lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Jun 2020 09:47:30 -0700 From: Eric Biggers <ebiggers@...nel.org> To: Satya Tangirala <satyat@...gle.com> Cc: linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, linux-ext4@...r.kernel.org, Jaegeuk Kim <jaegeuk@...nel.org> Subject: Re: [PATCH v3 2/4] fscrypt: add inline encryption support On Tue, Jun 30, 2020 at 12:14:36PM +0000, Satya Tangirala via Linux-f2fs-devel wrote: > Add support for inline encryption to fs/crypto/. With "inline > encryption", the block layer handles the decryption/encryption as part > of the bio, instead of the filesystem doing the crypto itself via > Linux's crypto API. This model is needed in order to take advantage of > the inline encryption hardware present on most modern mobile SoCs. > > To use inline encryption, the filesystem needs to be mounted with > '-o inlinecrypt'. Blk-crypto will then be used instead of the traditional > filesystem-layer crypto whenever possible to encrypt the contents > of any encrypted files in that filesystem. Fscrypt still provides the key > and IV to use, and the actual ciphertext on-disk is still the same; > therefore it's testable using the existing fscrypt ciphertext verification > tests. > > Note that since blk-crypto has a fallback to Linux's crypto API, and > also supports all the encryption modes currently supported by fscrypt, > this feature is usable and testable even without actual inline > encryption hardware. > > Per-filesystem changes will be needed to set encryption contexts when > submitting bios and to implement the 'inlinecrypt' mount option. This > patch just adds the common code. > > Co-developed-by: Eric Biggers <ebiggers@...gle.com> > Signed-off-by: Eric Biggers <ebiggers@...gle.com> > Signed-off-by: Satya Tangirala <satyat@...gle.com> > Reviewed-by: Jaegeuk Kim <jaegeuk@...nel.org> Reviewed-by: Eric Biggers <ebiggers@...gle.com>
Powered by blists - more mailing lists