On Thu, 20 Jun 2019 at 14:53, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Thu, Jun 20, 2019 at 09:30:41AM +0200, Ard Biesheuvel wrote: > > > > Is this the right approach? Or are there better ways to convey this > > information when instantiating the template? > > Also, it seems to me that the dm-crypt and fscrypt layers would > > require major surgery in order to take advantage of this. > > Oh and you don't have to make dm-crypt use it from the start. That > is, you can just make things simple by doing it one sector at a > time in the dm-crypt code even though the underlying essiv code > supports multiple sectors. > > Someone who cares about this is sure to come along and fix it later. > It also depend on how realistic it is that we will need to support arbitrary sector sizes in the future. I mean, if we decide today that essiv() uses an implicit sector size of 4k, we can always add essiv64k() later, rather than adding lots of complexity now that we are never going to use. Note that ESSIV is already more or less deprecated, so there is really no point in inventing these weird and wonderful things if we want people to move to XTS and plain IV generation instead. -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
