On Wed, Aug 21, 2019 at 09:13:36AM +0200, Milan Broz wrote: > > NACK. > > The whole principle of dm-crypt target is that it NEVER EVER submits > plaintext data down the stack in bio. > > If you want to do some lower/higher layer encryption, use key management > on a different layer. > So here, just setup encryption for fs, do not stack it with dm-crypt. > > Also, dm-crypt is software-independent solution > (software-based full disk encryption), it must not depend on > any underlying hardware. > Hardware can be of course used used for acceleration, but then > just implement proper crypto API module that accelerates particular cipher.
I'm sorry for breaking the basic rules of dm-crypt. But, if I want to use the H/W crypto accelerator running in storage controller, I have to drop plaintext to bio. I think the "proper crypto API module" that you mentioned is diskcipher because diskcipher isn't only for FMP. Diskcipher is a crypto API that supports encryption on storage controllers. Thanks Boojin Kim
