From: Christoph Hellwig <hch@infradead.org> To: Eric Biggers <ebiggers@kernel.org> Cc: Christoph Hellwig <hch@infradead.org>, Satya Tangirala <satyat@google.com>, Jens Axboe <axboe@kernel.dk>, linux-block@vger.kernel.org, linux-scsi@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org, Barani Muthukumaran <bmuthuku@qti.qualcomm.com>, Kuohong Wang <kuohong.wang@mediatek.com>, Kim Boojin <boojin.kim@samsung.com> Subject: Re: [PATCH v13 00/12] Inline Encryption Support Date: Mon, 18 May 2020 09:50:44 -0700 [thread overview] Message-ID: <20200518165044.GA23230@infradead.org> (raw) In-Reply-To: <20200515170059.GA1009@sol.localdomain> On Fri, May 15, 2020 at 10:00:59AM -0700, Eric Biggers wrote: > The fallback is actually really useful. First, for testing: it allows all the > filesystem code that uses inline crypto to be tested using gce-xfstests and > kvm-xfstests, so that it's covered by the usual ext4 and f2fs regression testing > and it's much easier to develop patches for. It also allowed us to enable the > inlinecrypt mount option in Cuttlefish, which is the virtual Android device used > to test the Android common kernels. So, it gets the kernel test platform as > similar to a real Android device as possible. > > Ideally we'd implement virtualized inline encryption as you suggested. But > these platforms use a mix of VMM's (QEMU, GCE, and crosvm) and storage types > (virtio-blk, virtio-scsi, and maybe others; none of these even have an inline > encryption standard defined yet). So it's not currently feasible. Not that you don't need to implement it in the hypervisor. You can also trivially wire up for things like null_blk. > Second, it creates a clean design where users can just use blk-crypto, and not > have to implement a second encryption implementation. And I very much disagree about that being a clean implementation. It is fine if the user doesn't care, but you should catch this before hitting the block stack and do the encryption there without hardware blk-crypt support.
WARNING: multiple messages have this Message-ID (diff)
From: Christoph Hellwig <hch@infradead.org> To: Eric Biggers <ebiggers@kernel.org> Cc: Jens Axboe <axboe@kernel.dk>, linux-block@vger.kernel.org, linux-ext4@vger.kernel.org, linux-scsi@vger.kernel.org, Kim Boojin <boojin.kim@samsung.com>, Kuohong Wang <kuohong.wang@mediatek.com>, Barani Muthukumaran <bmuthuku@qti.qualcomm.com>, Satya Tangirala <satyat@google.com>, Christoph Hellwig <hch@infradead.org>, linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net Subject: Re: [f2fs-dev] [PATCH v13 00/12] Inline Encryption Support Date: Mon, 18 May 2020 09:50:44 -0700 [thread overview] Message-ID: <20200518165044.GA23230@infradead.org> (raw) In-Reply-To: <20200515170059.GA1009@sol.localdomain> On Fri, May 15, 2020 at 10:00:59AM -0700, Eric Biggers wrote: > The fallback is actually really useful. First, for testing: it allows all the > filesystem code that uses inline crypto to be tested using gce-xfstests and > kvm-xfstests, so that it's covered by the usual ext4 and f2fs regression testing > and it's much easier to develop patches for. It also allowed us to enable the > inlinecrypt mount option in Cuttlefish, which is the virtual Android device used > to test the Android common kernels. So, it gets the kernel test platform as > similar to a real Android device as possible. > > Ideally we'd implement virtualized inline encryption as you suggested. But > these platforms use a mix of VMM's (QEMU, GCE, and crosvm) and storage types > (virtio-blk, virtio-scsi, and maybe others; none of these even have an inline > encryption standard defined yet). So it's not currently feasible. Not that you don't need to implement it in the hypervisor. You can also trivially wire up for things like