Hi Andrey,
I'm sorry it took me so long to reply. I've revisited your patch and rebased it on top of my
fix for crypt_set_key(). The last patch in this series adresses my concerns about your original
patch. Would you mind resend your patch including those changes provided it doesn't break your
use case?
I haven't concluded the testing yet but so far cryptsetup testsuite passes with the patch set.
Please consider it still RFC only, I have to write corner-case tests for the kernel keyring bits yet.
With regard to my other suggestion related to guaranteed key erasure on table destruction (even when
provided only via optional parameter) it will require to patch kernel keyring
service so let's postpone it after we get those changes in upstream kernel.
Andrey Ryabinin (1):
dm-crypt: add ability to use keys from the kernel key retention
service
Ondrej Kozina (2):
dm-crypt: mark key as invalid until properly loaded
dm-crypt: modifications to previous patch
drivers/md/dm-crypt.c | 147 ++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 132 insertions(+), 15 deletions(-)
--
2.7.4
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel
