Re: [dm-devel] [RFC PATCH 0/1] Add inline encryption support for dm-crypt

[Milan Broz <gmazyland@gmail.com>]

On 14/01/2022 23:27, Eric Biggers wrote:
> On Fri, Jan 14, 2022 at 09:51:20PM +0100, Milan Broz wrote:
>> On 13/01/2022 19:09, Israel Rukshin wrote:
>>> Hi,
>>>
>>> I am working to add support for inline encryption/decryption
>>> at storage protocols like nvmf over RDMA. The HW that I am
>>> working with is ConnecX-6 Dx, which supports inline crypto
>>> and can send the data on the fabric at the same time.
>>
>> This idea comes from time to time, and it makes dm-crypt bloated,
>> and mainly it moves responsibility for encryption to block layer
>> crypto.
>> It adds two completely different sector encryption paths there.
>>
>> Also, see my comments here (for similar patches)
>> https://lore.kernel.org/dm-devel/c94d425a-bca4-8a8b-47bf-451239d29ebd@gmail.com/
>>
>> I think dm-crypt should stay as SW crypto only (using kernel crypto API,
>> so HW acceleration is done through crypto drivers there).
>>
>> A cleaner solution is to write a much simpler new dm-crypt-inline target,
>> which will implement only inline encryption.
>> (And userspace can decide which target to use.)
>> Code should be just an extension to the dm-linear target, most
>> of dm-crypt complexity is not needed here.
>>
>> Also, please think about configuration - how do you want to configure it?
>>
>> Just my opinion, it is, of course, up to DM maintainer if he takes such patches.
>>
> 
> IMO, adding inline encryption support to dm-crypt would be fine.  Normally,
> blk-crypto is just an alternate implementation of encryption/decryption.  I'm
> not sure that a separate dm target is warranted just because of a different
> implementation, as opposed to different *behavior*.  (Support for wrapped keys
> does complicate things a bit, as they do change behavior.)  But, I'd also be
> fine with a separate dm target if the dm maintainers prefer that route.

I would expect some issues with FIPS people here (currently, it is handled
by enabling various crypto API drivers) about crypto boundaries and such stuff.
But it is up to the corporate people, not me.

Sadly, nobody did try to push some device-mapper functionality into the block layer.
Then inline encryption can be just a block device configuration or whatever....
(discussed in 2010 or so... https://lwn.net/Articles/400589/)
</sigh>

I would prefer to separate SW FDE (dm-crypt, as it is) and a target that delegates
encryption to the block layer (inline encryption).
But it is just cryptsetup's maintainer view, as we have already too complex
detection which features can be enabled on various kernel configs, etc.

> Note that in the Android Common Kernels, there is already a dm target called
> "dm-default-key" which uses dm-crypt compatible syntax but uses blk-crypto
> (inline encryption) rather than the crypto API:
> https://android.googlesource.com/kernel/common/+/refs/heads/android-mainline/drivers/md/dm-default-key.c

Any plans to submit this to mainline? Or it is just too controversial?

> 
> It differs slightly from what is being proposed here in that dm-default-key's
> purpose is to implement filesystem "metadata encryption", so it has logic to
> skip encrypting blocks that have their encryption controlled at the filesystem
> level due to being part of an encrypted file's contents.  I expect that logic
> would be unacceptable upstream, as it's a layering violation.  (The long-term
> plan is to handle metadata encryption entirely at the filesystem level instead.)

Well, I wish that we have strong authenticated encryption in filesystem even for
metadata, where it fits better in the fist place....
But fscrypt is still not here (or am I mistaken?)

Milan

--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel