github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
Linux kernel source tree
793,382 Commits 1 Branch 934 Tags 20 GiB
C 97%
Assembly 1%
Shell 0.6%
Rust 0.5%
Python 0.4%
Other 0.3%
94231712cf
Go to file
Eric Biggers 94231712cf BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_64 policies 
Inline encryption hardware compliant with the UFS v2.1 standard or with
the upcoming version of the eMMC standard has the following properties:

(1) Per I/O request, the encryption key is specified by a previously
    loaded keyslot.  There might be only a small number of keyslots.

(2) Per I/O request, the starting IV is specified by a 64-bit "data unit
    number" (DUN).  IV bits 64-127 are assumed to be 0.  The hardware
    automatically increments the DUN for each "data unit" of
    configurable size in the request, e.g. for each filesystem block.

Property (1) makes it inefficient to use the traditional fscrypt
per-file keys.  Property (2) precludes the use of the existing
DIRECT_KEY fscrypt policy flag, which needs at least 192 IV bits.

Therefore, add a new fscrypt policy flag IV_INO_LBLK_64 which causes the
encryption to modified as follows:

- The encryption keys are derived from the master key, encryption mode
  number, and filesystem UUID.

- The IVs are chosen as (inode_number << 32) | file_logical_block_num.
  For filenames encryption, file_logical_block_num is 0.

Since the file nonces aren't used in the key derivation, many files may
share the same encryption key.  This is much more efficient on the
target hardware.  Including the inode number in the IVs and mixing the
filesystem UUID into the keys ensures that data in different files is
nevertheless still encrypted differently.

Additionally, limiting the inode and block numbers to 32 bits and
placing the block number in the low bits maintains compatibility with
the 64-bit DUN convention (property (2) above).

Since this scheme assumes that inode numbers are stable (which may
preclude filesystem shrinking) and that inode and file logical block
numbers are at most 32-bit, IV_INO_LBLK_64 will only be allowed on
filesystems that meet these constraints.  These are acceptable
limitations for the cases where this format would actually be used.

Note that IV_INO_LBLK_64 is an on-disk format, not an implementation.
This patch just adds support for it using the existing filesystem layer
encryption.  A later patch will add support for inline encryption.

Co-developed-by: Satya Tangirala <satyat@google.com>
Signed-off-by: Satya Tangirala <satyat@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>

Change-Id: Iedecd7fa1ce8eefffdec57257e27e679938b0ad7
Signed-off-by: Satya Tangirala <satyat@google.com>
Link: https://patchwork.kernel.org/patch/11210909/
2019-11-14 14:47:49 -08:00
arch This is the 4.19.84 stable release 2019-11-14 14:15:21 +08:00
block This is the 4.19.84 stable release 2019-11-14 14:15:21 +08:00
certs export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() 2018-08-22 23:21:44 +09:00
crypto This is the 4.19.79 stable release 2019-10-11 19:13:57 +02:00
Documentation BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_64 policies 2019-11-14 14:47:49 -08:00
drivers This is the 4.19.84 stable release 2019-11-14 14:15:21 +08:00
firmware kbuild: remove all dummy assignments to obj- 2017-11-18 11:46:06 +09:00
fs BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_64 policies 2019-11-14 14:47:49 -08:00
include BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_64 policies 2019-11-14 14:47:49 -08:00
init This is the 4.19.76 stable release 2019-10-01 08:51:37 +02:00
ipc This is the 4.19.65 stable release 2019-08-06 20:08:18 +02:00
kernel This is the 4.19.84 stable release 2019-11-14 14:15:21 +08:00
lib This is the 4.19.84 stable release 2019-11-14 14:15:21 +08:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm This is the 4.19.84 stable release 2019-11-14 14:15:21 +08:00
net This is the 4.19.84 stable release 2019-11-14 14:15:21 +08:00
samples samples: bpf: fix: seg fault with NULL pointer arg 2019-11-06 13:05:30 +01:00
scripts This is the 4.19.82 stable release 2019-11-06 13:21:58 +01:00
security ANDROID: Fix allmodconfig build with CC=clang 2019-11-14 10:56:08 -08:00
sound This is the 4.19.84 stable release 2019-11-14 14:15:21 +08:00
tools This is the 4.19.84 stable release 2019-11-14 14:15:21 +08:00
usr kbuild: clean compressed initramfs image 2019-10-07 18:57:16 +02:00
virt kvm: x86: mmu: Recovery of shattered NX large pages 2019-11-12 19:21:46 +01:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
abi_gki_aarch64.xml ANDROID: enable CONFIG_ION_SYSTEM_HEAP for GKI 2019-09-23 23:26:20 -07:00
build.config.aarch64 ANDROID: refactor build.config files to remove duplication 2019-10-22 18:27:12 -07:00
build.config.allmodconfig ANDROID: Add allmodconfig build.configs for x86_64 and aarch64 2019-11-12 20:55:23 +00:00
build.config.allmodconfig.aarch64 ANDROID: Add allmodconfig build.configs for x86_64 and aarch64 2019-11-12 20:55:23 +00:00
build.config.allmodconfig.x86_64 ANDROID: Add allmodconfig build.configs for x86_64 and aarch64 2019-11-12 20:55:23 +00:00
build.config.common ANDROID: build kernels with llvm-nm and llvm-objcopy 2019-11-14 22:15:06 +00:00
build.config.gki ANDROID: refactor build.config files to remove duplication 2019-10-22 18:27:12 -07:00
build.config.gki.aarch64 ANDROID: refactor build.config files to remove duplication 2019-10-22 18:27:12 -07:00
build.config.gki.x86_64 ANDROID: refactor build.config files to remove duplication 2019-10-22 18:27:12 -07:00
build.config.x86_64 ANDROID: refactor build.config files to remove duplication 2019-10-22 18:27:12 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS This is the 4.19.80 stable release 2019-10-17 15:33:07 -07:00
Makefile This is the 4.19.84 stable release 2019-11-14 14:15:21 +08:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.