lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Aug 2019 19:35:16 -0700 From: Satya Tangirala <satyat@...gle.com> To: Jens Axboe <axboe@...nel.dk>, boojin.kim@...sung.com Cc: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, Eric Biggers <ebiggers@...nel.org>, "Theodore Y. Ts'o" <tytso@....edu>, Chao Yu <chao@...nel.org>, Jaegeuk Kim <jaegeuk@...nel.org>, Andreas Dilger <adilger.kernel@...ger.ca>, dm-devel@...hat.com, Mike Snitzer <snitzer@...hat.com>, Alasdair Kergon <agk@...hat.com>, Krzysztof Kozlowski <krzk@...nel.org>, Kukjin Kim <kgene@...nel.org>, Jaehoon Chung <jh80.chung@...sung.com>, Ulf Hansson <ulf.hansson@...aro.org>, linux-crypto@...r.kernel.org, linux-fscrypt@...r.kernel.org, linux-mmc@...r.kernel.org, linux-samsung-soc@...r.kernel.org, linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, linux-arm-kernel@...ts.infradead.org, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH 5/9] block: support diskcipher On Wed, Aug 21, 2019 at 5:10 AM Jens Axboe <axboe@...nel.dk> wrote: > > On 8/21/19 12:42 AM, boojin.kim wrote: > > This patch supports crypto information to be maintained via BIO > > and passed to the storage driver. > > > > To do this, 'bi_aux_private', 'REQ_CYPTE' and 'bi_dun' are added > > to the block layer. > > > > 'bi_aux_private' is added for loading additional private information into > > BIO. > > 'REQ_CRYPT' is added to distinguish that bi_aux_private is being used > > for diskcipher. > > F2FS among encryption users uses DUN(device unit number) as > > the IV(initial vector) for cryptographic operations. > > DUN is stored in 'bi_dun' of bi_iter as a specific value for each BIO. > > > > Before attempting to merge the two BIOs, the operation is also added to > > verify that the crypto information contained in two BIOs is consistent. > > This isn't going to happen. With this, and the inline encryption > proposed by Google, we'll bloat the bio even more. At least the Google > approach didn't include bio iter changes as well. > > Please work it out between yourselves so we can have a single, clean > abstraction that works for both. > > -- > Jens Axboe > Hi Boojin, We're very keen to make sure that our approach to inline encryption can work with diverse hardware, including Samsung's FMP hardware; if you can see any issues with using our approach with your hardware please let us know. We understand that a possible concern for getting FMP working with our patch series for Inline Encryption Support at https://lore.kernel.org/linux-block/20190821075714.65140-1-satyat@google.com/ is that unlike some inline encryption hardware (and also unlike the JEDEC UFS v2.1 spec), FMP doesn't have the concept of a limited number of keyslots - to address that difference we have a "passthrough keyslot manager", which we put up on top of our patch series for inline encryption support at https://android-review.googlesource.com/c/kernel/common/+/980137/2 Setting up a passthrough keyslot manager in the request queue of a device allows the device to receive a bio's encryption context as-is with the bio, which is what FMP would prefer. Are there any issues with using the passthrough keyslot manager for FMP? Thanks! Satya
Powered by blists - more mailing lists