Skip to content

Commit b30ab0e

Browse files
mhalcrow-googletytso
mhalcrow-google
authored and
tytso
committed
ext4 crypto: add ext4 encryption facilities
On encrypt, we will re-assign the buffer_heads to point to a bounce page rather than the control_page (which is the original page to write that contains the plaintext). The block I/O occurs against the bounce page. On write completion, we re-assign the buffer_heads to the original plaintext page. On decrypt, we will attach a read completion callback to the bio struct. This read completion will decrypt the read contents in-place prior to setting the page up-to-date. The current encryption mode, AES-256-XTS, lacks cryptographic integrity. AES-256-GCM is in-plan, but we will need to devise a mechanism for handling the integrity data. Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Ildar Muslukhov <ildarm@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
1 parent 9bd8212 commit b30ab0e

File tree

6 files changed

+682
-1
lines changed

6 files changed

+682
-1
lines changed

fs/ext4/Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,4 @@ ext4-y := balloc.o bitmap.o dir.o file.o fsync.o ialloc.o inode.o page-io.o \
1212

1313
ext4-$(CONFIG_EXT4_FS_POSIX_ACL) += acl.o
1414
ext4-$(CONFIG_EXT4_FS_SECURITY) += xattr_security.o
15-
ext4-$(CONFIG_EXT4_FS_ENCRYPTION) += crypto_policy.o
15+
ext4-$(CONFIG_EXT4_FS_ENCRYPTION) += crypto_policy.o crypto.o

0 commit comments

Comments
 (0)