[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7e001776-a8f8-9109-a536-90398de81d53@intel.com>
Date: Tue, 18 Jun 2019 09:48:45 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Andy Lutomirski <luto@...capital.net>
Cc: "Kirill A. Shutemov" <kirill@...temov.name>,
Peter Zijlstra <peterz@...radead.org>,
Kai Huang <kai.huang@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Andrew Morton <akpm@...ux-foundation.org>,
X86 ML <x86@...nel.org>, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>, Borislav Petkov <bp@...en8.de>,
David Howells <dhowells@...hat.com>,
Kees Cook <keescook@...omium.org>,
Jacob Pan <jacob.jun.pan@...ux.intel.com>,
Alison Schofield <alison.schofield@...el.com>,
Linux-MM <linux-mm@...ck.org>, kvm list <kvm@...r.kernel.org>,
keyrings@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
Tom Lendacky <thomas.lendacky@....com>
Subject: Re: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for
MKTME
On 6/18/19 9:36 AM, Andy Lutomirski wrote:
> Should MKTME+DAX encrypt the entire volume or should it encrypt individual files? Or both?
Our current thought is that there should be two modes: One for entire
DAX namespaces and one for filesystem DAX that would allow it to be at
the file level. More likely, we would mirror fscrypt and do it at the
directory level.
> If it encrypts individual files, should the fs be involved at all?
> Should there be metadata that can check whether a given key is the
> correct key?
FWIW, this is a question for the fs guys. Their guidance so far has
been "do what fscrypt does", and fscrypt does not protect against
incorrect keys being specified. See:
https://www.kernel.org/doc/html/v5.1/filesystems/fscrypt.html
Which says:
> Currently, fscrypt does not prevent a user from maliciously providing
> an incorrect key for another user’s existing encrypted files. A
> protection against this is planned.
> If it encrypts individual files, is it even conceptually possible to
> avoid corruption if the fs is not involved? After all, many
> filesystems think that they can move data blocks, compute checksums,
> journal data, etc.
Yes, exactly. Thankfully, fscrypt has thought about this already and
has infrastructure for this. For instance:
> Online defragmentation of encrypted files is not supported. The
> EXT4_IOC_MOVE_EXT and F2FS_IOC_MOVE_RANGE ioctls will fail with
> EOPNOTSUPP.
Powered by blists - more mailing lists