From: Eric Biggers <ebiggers@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org,
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>,
Jaegeuk Kim <jaegeuk@kernel.org>, Theodore Ts'o <tytso@mit.edu>
Subject: [GIT PULL] fscrypt update for 6.16
Date: Sun, 25 May 2025 18:11:59 -0700 [thread overview]
Message-ID: <20250526011159.GA23241@sol> (raw)
The following changes since commit 0af2f6be1b4281385b618cb86ad946eded089ac8:
Linux 6.15-rc1 (2025-04-06 13:11:33 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/fs/fscrypt/linux.git tags/fscrypt-for-linus
for you to fetch changes up to c07d3aede2b26830ee63f64d8326f6a87dee3a6d:
fscrypt: add support for hardware-wrapped keys (2025-04-08 19:32:11 -0700)
----------------------------------------------------------------
Add support for "hardware-wrapped inline encryption keys" to fscrypt.
When enabled on supported platforms, this feature protects file contents
keys from certain attacks, such as cold boot attacks.
This feature uses the block layer support for wrapped keys which was
merged in 6.15. Wrapped key support has existed out-of-tree in Android
for a long time, and it's finally ready for upstream now that there is a
platform on which it works end-to-end with upstream. Specifically,
it works on the Qualcomm SM8650 HDK, using the Qualcomm ICE (Inline
Crypto Engine) and HWKM (Hardware Key Manager). The corresponding
driver support is included in the SCSI tree for 6.16. Validation for
this feature includes two new tests that were already merged into
xfstests (generic/368 and generic/369).
----------------------------------------------------------------
Eric Biggers (1):
fscrypt: add support for hardware-wrapped keys
Documentation/filesystems/fscrypt.rst | 187 +++++++++++++++++++++++++++-------
fs/crypto/fscrypt_private.h | 75 ++++++++++++--
fs/crypto/hkdf.c | 4 +-
fs/crypto/inline_crypt.c | 44 ++++++--
fs/crypto/keyring.c | 132 +++++++++++++++++-------
fs/crypto/keysetup.c | 63 ++++++++++--
fs/crypto/keysetup_v1.c | 4 +-
include/uapi/linux/fscrypt.h | 6 +-
8 files changed, 410 insertions(+), 105 deletions(-)
next reply other threads:[~2025-05-26 1:12 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-26 1:11 Eric Biggers [this message]
2025-05-26 21:20 ` [GIT PULL] fscrypt update for 6.16 pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250526011159.GA23241@sol \
--to=ebiggers@kernel.org \
--cc=bartosz.golaszewski@linaro.org \
--cc=jaegeuk@kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).