Enabled AES on chip encryption

[douggie]

#For stories, please include the information below:

User Statement:

As a user of VIC, I would like to use LUKS to encrypted my data volumes using aes encryption that leverages hardware acceleration.

Details:
uname -a
Linux 93152a0bb54e 4.4.31-esx #1-photon SMP Tue Nov 22 15:06:42 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

modprobe -v aesni_intel
modprobe: FATAL: Module aesni_intel not found.

Acceptance Criteria:
support aesni_intel module

• test to ensure module is available and loads as expected

[matthewavery]

Taking a look here, it is very likely that for the moment that kernel module has not been ported to photon. pinging @hickeng for comment as well.

[matthewavery]

Customer is expecting kmods aesni_intel and aes_x86_64 to be present for this functionality to work.

[hickeng]

vmware/photon@747815d has been committed to build the aesni module - this will be picked up as soon as Photon publishes the updated kernel package to the public repo. I've requested an ETA from the Photon team.

[hickeng]

Estimate is for adding regression test after Photon update.

[douggie]

wow very quick. thanks for the update.

…

On Thu, Jun 1, 2017 at 10:44 PM, George Hicken ***@***.***> wrote: Estimate is for adding regression test after Photon update. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#5302 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AENHatpbe9glUMwRH709qvo9XAglekYlks5r_zDUgaJpZM4NrcN-> .

[hickeng]

Rough ETA for updated linux-esx is middle of this coming week. Builds after that happens should include the new module with no changes to the VIC engine codebase.

[douggie]

Wow! Excited to try it out!

…

On Sun, 4 Jun 2017, 21:21 George Hicken, ***@***.***> wrote: Rough ETA for updated linux-esx is middle of this coming week — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#5302 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AENHanIJX7ePm88WUslZg7yOFmr211Vxks5sAxHLgaJpZM4NrcN-> .

[douggie]

HI,
Just wondered if there were any thoughts on how I could pick up the new photon build and run it in vcenter to test out the AES support.

[hickeng]

Waiting on an answer from the photon team as to whether it's in the 1.1 public packages.

[hickeng]

@douggie AES is now in the latest builds (just built from master):

/lib/modules/4.4.71-1.ph1-esx # modprobe aesni-intel
/lib/modules/4.4.71-1.ph1-esx # lsmod
<snip>
ansi_cprng 4566 1 - Live 0x0000000000000000 (E)
aesni_intel 157107 1 - Live 0x0000000000000000 (E)
aes_x86_64 7439 1 aesni_intel, Live 0x0000000000000000 (E)

[mdubya66]

Closing. @douggie please re-open if you find it's not working.

[douggie]

all working great!

…

On Tue, 20 Jun 2017, 23:00 Matt Williamson, ***@***.***> wrote: Closed #5302 <#5302>. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#5302 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AENHahS9hkecdsm6geqN2zPcyTchpZRhks5sGED1gaJpZM4NrcN-> .

[matthewavery]

@douggie We are very glad to hear that! As always we are only a github issue or a slack message away if you have other problems :)