github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-12 08:43:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
fd35c92fc4
linux/fs
History
Eric Biggers c26f08d1d4 ANDROID: block: add basic hardware-wrapped key support 
To prevent keys from being compromised if an attacker acquires read
access to kernel memory, some inline encryption hardware can accept keys
which are wrapped by a per-boot hardware-internal key.  This avoids
needing to keep the plaintext keys in kernel memory, without restricting
the number of keys that can be used.  Such keys can be initially
generated either by software (in which case they must be imported to
hardware to be wrapped) or directly by the hardware.  There is also a
mechanism to derive a "software secret" for cryptographic tasks that
can't be handled by inline encryption.

To support this hardware, allow struct blk_crypto_key to represent a
hardware-wrapped key as an alternative to a standard key, and make
drivers set flags in struct blk_crypto_profile to indicate which types
of keys they support.  Also add the derive_sw_secret() low-level
operation, which drivers supporting wrapped keys must implement.

For more information, see the detailed documentation which this patch
adds to Documentation/block/inline-encryption.rst.

This is a reworked version of a patch which was temporily reverted by
https://android-review.googlesource.com/c/kernel/common/+/1867367, and
which originated from several ANDROID patches that were consolidated by
https://android-review.googlesource.com/c/kernel/common-patches/+/1350782.
This version of the patch matches the patch in the below "Link:" tag
that was sent upstream as an RFC.  However, due to its history as
ANDROID, it remains tagged as ANDROID rather than FROMLIST.

Bug: 160883801
Link: https://lore.kernel.org/r/20211021181608.54127-2-ebiggers@kernel.org
Change-Id: I4d18c261c279d606457b33374234c0a037e1d45a
Signed-off-by: Eric Biggers <ebiggers@google.com>
2021-11-04 12:24:11 -07:00
..
9p 9p: Fix a bunch of kerneldoc warnings shown up by W=1 2021-10-04 22:07:46 +01:00
adfs
affs affs: use bdev_nr_sectors instead of open coding it 2021-10-18 14:43:22 -06:00
afs Memory folios 2021-11-01 08:47:59 -07:00
autofs autofs: fix wait name hash calculation in autofs_wait() 2021-10-20 21:09:02 -04:00
befs
bfs
btrfs for-5.16-tag 2021-11-01 12:48:25 -07:00
cachefiles for-5.16/ki_complete-2021-10-29 2021-11-01 10:17:11 -07:00
ceph for-5.16/ki_complete-2021-10-29 2021-11-01 10:17:11 -07:00
cifs fs: get rid of the res2 iocb->ki_complete argument 2021-10-25 10:36:24 -06:00
coda
configfs Merge eceae1e7ac ("Merge tag 'configfs-5.15' of git://git.infradead.org/users/hch/configfs") into android-mainline 2021-09-13 10:54:52 +02:00
cramfs cramfs: use bdev_nr_bytes instead of open coding it 2021-10-18 14:43:22 -06:00
crypto ANDROID: block: add basic hardware-wrapped key support 2021-11-04 12:24:11 -07:00
debugfs debugfs: debugfs_create_file_size(): use IS_ERR to check for error 2021-09-21 09:09:06 +02:00
devpts
dlm fs: dlm: avoid comms shutdown delay in release_lockspace 2021-09-01 11:29:14 -05:00
ecryptfs
efivarfs
efs
erofs erofs: don't trigger WARN() when decompression fails 2021-10-31 21:00:28 +08:00
exfat exfat: fix incorrect loading of i_blocks for large files 2021-11-01 07:49:21 +09:00
exportfs
ext2 ext2: fix sleeping in atomic bugs on error 2021-09-22 13:05:23 +02:00
ext4 Merge cd3e8ea847 ("Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt") into android-mainline 2021-11-03 12:37:18 +01:00
f2fs Merge cd3e8ea847 ("Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt") into android-mainline 2021-11-03 12:37:18 +01:00
