From: Eric Biggers <ebiggers@kernel.org>
To: dm-devel@lists.linux.dev
Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
Md Sadre Alam <quic_mdalam@quicinc.com>,
Israel Rukshin <israelr@nvidia.com>,
Milan Broz <gmazyland@gmail.com>,
Mikulas Patocka <mpatocka@redhat.com>,
Adrian Vovk <adrianvovk@gmail.com>
Subject: [RFC PATCH 0/4] dm-default-key: target for filesystem metadata encryption
Date: Fri, 18 Oct 2024 11:43:35 -0700 [thread overview]
Message-ID: <20241018184339.66601-1-ebiggers@kernel.org> (raw)
This series adds "metadata encryption" support to ext4 and f2fs via a
new device-mapper target dm-default-key. dm-default-key encrypts all
data on a block device that isn't already encrypted by the filesystem.
Except for the passthrough support, dm-default-key is basically the same
as the proposed dm-inlinecrypt which omits that feature
(https://lore.kernel.org/dm-devel/20241016232748.134211-1-ebiggers@kernel.org/).
I am sending this out for reference, as dm-default-key (which Android
has been using for a while) hasn't previously been sent to the lists in
full, and there has been interest in it. However, my current impression
is that this feature will need to be redesigned as a filesystem native
feature in order to make it upstream. If that is indeed the case, then
IMO it would make sense to merge dm-inlinecrypt in the mean time instead
(or add its functionality to dm-crypt) so that anyone who just wants
"dm-crypt + inline encryption hardware" gets a solution for that.
Eric Biggers (4):
block: export blk-crypto symbols required by dm-default-key
block: add the bi_skip_dm_default_key flag
dm-default-key: add target for filesystem metadata encryption
ext4,f2fs: support metadata encryption via dm-default-key
block/bio.c | 3 +
block/blk-crypto-fallback.c | 2 +
block/blk-crypto.c | 3 +
drivers/md/Kconfig | 20 ++
drivers/md/Makefile | 1 +
drivers/md/dm-default-key.c | 431 ++++++++++++++++++++++++++++++++++++
fs/crypto/inline_crypt.c | 14 +-
fs/f2fs/data.c | 6 +-
include/linux/blk-crypto.h | 36 +++
include/linux/blk_types.h | 3 +
include/linux/fscrypt.h | 14 ++
11 files changed, 531 insertions(+), 2 deletions(-)
create mode 100644 drivers/md/dm-default-key.c
base-commit: c964ced7726294d40913f2127c3f185a92cb4a41
--
2.47.0
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net>
To: dm-devel@lists.linux.dev
Cc: Israel Rukshin <israelr@nvidia.com>,
linux-kernel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org,
Mikulas Patocka <mpatocka@redhat.com>,
Adrian Vovk <adrianvovk@gmail.com>,
Md Sadre Alam <quic_mdalam@quicinc.com>,
linux-ext4@vger.kernel.org, Milan Broz <gmazyland@gmail.com>
Subject: [f2fs-dev] [RFC PATCH 0/4] dm-default-key: target for filesystem metadata encryption
Date: Fri, 18 Oct 2024 11:43:35 -0700 [thread overview]
Message-ID: <20241018184339.66601-1-ebiggers@kernel.org> (raw)
This series adds "metadata encryption" support to ext4 and f2fs via a
new device-mapper target dm-default-key. dm-default-key encrypts all
data on a block device that isn't already encrypted by the filesystem.
Except for the passthrough support, dm-default-key is basically the same
as the proposed dm-inlinecrypt which omits that feature
(https://lore.kernel.org/dm-devel/20241016232748.134211-1-ebiggers@kernel.org/).
I am sending this out for reference, as dm-default-key (which Android
has been using for a while) hasn't previously been sent to the lists in
full, and there has been interest in it. However, my current impression
is that this feature will need to be redesigned as a filesystem native
feature in order to make it upstream. If that is indeed the case, then
IMO it would make sense to merge dm-inlinecrypt in the mean time instead
(or add its functionality to dm-crypt) so that anyone who just wants
"dm-crypt + inline encryption hardware" gets a solution for that.
Eric Biggers (4):
block: export blk-crypto symbols required by dm-default-key
block: add the bi_skip_dm_default_key flag
dm-default-key: add target for filesystem metadata encryption
ext4,f2fs: support metadata encryption via dm-default-key
block/bio.c | 3 +
block/blk-crypto-fallback.c | 2 +
block/blk-crypto.c | 3 +
drivers/md/Kconfig | 20 ++
drivers/md/Makefile | 1 +
drivers/md/dm-default-key.c | 431 ++++++++++++++++++++++++++++++++++++
fs/crypto/inline_crypt.c | 14 +-
fs/f2fs/data.c | 6 +-
include/linux/blk-crypto.h | 36 +++
include/linux/blk_types.h | 3 +
include/linux/fscrypt.h | 14 ++
11 files changed, 531 insertions(+), 2 deletions(-)
create mode 100644 drivers/md/dm-default-key.c
base-commit: c964ced7726294d40913f2127c3f185a92cb4a41
--
2.47.0
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next reply other threads:[~2024-10-18 18:45 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-18 18:43 Eric Biggers [this message]
2024-10-18 18:43 ` [f2fs-dev] [RFC PATCH 0/4] dm-default-key: target for filesystem metadata encryption Eric Biggers via Linux-f2fs-devel
2024-10-18 18:43 ` [RFC PATCH 1/4] block: export blk-crypto symbols required by dm-default-key Eric Biggers
2024-10-18 18:43 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2024-10-18 18:43 ` [RFC PATCH 2/4] block: add the bi_skip_dm_default_key flag Eric Biggers
2024-10-18 18:43 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2024-10-21 11:11 ` Mikulas Patocka
2024-10-21 11:11 ` [f2fs-dev] " Mikulas Patocka
2024-10-21 19:02 ` Eric Biggers
2024-10-21 19:02 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2024-10-18 18:43 ` [RFC PATCH 3/4] dm-default-key: add target for filesystem metadata encryption Eric Biggers
2024-10-18 18:43 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
2024-10-18 18:43 ` [RFC PATCH 4/4] ext4,f2fs: support metadata encryption via dm-default-key Eric Biggers
2024-10-18 18:43 ` [f2fs-dev] [RFC PATCH 4/4] ext4, f2fs: " Eric Biggers via Linux-f2fs-devel
2024-10-21 11:52 ` [RFC PATCH 0/4] dm-default-key: target for filesystem metadata encryption Mikulas Patocka
2024-10-21 11:52 ` [f2fs-dev] " Mikulas Patocka
2024-10-21 19:10 ` Eric Biggers
2024-10-21 19:10 ` [f2fs-dev] " Eric Biggers via Linux-f2fs-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241018184339.66601-1-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=adrianvovk@gmail.com \
--cc=dm-devel@lists.linux.dev \
--cc=gmazyland@gmail.com \
--cc=israelr@nvidia.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=quic_mdalam@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.