* [PATCH v1 0/1] dm-inlinecrypt: move to HW-wrapped key @ 2026-05-12 9:52 Linlin Zhang 2026-05-12 9:52 ` [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as " Linlin Zhang 0 siblings, 1 reply; 4+ messages in thread From: Linlin Zhang @ 2026-05-12 9:52 UTC (permalink / raw) To: Mikulas Patocka Cc: Alasdair Kergon, Mike Snitzer, Benjamin Marzinski, dm-devel, linux-kernel dm-inlinecrypt currently initializes the blk-crypto key using BLK_CRYPTO_KEY_TYPE_RAW, which implies that the provided key material is a plaintext software key owned by the block layer. This was requested as the first version in the link (https://lore.kernel.org/all/20260312070110.GD2359@sol/) to have a a easy way validating the patch. However, now support for wrapped keys is already upstream and on platforms where dm-inlinecrypt is used together with a hardware-backed key source (e.g. TrustZone/TEE or other secure key wrapping mechanisms), the key material passed down is already wrapped and must be treated as opaque by the block layer. Switching the blk-crypto key initialization to BLK_CRYPTO_KEY_TYPE_HW_WRAPPED aligns dm-inlinecrypt with hardware-backed key usage models and avoids incorrect assumptions about key ownership and visibility. Linlin Zhang (1): dm-inlinecrypt: initialize blk-crypto key as HW-wrapped key drivers/md/dm-inlinecrypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.34.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as HW-wrapped key 2026-05-12 9:52 [PATCH v1 0/1] dm-inlinecrypt: move to HW-wrapped key Linlin Zhang @ 2026-05-12 9:52 ` Linlin Zhang 2026-05-12 18:53 ` Eric Biggers 0 siblings, 1 reply; 4+ messages in thread From: Linlin Zhang @ 2026-05-12 9:52 UTC (permalink / raw) To: Mikulas Patocka Cc: Alasdair Kergon, Mike Snitzer, Benjamin Marzinski, dm-devel, linux-kernel dm-inlinecrypt currently initializes the blk-crypto key using BLK_CRYPTO_KEY_TYPE_RAW, which implies that the provided key material is a plaintext software key owned by the block layer. However, on platforms where dm-inlinecrypt is used together with a hardware-backed key source (e.g. TrustZone/TEE or other secure key wrapping mechanisms), the key material passed down is already wrapped and must be treated as opaque by the block layer. Initialize the blk-crypto key using BLK_CRYPTO_KEY_TYPE_HW_WRAPPED instead, so that dm-inlinecrypt correctly models hardware-wrapped keys and avoids incorrect assumptions about key ownership and visibility. Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com> --- drivers/md/dm-inlinecrypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/dm-inlinecrypt.c b/drivers/md/dm-inlinecrypt.c index bd8e58a028c5..bcbf363c533a 100644 --- a/drivers/md/dm-inlinecrypt.c +++ b/drivers/md/dm-inlinecrypt.c @@ -386,7 +386,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) dun_bytes = DIV_ROUND_UP(fls64(ctx->max_dun), 8); err = blk_crypto_init_key(&ctx->key, raw_key, ctx->key_size, - BLK_CRYPTO_KEY_TYPE_RAW, + BLK_CRYPTO_KEY_TYPE_HW_WRAPPED, cipher->mode_num, dun_bytes, ctx->sector_size); if (err) { -- 2.34.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as HW-wrapped key 2026-05-12 9:52 ` [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as " Linlin Zhang @ 2026-05-12 18:53 ` Eric Biggers 2026-05-13 17:22 ` Eric Biggers 0 siblings, 1 reply; 4+ messages in thread From: Eric Biggers @ 2026-05-12 18:53 UTC (permalink / raw) To: Linlin Zhang Cc: Mikulas Patocka, Alasdair Kergon, Mike Snitzer, Benjamin Marzinski, dm-devel, linux-kernel On Tue, May 12, 2026 at 02:52:03AM -0700, Linlin Zhang wrote: > dm-inlinecrypt currently initializes the blk-crypto key using > BLK_CRYPTO_KEY_TYPE_RAW, which implies that the provided key material > is a plaintext software key owned by the block layer. > > However, on platforms where dm-inlinecrypt is used together with a > hardware-backed key