On Wed, Sep 09, 2020 at 11:44:21PM +0000, Satya Tangirala wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > Update the device-mapper core to support exposing the inline crypto > support of the underlying device(s) through the device-mapper device. > > This works by creating a "passthrough keyslot manager" for the dm > device, which declares support for encryption settings which all > underlying devices support. When a supported setting is used, the bio > cloning code handles cloning the crypto context to the bios for all the > underlying devices. When an unsupported setting is used, the blk-crypto > fallback is used as usual. > > Crypto support on each underlying device is ignored unless the > corresponding dm target opts into exposing it. This is needed because > for inline crypto to semantically operate on the original bio, the data > must not be transformed by the dm target. Thus, targets like dm-linear > can expose crypto support of the underlying device, but targets like > dm-crypt can't. (dm-crypt could use inline crypto itself, though.) > > When a key is evicted from the dm device, it is evicted from all > underlying devices. > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > Co-developed-by: Satya Tangirala <satyat@xxxxxxxxxx> > Signed-off-by: Satya Tangirala <satyat@xxxxxxxxxx> Looks good as far as Satya's changes from my original patch are concerned. Can the device-mapper maintainers take a look at this? - Eric -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel