Subject: Re: enabling cgd by default
To: Alan Barrett <apb@cequrux.com>
From: Alistair Crooks <agc@pkgsrc.org>
List: tech-kern
Date: 08/07/2007 17:50:28
On Tue, Aug 07, 2007 at 12:26:44PM +0200, Alan Barrett wrote:
> None of our GENERIC* or INSTALL* kernels include support for cgd (the
> encrypted disk driver).  What is the reason for this (e.g. legal
> concerns, kernel size concerns, software quality concerns, nobody has
> got around to enabling it yet)?  I have been using cgd for several years
> with no problems, and the absence of cgd is the biggest reason why I am
> unable to use a GENERIC_LAPTOP kernel.
> 
> I would like to add "pseudo-device cgd 4" to all those GENERIC-like
> and INSTALL-like kernel configurations that don't have tight size
> constraints.  I propose to use the presence of "pseudo-device raid" as
> an indicator for the absence of tight size constraints.

In the past, it's been because we don't ship crypto by default,
just in case it makes it to one of the proscribed countries I
suppose.

I have other reasons for requiring custom kernels, but I would
like to see cgd in there by default. I'd also think that raidframe
in GENERIC_LAPTOP is probably overkill, but I'd also echo Greg's
remarks - raidframe is actually quite a lean beast, and I do not
know what I'd do without it. Just not on my lappy.

What do other operating systems do about this?

Regards,
Al