linux-fscrypt.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Christoph Hellwig <hch@infradead.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Christoph Hellwig <hch@infradead.org>,
	Satya Tangirala <satyat@google.com>, Jens Axboe <axboe@kernel.dk>,
	linux-block@vger.kernel.org, linux-scsi@vger.kernel.org,
	linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net,
	linux-ext4@vger.kernel.org,
	Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
	Kuohong Wang <kuohong.wang@mediatek.com>,
	Kim Boojin <boojin.kim@samsung.com>
Subject: Re: [PATCH v13 00/12] Inline Encryption Support
Date: Mon, 18 May 2020 09:50:44 -0700	[thread overview]
Message-ID: <20200518165044.GA23230@infradead.org> (raw)
In-Reply-To: <20200515170059.GA1009@sol.localdomain>

On Fri, May 15, 2020 at 10:00:59AM -0700, Eric Biggers wrote:
> The fallback is actually really useful.  First, for testing: it allows all the
> filesystem code that uses inline crypto to be tested using gce-xfstests and
> kvm-xfstests, so that it's covered by the usual ext4 and f2fs regression testing
> and it's much easier to develop patches for.  It also allowed us to enable the
> inlinecrypt mount option in Cuttlefish, which is the virtual Android device used
> to test the Android common kernels.  So, it gets the kernel test platform as
> similar to a real Android device as possible.
> 
> Ideally we'd implement virtualized inline encryption as you suggested.  But
> these platforms use a mix of VMM's (QEMU, GCE, and crosvm) and storage types
> (virtio-blk, virtio-scsi, and maybe others; none of these even have an inline
> encryption standard defined yet).  So it's not currently feasible.

Not that you don't need to implement it in the hypervisor.  You can
also trivially wire up for things like null_blk.

> Second, it creates a clean design where users can just use blk-crypto, and not
> have to implement a second encryption implementation.

And I very much disagree about that being a clean implementation.  It is
fine if the user doesn't care, but you should catch this before hitting
the block stack and do the encryption there without hardware blk-crypt
support.

  reply	other threads:[~2020-05-18 16:50 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-14  0:37 [PATCH v13 00/12] Inline Encryption Support Satya Tangirala
2020-05-14  0:37 ` [PATCH v13 01/12] Documentation: Document the blk-crypto framework Satya Tangirala
2020-05-14  0:37 ` [PATCH v13 02/12] block: Keyslot Manager for Inline Encryption Satya Tangirala
2020-05-14  0:37 ` [PATCH v13 03/12] block: Inline encryption support for blk-mq Satya Tangirala
2020-05-14  0:37 ` [PATCH v13 04/12] block: Make blk-integrity preclude hardware inline encryption Satya Tangirala
2020-05-14  0:37 ` [PATCH v13 05/12] block: blk-crypto-fallback for Inline Encryption Satya Tangirala
2020-05-14  0:37 ` [PATCH v13 06/12] scsi: ufs: UFS driver v2.1 spec crypto additions Satya Tangirala
2020-05-15  3:55   ` Stanley Chu
2020-05-14  0:37 ` [PATCH v13 07/12] scsi: ufs: UFS crypto API Satya Tangirala
2020-05-15  6:35   ` Stanley Chu
2020-05-14  0:37 ` [PATCH v13 08/12] scsi: ufs: Add inline encryption support to UFS Satya Tangirala
2020-05-14  5:12   ` Eric Biggers
2020-05-15  7:37   ` Stanley Chu
2020-05-14  0:37 ` [PATCH v13 09/12] fs: introduce SB_INLINECRYPT Satya Tangirala
2020-05-14  0:37 ` [PATCH v13 10/12] fscrypt: add inline encryption support Satya Tangirala
2020-05-28 21:54   ` Eric Biggers
2020-06-03  2:07   ` Eric Biggers
2020-05-14  0:37 ` [PATCH v13 11/12] f2fs: " Satya Tangirala
2020-05-14  0:37 ` [PATCH v13 12/12] ext4: " Satya Tangirala
2020-05-14  5:10 ` [PATCH v13 00/12] Inline Encryption Support Eric Biggers
2020-05-14 15:48   ` Jens Axboe
2020-05-15  7:41     ` Christoph Hellwig
2020-05-15 12:25       ` Satya Tangirala
2020-05-15 14:42         ` Christoph Hellwig
2020-05-15 17:00           ` Eric Biggers
2020-05-18 16:50             ` Christoph Hellwig [this message]
2020-05-15  1:04   ` Martin K. Petersen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200518165044.GA23230@infradead.org \
    --to=hch@infradead.org \
    --cc=axboe@kernel.dk \
    --cc=bmuthuku@qti.qualcomm.com \
    --cc=boojin.kim@samsung.com \
    --cc=ebiggers@kernel.org \
    --cc=kuohong.wang@mediatek.com \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=satyat@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).