On Mon, Jan 17, 2022 at 04:00:59PM +0200, Israel Rukshin wrote: > DM extension gives us several capabilities: > > 1. Use the Linux keyring and other key management tools. > > - I used "keyctl padd user test-key @u < /tmp/wrapped_dek" at my tests Well, and kernel consumer can do that. > 2. Split a single block device into several DMs. Allow us to use a different > encryption key and encryption mode per DM. If we allow setting a default key for every block device you can still do that using normal dm-linear. > > 3. Replace a key during I/O by using "dmsetup suspend /dev/dm-0" and > "dmsetup resume /dev/dm-0". With a block layer ioctl that also works easily. -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel
