[dm-devel] [RFC PATCH 0/1] Add inline encryption support for dm-crypt
Milan Broz
gmazyland at gmail.com
Mon Jan 17 10:50:59 UTC 2022
On 17/01/2022 08:52, Christoph Hellwig wrote:
> On Fri, Jan 14, 2022 at 09:51:20PM +0100, Milan Broz wrote:
>> I think dm-crypt should stay as SW crypto only (using kernel crypto API,
>> so HW acceleration is done through crypto drivers there).
>>
>> A cleaner solution is to write a much simpler new dm-crypt-inline target,
>> which will implement only inline encryption.
>> (And userspace can decide which target to use.)
>> Code should be just an extension to the dm-linear target, most
>> of dm-crypt complexity is not needed here.
>
> Why do we even need a dm target for this as well? There should be no
> need to clone or remap bios, so I think hamdling inline crypto should be
> just a small addition to the core block layer.
Well, yes, that was my question too :-)
Maybe there is need to have some new userspace utility to configure that
but otherwise I think that for inline encryption device mapper layer
only increases complexity and reduces IO performance.
Could anyone elaborate what it the reason for such DM extension?
Compatibility with existing encryption/key management tools (like LUKS)?
Easy support in LVM? ...
Milan
More information about the dm-devel
mailing list