eCryptfs: Unsupported QCA crypto driver?


I have a question regarding the crypto driver.

The OpenWRT kernel that you're using seems to have an out-of-tree crypto driver that's likely at fault here. You'll notice in your /proc/crypto file that the highest priority "cbc(aes)" implementation is "nss-cbc-aes". Those "nss-*" drivers are provided by the "qca_nss_cfi_cryptoapi" module. AFAICT, that's an out-of-tree driver and I don't see any mention of it in the upstream kernel. This is something that will need to be sorted out by the OpenWRT team instead of upstream eCryptfs.

Does anyone has any idea what does this means ?

thank you in advance.

Sure. You're using Qualcomm (QCA) stuff. Are you running some third party build provided by someone on the forums here, using stuff QCA didn't bother upstreaming?

I've taken the liberty of altering your topic title so it reflects your actual question instead of being overly generic.

1 Like

thank you for your reply,

No, i am not using third party

Can you provide a link to the image used? They're probably right about the drivers being patched in.

Also, use the quote button in the edit ribbon to quote previous posts please:

Like this

The way you have it now it's unclear what you wrote and what I wrote.

Sorry, I didn't understand the image i have generated from the build system ?

Are you saying you used the OpenWrt buildroot without any extra patches? Actually, it doesn't really matter - eCryptFS is not something OpenWrt core is designed to support, so if they're saying 'sorry' then I'm afraid that's where it ends, unless you find someone who can fix your problem (which you did not explain).

yes, i used the openwrt. are you saying about the patches of qca-nss-cryptoapi drivers ?

I am yes, but whether you patched those in or not, it won't really matter. Your upstream project is saying they don't handle that. You should specify what issue you are running into, maybe someone can help.

I am using the ecryptfs to encrypt the filesystem but the problem when I activate both the package kmod-crypto and the qca-nss-crypto it doesn't work but when i deactivate the qca crypto package then it works.
So i don't know where is the issue whether it is conflict of the package or the priority as explained before.

If you unload the QCA driver and it works, just remove the package from your image. If something that you need depends on it, just remove the corresponding file in /etc/modules.d/. See:

As i need this qca-nss-crypto package for the performance purpose but if I remove from the modules.d after that the qca crypto will not work right ?

I removed the corresponding file it doesn't work.