On Wed, May 30, 2018 at 02:52:07PM +0000, Ladvine D Almeida wrote: > when the optional argument "perform_inline_encrypt" is set, we are not > unconditionally sending the bio > to the block devices. The steps are explained below: > 1. user invokes the dm-setup command with the registered cipher "xts" and > with the optional argument > "perform_inline_encrypt". > 2. dm-setup invokes the setkey function of the newly introduced algorithm, > which finds the available key slots > to be programmed(UFS Host controller Inline Encryption engine has multiple > keyslots), program the key slot, > and return the key slot index as return value of the set key function. > 3. When read/write operation happens, crypt_map() function in dm-crypt > validates whether there is associated > key configuration index for the request. The Bio will be submitted directly > in this case only with the associated > crypto context. > 4. Block device driver, eg. UFS host controller driver will create the > Transfer requests as per this crypto context and > encryption happens inside the controller.
Why isn't this all controlled by the ufs drivers, using helpers as required? Also why do we even need this API over just implementing TCG Opal/Opalite on the device? -- dm-devel mailing list dm-devel@redhat.com https://www.redhat.com/mailman/listinfo/dm-devel
