[dm-devel] dm-crypt: support using encrypted keys
Milan Broz
gmazyland at gmail.com
Wed Apr 22 16:47:51 UTC 2020
On 21/04/2020 20:27, Mike Snitzer wrote:
> On Mon, Apr 20 2020 at 9:46P -0400,
> Dmitry Baryshkov <dbaryshkov at gmail.com> wrote:
>
>> From: Dmitry Baryshkov <dmitry_baryshkov at mentor.com>
>>
>> Allow one to use encrypted in addition to user and login key types for
>> device encryption.
>>
>> Signed-off-by: Dmitry Baryshkov <dmitry_baryshkov at mentor.com>
>
> I fixed up some issues, please see the following incremental patch,
> I'll get this folded in and staged for 5.8.
And you just created hard dependence on encrypted key type...
If you disable this type (CONFIG_ENCRYPTED_KEYS option), it cannot load the module anymore:
ERROR: modpost: "key_type_encrypted" [drivers/md/dm-crypt.ko] undefined!
We had this idea before, and this implementation in dm-crypt just requires dynamic
key type loading implemented first.
David Howells (cc) promised that moths ago, but apparently nothing was yet submitted
(and the proof-of-concept patch no longer works).
Mike, I think you should revert this patch from the tree until it is solved.
Once fixed, we should also support "trusted" key type.
Also please - do no forget to increase dm-crypt minor version here...
Thanks,
Milan
More information about the dm-devel
mailing list