From: Eric Biggers <ebiggers@kernel.org>
To: Linlin Zhang <linlin.zhang@oss.qualcomm.com>
Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
adrianvovk@gmail.com, dm-devel@lists.linux.dev,
quic_mdalam@quicinc.com, gmazyland@gmail.com, israelr@nvidia.com,
mpatocka@redhat.com
Subject: Re: [PATCH v1 2/3] dm-inlinecrypt: add target for inline block device encryption
Date: Thu, 12 Mar 2026 00:01:10 -0700 [thread overview]
Message-ID: <20260312070110.GD2359@sol> (raw)
In-Reply-To: <20260304121729.1532469-3-linlin.zhang@oss.qualcomm.com>
On Wed, Mar 04, 2026 at 04:17:27AM -0800, Linlin Zhang wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> Add a new device-mapper target "dm-inlinecrypt" that is similar to
> dm-crypt but uses the blk-crypto API instead of the regular crypto API.
> This allows it to take advantage of inline encryption hardware such as
> that commonly built into UFS host controllers.
>
> The table syntax matches dm-crypt's, but for now only a stripped-down
> set of parameters is supported. For example, for now AES-256-XTS is the
> only supported cipher.
>
> dm-inlinecrypt is based on Android's dm-default-key with the
> controversial passthrough support removed. Note that due to the removal
> of passthrough support, use of dm-inlinecrypt in combination with
> fscrypt causes double encryption of file contents (similar to dm-crypt +
> fscrypt), with the fscrypt layer not being able to use the inline
> encryption hardware. This makes dm-inlinecrypt unusable on systems such
> as Android that use fscrypt and where a more optimized approach is
> needed. It is however suitable as a replacement for dm-crypt.
>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com>
I don't think it's plausible that this new patch was actually tested.
The version I sent in 2024 was tested at the time
(https://lore.kernel.org/r/20241016232748.134211-3-ebiggers@kernel.org/),
but I see at least two things that would make this new patch not work.
First, the call to blk_crypto_init_key() will always fail, since it's
being passed BLK_CRYPTO_KEY_TYPE_HW_WRAPPED but using a 64-byte raw key.
It needs to be BLK_CRYPTO_KEY_TYPE_RAW. (BLK_CRYPTO_KEY_TYPE_HW_WRAPPED
support would make sense to add as an extra feature, once the basic raw
key support is working. Note that when I sent the first version of this
patch, support for wrapped keys was not yet upstream at all.)
Second, since v7.0-rc1, submitters of bios don't automatically get
blk-crypto-fallback support; they need to request it explicitly. So,
this patch will not work with blk-crypto-fallback anymore.
If you'd like to continue work on this patch, it might be helpful to
check the latest version of dm-default-key.c in "android-mainline"
(https://android.googlesource.com/kernel/common/+/android-mainline/drivers/md/dm-default-key.c)
and resynchronize this patch with it. It already has the code to
correctly support both key types and blk-crypto-fallback, for example.
Either way, this patch also needs to be re-tested with the latest
upstream kernel, which doesn't seem to have happened unfortunately.
- Eric
next prev parent reply other threads:[~2026-03-12 7:02 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-04 12:17 [PATCH v1 0/3] dm-inlinecrypt: add target for inline block device encryption Linlin Zhang
2026-03-04 12:17 ` [PATCH v1 1/3] block: export blk-crypto symbols required by dm-inlinecrypt Linlin Zhang
2026-03-09 14:01 ` Mikulas Patocka
2026-03-09 15:05 ` Jens Axboe
2026-03-09 16:12 ` Mikulas Patocka
2026-03-04 12:17 ` [PATCH v1 2/3] dm-inlinecrypt: add target for inline block device encryption Linlin Zhang
2026-03-04 13:11 ` Milan Broz
2026-03-25 11:27 ` Linlin Zhang
2026-03-12 7:01 ` Eric Biggers [this message]
2026-03-13 13:25 ` Mikulas Patocka
2026-03-13 15:27 ` Milan Broz
2026-03-25 11:57 ` Linlin Zhang
2026-03-25 15:07 ` Milan Broz
2026-03-25 6:55 ` Linlin Zhang
2026-03-04 12:17 ` [PATCH v1 3/3] dm-inlinecrypt: Expose inline crypto caps to the device Linlin Zhang
2026-03-12 6:35 ` Eric Biggers
2026-03-13 13:19 ` Mikulas Patocka
2026-03-25 6:38 ` Linlin Zhang
2026-03-04 13:06 ` [PATCH v1 0/3] dm-inlinecrypt: add target for inline block device encryption Christoph Hellwig
2026-03-04 18:09 ` Adrian Vovk
[not found] ` <CAAdYy_mSB4U39Onwa=V2e2XB0sJXV6tCGkzwV2-z7ZtMcm+8zg@mail.gmail.com>
2026-03-05 14:38 ` Christoph Hellwig
2026-03-25 7:04 ` Linlin Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260312070110.GD2359@sol \
--to=ebiggers@kernel.org \
--cc=adrianvovk@gmail.com \
--cc=dm-devel@lists.linux.dev \
--cc=gmazyland@gmail.com \
--cc=israelr@nvidia.com \
--cc=linlin.zhang@oss.qualcomm.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=quic_mdalam@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.