From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from fhigh-a6-smtp.messagingengine.com (fhigh-a6-smtp.messagingengine.com [103.168.172.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2AD20DDA8; Thu, 6 Mar 2025 19:40:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=103.168.172.157 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741290004; cv=none; b=eTmOU6A5evSfejpkaYk44rLjVtCZcn+LfzwFL2aW7P0gJk8b3xYYMPwBwhsm0DbWW8/txvMdICPLJX0bhS/KbH81J0P6Yzg/Kfnw5M5MsI8TlLsMqK8XfhMoK5CL3b38Phi5GI24G7kqWzyLX6UsBnlq6QwjRCIyYOXP+R7IPMo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741290004; c=relaxed/simple; bh=WW62Pr+2vyiq34TRqGp71vBMBra8C0VpXJwzu86jBNQ=; h=MIME-Version:Date:From:To:Cc:Message-Id:In-Reply-To:References: Subject:Content-Type; b=IaS4c/zWLnB7b2l7FlvlEvhJxRpSbLIclNyY6hwfmRATbCpzcGsXZz2IiGO8No7LhFvhwR310WIxPooaMivI4AWa1N2ossuBuhPkvbk+YTfSik+7oWGgDuoEgFpJe/GS4feFFE6RVLcCpZ4ty53UXBdDTaEMfmCz0LfxwkVitPw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=svenpeter.dev; spf=pass smtp.mailfrom=svenpeter.dev; dkim=pass (2048-bit key) header.d=svenpeter.dev header.i=@svenpeter.dev header.b=POgOjkl7; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=fMA7NqF4; arc=none smtp.client-ip=103.168.172.157 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=svenpeter.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=svenpeter.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=svenpeter.dev header.i=@svenpeter.dev header.b="POgOjkl7"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="fMA7NqF4" Received: from phl-compute-12.internal (phl-compute-12.phl.internal [10.202.2.52]) by mailfhigh.phl.internal (Postfix) with ESMTP id 3A9501140177; Thu, 6 Mar 2025 14:40:01 -0500 (EST) Received: from phl-imap-07 ([10.202.2.97]) by phl-compute-12.internal (MEProxy); Thu, 06 Mar 2025 14:40:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=svenpeter.dev; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm2; t=1741290001; x=1741376401; bh=MwAYJwbtPEdvfmZY6by4HNRxoaKm4GTn paPzZObN9tw=; b=POgOjkl7OAfw52Cv025UP30xbZr94NZXHkPoIXvNoGZEfSx/ hZvBEvXL4NgsF0pa4iGJPP7D8haTTOYKI3KtNkYa9Bx/7c0T4KOK10t49gRLd5WK ShuXr9YwNMEqRWtmXPJdDvw+/9KFuIEYtP14K2Gqarsa42Q255rH6rOQ7KmRnSQk xx7hTh2vblyBYcagwW42G8gBCOPaB4qotOKqrw8aA+UCFMWxOEcEkRXqj3hhD/qY /imLgake66Cj/i6N9r/aCQI4w4LYDw2el+0ImSvm8rI8kVFoS6siCCSGOPbq76Lt 0cksjZLChEQDEa4MiSFH+sKrNqzx/CyEOFZnMg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1741290001; x= 1741376401; bh=MwAYJwbtPEdvfmZY6by4HNRxoaKm4GTnpaPzZObN9tw=; b=f MA7NqF4MkY/RtzPDcsWYcZNmtgku9vIzYrbREBghwRAh3yTw8cvIAnV2rVsl9qbD ZLDxDKRRzAf03uNSkHM9NZ2zkSIlTpJiZIWZi0ewrAATUEeKwcRnn57AHRi5Ffo9 OaKn4yAWWZYUde3huF4FFSSOPpewwQC7j4YgDrU7flom2rhhy076ivdFvV49DNfH jhXGrDbrpDjYyC2d09cXjKGGD8Prs8Cmp0tXrveaidVU75M3p/Tq0BvHBR/Mo4jo P0cmCNwwT4M1BR2bl1rj+3FQ1+L5QTO8Af9fWkr2VJcLZIOcDvAysPeedh7EX1JE Qn+xjoWFROPisHpd938fA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddutdekieduucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpih gvnhhtshculddquddttddmnecujfgurhepofggfffhvfevkfgjfhfutgfgsehtqhertder tdejnecuhfhrohhmpedfufhvvghnucfrvghtvghrfdcuoehsvhgvnhesshhvvghnphgvth gvrhdruggvvheqnecuggftrfgrthhtvghrnhepuddvieeutdelvdekkefgtdfftddugeeu vdeuffeiuedttefggedtfeeiteehjeeunecuffhomhgrihhnpegvtghlvggtthhitghlih hghhhtrdgtohenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhr ohhmpehsvhgvnhesshhvvghnphgvthgvrhdruggvvhdpnhgspghrtghpthhtohepkedpmh houggvpehsmhhtphhouhhtpdhrtghpthhtohepvghrnhgvshhtohestghorhgvlhhlihhu mhdrtghomhdprhgtphhtthhopegvthhhrghnsegvthhhrghntggvugifrghrughsrdgtoh hmpdhrtghpthhtoheprghsrghhiheslhhishhtshdrlhhinhhugidruggvvhdprhgtphht thhopehlihhnuhigqdhsthgrghhinhhgsehlihhsthhsrdhlihhnuhigrdguvghvpdhrtg hpthhtohepghgrrhhgrgguihhthigrtdeksehlihhvvgdrtghomhdprhgtphhtthhopeht hihtshhosehmihhtrdgvughupdhrtghpthhtoheplhhinhhugidqfhhsuggvvhgvlhesvh hgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehlihhnuhigqdhkvghrnhgvlhes vhhgvghrrdhkvghrnhgvlhdrohhrgh X-ME-Proxy: Feedback-ID: i51094778:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id A6518BA006F; Thu, 6 Mar 2025 14:40:00 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Date: Thu, 06 Mar 2025 20:39:14 +0100 From: "Sven Peter" To: "Theodore Ts'o" , "Aditya Garg" Cc: "Ethan Carter Edwards" , "linux-kernel@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "linux-staging@lists.linux.dev" , "asahi@lists.linux.dev" , "ernesto@corellium.com" Message-Id: <4e41ef2b-7bc3-439c-9260-8a0ae835ca02@app.fastmail.com> In-Reply-To: <20250306180427.GB279274@mit.edu> References: <795A00D4-503C-4DCB-A84F-FACFB28FA159@live.com> <20250306180427.GB279274@mit.edu> Subject: Re: [RFC] apfs: thoughts on upstreaming an out-of-tree module Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, On Thu, Mar 6, 2025, at 19:04, Theodore Ts'o wrote: > On Wed, Mar 05, 2025 at 07:23:55AM +0000, Aditya Garg wrote: >>=20 >> This driver tbh will not =E2=80=98really=E2=80=99 be helpful as far a= s T2 Macs are >> concerned. >>=20 >> On these Macs, the T2 Security Chip encrypts all the APFS partitions >> on the internal SSD, and the key is in the T2 Chip. Even proprietary >> APFS drivers cannot read these partitions. I dunno how it works in >> Apple Silicon Macs. > > How this workings on Apple Silicon Macs is described in this article: > > https://eclecticlight.co/2022/04/23/explainer-filevault/ > > It appears such a driver will also be useful if there are external > SSD's using APFS. (Although I suspect many external SSD's would end > up using some other file system that might be more portable like VFS.) > > In terms of making it work with the internal SSD, it sounds like Linux > would need to talk to the secure enclave on the T2 Security Chip and > convince it to upload the encryption key into the hardware in-line > encryption engine. I don't know if presenting the user's password is > sufficient, or if there is a requirement that the OS prove that it is > "approved" software that was loaded via a certified boot chain, which > various secure enclaves (such as TPM) are wont to do. At least on Apple Silicon all you need is the user password (and a worki= ng Secure Enclave driver and a way to forward entangled keys from the Secure Enclave to the NVMe co-processor). It's still possible to unlock the encryption keys inside the Secure Enclave when booting into a secondary macOS installation with all security features disabled (and with a modified kernel). I'd assume the same applies to T2/x86 machines since the T2 is an ancestor of the M-series Apple Silicon SoCs. The only limitation that I'm aware of is that access to DRM keys (HDCP, FairPlay for video streaming, etc.) is only allowed via a certified boot chain. Sven