Hello Richard, On 30.03.21 23:50, Richard Weinberger wrote: > Ahmad, > > On Wed, Mar 17, 2021 at 3:08 PM Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> wrote: > >> TABLE="0 $BLOCKS crypt $ALGO :32:trusted:$KEYNAME 0 $DEV 0 1 allow_discards" >> echo $TABLE | dmsetup create mydev >> echo $TABLE | dmsetup load mydev > > Do you also plan to add support for this to cryptsetup? > > David and I have added (rough) support for our CAAM/DCP based keyrings > to cryptsetup: > https://github.com/sigma-star/cryptsetup/tree/rw/plain > > I'm pretty sure with minimal changes it will work with your recent approach too. I am using dmsetup directly in my project. I am not familiar with cryptsetup plain. What benefits do you see with this over direct dmsetup? What I'd like to see eventually is support for this with LUKS. There is a RFE on trusted keys and cryptsetup on the project's repository[1]. The behavior I'd want it that the LUKS header would point at the trusted key blob to use and load it into the kernel. This of course means that you won't be able to have multiple keys for the encrypted partition. [1]: https://gitlab.com/cryptsetup/cryptsetup/-/issues/443 Cheers, Ahmad -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
