Commit 880253ea authored by Satya Tangirala's avatar Satya Tangirala Committed by Eric Biggers

fscrypt: document inline encryption support

Update the fscrypt documentation file for inline encryption support.
Signed-off-by: default avatarSatya Tangirala <satyat@google.com>
Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
Reviewed-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
Link: https://lore.kernel.org/r/20200724184501.1651378-7-satyat@google.comSigned-off-by: default avatarEric Biggers <ebiggers@google.com>
parent ab673b98
...@@ -1204,6 +1204,18 @@ buffer. Some filesystems, such as UBIFS, already use temporary ...@@ -1204,6 +1204,18 @@ buffer. Some filesystems, such as UBIFS, already use temporary
buffers regardless of encryption. Other filesystems, such as ext4 and buffers regardless of encryption. Other filesystems, such as ext4 and
F2FS, have to allocate bounce pages specially for encryption. F2FS, have to allocate bounce pages specially for encryption.
Fscrypt is also able to use inline encryption hardware instead of the
kernel crypto API for en/decryption of file contents. When possible,
and if directed to do so (by specifying the 'inlinecrypt' mount option
for an ext4/F2FS filesystem), it adds encryption contexts to bios and
uses blk-crypto to perform the en/decryption instead of making use of
the above read/write path changes. Of course, even if directed to
make use of inline encryption, fscrypt will only be able to do so if
either hardware inline encryption support is available for the
selected encryption algorithm or CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK
is selected. If neither is the case, fscrypt will fall back to using
the above mentioned read/write path changes for en/decryption.
Filename hashing and encoding Filename hashing and encoding
----------------------------- -----------------------------
...@@ -1250,7 +1262,9 @@ Tests ...@@ -1250,7 +1262,9 @@ Tests
To test fscrypt, use xfstests, which is Linux's de facto standard To test fscrypt, use xfstests, which is Linux's de facto standard
filesystem test suite. First, run all the tests in the "encrypt" filesystem test suite. First, run all the tests in the "encrypt"
group on the relevant filesystem(s). For example, to test ext4 and group on the relevant filesystem(s). One can also run the tests
with the 'inlinecrypt' mount option to test the implementation for
inline encryption support. For example, to test ext4 and
f2fs encryption using `kvm-xfstests f2fs encryption using `kvm-xfstests
<https://github.com/tytso/xfstests-bld/blob/master/Documentation/kvm-quickstart.md>`_:: <https://github.com/tytso/xfstests-bld/blob/master/Documentation/kvm-quickstart.md>`_::
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment