From: Jaegeuk Kim <jaegeuk@kernel.org>
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: Eric Biggers <ebiggers@kernel.org>,
linux-fscrypt@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
Daniel Rosenberg <drosen@google.com>
Subject: Re: [PATCH 2/4] fscrypt: add fscrypt_add_test_dummy_key()
Date: Tue, 12 May 2020 20:07:05 -0700 [thread overview]
Message-ID: <20200513030705.GB108075@google.com> (raw)
In-Reply-To: <20200513005538.GF1596452@mit.edu>
On 05/12, Theodore Y. Ts'o wrote:
> On Tue, May 12, 2020 at 04:32:49PM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > Currently, the test_dummy_encryption mount option (which is used for
> > encryption I/O testing with xfstests) uses v1 encryption policies, and
> > it relies on userspace inserting a test key into the session keyring.
> >
> > We need test_dummy_encryption to support v2 encryption policies too.
> > Requiring userspace to add the test key doesn't work well with v2
> > policies, since v2 policies only support the filesystem keyring (not the
> > session keyring), and keys in the filesystem keyring are lost when the
> > filesystem is unmounted. Hooking all test code that unmounts and
> > re-mounts the filesystem would be difficult.
> >
> > Instead, let's make the filesystem automatically add the test key to its
> > keyring when test_dummy_encryption is enabled.
> >
> > That puts the responsibility for choosing the test key on the kernel.
> > We could just hard-code a key. But out of paranoia, let's first try
> > using a per-boot random key, to prevent this code from being misused.
> > A per-boot key will work as long as no one expects dummy-encrypted files
> > to remain accessible after a reboot. (gce-xfstests doesn't.)
> >
> > Therefore, this patch adds a function fscrypt_add_test_dummy_key() which
> > implements the above. The next patch will use it.
> >
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
>
> Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
next prev parent reply other threads:[~2020-05-13 3:07 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-12 23:32 [PATCH 0/4] fscrypt: make '-o test_dummy_encryption' support v2 policies Eric Biggers
2020-05-12 23:32 ` [PATCH 1/4] linux/parser.h: add include guards Eric Biggers
2020-05-13 0:53 ` Theodore Y. Ts'o
2020-05-13 3:06 ` Jaegeuk Kim
2020-05-12 23:32 ` [PATCH 2/4] fscrypt: add fscrypt_add_test_dummy_key() Eric Biggers
2020-05-13 0:55 ` Theodore Y. Ts'o
2020-05-13 3:07 ` Jaegeuk Kim [this message]
2020-05-12 23:32 ` [PATCH 3/4] fscrypt: support test_dummy_encryption=v2 Eric Biggers
2020-05-13 3:11 ` Jaegeuk Kim
2020-05-19 2:53 ` Theodore Y. Ts'o
2020-05-19 3:02 ` Eric Biggers
2020-05-19 3:11 ` Eric Biggers
2020-05-19 3:19 ` Jaegeuk Kim
2020-05-19 14:02 ` Theodore Y. Ts'o
2020-05-12 23:32 ` [PATCH 4/4] fscrypt: make test_dummy_encryption use v2 by default Eric Biggers
2020-05-13 3:12 ` Jaegeuk Kim
2020-05-19 2:55 ` Theodore Y. Ts'o
2020-05-20 22:55 ` [PATCH 0/4] fscrypt: make '-o test_dummy_encryption' support v2 policies Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200513030705.GB108075@google.com \
--to=jaegeuk@kernel.org \
--cc=drosen@google.com \
--cc=ebiggers@kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).