On Fri, 2 Jun 2023 14:39:46 -0700, Eric Biggers wrote: > I haven't seen any patch that proposes adding LEA support to fscrypt. > Also, I'm > not sure that the information you've provided so far is sufficient > motivation > for adding it to fscrypt. I did recently allow another national pride > cipher, > SM4, to be added to fscrypt, but that was only because a user said they > were > being *required* to use SM4. It's not clear that's the case for LEA. Hello, We thought that having the dm-crypt module as an in-kernel user of this patch is enough to apply it. Of course, it would have been better to include fscrypt in the patch, as file system encryption is very important for data-at-rest encryption along with disk encryption. Unfortunately, currently, vendors trying to supply Linux-based data-at-rest encryption products by utilizing the dm-crypt or the fscrypt modules to government agencies or public institutions in Korea are experiencing great difficulties. According to Korean regulations, the data transmitted and stored by government agencies and public institutions must be protected using KCMVP validated cryptographic modules. (KCMVP, the Korean Cryptographic Module Validation Program, is a Korean security accreditation program for cryptographic modules, like the CMVP in the United States.) According to the KCMVP, cryptographic modules that are to be adopted in government agencies and public institutions are required to use the approved cryptographic algorithms to encrypt data. As mentioned earlier, LEA, SEED, and ARIA are the only KCMVP-approved block ciphers. As you know, the best approach to performing data-at-rest encryption on Linux is using kernel modules like dm-crypt or fscrypt. Therefore, applying the proposed patch would be very beneficial for the vendors wanting to supply Linux products to government agencies or public institutions in Korea, since they must use the KCMVP-approved cryptographic algorithms such as LEA. We kindly request a positive response to enable the utilization of data-at-rest encryption in such special circumstances, thereby improving Korea's Linux environment. Thank you.