block: export blk-crypto symbols required by dm-inlinecrypt#814
Open
blktests-ci[bot] wants to merge 3 commits into
Open
block: export blk-crypto symbols required by dm-inlinecrypt#814blktests-ci[bot] wants to merge 3 commits into
blktests-ci[bot] wants to merge 3 commits into
Conversation
Author
|
Upstream branch: 07dfa98 |
blktests-ci
Bot
force-pushed
the
for-next_base
branch
from
83cbd2e to
2a80064
Compare
Author
|
Upstream branch: 31fea07 |
blktests-ci
Bot
force-pushed
the
series/1088019=>for-next
branch
from
860336f to
72cb143
Compare
blktests-ci
Bot
force-pushed
the
for-next_base
branch
from
2a80064 to
2cbf0fd
Compare
Author
|
Upstream branch: 09ec486 |
blktests-ci
Bot
force-pushed
the
series/1088019=>for-next
branch
from
72cb143 to
815554f
Compare
blktests-ci
Bot
force-pushed
the
for-next_base
branch
from
2cbf0fd to
98d5b12
Compare
Author
|
Upstream branch: c16700a |
blktests-ci
Bot
force-pushed
the
series/1088019=>for-next
branch
from
815554f to
1a0cf85
Compare
blktests-ci
Bot
force-pushed
the
for-next_base
branch
from
98d5b12 to
bc49347
Compare
Author
|
Upstream branch: f1cc9ee |
blktests-ci
Bot
force-pushed
the
series/1088019=>for-next
branch
from
1a0cf85 to
471769f
Compare
blktests-ci
Bot
force-pushed
the
for-next_base
branch
from
bc49347 to
b05f317
Compare
Author
|
Upstream branch: 76ef4f9 |
bio_crypt_set_ctx(), blk_crypto_init_key(), and blk_crypto_start_using_key() are needed to use inline encryption; see Documentation/block/inline-encryption.rst. Export them so that dm-inlinecrypt can use them. The only reason these weren't exported before was that inline encryption was previously used only by fs/crypto/ which is built-in code. Signed-off-by: Eric Biggers <ebiggers@google.com>
Add a new device-mapper target "dm-inlinecrypt" that is similar to dm-crypt but uses the blk-crypto API instead of the regular crypto API. This allows it to take advantage of inline encryption hardware such as that commonly built into UFS host controllers. The table syntax matches dm-crypt's, but for now only a stripped-down set of parameters is supported. For example, for now AES-256-XTS is the only supported cipher. dm-inlinecrypt is based on Android's dm-default-key with the controversial passthrough support removed. Note that due to the removal of passthrough support, use of dm-inlinecrypt in combination with fscrypt causes double encryption of file contents (similar to dm-crypt + fscrypt), with the fscrypt layer not being able to use the inline encryption hardware. This makes dm-inlinecrypt unusable on systems such as Android that use fscrypt and where a more optimized approach is needed. It is however suitable as a replacement for dm-crypt. dm-inlinecrypt supports both keyring key and hex key, the former avoids the key to be exposed in dm-table message. Similar to dm-default-key in Android, it will fallabck to the software block crypto once the inline crypto hardware cannot support the expected cipher. Test: dmsetup create inlinecrypt_logon --table "0 `blockdev --getsz $1` \ inlinecrypt aes-xts-plain64 :64:logon:fde:dminlinecrypt_test_key 0 $1 0" Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com>
This adds the admin-guide documentation for dm-inlinecrypt. dm-inlinecrypt.rst is the guide to using dm-inlinecrypt. Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com>
blktests-ci
Bot
force-pushed
the
series/1088019=>for-next
branch
from
471769f to
ebc0d33
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: block: export blk-crypto symbols required by dm-inlinecrypt
version: 3
url: https://patchwork.kernel.org/project/linux-block/list/?series=1088019