On Thu, 12 Mar 2026, Eric Biggers wrote:
> On Wed, Mar 04, 2026 at 04:17:27AM -0800, Linlin Zhang wrote:
> > From: Eric Biggers <[email protected]>
> >
> > Add a new device-mapper target "dm-inlinecrypt" that is similar to
> > dm-crypt but uses the blk-crypto API instead of the regular crypto API.
> > This allows it to take advantage of inline encryption hardware such as
> > that commonly built into UFS host controllers.
> >
> > The table syntax matches dm-crypt's, but for now only a stripped-down
> > set of parameters is supported. For example, for now AES-256-XTS is the
> > only supported cipher.
> >
> > dm-inlinecrypt is based on Android's dm-default-key with the
> > controversial passthrough support removed. Note that due to the removal
> > of passthrough support, use of dm-inlinecrypt in combination with
> > fscrypt causes double encryption of file contents (similar to dm-crypt +
> > fscrypt), with the fscrypt layer not being able to use the inline
> > encryption hardware. This makes dm-inlinecrypt unusable on systems such
> > as Android that use fscrypt and where a more optimized approach is
> > needed. It is however suitable as a replacement for dm-crypt.
> >
> > Signed-off-by: Eric Biggers <[email protected]>
> > Signed-off-by: Linlin Zhang <[email protected]>
>
> I don't think it's plausible that this new patch was actually tested.
> The version I sent in 2024 was tested at the time
> (https://lore.kernel.org/r/[email protected]/),
> but I see at least two things that would make this new patch not work.
>
> First, the call to blk_crypto_init_key() will always fail, since it's
> being passed BLK_CRYPTO_KEY_TYPE_HW_WRAPPED but using a 64-byte raw key.
>
> It needs to be BLK_CRYPTO_KEY_TYPE_RAW. (BLK_CRYPTO_KEY_TYPE_HW_WRAPPED
> support would make sense to add as an extra feature, once the basic raw
> key support is working. Note that when I sent the first version of this
> patch, support for wrapped keys was not yet upstream at all.)
>
> Second, since v7.0-rc1, submitters of bios don't automatically get
> blk-crypto-fallback support; they need to request it explicitly. So,
> this patch will not work with blk-crypto-fallback anymore.
>
> If you'd like to continue work on this patch, it might be helpful to
> check the latest version of dm-default-key.c in "android-mainline"
> (https://android.googlesource.com/kernel/common/+/android-mainline/drivers/md/dm-default-key.c)
> and resynchronize this patch with it. It already has the code to
> correctly support both key types and blk-crypto-fallback, for example.
>
> Either way, this patch also needs to be re-tested with the latest
> upstream kernel, which doesn't seem to have happened unfortunately.
OK. I dropped it.
Mikulas
> - Eric
>
