| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZwN1hDK34h0du5qp@infradead.org> Date: Sun, 6 Oct 2024 22:45:40 -0700 From: Christoph Hellwig <hch@...radead.org> To: Milan Broz <gmazyland@...il.com> Cc: Eric Biggers <ebiggers@...nel.org>, Christoph Hellwig <hch@...radead.org>, dm-devel@...ts.linux.dev, linux-block@...r.kernel.org, linux-kernel@...r.kernel.org, Md Sadre Alam <quic_mdalam@...cinc.com>, Israel Rukshin <israelr@...dia.com> Subject: Re: [RFC PATCH] dm-inlinecrypt: add target for inline block device encryption On Fri, Oct 04, 2024 at 09:21:47PM +0200, Milan Broz wrote: > There was another discussion recently. I also discussed this with Mikulas > as DM maintainer, and we agreed this is the best way. > > Extending dm-crypt is possible, but the dm-crypt threat model should not allow > pushing plaintext down the level. As should any other stackable crypto driver, so that's not an argument per se. Allowing to bypass encryption in a lower layer is simply broken, no matter what you call the target. > (I am currently investigating several issues with Opal hw encryption that just > cannot happen with sw dm-crypt. We opened can of worms supporting it in LUKS. :) > > Actually, I like the inline encryption logic (and the sw fallback), just I would > prefer we clearly separate the code here (and dm-crypt is already complicated enough). Now code complexity is an absolute valid argument. I think it should be weighted very carefully vs a confusing user interface that requires the user to know if there is hardware acceleration or not.
Powered by blists - more mailing lists