On Wed, Mar 04, 2026 at 04:17:27AM -0800, Linlin Zhang wrote: > From: Eric Biggers <[email protected]> > > Add a new device-mapper target "dm-inlinecrypt" that is similar to > dm-crypt but uses the blk-crypto API instead of the regular crypto API. > This allows it to take advantage of inline encryption hardware such as > that commonly built into UFS host controllers. > > The table syntax matches dm-crypt's, but for now only a stripped-down > set of parameters is supported. For example, for now AES-256-XTS is the > only supported cipher. > > dm-inlinecrypt is based on Android's dm-default-key with the > controversial passthrough support removed. Note that due to the removal > of passthrough support, use of dm-inlinecrypt in combination with > fscrypt causes double encryption of file contents (similar to dm-crypt + > fscrypt), with the fscrypt layer not being able to use the inline > encryption hardware. This makes dm-inlinecrypt unusable on systems such > as Android that use fscrypt and where a more optimized approach is > needed. It is however suitable as a replacement for dm-crypt. > > Signed-off-by: Eric Biggers <[email protected]> > Signed-off-by: Linlin Zhang <[email protected]>
I don't think it's plausible that this new patch was actually tested. The version I sent in 2024 was tested at the time (https://lore.kernel.org/r/[email protected]/), but I see at least two things that would make this new patch not work. First, the call to blk_crypto_init_key() will always fail, since it's being passed BLK_CRYPTO_KEY_TYPE_HW_WRAPPED but using a 64-byte raw key. It needs to be BLK_CRYPTO_KEY_TYPE_RAW. (BLK_CRYPTO_KEY_TYPE_HW_WRAPPED support would make sense to add as an extra feature, once the basic raw key support is working. Note that when I sent the first version of this patch, support for wrapped keys was not yet upstream at all.) Second, since v7.0-rc1, submitters of bios don't automatically get blk-crypto-fallback support; they need to request it explicitly. So, this patch will not work with blk-crypto-fallback anymore. If you'd like to continue work on this patch, it might be helpful to check the latest version of dm-default-key.c in "android-mainline" (https://android.googlesource.com/kernel/common/+/android-mainline/drivers/md/dm-default-key.c) and resynchronize this patch with it. It already has the code to correctly support both key types and blk-crypto-fallback, for example. Either way, this patch also needs to be re-tested with the latest upstream kernel, which doesn't seem to have happened unfortunately. - Eric
