dm-inlinecrypt currently assumes that all keys are raw software keys. That does not work for platforms where inline encryption expects hardware-wrapped key material managed by secure firmware/hardware.
This series adds support for hardware-wrapped keys in dm-inlinecrypt by introducing an optional <key_type> target argument. The flag lets dm-inlinecrypt select the proper blk-crypto key type at key initialization time: - 1: BLK_CRYPTO_KEY_TYPE_RAW - 2: BLK_CRYPTO_KEY_TYPE_HW_WRAPPED With this change, dm-inlinecrypt can support both raw and wrapped key deployment models without hardcoding one key ownership model. The series also: - updates target argument parsing to include the new required flag - propagates the wrapped/raw state in target status output - updates dm-inlinecrypt documentation and examples accordingly Linlin Zhang (1): dm-inlinecrypt: add support for hardware-wrapped keys .../device-mapper/dm-inlinecrypt.rst | 20 +++--- drivers/md/dm-inlinecrypt.c | 63 ++++++++++++------- 2 files changed, 54 insertions(+), 29 deletions(-) -- 2.34.1
