Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3807987ybt; Tue, 30 Jun 2020 11:38:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxDsnGvMEqDkI7FMcXmCaT3FGe2KvAB/XxzLaoB1mg8KE3qVtHhITTs/9jTljrJgJHYISrP X-Received: by 2002:a17:906:b813:: with SMTP id dv19mr19025408ejb.119.1593542056142; Tue, 30 Jun 2020 11:34:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593542056; cv=none; d=google.com; s=arc-20160816; b=SeNNwKOApQYiQlLUJaSM5q+g30LOC3geL7YER7Zuo/u/u6A8BFcniiRzrq0werKs1W 8L987GBjQCR12oJJBWEZAE26g7rb7RMqLt20dKeSgJTB9svVCkwJrz7ggRLKXuaoj3eU fYNDOCdfxxF9y29IviaAiRvso8dcJ9pXzmD3+3wiD/5eU6ZXFuZWqYdAkYURtQaXwXqy MdhsZZqfrUPhIwanxz0+jbdKfBtnkZt74ByKorwWdTfbMaMLzPmZnICxK01jw/U+Qgev aE6qImPfOfBzNF70YfCcJkonzln0K/ANWCPTcKJN2RG4uAMDra+GIfH6mrPTtitELMem 3big== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=cBl1KPAhGjOpYgUSe2Jz/w7rZPhZIlDpKF6DmGKobIE=; b=BV6GuKVIeZY4gHISSiG8Jtbir2xjwkzFtWfB7OycaOX595DReNK3A6P8ARQ6oMdlSS 5gKj0ZubStKkepBN3p4+UxeoQEbVQbwrpg/gGGiMIJsh2wTzB+7oXRBj7ZhCC0VL6vou IWJ38VuokDriB78H8jrZTMgHqmCtHan/dtqnNHdy5HO/RgYaj2l9aDG4sppoYMFbZKUl HYX5GwUl3w2ZGNAdePzKl/D5vY6+wRxDmq27EObuiEp6laBkQap8hZPfbqEK2hIOfOoa yG7fC5s/Z03fDeuoIOO4uuleEGTM1dTmoKT6gMXZCJXibdpwP9FwqLylhXaa6iFZtXgD b7DQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jUUm0plo; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v18si2286985ejb.360.2020.06.30.11.33.44; Tue, 30 Jun 2020 11:34:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jUUm0plo; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389521AbgF3Qrc (ORCPT + 99 others); Tue, 30 Jun 2020 12:47:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:50600 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728022AbgF3Qrc (ORCPT ); Tue, 30 Jun 2020 12:47:32 -0400 Received: from sol.localdomain (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6EE04206B6; Tue, 30 Jun 2020 16:47:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1593535651; bh=SPqL4E1Wb8DiXConglbiJ9f0pTWiyShFbuJGvYwg4FM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=jUUm0ploIzeASPPBp1of1yMAXdN9YKrBhlba/3QmKAhL/6UOXl1G69OZ4Pj7BfhYY 7b/Z/DfOeam1LbovRk3PNaeHkAxo0IlGT3owcrfvyBSwM7u1PWqewhHRqe5pwkqUqD L+TPDB4GVbwzFJKmPeOtekr9NEFnFs4qs/mUYkEo= Date: Tue, 30 Jun 2020 09:47:30 -0700 From: Eric Biggers To: Satya Tangirala Cc: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org, Jaegeuk Kim Subject: Re: [PATCH v3 2/4] fscrypt: add inline encryption support Message-ID: <20200630164730.GB837@sol.localdomain> References: <20200630121438.891320-1-satyat@google.com> <20200630121438.891320-3-satyat@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200630121438.891320-3-satyat@google.com> Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Tue, Jun 30, 2020 at 12:14:36PM +0000, Satya Tangirala via Linux-f2fs-devel wrote: > Add support for inline encryption to fs/crypto/. With "inline > encryption", the block layer handles the decryption/encryption as part > of the bio, instead of the filesystem doing the crypto itself via > Linux's crypto API. This model is needed in order to take advantage of > the inline encryption hardware present on most modern mobile SoCs. > > To use inline encryption, the filesystem needs to be mounted with > '-o inlinecrypt'. Blk-crypto will then be used instead of the traditional > filesystem-layer crypto whenever possible to encrypt the contents > of any encrypted files in that filesystem. Fscrypt still provides the key > and IV to use, and the actual ciphertext on-disk is still the same; > therefore it's testable using the existing fscrypt ciphertext verification > tests. > > Note that since blk-crypto has a fallback to Linux's crypto API, and > also supports all the encryption modes currently supported by fscrypt, > this feature is usable and testable even without actual inline > encryption hardware. > > Per-filesystem changes will be needed to set encryption contexts when > submitting bios and to implement the 'inlinecrypt' mount option. This > patch just adds the common code. > > Co-developed-by: Eric Biggers > Signed-off-by: Eric Biggers > Signed-off-by: Satya Tangirala > Reviewed-by: Jaegeuk Kim Reviewed-by: Eric Biggers