• Satya Tangirala's avatar
    fscrypt: add inline encryption support · 5fee3609
    Satya Tangirala authored
    Add support for inline encryption to fs/crypto/.  With "inline
    encryption", the block layer handles the decryption/encryption as part
    of the bio, instead of the filesystem doing the crypto itself via
    Linux's crypto API. This model is needed in order to take advantage of
    the inline encryption hardware present on most modern mobile SoCs.
    
    To use inline encryption, the filesystem needs to be mounted with
    '-o inlinecrypt'. Blk-crypto will then be used instead of the traditional
    filesystem-layer crypto whenever possible to encrypt the contents
    of any encrypted files in that filesystem. Fscrypt still provides the key
    and IV to use, and the actual ciphertext on-disk is still the same;
    therefore it's testable using the existing fscrypt ciphertext verification
    tests.
    
    Note that since blk-crypto has a fallback to Linux's crypto API, and
    also supports all the encryption modes currently supported by fscrypt,
    this feature is usable and testable even without actual inline
    encryption hardware.
    
    Per-filesystem changes will be needed to set encryption contexts when
    submitting bios and to implement the 'inlinecrypt' mount option.  This
    patch just adds the common code.
    Signed-off-by: default avatarSatya Tangirala <satyat@google.com>
    Reviewed-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
    Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
    Reviewed-by: default avatarTheodore Ts'o <tytso@mit.edu>
    Link: https://lore.kernel.org/r/20200702015607.1215430-3-satyat@google.comCo-developed-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    5fee3609
keysetup.c 17.8 KB