[dm-devel] xts fuzz testing and lack of ciphertext stealing support
Herbert Xu
herbert at gondor.apana.org.au
Thu Jul 18 15:27:38 UTC 2019
On Thu, Jul 18, 2019 at 01:19:41PM +0200, Milan Broz wrote:
>
> Also, I would like to avoid another "just because it is nicer" module dependence (XTS->XEX->ECB).
> Last time (when XTS was reimplemented using ECB) we have many reports with initramfs
> missing ECB module preventing boot from AES-XTS encrypted root after kernel upgrade...
> Just saying. (Despite the last time it was keyring what broke encrypted boot ;-)
>
> (That said, I will try to find some volunteer to help with CTS in XTS implementation, if needed.)
Well the main advantage of doing it on top of the existing xts is
that you can retain the existing ARM implementations without any
changes. This would also apply to any existing xts drivers that
also don't implement CTS (I'm not aware of the status on these so
someone will need to check them one by one).
But if you were going to volunteer to change them all in one swoop
then it wouldn't matter.
Cheers,
--
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the dm-devel
mailing list