dm-inlinecrypt currently assumes that all keys are raw software keys. That does not work for platforms where inline encryption expects hardware-wrapped key material managed by secure firmware/hardware.
This series adds support for hardware-wrapped keys in dm-inlinecrypt by introducing an explicit <is_wrappedkey> target argument. The flag lets dm-inlinecrypt select the proper blk-crypto key type at key initialization time: - 0: BLK_CRYPTO_KEY_TYPE_RAW - 1: BLK_CRYPTO_KEY_TYPE_HW_WRAPPED With this change, dm-inlinecrypt can support both raw and wrapped key deployment models without hardcoding one key ownership model. The series also: - updates target argument parsing to include the new required flag - propagates the wrapped/raw state in target status output - updates dm-inlinecrypt documentation and examples accordingly Note: this extends target syntax by adding one required parameter, so existing userspace table definitions must be updated. dm-inlinecrypt currently assumes that all keys are raw software keys. That does not work for platforms where inline encryption expects hardware-wrapped key material managed by secure firmware/hardware. This series adds support for hardware-wrapped keys in dm-inlinecrypt by introducing an explicit <is_wrappedkey> target argument. The flag lets dm-inlinecrypt select the proper blk-crypto key type at key initialization time: - 0: BLK_CRYPTO_KEY_TYPE_RAW - 1: BLK_CRYPTO_KEY_TYPE_HW_WRAPPED With this change, dm-inlinecrypt can support both raw and wrapped key deployment models without hardcoding one key ownership model. The series also: - updates target argument parsing to include the new required flag - propagates the wrapped/raw state in target status output - updates dm-inlinecrypt documentation and examples accordingly Note: this extends target syntax by adding one required parameter, so existing userspace table definitions must be updated. Linlin Zhang (1): dm-inlinecrypt: add support for hardware-wrapped keys .../device-mapper/dm-inlinecrypt.rst | 10 ++- drivers/md/dm-inlinecrypt.c | 71 +++++++++++-------- 2 files changed, 50 insertions(+), 31 deletions(-) -- 2.34.1
