On 07/12/2017 08:36 PM, Renesanso wrote: > I have other question: why you dont use AEAD idea from redhad for > dm-crypt (cryptsetup, that works, as they present), that realise AES-GCM > (as, example ZFS use)? Why do you want to merge dm-integrity and > dm-crypt? > https://mbroz.fedorapeople.org/talks/DevConf2017/devconf2017-aead.pdf
Sorry? You mean my own talk? That exactly describes how it is implemented now. We use AEAD when used together with encryption (dm-crypt) but this requires LUKS2 userspace branch and this is not something I would like to use until it is more stable. As said in the slides you linked, dm-integrity can operate in two modes: - standalone [parity only] (configured through integritysetup) and - in cooperation with dm-crypt [for AEAD - authenticated encryption) (will be configured through cryptsetup, but it is not yet in master branch) Milan -- dm-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/dm-devel
