inline-encryption.rst - OpenGrok cross reference for /linux-6.14.4/Documentation/block/inline-encryption.rst

Lines Matching full:crypto
24 Note that inline encryption hardware is very different from traditional crypto
25 accelerators, which are supported through the kernel crypto API.  Traditional
26 crypto accelerators operate on memory regions, whereas inline encryption
28 managed by the block layer, not the kernel crypto API.
41 also want support for falling back to the kernel crypto API when actual inline
45 fall back to crypto API en/decryption).
58   properties the "crypto capabilities".  We need a way for device drivers to
59   advertise crypto capabilities to upper layers in a generic way.
67 - Upper layers typically define a specific end-of-life for crypto keys, e.g.
68   when an encrypted directory is locked or when a crypto mapping is torn down.
97 advertise their crypto capabilities and provide certain functions (e.g.,
132 blk-crypto-fallback
141 Therefore, we also introduce *blk-crypto-fallback*, which is an implementation
142 of inline encryption using the kernel crypto API.  blk-crypto-fallback is built
146 handle en/decryption of the bio using blk-crypto-fallback.
149 on it being unmodified.  Instead, blk-crypto-fallback allocates bounce pages,
152 blk-crypto-fallback completes the original bio.  If the original bio is too
155 For decryption, blk-crypto-fallback "wraps" the bio's completion callback
158 successfully, blk-crypto-fallback restores the bio's original completion
160 kernel crypto API.  Decryption happens from a workqueue, as it may sleep.
161 Afterwards, blk-crypto-fallback completes the bio.
163 In both cases, the bios that blk-crypto-fallback submits no longer have an
166 blk-crypto-fallback also defines its own blk_crypto_profile and has its own
170 encryption hardware, the crypto API doesn't accept keys directly in requests but
174 makes sense for blk-crypto-fallback.
177 blk-crypto-fallback is used, the ciphertext written to disk (and hence the
179 encryption hardware's implementation and the kernel crypto API's implementation
182 blk-crypto-fallback is optional and is controlled by the
189 inline encryption with particular crypto settings will work on a particular
190 block_device -- either via hardware or via blk-crypto-fallback.  This function
193 size, etc.  This function can be useful if blk-crypto-fallback is disabled.
199 was called earlier).  This is needed to initialize blk-crypto-fallback if it
236 Next, it must advertise its crypto capabilities by setting fields in the
247 encryption contexts will be compatible with the crypto capabilities declared in
264 ``blk_crypto_profile_destroy()`` when the crypto profile is no longer needed.
272 pass a clone of that request to another request_queue, blk-crypto will
292 encryption support is present or the kernel crypto API fallback is used (since
301 When the crypto API fallback is enabled, this means that all bios with and