* [PATCH v1 0/1] dm-inlinecrypt: move to HW-wrapped key @ 2026-05-12 9:52 Linlin Zhang 2026-05-12 9:52 ` [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as " Linlin Zhang 0 siblings, 1 reply; 6+ messages in thread From: Linlin Zhang @ 2026-05-12 9:52 UTC (permalink / raw) To: Mikulas Patocka Cc: Alasdair Kergon, Mike Snitzer, Benjamin Marzinski, dm-devel, linux-kernel dm-inlinecrypt currently initializes the blk-crypto key using BLK_CRYPTO_KEY_TYPE_RAW, which implies that the provided key material is a plaintext software key owned by the block layer. This was requested as the first version in the link (https://lore.kernel.org/all/20260312070110.GD2359@sol/) to have a a easy way validating the patch. However, now support for wrapped keys is already upstream and on platforms where dm-inlinecrypt is used together with a hardware-backed key source (e.g. TrustZone/TEE or other secure key wrapping mechanisms), the key material passed down is already wrapped and must be treated as opaque by the block layer. Switching the blk-crypto key initialization to BLK_CRYPTO_KEY_TYPE_HW_WRAPPED aligns dm-inlinecrypt with hardware-backed key usage models and avoids incorrect assumptions about key ownership and visibility. Linlin Zhang (1): dm-inlinecrypt: initialize blk-crypto key as HW-wrapped key drivers/md/dm-inlinecrypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.34.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as HW-wrapped key 2026-05-12 9:52 [PATCH v1 0/1] dm-inlinecrypt: move to HW-wrapped key Linlin Zhang @ 2026-05-12 9:52 ` Linlin Zhang 2026-05-12 18:53 ` Eric Biggers 0 siblings, 1 reply; 6+ messages in thread From: Linlin Zhang @ 2026-05-12 9:52 UTC (permalink / raw) To: Mikulas Patocka Cc: Alasdair Kergon, Mike Snitzer, Benjamin Marzinski, dm-devel, linux-kernel dm-inlinecrypt currently initializes the blk-crypto key using BLK_CRYPTO_KEY_TYPE_RAW, which implies that the provided key material is a plaintext software key owned by the block layer. However, on platforms where dm-inlinecrypt is used together with a hardware-backed key source (e.g. TrustZone/TEE or other secure key wrapping mechanisms), the key material passed down is already wrapped and must be treated as opaque by the block layer. Initialize the blk-crypto key using BLK_CRYPTO_KEY_TYPE_HW_WRAPPED instead, so that dm-inlinecrypt correctly models hardware-wrapped keys and avoids incorrect assumptions about key ownership and visibility. Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com> --- drivers/md/dm-inlinecrypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/dm-inlinecrypt.c b/drivers/md/dm-inlinecrypt.c index bd8e58a028c5..bcbf363c533a 100644 --- a/drivers/md/dm-inlinecrypt.c +++ b/drivers/md/dm-inlinecrypt.c @@ -386,7 +386,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) dun_bytes = DIV_ROUND_UP(fls64(ctx->max_dun), 8); err = blk_crypto_init_key(&ctx->key, raw_key, ctx->key_size, - BLK_CRYPTO_KEY_TYPE_RAW, + BLK_CRYPTO_KEY_TYPE_HW_WRAPPED, cipher->mode_num, dun_bytes, ctx->sector_size); if (err) { -- 2.34.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as HW-wrapped key 2026-05-12 9:52 ` [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as " Linlin Zhang @ 2026-05-12 18:53 ` Eric Biggers 2026-05-13 17:22 ` Eric Biggers 0 siblings, 1 reply; 6+ messages in thread From: Eric Biggers @ 2026-05-12 18:53 UTC (permalink / raw) To: Linlin Zhang Cc: Mikulas Patocka, Alasdair Kergon, Mike Snitzer, Benjamin Marzinski, dm-devel, linux-kernel On Tue, May 12, 2026 at 02:52:03AM -0700, Linlin Zhang wrote: > dm-inlinecrypt currently initializes the blk-crypto key using > BLK_CRYPTO_KEY_TYPE_RAW, which implies that the provided key material > is a plaintext software key owned by the block layer. > > However, on platforms where dm-inlinecrypt is used together with a > hardware-backed key source (e.g. TrustZone/TEE or other secure key > wrapping mechanisms), the key material passed down