_mod_init);
+postcore_initcall(crypto_sha512_mod_init);
 
 static void __exit crypto_sha512_mod_exit(void)
 {
-- 
2.52.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