[dm-devel] dm-integrity
Milan Broz
gmazyland at gmail.com
Thu Jul 13 10:35:54 UTC 2017
On 07/12/2017 08:36 PM, Renesanso wrote:
> I have other question: why you dont use AEAD idea from redhad for
> dm-crypt (cryptsetup, that works, as they present), that realise AES-GCM
> (as, example ZFS use)? Why do you want to merge dm-integrity and
> dm-crypt?
> https://mbroz.fedorapeople.org/talks/DevConf2017/devconf2017-aead.pdf
Sorry? You mean my own talk? That exactly describes how it is implemented now.
We use AEAD when used together with encryption (dm-crypt) but this requires
LUKS2 userspace branch and this is not something I would like to use until
it is more stable.
As said in the slides you linked, dm-integrity can operate in two modes:
- standalone [parity only] (configured through integritysetup) and
- in cooperation with dm-crypt [for AEAD - authenticated encryption)
(will be configured through cryptsetup, but it is not yet in master branch)
Milan
More information about the dm-devel
mailing list