c538f6ec9f
The kernel key service is a generic way to store keys for the use of other subsystems. Currently there is no way to use kernel keys in dm-crypt. This patch aims to fix that. Instead of key userspace may pass a key description with preceding ':'. So message that constructs encryption mapping now looks like this: <cipher> [<key>|:<key_string>] <iv_offset> <dev_path> <start> [<#opt_params> <opt_params>] where <key_string> is in format: <key_size>:<key_type>:<key_description> Currently we only support two elementary key types: 'user' and 'logon'. Keys may be loaded in dm-crypt either via <key_string> or using classical method and pass the key in hex representation directly. dm-crypt device initialised with a key passed in hex representation may be replaced with key passed in key_string format and vice versa. (Based on original work by Andrey Ryabinin) Signed-off-by: Ondrej Kozina <okozina@redhat.com> Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> |
||
---|---|---|
.. | ||
cache-policies.txt | ||
cache.txt | ||
delay.txt | ||
dm-crypt.txt | ||
dm-flakey.txt | ||
dm-io.txt | ||
dm-log.txt | ||
dm-queue-length.txt | ||
dm-raid.txt | ||
dm-service-time.txt | ||
dm-uevent.txt | ||
era.txt | ||
kcopyd.txt | ||
linear.txt | ||
log-writes.txt | ||
persistent-data.txt | ||
snapshot.txt | ||
statistics.txt | ||
striped.txt | ||
switch.txt | ||
thin-provisioning.txt | ||
verity.txt | ||
zero.txt |