is already wrapped > and must be treated as opaque by the block layer. > > Initialize the blk-crypto key using BLK_CRYPTO_KEY_TYPE_HW_WRAPPED > instead, so that dm-inlinecrypt correctly models hardware-wrapped keys > and avoids incorrect assumptions about key ownership and visibility. > > Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com> > --- > drivers/md/dm-inlinecrypt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/md/dm-inlinecrypt.c b/drivers/md/dm-inlinecrypt.c > index bd8e58a028c5..bcbf363c533a 100644 > --- a/drivers/md/dm-inlinecrypt.c > +++ b/drivers/md/dm-inlinecrypt.c > @@ -386,7 +386,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) > dun_bytes = DIV_ROUND_UP(fls64(ctx->max_dun), 8); > > err = blk_crypto_init_key(&ctx->key, raw_key, ctx->key_size, > - BLK_CRYPTO_KEY_TYPE_RAW, > + BLK_CRYPTO_KEY_TYPE_HW_WRAPPED, > cipher->mode_num, dun_bytes, > ctx->sector_size); The raw key support is useful too, and it should be the default. I recommend adding a "wrappedkey" optional argument that enables BLK_CRYPTO_KEY_TYPE_HW_WRAPPED. - Eric ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as HW-wrapped key 2026-05-12 18:53 ` Eric Biggers @ 2026-05-13 17:22 ` Eric Biggers 2026-05-14 9:48 ` Linlin Zhang 0 siblings, 1 reply; 6+ messages in thread From: Eric Biggers @ 2026-05-13 17:22 UTC (permalink / raw) To: Linlin Zhang Cc: Mikulas Patocka, Alasdair Kergon, Mike Snitzer, Benjamin Marzinski, dm-devel, linux-kernel On Tue, May 12, 2026 at 06:53:35PM +0000, Eric Biggers wrote: > On Tue, May 12, 2026 at 02:52:03AM -0700, Linlin Zhang wrote: > > dm-inlinecrypt currently initializes the blk-crypto key using > > BLK_CRYPTO_KEY_TYPE_RAW, which implies that the provided key material > > is a plaintext software key owned by the block layer. > > > > However, on platforms where dm-inlinecrypt is used together with a > > hardware-backed key source (e.g. TrustZone/TEE or other secure key > > wrapping mechanisms), the key material passed down is already wrapped > > and must be treated as opaque by the block layer. > > > > Initialize the blk-crypto key using BLK_CRYPTO_KEY_TYPE_HW_WRAPPED > > instead, so that dm-inlinecrypt correctly models hardware-wrapped keys > > and avoids incorrect assumptions about key ownership and visibility. > > > > Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com> > > --- > > drivers/md/dm-inlinecrypt.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/md/dm-inlinecrypt.c b/drivers/md/dm-inlinecrypt.c > > index bd8e58a028c5..bcbf363c533a 100644 > > --- a/drivers/md/dm-inlinecrypt.c > > +++ b/drivers/md/dm-inlinecrypt.c > > @@ -386,7 +386,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) > > dun_bytes = DIV_ROUND_UP(fls64(ctx->max_dun), 8); > > > > err = blk_crypto_init_key(&ctx->key, raw_key, ctx->key_size, > > - BLK_CRYPTO_KEY_TYPE_RAW, > > + BLK_CRYPTO_KEY_TYPE_HW_WRAPPED, > > cipher->mode_num, dun_bytes, > > ctx->sector_size); > > The raw key support is useful too, and it should be the default. > I recommend adding a "wrappedkey" optional argument that enables > BLK_CRYPTO_KEY_TYPE_HW_WRAPPED. This patch also makes the variable called "raw_key" contain a key that isn't a raw key, which is confusing. "key_bytes" would make more sense for a byte array that can contain either type of key. See e.g. blk_crypto_init_key() which uses that naming convention. - Eric ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as HW-wrapped key 2026-05-13 17:22 ` Eric Biggers @ 2026-05-14 9:48 ` Linlin Zhang 2026-05-14 15:43 ` Eric Biggers 0 siblings, 1 reply; 6+ messages in thread From: Linlin Zhang @ 2026-05-14 9:48 UTC (permalink / raw) To: Eric Biggers Cc: Mikulas Patocka, Alasdair Kergon, Mike Snitzer, Benjamin Marzinski, dm-devel, linux-kernel, Neeraj Soni On 5/14/2026 1:22 AM, Eric Biggers wrote: > On Tue, May 12, 2026 at 06:53:35PM +0000, Eric Biggers wrote: >> On Tue, May 12, 2026 at 02:52:03AM -0700, Linlin Zhang wrote: >>> dm-inlinecrypt