On Thu, Oct 25, 2018 at 10:29 AM Theodore Y. Ts'o <tytso@xxxxxxx> wrote: > > On Thu, Oct 25, 2018 at 09:55:48AM -0500, Rob Herring wrote: > > > +Introduction: > > > +============= > > > +Storage encryption has been one of the most required feature from security > > > +point of view. QTI based storage encryption solution uses general purpose > > > +crypto engine. While this kind of solution provide a decent amount of > > > +performance, it falls short as storage speed is improving significantly > > > +continuously. To overcome performance degradation, newer chips are going to > > > +have Inline Crypto Engine (ICE) embedded into storage device. ICE is supposed > > > +to meet the line speed of storage devices. > > > > Is ICE part of the storage device or part of the host as the binding > > suggests? > > My understanding is that for this particular instantiation, the Inline > Crypto Engine is located on the SOC. Mine too, but that is not what this doc says. > However, from the perspective of generic kernel support, the inline > crypto support could be implemented on the SOC, or in the host bus > adaptor, or as a "bump in the wire", or on the storage device. And > whatever abstract interface in the block layer should be able to > support all of these cases. Yes, certainly. Rob
