Skip to content
Commit c538f6ec authored by Ondrej Kozina's avatar Ondrej Kozina Committed by Mike Snitzer
Browse files

dm crypt: add ability to use keys from the kernel key retention service 



The kernel key service is a generic way to store keys for the use of
other subsystems. Currently there is no way to use kernel keys in dm-crypt.
This patch aims to fix that. Instead of key userspace may pass a key
description with preceding ':'. So message that constructs encryption
mapping now looks like this:

  <cipher> [<key>|:<key_string>] <iv_offset> <dev_path> <start> [<#opt_params> <opt_params>]

where <key_string> is in format: <key_size>:<key_type>:<key_description>

Currently we only support two elementary key types: 'user' and 'logon'.
Keys may be loaded in dm-crypt either via <key_string> or using
classical method and pass the key in hex representation directly.

dm-crypt device initialised with a key passed in hex representation may be
replaced with key passed in key_string format and vice versa.

(Based on original work by Andrey Ryabinin)

Signed-off-by: default avatarOndrej Kozina <okozina@redhat.com>
Reviewed-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
parent 0637018d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment