On jeu., 2011-05-19 at 09:05 +0200, Milan Broz wrote: > On 05/18/2011 11:53 PM, Yves-Alexis Perez wrote: > > If you read the paper, you'll noticed there's nothing to change to > > dm-crypt, as the cypher is registered in the Crypto-API, it can be used > > directly. > > TBH dmcrypt keeps its own copy of key (because key it is still part > of the device-mapper mapping table so it must be available for > status commands). In that case it'll be the âdummyâ key. > > So there are some changes needed but basically technicaly unrelated > to that patch. > (This will hopefully change with new mapping table format soon.) Needed for what? > > Anyway, it must be accepted into kernel crypto layer first. I'm not even sure it'll be submitted though. > > IMHO I think that without strong hw support these implementation > will have some problems but it is good that someone works on such > things. > (E.g. how it works if it is not bare hw but virtualized system?) For the AES-NI one, if the hypervisor supports it (they tested on KVM) yes (though the vm registers are stored in the host ram anyway). If you're interested, I found that the two papers were quite clear and quick to read, so it might be a good idea to read them. Regards, -- Yves-Alexis _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