fat for-5.16/inode-sync-2021-10-29 2021-11-01 10:25:27 -07:00
freevxfs
fscache fscache: Remove an unused static variable 2021-10-04 22:13:12 +01:00
fuse ANDROID: fuse: passthrough: fix up build error in ki_complete 2021-11-03 12:22:21 +01:00
gfs2 for-5.16/block-2021-10-29 2021-11-01 09:19:50 -07:00
hfs hfs: use bdev_nr_sectors instead of open coding it 2021-10-18 14:43:22 -06:00
hfsplus hfsplus: use bdev_nr_sectors instead of open coding it 2021-10-18 14:43:23 -06:00
hostfs hostfs: support splice_write 2021-08-26 22:28:02 +02:00
hpfs
hugetlbfs
incfs ANDROID: Incremental fs: Fix dentry get/put imbalance on vfs_mkdir() failure 2021-10-26 15:08:40 +00:00
iomap Merge 19901165d9 ("Merge tag 'for-5.16/inode-sync-2021-10-29' of git://git.kernel.dk/linux-block") into android-mainline 2021-11-03 12:20:43 +01:00
isofs
jbd2 jbd2: add sparse annotations for add_transaction_credits() 2021-08-30 23:36:50 -04:00
jffs2
jfs for-5.16/bdev-size-2021-10-29 2021-11-01 09:50:37 -07:00
kernfs kernfs: don't create a negative dentry if inactive node exists 2021-10-04 10:27:18 +02:00
ksmbd ksmbd: add buffer validation in session setup 2021-10-20 00:07:10 -05:00
lockd Critical bug fixes: 2021-09-22 09:21:02 -07:00
minix
netfs netfs: Fix READ/WRITE confusion when calling iov_iter_xarray() 2021-10-05 11:22:06 +01:00
nfs for-5.16/ki_complete-2021-10-29 2021-11-01 10:17:11 -07:00
nfs_common nfs: Fix kerneldoc warning shown up by W=1 2021-10-04 22:02:17 +01:00
nfsd nfsd/blocklayout: use ->get_unique_id instead of sending SCSI commands 2021-10-22 08:33:57 -06:00
nilfs2 nilfs2: use bdev_nr_bytes instead of open coding it 2021-10-18 14:43:23 -06:00
nls
notify Merge tag 'v5.15-rc1' into android-mainline 2021-09-16 09:51:19 +02:00
ntfs ntfs: use sb_bdev_nr_blocks 2021-10-18 14:43:23 -06:00
ntfs3 for-5.16/inode-sync-2021-10-29 2021-11-01 10:25:27 -07:00
ocfs2 ocfs2: fix race between searching chunks and release journal_head from buffer_head 2021-10-28 17:18:55 -07:00
omfs
openpromfs
orangefs mm: don't include <linux/blkdev.h> in <linux/backing-dev.h> 2021-10-18 06:17:01 -06:00
overlayfs Merge 19901165d9 ("Merge tag 'for-5.16/inode-sync-2021-10-29' of git://git.kernel.dk/linux-block") into android-mainline 2021-11-03 12:20:43 +01:00
proc Merge 2d338201d5 ("Merge branch 'akpm' (patches from Andrew)") into android-mainline 2021-09-15 14:34:48 +02:00
pstore pstore/blk: use bdev_nr_bytes instead of open coding it 2021-10-18 14:43:23 -06:00
qnx4 qnx4: work around gcc false positive warning bug 2021-09-21 08:36:48 -07:00
qnx6
quota mm: don't include <linux/blk-cgroup.h> in <linux/writeback.h> 2021-10-18 06:17:01 -06:00
ramfs mm: don't include <linux/blk-cgroup.h> in <linux/backing-dev.h> 2021-10-18 06:17:01 -06:00
reiserfs reiserfs: use sb_bdev_nr_blocks 2021-10-18 14:43:23 -06:00
romfs
smbfs_common cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
squashfs squashfs: use bdev_nr_bytes instead of open coding it 2021-10-18 14:43:23 -06:00
sysfs
sysv
tracefs
ubifs fscrypt: remove fscrypt_operations::max_namelen 2021-09-20 19:32:33 -07:00
udf udf: use sb_bdev_nr_blocks 2021-10-18 14:43:23 -06:00
ufs
unicode
vboxsf vboxfs: fix broken legacy mount signature checking 2021-09-27 11:26:21 -07:00
verity Merge 7b66f4393a ("Merge tag 'hwmon-for-v5.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging") into android-mainline 2021-10-03 14:57:24 +02:00
xfs block: switch polling to be bio based 2021-10-18 06:17:36 -06:00
zonefs block: switch polling to be bio based 2021-10-18 06:17:36 -06:00
