Enable Adiantum on Raspberry Pi kernels

Hello.

After the move to a post 5.0 kernel Adiantum has become available.

Adiantum is an encryption mode created by Google specifically for devices without AES hardware acceleration, like all the Raspberry Pi models, and can provide significantly faster encryption and decryption speed for both full disk encryption and file based encryption. More details and some benchmarks can be found on the announcement and on the RPF GitHub PR.

Adiantum can be enabled as described in the Android documentation, but to make it short adding

CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_NHPOLY1305_NEON=m

to the current kernel config should be enough.

This would allow to finally have usable disk encryption on both external block devices, with cryptsetup/LUKS, and on home directories, with file-based encryption (fscrypt) on EXT4/F2FS.

Thank you.

Hi

I’m happy to accept a PR for this

Sam

If Sam doesn’t want to include those two modules, you can always build them yourself. Just be aware that you might need to rebuild them whenever a new kernel version is installed.

The following assumes that you’re on a Pi 2 or 3. For a Pi 4, the source and headers are prefixed with rbp464 and all modules will need to be built inside the 64-bit OSMC toolchain. All commands are run as rroot, hence the sudo -s.

sudo -s
apt-get update
apt-get install rbp2-source-$(uname -r) rbp2-headers-$(uname -r) build-essential bc
cp /boot/config-$(uname -r) /usr/src/rbp2-source-$(uname -r)/.config
cp /usr/src/rbp2-headers-$(uname -r)/Module.symvers /usr/src/rbp2-source-$(uname -r)
cd /usr/src/rbp2-source-$(uname -r)
# Edit .config file, as appropriate.
make oldconfig
make scripts prepare modules_prepare
make -C . M=./crypto
cp ./crypto/adiantum.ko ./crypto/nhpoly1305.ko /lib/modules/$(uname -r)/kernel/crypto
depmod
<Ctrl-d> # Exit from root.

I’ll include if a PR is opened for both platforms.

Sam

There’s a PR on GitHub. I hope nothing’s missing.

Cheers – will check shortly.

Hi, did you have a chance to check the PR?

Thanks.

This is now building and will be in the staging repository in a few hours when Jenkins is done.