Re: [RFC PATCH 0/1] Add inline encryption support for dm-crypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 18, 2022 at 08:45:25AM -0800, Christoph Hellwig wrote:
> On Mon, Jan 17, 2022 at 04:00:59PM +0200, Israel Rukshin wrote:
> > DM extension gives us several capabilities:
> > 
> > 1. Use the Linux keyring and other key management tools.
> > 
> >     - I used "keyctl padd user test-key @u < /tmp/wrapped_dek" at my tests
> 
> Well, and kernel consumer can do that.
> 
> > 2. Split a single block device into several DMs. Allow us to use a different
> > encryption key and encryption mode per DM.
> 
> If we allow setting a default key for every block device you can still
> do that using normal dm-linear.
> 
> > 
> > 3. Replace a key during I/O by using "dmsetup suspend /dev/dm-0" and
> > "dmsetup  resume /dev/dm-0".
> 
> With a block layer ioctl that also works easily.
> 

A while ago, I had looked into adding an ioctl to set a default key for a block
device.  There were a few things that led me to choose a dm target instead.  I'm
not sure how many of these are still relevant, but these are what I considered:

* The block device for a partition doesn't have its own request_queue or
  queue_limits; those are properties of the disk, not the partition.  But,
  setting an encryption key may require changes to the queue_limits.  For
  example, discard_zeroes_data will no longer work, and the logical_block_size
  will need to become the crypto data unit size which may be larger than the
  original logical_block_size.

* The block_device for a given partition didn't stay around while no one has it
  opened or mounted.  This may have been addressed by Christoph's changes last
  year that merged block_device and hd_struct, but this used to be an issue.

* There was some issue caused by the way the block layer maps partitions to
  disks; the knowledge of the original block device (and thus the key) was lost
  at this point.  I'm not sure whether this is still an issue or not.

* A block device ioctl to set a key would need to handle cases where the block
  device is already open (fail with EBUSY?), or already has pages cached in the
  pagecache (invalidate them?).  A dm target avoids these concerns since a key
  would only be set up when the disk and block device are originally created.

Finally, there's also the fact that this would really be more than "setting a
default key".  To precisely specify the encryption format, you also have to
specify the algorithm, the key type, and the data unit size.  (Also potentially
more details about IV generation, if blk-crypto ever starts to support more IV
generation methods, which I'd like to avoid but it might eventually happen.)

These could all be passed in an ioctl, but dm-crypt already has a syntax defined
for specifying encryption formats.  So it could make sense to reuse it.

Also as Israel indicated, people will want support for Linux keyring keys as an
alternative to raw keys.  A new ioctl could support this, though dm-crypt
already has a defined way to specify such keys.

If all these issues can be solved, then I'd be fine with the block device ioctl.

- Eric


--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/dm-devel





[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux