On Wed, 15 May 2024, Mikulas Patocka wrote:
> Hi
>
> Some NVMe devices may be formatted with extra 64 bytes of metadata per
> sector.
>
> Here I'm submitting for review dm-crypt patches that make it possible to
> use per-sector metadata for authenticated encryption. With these patches,
> dm-crypt can run directly on the top of a NVMe device, without using
> dm-integrity. These patches increase write throughput twice, because there
> is no write to the dm-integrity journal.
>
> An example how to use it (so far, there is no support in the userspace
> cryptsetup tool):
>
> # nvme format /dev/nvme1 -n 1 -lbaf=4
> # dmsetup create cr --table '0 1048576 crypt
> capi:authenc(hmac(sha256),cbc(aes))-essiv:sha256
> 01b11af6b55f76424fd53fb66667c301466b2eeaf0f39fd36d26e7fc4f52ade2de4228e996f5ae2fe817ce178e77079d28e4baaebffbcd3e16ae4f36ef217298
> 0 /dev/nvme1n1 0 2 integrity:32:aead sector_size:4096'
Thats really an amazing feature, and I think your implementation is simple
and elegant. Somehow reminds me of 520/528-byte sectors that big
commercial filers use, but in a way the Linux could use.
Questions:
- I see you are using 32-bytes of AEAD data (out of 64). Is AEAD always
32-bytes, or can it vary by crypto mechanism?
- What drive are you using? I am curious what your `nvme id-ns` output
looks like. Do you have 64 in the `ms` value?
# nvme id-ns /dev/nvme0n1 | grep lbaf
nlbaf : 0
nulbaf : 0
lbaf 0 : ms:0 lbads:9 rp:0 (in use)
^ ^512b
--
Eric Wheeler
>
> Please review it - I'd like to know whether detecting the presence of
> per-sector metadata in crypt_integrity_ctr is correct whether it should be
> done differently.
>
> Mikulas
>
>
>
