From: Christoph Hellwig <hch@infradead.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Christoph Hellwig <hch@infradead.org>,
Satya Tangirala <satyat@google.com>, Jens Axboe <axboe@kernel.dk>,
linux-block@vger.kernel.org, linux-scsi@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-ext4@vger.kernel.org,
Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
Kuohong Wang <kuohong.wang@mediatek.com>,
Kim Boojin <boojin.kim@samsung.com>
Subject: Re: [PATCH v13 00/12] Inline Encryption Support
Date: Mon, 18 May 2020 09:50:44 -0700 [thread overview]
Message-ID: <20200518165044.GA23230@infradead.org> (raw)
In-Reply-To: <20200515170059.GA1009@sol.localdomain>
On Fri, May 15, 2020 at 10:00:59AM -0700, Eric Biggers wrote:
> The fallback is actually really useful. First, for testing: it allows all the
> filesystem code that uses inline crypto to be tested using gce-xfstests and
> kvm-xfstests, so that it's covered by the usual ext4 and f2fs regression testing
> and it's much easier to develop patches for. It also allowed us to enable the
> inlinecrypt mount option in Cuttlefish, which is the virtual Android device used
> to test the Android common kernels. So, it gets the kernel test platform as
> similar to a real Android device as possible.
>
> Ideally we'd implement virtualized inline encryption as you suggested. But
> these platforms use a mix of VMM's (QEMU, GCE, and crosvm) and storage types
> (virtio-blk, virtio-scsi, and maybe others; none of these even have an inline
> encryption standard defined yet). So it's not currently feasible.
Not that you don't need to implement it in the hypervisor. You can
also trivially wire up for things like null_blk.
> Second, it creates a clean design where users can just use blk-crypto, and not
> have to implement a second encryption implementation.
And I very much disagree about that being a clean implementation. It is
fine if the user doesn't care, but you should catch this before hitting
the block stack and do the encryption there without hardware blk-crypt
support.
next prev parent reply other threads:[~2020-05-18 16:50 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-14 0:37 [PATCH v13 00/12] Inline Encryption Support Satya Tangirala
2020-05-14 0:37 ` [PATCH v13 01/12] Documentation: Document the blk-crypto framework Satya Tangirala
2020-05-14 0:37 ` [PATCH v13 02/12] block: Keyslot Manager for Inline Encryption Satya Tangirala
2020-05-14 0:37 ` [PATCH v13 03/12] block: Inline encryption support for blk-mq Satya Tangirala
2020-05-14 0:37 ` [PATCH v13 04/12] block: Make blk-integrity preclude hardware inline encryption Satya Tangirala
2020-05-14 0:37 ` [PATCH v13 05/12] block: blk-crypto-fallback for Inline Encryption Satya Tangirala
2020-05-14 0:37 ` [PATCH v13 06/12] scsi: ufs: UFS driver v2.1 spec crypto additions Satya Tangirala
2020-05-15 3:55 ` Stanley Chu
2020-05-14 0:37 ` [PATCH v13 07/12] scsi: ufs: UFS crypto API Satya Tangirala
2020-05-15 6:35 ` Stanley Chu
2020-05-14 0:37 ` [PATCH v13 08/12] scsi: ufs: Add inline encryption support to UFS Satya Tangirala
2020-05-14 5:12 ` Eric Biggers
2020-05-15 7:37 ` Stanley Chu
2020-05-14 0:37 ` [PATCH v13 09/12] fs: introduce SB_INLINECRYPT Satya Tangirala
2020-05-14 0:37 ` [PATCH v13 10/12] fscrypt: add inline encryption support Satya Tangirala
2020-05-28 21:54 ` Eric Biggers
2020-06-03 2:07 ` Eric Biggers
2020-05-14 0:37 ` [PATCH v13 11/12] f2fs: " Satya Tangirala
2020-05-14 0:37 ` [PATCH v13 12/12] ext4: " Satya Tangirala
2020-05-14 5:10 ` [PATCH v13 00/12] Inline Encryption Support Eric Biggers
2020-05-14 15:48 ` Jens Axboe
2020-05-15 7:41 ` Christoph Hellwig
2020-05-15 12:25 ` Satya Tangirala
2020-05-15 14:42 ` Christoph Hellwig
2020-05-15 17:00 ` Eric Biggers
2020-05-18 16:50 ` Christoph Hellwig [this message]
2020-05-15 1:04 ` Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200518165044.GA23230@infradead.org \
--to=hch@infradead.org \
--cc=axboe@kernel.dk \
--cc=bmuthuku@qti.qualcomm.com \
--cc=boojin.kim@samsung.com \
--cc=ebiggers@kernel.org \
--cc=kuohong.wang@mediatek.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=satyat@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).