lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 6 Jun 2018 10:04:14 +0000
From:   Ladvine D Almeida <Ladvine.DAlmeida@...opsys.com>
To:     Christoph Hellwig <hch@...radead.org>,
        Ladvine D Almeida <Ladvine.DAlmeida@...opsys.com>
CC:     Milan Broz <gmazyland@...il.com>, Alasdair Kergon <agk@...hat.com>,
        "Mike Snitzer" <snitzer@...hat.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Manjunath M Bettegowda <Manjunath.MB@...opsys.com>,
        Prabu Thangamuthu <Prabu.T@...opsys.com>,
        Tejas Joglekar <Tejas.Joglekar@...opsys.com>,
        device-mapper development <dm-devel@...hat.com>,
        Joao Pinto <Joao.Pinto@...opsys.com>,
        "tytso@....edu" <tytso@....edu>,
        "jaegeuk@...nel.org" <jaegeuk@...nel.org>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        "linux-block@...r.kernel.org" <linux-block@...r.kernel.org>
Subject: Re: [PATCH] md: dm-crypt: Add Inline Encryption support for dmcrypt

On Friday 01 June 2018 09:16 AM, Christoph Hellwig wrote:
> On Wed, May 30, 2018 at 02:52:07PM +0000, Ladvine D Almeida wrote:
>> when the optional argument "perform_inline_encrypt" is set, we are not unconditionally sending the bio
>> to the block devices. The steps are explained below:
>> 1. user invokes the dm-setup command with the registered cipher "xts" and with the optional argument
>> "perform_inline_encrypt".
>> 2. dm-setup invokes the setkey function of the newly introduced algorithm, which finds the available key slots
>> to be programmed(UFS Host controller Inline Encryption engine has multiple keyslots), program the key slot,
>> and return the key slot index as return value of the set key function.
>> 3. When read/write operation happens, crypt_map() function in dm-crypt validates whether there is associated
>> key configuration index for the request. The Bio will be submitted directly in this case only with the associated
>> crypto context.
>> 4. Block device driver, eg. UFS host controller driver will create the Transfer requests as per this crypto context and
>> encryption happens inside the controller.
> Why isn't this all controlled by the ufs drivers, using helpers as
> required?

The idea is to make use of the existing utilities like dmsetup to configure the keys, mapping etc.

>
> Also why do we even need this API over just implementing TCG
> Opal/Opalite on the device?
>
TCG Opal/Opalite is FDE solution. right?

File Based Encryption is accomplished in the ext4/f2fs layer by invoking the registered algorithms from LKCF.

There is a scope for FBE, if the implementation is crypto API.


Regards,

Ladvine

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