source (e.g. TrustZone/TEE or other secure key > wrapping mechanisms), the key material passed down is already wrapped > and must be treated as opaque by the block layer. > > Initialize the blk-crypto key using BLK_CRYPTO_KEY_TYPE_HW_WRAPPED > instead, so that dm-inlinecrypt correctly models hardware-wrapped keys > and avoids incorrect assumptions about key ownership and visibility. > > Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com> > --- > drivers/md/dm-inlinecrypt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/md/dm-inlinecrypt.c b/drivers/md/dm-inlinecrypt.c > index bd8e58a028c5..bcbf363c533a 100644 > --- a/drivers/md/dm-inlinecrypt.c > +++ b/drivers/md/dm-inlinecrypt.c > @@ -386,7 +386,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) > dun_bytes = DIV_ROUND_UP(fls64(ctx->max_dun), 8); > > err = blk_crypto_init_key(&ctx->key, raw_key, ctx->key_size, > - BLK_CRYPTO_KEY_TYPE_RAW, > + BLK_CRYPTO_KEY_TYPE_HW_WRAPPED, > cipher->mode_num, dun_bytes, > ctx->sector_size); The raw key support is useful too, and it should be the default. I recommend adding a "wrappedkey" optional argument that enables BLK_CRYPTO_KEY_TYPE_HW_WRAPPED. - Eric ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as HW-wrapped key 2026-05-12 18:53 ` Eric Biggers @ 2026-05-13 17:22 ` Eric Biggers 0 siblings, 0 replies; 4+ messages in thread From: Eric Biggers @ 2026-05-13 17:22 UTC (permalink / raw) To: Linlin Zhang Cc: Mikulas Patocka, Alasdair Kergon, Mike Snitzer, Benjamin Marzinski, dm-devel, linux-kernel On Tue, May 12, 2026 at 06:53:35PM +0000, Eric Biggers wrote: > On Tue, May 12, 2026 at 02:52:03AM -0700, Linlin Zhang wrote: > > dm-inlinecrypt currently initializes the blk-crypto key using > > BLK_CRYPTO_KEY_TYPE_RAW, which implies that the provided key material > > is a plaintext software key owned by the block layer. > > > > However, on platforms where dm-inlinecrypt is used together with a > > hardware-backed key source (e.g. TrustZone/TEE or other secure key > > wrapping mechanisms), the key material passed down is already wrapped > > and must be treated as opaque by the block layer. > > > > Initialize the blk-crypto key using BLK_CRYPTO_KEY_TYPE_HW_WRAPPED > > instead, so that dm-inlinecrypt correctly models hardware-wrapped keys > > and avoids incorrect assumptions about key ownership and visibility. > > > > Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com> > > --- > > drivers/md/dm-inlinecrypt.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/md/dm-inlinecrypt.c b/drivers/md/dm-inlinecrypt.c > > index bd8e58a028c5..bcbf363c533a 100644 > > --- a/drivers/md/dm-inlinecrypt.c > > +++ b/drivers/md/dm-inlinecrypt.c > > @@ -386,7 +386,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) > > dun_bytes = DIV_ROUND_UP(fls64(ctx->max_dun), 8); > > > > err = blk_crypto_init_key(&ctx->key, raw_key, ctx->key_size, > > - BLK_CRYPTO_KEY_TYPE_RAW, > > + BLK_CRYPTO_KEY_TYPE_HW_WRAPPED, > > cipher->mode_num, dun_bytes, > > ctx->sector_size); > > The raw key support is useful too, and it should be the default. > I recommend adding a "wrappedkey" optional argument that enables > BLK_CRYPTO_KEY_TYPE_HW_WRAPPED. This patch also makes the variable called "raw_key" contain a key that isn't a raw key, which is confusing. "key_bytes" would make more sense for a byte array that can contain either type of key. See e.g. blk_crypto_init_key() which uses that naming convention. - Eric ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-05-13 17:22 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-05-12 9:52 [PATCH v1 0/1] dm-inlinecrypt: move to HW-wrapped key Linlin Zhang 2026-05-12 9:52 ` [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as " Linlin Zhang 2026-05-12 18:53 ` Eric Biggers 2026-05-13 17:22 ` Eric Biggers
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox