diff options
| author | Ondrej Kozina <okozina@redhat.com> | 2016-11-21 17:58:51 +0300 |
|---|---|---|
| committer | Mike Snitzer <snitzer@redhat.com> | 2016-12-08 22:13:09 +0300 |
| commit | c538f6ec9f56996677c58cfd1f7f8108b0a944cb (patch) | |
| tree | e035520dd97d5cd8644a66e28c65879287e42082 /Documentation/intel_txt.txt | |
| parent | 0637018dff106e2591c1baa628e27a24a37ccf44 (diff) | |
| download | linux-c538f6ec9f56996677c58cfd1f7f8108b0a944cb.tar.xz | |
dm crypt: add ability to use keys from the kernel key retention service
The kernel key service is a generic way to store keys for the use of
other subsystems. Currently there is no way to use kernel keys in dm-crypt.
This patch aims to fix that. Instead of key userspace may pass a key
description with preceding ':'. So message that constructs encryption
mapping now looks like this:
<cipher> [<key>|:<key_string>] <iv_offset> <dev_path> <start> [<#opt_params> <opt_params>]
where <key_string> is in format: <key_size>:<key_type>:<key_description>
Currently we only support two elementary key types: 'user' and 'logon'.
Keys may be loaded in dm-crypt either via <key_string> or using
classical method and pass the key in hex representation directly.
dm-crypt device initialised with a key passed in hex representation may be
replaced with key passed in key_string format and vice versa.
(Based on original work by Andrey Ryabinin)
Signed-off-by: Ondrej Kozina <okozina@redhat.com>
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Diffstat (limited to 'Documentation/intel_txt.txt')
0 files changed, 0 insertions, 0 deletions