null_blk. > Second, it creates a clean design where users can just use blk-crypto, and not > have to implement a second encryption implementation. And I very much disagree about that being a clean implementation. It is fine if the user doesn't care, but you should catch this before hitting the block stack and do the encryption there without hardware blk-crypt support. _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2020-05-18 16:50 UTC|newest] Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-05-14 0:37 [PATCH v13 00/12] Inline Encryption Support Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-14 0:37 ` [PATCH v13 01/12] Documentation: Document the blk-crypto framework Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-14 0:37 ` [PATCH v13 02/12] block: Keyslot Manager for Inline Encryption Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-14 0:37 ` [PATCH v13 03/12] block: Inline encryption support for blk-mq Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-14 0:37 ` [PATCH v13 04/12] block: Make blk-integrity preclude hardware inline encryption Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-14 0:37 ` [PATCH v13 05/12] block: blk-crypto-fallback for Inline Encryption Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-14 0:37 ` [PATCH v13 06/12] scsi: ufs: UFS driver v2.1 spec crypto additions Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-15 3:55 ` Stanley Chu 2020-05-15 3:55 ` [f2fs-dev] " Stanley Chu 2020-05-14 0:37 ` [PATCH v13 07/12] scsi: ufs: UFS crypto API Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-15 6:35 ` Stanley Chu 2020-05-15 6:35 ` [f2fs-dev] " Stanley Chu 2020-05-14 0:37 ` [PATCH v13 08/12] scsi: ufs: Add inline encryption support to UFS Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-14 5:12 ` Eric Biggers 2020-05-14 5:12 ` [f2fs-dev] " Eric Biggers 2020-05-15 7:37 ` Stanley Chu 2020-05-15 7:37 ` [f2fs-dev] " Stanley Chu 2020-05-14 0:37 ` [PATCH v13 09/12] fs: introduce SB_INLINECRYPT Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-14 0:37 ` [PATCH v13 10/12] fscrypt: add inline encryption support Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-28 21:54 ` Eric Biggers 2020-05-28 21:54 ` [f2fs-dev] " Eric Biggers 2020-06-03 2:07 ` Eric Biggers 2020-06-03 2:07 ` [f2fs-dev] " Eric Biggers 2020-05-14 0:37 ` [PATCH v13 11/12] f2fs: " Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-14 0:37 ` [PATCH v13 12/12] ext4: " Satya Tangirala 2020-05-14 0:37 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-14 5:10 ` [PATCH v13 00/12] Inline Encryption Support Eric Biggers 2020-05-14 5:10 ` [f2fs-dev] " Eric Biggers 2020-05-14 15:48 ` Jens Axboe 2020-05-14 15:48 ` [f2fs-dev] " Jens Axboe 2020-05-15 7:41 ` Christoph Hellwig 2020-05-15 7:41 ` [f2fs-dev] " Christoph Hellwig 2020-05-15 12:25 ` Satya Tangirala 2020-05-15 12:25 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-05-15 14:42 ` Christoph Hellwig 2020-05-15 14:42 ` [f2fs-dev] " Christoph Hellwig 2020-05-15 17:00 ` Eric Biggers 2020-05-15 17:00 ` [f2fs-dev] " Eric Biggers 2020-05-18 16:50 ` Christoph Hellwig [this message] 2020-05-18 16:50 ` Christoph Hellwig 2020-05-15 1:04 ` Martin K. Petersen 2020-05-15 1:04 ` [f2fs-dev] " Martin K. Petersen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200518165044.GA23230@infradead.org \ --to=hch@infradead.org \ --cc=axboe@kernel.dk \ --cc=bmuthuku@qti.qualcomm.com \ --cc=boojin.kim@samsung.com \ --cc=ebiggers@kernel.org \ --cc=kuohong.wang@mediatek.com \ --cc=linux-block@vger.kernel.org \ --cc=linux-ext4@vger.kernel.org \ --cc=linux-f2fs-devel@lists.sourceforge.net \ --cc=linux-fscrypt@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-scsi@vger.kernel.org \ --cc=satyat@google.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.