summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorOndrej Kozina <okozina@redhat.com>2016-11-21 15:58:51 +0100
committerMike Snitzer <snitzer@redhat.com>2016-12-08 14:13:09 -0500
commitc538f6ec9f56996677c58cfd1f7f8108b0a944cb (patch)
treee035520dd97d5cd8644a66e28c65879287e42082 /include
parent0637018dff106e2591c1baa628e27a24a37ccf44 (diff)
dm crypt: add ability to use keys from the kernel key retention service
The kernel key service is a generic way to store keys for the use of other subsystems. Currently there is no way to use kernel keys in dm-crypt. This patch aims to fix that. Instead of key userspace may pass a key description with preceding ':'. So message that constructs encryption mapping now looks like this: <cipher> [<key>|:<key_string>] <iv_offset> <dev_path> <start> [<#opt_params> <opt_params>] where <key_string> is in format: <key_size>:<key_type>:<key_description> Currently we only support two elementary key types: 'user' and 'logon'. Keys may be loaded in dm-crypt either via <key_string> or using classical method and pass the key in hex representation directly. dm-crypt device initialised with a key passed in hex representation may be replaced with key passed in key_string format and vice versa. (Based on original work by Andrey Ryabinin) Signed-off-by: Ondrej Kozina <okozina@redhat.com> Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions