On 3/25/26 12:57 PM, Linlin Zhang wrote:
I understood that supporting keyring here is to ensure no raw key exposed to dm table. As implied by the name dm-inlinecrypt, the key used by dm-inlinecyrpt is a wrapped key, rather raw key. Can we keep the wrapped key inside the mapping table?
Whatever key it is, it allows activation of the encrypted device. And it does not need to be cached inside device-mapper layer (in DM table).
In other word, can dm-inlinecrypt support both keyring and hex key(key in mapping table)?
Yes, support both. There are situations user must use hexkey directly. But IMO, keyring option should be supported from the beginning. Thanks, Milan
