File 0008-disk-cryptodisk-Add-hw-accel-to-enable-hardware-acce.patch of Package grub2

From 4bac58a27c29aee8ee04704748da99b64a4dff7d Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 7 Aug 2025 15:02:30 +0800
Subject: [PATCH 8/8] disk/cryptodisk: Add '--hw-accel' to enable hardware
 acceleration

A new option, '--hw-accel', for cryptomount is introduced to enable
hardware acceleration in libgcrypt.

Signed-off-by: Gary Lin <glin@suse.com>
---
 docs/grub.texi              |  5 +++--
 grub-core/disk/cryptodisk.c | 26 +++++++++++++++++++++++---
 2 files changed, 26 insertions(+), 5 deletions(-)

Index: grub-2.12/docs/grub.texi
===================================================================
--- grub-2.12.orig/docs/grub.texi
+++ grub-2.12/docs/grub.texi
@@ -4691,7 +4691,7 @@ The option @option{--quiet} can be given
 @node cryptomount
 @subsection cryptomount
 
-@deffn Command cryptomount [ [@option{-p} password] | [@option{-k} keyfile [@option{-O} keyoffset] [@option{-S} keysize] ] ] [@option{-H} file] device|@option{-u} uuid|@option{-a}|@option{-b}
+@deffn Command cryptomount [ [@option{-p} password] | [@option{-k} keyfile [@option{-O} keyoffset] [@option{-S} keysize] ] ] [@option{-H} file] device|@option{-u} uuid|@option{-a}|@option{-b}|@option{-A}
 Setup access to encrypted device. A passphrase will be requested interactively,
 if neither the @option{-p} nor @option{-k} options are given. The option
 @option{-p} can be used to supply a passphrase (useful for scripts).
@@ -4704,7 +4704,8 @@ files (currently only LUKS1 and LUKS2 su
 Argument @var{device} configures specific grub device
 (@pxref{Naming convention}); option @option{-u} @var{uuid} configures device
 with specified @var{uuid}; option @option{-a} configures all detected encrypted
-devices; option @option{-b} configures all geli containers that have boot flag set.
+devices; option @option{-b} configures all geli containers that have boot flag set;
+option @option{-A} enables hardware acceleration in libgcrypt.
 
 Devices are not allowed to be given as key files nor as detached header files.
 However, this limitation can be worked around by using blocklist syntax. So
Index: grub-2.12/grub-core/disk/cryptodisk.c
===================================================================
--- grub-2.12.orig/grub-core/disk/cryptodisk.c
+++ grub-2.12/grub-core/disk/cryptodisk.c
@@ -28,6 +28,7 @@
 #include <grub/procfs.h>
 #include <grub/partition.h>
 #include <grub/key_protector.h>
+#include <grub/hwfeatures-gcry.h>
 
 #ifdef GRUB_UTIL
 #include <grub/emu/hostdisk.h>
@@ -49,7 +50,8 @@ enum
     OPTION_KEYFILE_OFFSET,
     OPTION_KEYFILE_SIZE,
     OPTION_HEADER,
-    OPTION_PROTECTOR
+    OPTION_PROTECTOR,
+    OPTION_HWACCEL
   };
 
 static const struct grub_arg_option options[] =
@@ -65,6 +67,7 @@ static const struct grub_arg_option opti
     {"header", 'H', 0, N_("Read header from file"), 0, ARG_TYPE_STRING},
     {"protector", 'P', GRUB_ARG_OPTION_REPEATABLE,
      N_("Unlock volume(s) using key protector(s)."), 0, ARG_TYPE_STRING},
+    {"hw-accel", 'A', 0, N_("Enable hardware acceleration."), 0, 0},
     {0, 0, 0, 0, 0, 0}
   };
 
@@ -1413,7 +1416,7 @@ grub_cryptodisk_clear_key_cache (struct
 }
 
 static grub_err_t
-grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+__grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
 {
   struct grub_arg_list *state = ctxt->state;
   struct grub_cryptomount_args cargs = {0};
@@ -1618,6 +1621,23 @@ grub_cmd_cryptomount (grub_extcmd_contex
     }
 }
 
+static grub_err_t
+grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+{
+  struct grub_arg_list *state = ctxt->state;
+  grub_err_t err;
+
+  if (state[OPTION_HWACCEL].set)
+    grub_enable_gcry_hwf ();
+
+  err = __grub_cmd_cryptomount (ctxt, argc, args);
+
+  if (state[OPTION_HWACCEL].set)
+    grub_reset_gcry_hwf ();
+
+  return err;
+}
+
 static struct grub_disk_dev grub_cryptodisk_dev = {
   .name = "cryptodisk",
   .id = GRUB_DISK_DEVICE_CRYPTODISK_ID,
@@ -1875,7 +1895,7 @@ GRUB_MOD_INIT (cryptodisk)
 			      N_("[ [-p password] | [-k keyfile"
 				 " [-O keyoffset] [-S keysize] ] ] [-H file]"
 				 " [-P protector [-P protector ...]]"
-				 " <SOURCE|-u UUID|-a|-b>"),
+				 " <SOURCE|-u UUID|-A|-a|-b>"),
 			      N_("Mount a crypto device."), options);
   grub_procfs_register ("luks_script", &luks_script);
 }