currently initializes the blk-crypto key using >>> BLK_CRYPTO_KEY_TYPE_RAW, which implies that the provided key material >>> is a plaintext software key owned by the block layer. >>> >>> However, on platforms where dm-inlinecrypt is used together with a >>> hardware-backed key source (e.g. TrustZone/TEE or other secure key >>> wrapping mechanisms), the key material passed down is already wrapped >>> and must be treated as opaque by the block layer. >>> >>> Initialize the blk-crypto key using BLK_CRYPTO_KEY_TYPE_HW_WRAPPED >>> instead, so that dm-inlinecrypt correctly models hardware-wrapped keys >>> and avoids incorrect assumptions about key ownership and visibility. >>> >>> Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com> >>> --- >>> drivers/md/dm-inlinecrypt.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/drivers/md/dm-inlinecrypt.c b/drivers/md/dm-inlinecrypt.c >>> index bd8e58a028c5..bcbf363c533a 100644 >>> --- a/drivers/md/dm-inlinecrypt.c >>> +++ b/drivers/md/dm-inlinecrypt.c >>> @@ -386,7 +386,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) >>> dun_bytes = DIV_ROUND_UP(fls64(ctx->max_dun), 8); >>> >>> err = blk_crypto_init_key(&ctx->key, raw_key, ctx->key_size, >>> - BLK_CRYPTO_KEY_TYPE_RAW, >>> + BLK_CRYPTO_KEY_TYPE_HW_WRAPPED, >>> cipher->mode_num, dun_bytes, >>> ctx->sector_size); >> >> The raw key support is useful too, and it should be the default. >> I recommend adding a "wrappedkey" optional argument that enables >> BLK_CRYPTO_KEY_TYPE_HW_WRAPPED. > > This patch also makes the variable called "raw_key" contain a key that > isn't a raw key, which is confusing. "key_bytes" would make more sense > for a byte array that can contain either type of key. See e.g. > blk_crypto_init_key() which uses that naming convention. Thanks for your comment! ACK. Previously BLK_CRYPTO_KEY_TYPE_HW_WRAPPED was set for blk-crypto-profile entity by default, a raw key won't never passed down to ICE driver, so I replaced raw key type with wrapped key type directly. Now I see it already changed to query the supported type from ice. There isn't above concern. I'll update a new patch with both wrappedkey and raw key support and adding "wrappedkey" optional argument. replace "raw_key" with "key_bytes" as well. > > - Eric ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as HW-wrapped key 2026-05-14 9:48 ` Linlin Zhang @ 2026-05-14 15:43 ` Eric Biggers 0 siblings, 0 replies; 6+ messages in thread From: Eric Biggers @ 2026-05-14 15:43 UTC (permalink / raw) To: Linlin Zhang Cc: Mikulas Patocka, Alasdair Kergon, Mike Snitzer, Benjamin Marzinski, dm-devel, linux-kernel, Neeraj Soni On Thu, May 14, 2026 at 05:48:44PM +0800, Linlin Zhang wrote: > Previously BLK_CRYPTO_KEY_TYPE_HW_WRAPPED was set for blk-crypto-profile entity > by default, a raw key won't never passed down to ICE driver, so I replaced raw > key type with wrapped key type directly. > > Now I see it already changed to query the supported type from ice. There isn't > above concern. I'll update a new patch with both wrappedkey and raw key support > and adding "wrappedkey" optional argument. > > replace "raw_key" with "key_bytes" as well. In the upstream kernel, BLK_CRYPTO_KEY_TYPE_HW_WRAPPED was added in v6.15 and has never been the default. Also currently only ufs-qcom and msm-sdhci support it. ufs-exynos, ufs-mediatek, mtk-sd, ufs-sprd, ufshcd-pci currently support raw keys only. It should be supported, just as an opt-in thing. - Eric ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-05-14 15:44 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-05-12 9:52 [PATCH v1 0/1] dm-inlinecrypt: move to HW-wrapped key Linlin Zhang 2026-05-12 9:52 ` [PATCH v1 1/1] dm-inlinecrypt: initialize blk-crypto key as " Linlin Zhang 2026-05-12 18:53 ` Eric Biggers 2026-05-13 17:22 ` Eric Biggers 2026-05-14 9:48 ` Linlin Zhang 2026-05-14 15:43 ` Eric Biggers
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox