On Thu, Oct 17, 2024 at 10:52:42PM -0400, Adrian Vovk wrote: > Hello, > > On 10/16/24 19:27, Eric Biggers wrote: > > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > > > Add a new device-mapper target "dm-inlinecrypt" that is similar to > > dm-crypt but uses the blk-crypto API instead of the regular crypto API. > > This allows it to take advantage of inline encryption hardware such as > > that commonly built into UFS host controllers. > > Wow! Thank you for this patch! This is something we really want in systemd > and in GNOME, and I came across this patchset on accident while trying to > find a way to get someone to work on it for us. > > > The table syntax matches dm-crypt's, but for now only a stripped-down > > set of parameters is supported. For example, for now AES-256-XTS is the > > only supported cipher. > > > > dm-inlinecrypt is based on Android's dm-default-key with the > > controversial passthrough support removed. > > That's quite unfortunate. I'd say this passthrough support is probably the > most powerful thing about dm-default-key. > > Could you elaborate on why you removed it? Well, see the conversation you've been having with Christoph. It seems the passthrough / "metadata encryption" support will need to be reworked into a filesystem native feature in order to have a chance at upstream. Meanwhile there are people who have been waiting for basically "dm-crypt with blk-crypto", without the passthrough support. I hoped that I could help with that in the meantime -- hence this patchset. I'll go ahead and send out the full dm-default-key patches too as an RFC just so that people can see what it involves exactly. But be warned -- it is a bit ugly with changes in multiple layers (not just the dm target itself). - Eric
