On Thu, Jul 02, 2020 at 01:56:05AM +0000, Satya Tangirala wrote: > Add support for inline encryption to fs/crypto/. With "inline > encryption", the block layer handles the decryption/encryption as part > of the bio, instead of the filesystem doing the crypto itself via > Linux's crypto API. This model is needed in order to take advantage of > the inline encryption hardware present on most modern mobile SoCs. > > To use inline encryption, the filesystem needs to be mounted with > '-o inlinecrypt'. Blk-crypto will then be used instead of the traditional > filesystem-layer crypto whenever possible to encrypt the contents > of any encrypted files in that filesystem. Fscrypt still provides the key > and IV to use, and the actual ciphertext on-disk is still the same; > therefore it's testable using the existing fscrypt ciphertext verification > tests. > > Note that since blk-crypto has a fallback to Linux's crypto API, and > also supports all the encryption modes currently supported by fscrypt, > this feature is usable and testable even without actual inline > encryption hardware. > > Per-filesystem changes will be needed to set encryption contexts when > submitting bios and to implement the 'inlinecrypt' mount option. This > patch just adds the common code. > > Co-developed-by: Eric Biggers <ebiggers@xxxxxxxxxx> > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > Signed-off-by: Satya Tangirala <satyat@xxxxxxxxxx> > Reviewed-by: Jaegeuk Kim <jaegeuk@xxxxxxxxxx> > Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx> Reviewed-by: Theodore Ts'o <tytso@xxxxxxx>