aio.c fs: get rid of the res2 iocb->ki_complete argument 2021-10-25 10:36:24 -06:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c binfmt: a.out: Fix bogus semicolon 2021-09-05 10:15:05 -07:00
binfmt_elf_fdpic.c binfmt: remove in-tree usage of MAP_DENYWRITE 2021-09-03 18:42:01 +02:00
binfmt_elf.c elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings 2021-10-03 14:02:58 -07:00
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
buffer.c fs: simplify init_page_buffers 2021-10-18 14:43:22 -06:00
char_dev.c
compat_binfmt_elf.c
coredump.c coredump: fix memleak in dump_vma_snapshot() 2021-09-08 11:50:27 -07:00
d_path.c d_path: make 'prepend()' fill up the buffer exactly on overflow 2021-09-02 10:07:29 -07:00
dax.c New code for 5.15: 2021-08-31 11:13:35 -07:00
dcache.c
direct-io.c Merge 19901165d9 ("Merge tag 'for-5.16/inode-sync-2021-10-29' of git://git.kernel.dk/linux-block") into android-mainline 2021-11-03 12:20:43 +01:00
drop_caches.c fs: drop_caches: fix skipping over shadow cache inodes 2021-09-03 09:58:10 -07:00
eventfd.c eventfd: Export eventfd_wake_count to modules 2021-09-06 07:20:56 -04:00
eventpoll.c Merge tag 'v5.15-rc1' into android-mainline 2021-09-16 09:51:19 +02:00
exec.c Merge tag 'denywrite-for-5.15' of git://github.com/davidhildenbrand/linux 2021-09-04 11:35:47 -07:00
fcntl.c Merge branch 'akpm' (patches from Andrew) 2021-09-03 10:08:28 -07:00
fhandle.c
file_table.c
file.c virtio,vdpa,vhost: features, fixes 2021-09-11 14:48:42 -07:00
filesystems.c
fs_context.c memcg: charge fs_context and legacy_fs_context 2021-09-03 09:58:12 -07:00
fs_parser.c namei: Standardize callers of filename_lookup() 2021-09-07 16:07:47 -04:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c block: cleanup the flush plug helpers 2021-10-20 09:56:11 -06:00
fsopen.c
init.c
inode.c fs: export an inode_update_time helper 2021-10-26 19:08:08 +02:00
internal.h block: simplify the block device syncing code 2021-10-22 08:36:55 -06:00
io_uring.c for-5.16/ki_complete-2021-10-29 2021-11-01 10:17:11 -07:00
io-wq.c for-5.16/io_uring-2021-10-29 2021-11-01 09:41:33 -07:00
io-wq.h io_uring: optimise INIT_WQ_LIST 2021-10-19 05:49:54 -06:00
ioctl.c New code for 5.15: 2021-08-31 11:06:32 -07:00
Kconfig Merge tag 'v5.15-rc1' into android-mainline 2021-09-16 09:51:19 +02:00
Kconfig.binfmt
kernel_read_file.c vfs: check fd has read access in kernel_read_file_from_fd() 2021-10-18 20:22:03 -10:00
libfs.c
locks.c locks: remove changelog comments 2021-10-19 14:11:39 -04:00
Makefile Merge tag 'v5.15-rc1' into android-mainline 2021-09-16 09:51:19 +02:00
mbcache.c
mount.h
mpage.c
namei.c File locking changes for v5.16 2021-11-01 09:06:53 -07:00
namespace.c Merge branch 'akpm' (patches from Andrew) 2021-09-03 10:08:28 -07:00
no-block.c
nsfs.c
open.c ANDROID: syscall_check: add vendor hook for open syscall 2021-10-29 14:20:13 +08:00
OWNERS
pipe.c Revert "mm/gup: remove try_get_page(), call try_get_compound_head() directly" 2021-09-07 11:03:45 -07:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c fs: remove leftover comments from mandatory locking removal 2021-10-26 12:20:50 -04:00
readdir.c
remap_range.c
select.c Revert "memcg: enable accounting for pollfd and select bits arrays" 2021-09-07 11:26:23 -07:00
seq_file.c
signalfd.c
splice.c
stack.c
stat.c
statfs.c
super.c
sync.c Merge 19901165d9 ("Merge tag 'for-5.16/inode-sync-2021-10-29' of git://git.kernel.dk/linux-block") into android-mainline 2021-11-03 12:20:43 +01:00
timerfd.c
userfaultfd.c Merge d9abdee5fd ("Merge branch 'akpm' (patches from Andrew)") into android-mainline 2021-10-20 12:30:42 +02:00
utimes.c
xattr.c