lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250526011159.GA23241@sol>
Date: Sun, 25 May 2025 18:11:59 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
	linux-kernel@...r.kernel.org,
	Bartosz Golaszewski <bartosz.golaszewski@...aro.org>,
	Jaegeuk Kim <jaegeuk@...nel.org>, Theodore Ts'o <tytso@....edu>
Subject: [GIT PULL] fscrypt update for 6.16

The following changes since commit 0af2f6be1b4281385b618cb86ad946eded089ac8:

  Linux 6.15-rc1 (2025-04-06 13:11:33 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/fs/fscrypt/linux.git tags/fscrypt-for-linus

for you to fetch changes up to c07d3aede2b26830ee63f64d8326f6a87dee3a6d:

  fscrypt: add support for hardware-wrapped keys (2025-04-08 19:32:11 -0700)

----------------------------------------------------------------

Add support for "hardware-wrapped inline encryption keys" to fscrypt.
When enabled on supported platforms, this feature protects file contents
keys from certain attacks, such as cold boot attacks.

This feature uses the block layer support for wrapped keys which was
merged in 6.15.  Wrapped key support has existed out-of-tree in Android
for a long time, and it's finally ready for upstream now that there is a
platform on which it works end-to-end with upstream.  Specifically,
it works on the Qualcomm SM8650 HDK, using the Qualcomm ICE (Inline
Crypto Engine) and HWKM (Hardware Key Manager).  The corresponding
driver support is included in the SCSI tree for 6.16.  Validation for
this feature includes two new tests that were already merged into
xfstests (generic/368 and generic/369).

----------------------------------------------------------------
Eric Biggers (1):
      fscrypt: add support for hardware-wrapped keys

 Documentation/filesystems/fscrypt.rst | 187 +++++++++++++++++++++++++++-------
 fs/crypto/fscrypt_private.h           |  75 ++++++++++++--
 fs/crypto/hkdf.c                      |   4 +-
 fs/crypto/inline_crypt.c              |  44 ++++++--
 fs/crypto/keyring.c                   | 132 +++++++++++++++++-------
 fs/crypto/keysetup.c                  |  63 ++++++++++--
 fs/crypto/keysetup_v1.c               |   4 +-
 include/uapi/linux/fscrypt.h          |   6 +-
 8 files changed, 410 insertions(+), 105 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