Thread (27 messages) 27 messages, 5 authors, 2019-11-05

Re: [PATCH v5 3/9] block: blk-crypto for Inline Encryption

From: Christoph Hellwig <hch@infradead.org>
Date: 2019-10-31 17:57:15
Also in: linux-f2fs-devel, linux-fscrypt, linux-fsdevel, linux-scsi

On Mon, Oct 28, 2019 at 12:20:26AM -0700, Satya Tangirala wrote:
We introduce blk-crypto, which manages programming keyslots for struct
bios. With blk-crypto, filesystems only need to call bio_crypt_set_ctx with
the encryption key, algorithm and data_unit_num; they don't have to worry
about getting a keyslot for each encryption context, as blk-crypto handles
that. Blk-crypto also makes it possible for layered devices like device
mapper to make use of inline encryption hardware.

Blk-crypto delegates crypto operations to inline encryption hardware when
available, and also contains a software fallback to the kernel crypto API.
For more details, refer to Documentation/block/inline-encryption.rst.
Can you explain why we need this software fallback that basically just
duplicates logic already in fscrypt?  As far as I can tell this fallback
logic actually is more code than the actual inline encryption, and nasty
code at that, e.g. the whole crypt_iter thing.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help