Hi Eric, Thanks for the explanation.
I understand the concern about deriving software contents keys from sw_secret for hardware-wrapped-key files. I agree this is not the right security model, and I will stop pursuing this direction for now. Could you share more about the direction you have in mind for simplifying f2fs/ext4 contents encryption around blk-crypto? For f2fs inline_data, there is still a real space-saving benefit on phones, since many encrypted files are smaller than 4K. Is there any acceptable future direction to support this kind of inode-resident data with blk-crypto or hardware-wrapped keys? Thanks, Liao Yuanhong
