[dm-devel] [RFC PATCH 0/1] Add inline encryption support for dm-crypt
Christoph Hellwig
hch at infradead.org
Tue Jan 18 16:45:25 UTC 2022
On Mon, Jan 17, 2022 at 04:00:59PM +0200, Israel Rukshin wrote:
> DM extension gives us several capabilities:
>
> 1. Use the Linux keyring and other key management tools.
>
> - I used "keyctl padd user test-key @u < /tmp/wrapped_dek" at my tests
Well, and kernel consumer can do that.
> 2. Split a single block device into several DMs. Allow us to use a different
> encryption key and encryption mode per DM.
If we allow setting a default key for every block device you can still
do that using normal dm-linear.
>
> 3. Replace a key during I/O by using "dmsetup suspend /dev/dm-0" and
> "dmsetup resume /dev/dm-0".
With a block layer ioctl that also works easily.
More information about the dm-devel
mailing list