lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 May 2020 09:50:44 -0700 From: Christoph Hellwig <hch@...radead.org> To: Eric Biggers <ebiggers@...nel.org> Cc: Christoph Hellwig <hch@...radead.org>, Satya Tangirala <satyat@...gle.com>, Jens Axboe <axboe@...nel.dk>, linux-block@...r.kernel.org, linux-scsi@...r.kernel.org, linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, linux-ext4@...r.kernel.org, Barani Muthukumaran <bmuthuku@....qualcomm.com>, Kuohong Wang <kuohong.wang@...iatek.com>, Kim Boojin <boojin.kim@...sung.com> Subject: Re: [PATCH v13 00/12] Inline Encryption Support On Fri, May 15, 2020 at 10:00:59AM -0700, Eric Biggers wrote: > The fallback is actually really useful. First, for testing: it allows all the > filesystem code that uses inline crypto to be tested using gce-xfstests and > kvm-xfstests, so that it's covered by the usual ext4 and f2fs regression testing > and it's much easier to develop patches for. It also allowed us to enable the > inlinecrypt mount option in Cuttlefish, which is the virtual Android device used > to test the Android common kernels. So, it gets the kernel test platform as > similar to a real Android device as possible. > > Ideally we'd implement virtualized inline encryption as you suggested. But > these platforms use a mix of VMM's (QEMU, GCE, and crosvm) and storage types > (virtio-blk, virtio-scsi, and maybe others; none of these even have an inline > encryption standard defined yet). So it's not currently feasible. Not that you don't need to implement it in the hypervisor. You can also trivially wire up for things like null_blk. > Second, it creates a clean design where users can just use blk-crypto, and not > have to implement a second encryption implementation. And I very much disagree about that being a clean implementation. It is fine if the user doesn't care, but you should catch this before hitting the block stack and do the encryption there without hardware blk-crypt support.
Powered by blists - more mailing lists