[dm-crypt] hardware encryption question

Milan Broz mbroz at redhat.com
Wed Mar 9 11:34:13 CET 2011


On 03/03/2011 02:28 AM, Chuck Tuffli wrote:
> The device cannot separate encryption from the IO path, but cryptsetup
> seems like a great interface and I would love to take advantage of it
> if at all possible. Do you have any advice on possible approaches I
> might consider? For example, would creating a new dm-something driver
> that passed keys etc. to my driver + modifications to cryptsetup to
> recognize this path work? Or would it make more sense to by-pass the
> device mapper entirely but still use cryptsetup? Or ... ?

If there is (or will be) some generic interface for hw-disk FDE, maybe
it can be added some day into libcryptsetup.

dm-crypt (resp. device-mapper) backend is currently fixed in code,
but if there is an alternative, I'll add code to support different backend.

(devel code just did the same for various userspace crypto backends)

But adding code just for one proprietary device is not the option.

Milan


More information about the dm-crypt mailing list