diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-01-21 09:27:47 -0800 |
|---|---|---|
| committer | Amit Pundir <amit.pundir@linaro.org> | 2024-03-21 20:42:33 +0530 |
| commit | 0b4a134f48547c1d4d8b9850ef3d14e95281dec9 (patch) | |
| tree | 153ef37a02b66a6c14159437846a68fbd73b7f1c /block | |
| parent | e8f897f4afef0031fe618a8e94127a0934896aba (diff) | |
ANDROID: dm: add dm-default-key target for metadata encryption
Add a device-mapper target "dm-default-key" which assigns an encryption
key to bios that aren't for the contents of an encrypted file.
This ensures that all blocks on-disk will be encrypted with some key,
without the performance hit of file contents being encrypted twice when
fscrypt (File-Based Encryption) is used.
It is only appropriate to use dm-default-key when key configuration is
tightly controlled, like it is in Android, such that all fscrypt keys
are at least as hard to compromise as the default key.
Compared to the original version of dm-default-key, this has been
modified to use the new vendor-independent inline encryption framework
(which works even when no inline encryption hardware is present), the
table syntax has been changed to match dm-crypt, and support for
specifying Adiantum encryption has been added. These changes also mean
that dm-default-key now always explicitly specifies the DUN (the IV).
Also, to handle f2fs moving blocks of encrypted files around without the
key, and to handle ext4 and f2fs filesystems mounted without
'-o inlinecrypt', the mapping logic is no longer "set a key on the bio
if it doesn't have one already", but rather "set a key on the bio unless
the bio has the bi_skip_dm_default_key flag set". Filesystems set this
flag on *all* bios for encrypted file contents, regardless of whether
they are encrypting/decrypting the file using inline encryption or the
traditional filesystem-layer encryption, or moving the raw data.
For the bi_skip_dm_default_key flag, a new field in struct bio is used
rather than a bit in bi_opf so that fscrypt_set_bio_crypt_ctx() can set
the flag, minimizing the changes needed to filesystems. (bi_opf is
usually overwritten after fscrypt_set_bio_crypt_ctx() is called.)
[CPNOTE: 20/07/21] Lee: Has been submitted upstream - no current assignee
Bug: 137270441
Bug: 147814592
Bug: 160885805
Link: https://lkml.kernel.org/linux-f2fs-devel/20201217150435.1505269-1-satyat@google.com/T/#u
Change-Id: I69c9cd1e968ccf990e4ad96e5115b662237f5095
Signed-off-by: Eric Biggers <ebiggers@google.com>
Diffstat (limited to 'block')
| -rw-r--r-- | block/bio.c | 3 | ||||
| -rw-r--r-- | block/blk-crypto-fallback.c | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/block/bio.c b/block/bio.c index b9642a41f286..689de569f3b8 100644 --- a/block/bio.c +++ b/block/bio.c @@ -269,6 +269,9 @@ void bio_init(struct bio *bio, struct block_device *bdev, struct bio_vec *table, #endif #ifdef CONFIG_BLK_INLINE_ENCRYPTION bio->bi_crypt_context = NULL; +#if IS_ENABLED(CONFIG_DM_DEFAULT_KEY) + bio->bi_skip_dm_default_key = false; +#endif #endif #ifdef CONFIG_BLK_DEV_INTEGRITY bio->bi_integrity = NULL; diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c index e6468eab2681..c5d076e642f5 100644 --- a/block/blk-crypto-fallback.c +++ b/block/blk-crypto-fallback.c @@ -180,6 +180,8 @@ static struct bio *blk_crypto_fallback_clone_bio(struct bio *bio_src) bio_clone_blkg_association(bio, bio_src); + bio_clone_skip_dm_default_key(bio, bio_src); + return bio; } |