[dm-crypt] hardware encryption question

Chuck Tuffli ctuffli at gmail.com
Thu Mar 3 02:28:00 CET 2011


On Sat, Feb 26, 2011 at 2:18 AM, Milan Broz <mbroz at redhat.com> wrote:
> dm-crypt uses kernel cryptoAPI, so if you implement proper driver
> for cryptoAPI and this driver will be primary (or automatically detected)
> for the cipher/mode it will be used in dm-crypt.
>
> But it if it is not able to separate encryption from io path, you
> cannot use it in dm-crypt. But you can stack other block devices over it
> (like LVM).

Milan -

The device cannot separate encryption from the IO path, but cryptsetup
seems like a great interface and I would love to take advantage of it
if at all possible. Do you have any advice on possible approaches I
might consider? For example, would creating a new dm-something driver
that passed keys etc. to my driver + modifications to cryptsetup to
recognize this path work? Or would it make more sense to by-pass the
device mapper entirely but still use cryptsetup? Or ... ?

Thanks again for your help!

---chuck


More information about the dm-crypt mailing list