mirror of
https://github.com/hardkernel/linux.git
synced 2026-03-30 14:27:43 +09:00
2fd53f8098
Add support for hardware-wrapped keys to fscrypt. Hardware-wrapped keys are inline encryption keys which are only present in kernel memory in ephemerally-wrapped form, and which can only be unwrapped by dedicated hardware. Such keys are protected from certain attacks, such as cold boot attacks. For more information, see the "Hardware-wrapped keys" section of Documentation/block/inline-encryption.rst. To support hardware-wrapped keys in fscrypt, we allow the fscrypt master keys to be hardware-wrapped, and we allow encryption policies to be flagged as needing a hardware-wrapped key. File contents encryption is done by passing the wrapped key to the inline encryption hardware via blk-crypto. Other fscrypt operations such as filenames encryption continue to be done by the kernel, using the "software secret" which the hardware derives. Note that this feature doesn't require any filesystem-specific changes. However it does depend on inline encryption support, and thus currently it is only applicable to ext4 and f2fs, not to ubifs or CephFS. This is a reworked version of a patch which was temporily reverted by https://android-review.googlesource.com/c/kernel/common/+/1867364, and which originated from https://android-review.googlesource.com/c/kernel/common/+/1200864. This is based on a version of this patch that I've proposed upstream (https://lore.kernel.org/r/20211021181608.54127-4-ebiggers@kernel.org), but by necessity it preserves the existing UAPI and on-disk format which Android expects. I also dropped the changes to the documentation file. Bug: 160883801 Change-Id: If4bb83f1188a5863184717c04cb8a064dc4ea168 Signed-off-by: Eric Biggers <ebiggers@google.com>