我已使用 fscryptctl 为在 TI AM335x 上运行的 buildroot 构建的一部分启用了磁盘加密。一旦 fscryptctl 将密钥插入文件系统,就会在引导期间操作文件系统。启动延迟,并显示以下消息;
[ 11.830969] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-cts(cbc(aes)), throttling...
[ 16.882010] request_module: modprobe crypto-cts(cbc(aes)) cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 16.894836] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-cts(cbc(aes))-all, throttling...
[ 21.921400] request_module: modprobe crypto-cts(cbc(aes))-all cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 21.951692] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-cbc(aes), throttling...
[ 27.041390] request_module: modprobe crypto-cbc(aes) cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 27.053529] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-cbc(aes)-all, throttling...
[ 32.081413] request_module: modprobe crypto-cbc(aes)-all cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 32.112925] fscrypt: AES-256-CTS-CBC using implementation "cts(cbc(aes-generic))"
[ 32.157809] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-xts(aes), throttling...
[ 37.201404] request_module: modprobe crypto-xts(aes) cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 37.213554] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-xts(aes)-all, throttling...
[ 42.241409] request_module: modprobe crypto-xts(aes)-all cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 42.271482] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-aes, throttling...
[ 47.361399] request_module: modprobe crypto-aes cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 47.373078] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-aes-all, throttling...
[ 52.401501] request_module: modprobe crypto-aes-all cannot be processed, kmod busy with 100 threads for more than 5 seconds now
[ 52.413610] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module cryptomgr, throttling...
[ 57.441884] request_module: modprobe cryptomgr cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 57.453523] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-ecb(aes), throttling...
[ 62.481629] request_module: modprobe crypto-ecb(aes) cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 62.493723] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-ecb(aes)-all, throttling...
[ 67.521683] request_module: modprobe crypto-ecb(aes)-all cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 67.536046] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-generic))"
我通过更改要编译到内核中的 AES 模块来设法减少这个时间。现在启动日志中有这个;
[ 10.542972] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-cts(cbc(aes)), throttling...
[ 15.604200] request_module: modprobe crypto-cts(cbc(aes)) cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 15.617017] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-cts(cbc(aes))-all, throttling...
[ 20.643736] request_module: modprobe crypto-cts(cbc(aes))-all cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 20.674918] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-cryptd(__cbc-aes-neonbs), throttling...
[ 25.763747] request_module: modprobe crypto-cryptd(__cbc-aes-neonbs) cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 25.777340] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-cryptd(__cbc-aes-neonbs)-all, throttling...
[ 30.803742] request_module: modprobe crypto-cryptd(__cbc-aes-neonbs)-all cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 30.834599] fscrypt: AES-256-CTS-CBC using implementation "cts(cbc-aes-neonbs)"
[ 30.890095] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-cryptd(__xts-aes-neonbs), throttling...
[ 35.923747] request_module: modprobe crypto-cryptd(__xts-aes-neonbs) cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 35.937348] request_module: kmod_concurrent_max (0) close to 0 (max_modprobes: 50), for module crypto-cryptd(__xts-aes-neonbs)-all, throttling...
[ 40.963785] request_module: modprobe crypto-cryptd(__xts-aes-neonbs)-all cannot be processed, kmod busy with 50 threads for more than 5 seconds now
[ 40.994725] fscrypt: AES-256-XTS using implementation "xts-aes-neonbs"`
所以我把这个问题减少了 27 秒,但我还没有完全解决这个问题,因为它仍然需要 30 秒。我尝试修补内核,使 max_modprobes 为 100,但似乎没有任何效果。
我尝试更改 linux 配置,以便crypto-cryptd
和crypto-cts
也在内核中编译,而不是作为模块(CONFIG_CRYPTO_CRYPTD=y
和CONFIG_CRYPTO_CTS=y
)。它对启动时间没有任何明显的影响,我仍然在第二个启动日志片段中收到消息。
看起来它正在尝试加载一些不同的模块,然后再确定 ARM 特定的实现。有没有办法给系统提示哪些模块需要加载,而不是让它自己决定,从而可能避免 30 秒的等待?或者还有其他方法可以解决这个问题吗?
预先感谢,亚历克斯。