From: Eric Biggers <ebiggers@kernel.org>
To: linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org
Cc: kernel-team@android.com, Israel Rukshin <israelr@nvidia.com>
Subject: [RFC PATCH v6 2/4] blk-crypto: show supported key types in sysfs
Date: Mon, 26 Sep 2022 18:47:16 -0700 [thread overview]
Message-ID: <20220927014718.125308-3-ebiggers@kernel.org> (raw)
In-Reply-To: <20220927014718.125308-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Add sysfs files that indicate which type(s) of keys are supported by the
inline encryption hardware associated with a particular request queue:
/sys/block/$disk/queue/crypto/hw_wrapped_keys
/sys/block/$disk/queue/crypto/standard_keys
Userspace can use the presence or absence of these files to decide what
encyption settings to use.
Don't use a single key_type file, as devices might support both key
types at the same time.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
Documentation/ABI/stable/sysfs-block | 18 ++++++++++++++
block/blk-crypto-sysfs.c | 35 ++++++++++++++++++++++++++++
2 files changed, 53 insertions(+)
diff --git a/Documentation/ABI/stable/sysfs-block b/Documentation/ABI/stable/sysfs-block
index cd14ecb3c9a5..ab0a36a342d5 100644
--- a/Documentation/ABI/stable/sysfs-block
+++ b/Documentation/ABI/stable/sysfs-block
@@ -166,6 +166,16 @@ Description:
encryption, refer to Documentation/block/inline-encryption.rst.
+What: /sys/block/<disk>/queue/crypto/hw_wrapped_keys
+Contact: linux-block@vger.kernel.org
+Description:
+ [RO] The presence of this file indicates that the device
+ supports hardware-wrapped inline encryption keys, i.e. key blobs
+ that can only be unwrapped and used by dedicated hardware. For
+ more information about hardware-wrapped inline encryption keys,
+ see Documentation/block/inline-encryption.rst.
+
+
What: /sys/block/<disk>/queue/crypto/max_dun_bits
Date: February 2022
Contact: linux-block@vger.kernel.org
@@ -204,6 +214,14 @@ Description:
use with inline encryption.
+What: /sys/block/<disk>/queue/crypto/standard_keys
+Contact: linux-block@vger.kernel.org
+Description:
+ [RO] The presence of this file indicates that the device
+ supports standard inline encryption keys, i.e. keys that are
+ managed in raw, plaintext form in software.
+
+
What: /sys/block/<disk>/queue/dax
Date: June 2016
Contact: linux-block@vger.kernel.org
diff --git a/block/blk-crypto-sysfs.c b/block/blk-crypto-sysfs.c
index fd93bd2f33b7..d1dbe50f806a 100644
--- a/block/blk-crypto-sysfs.c
+++ b/block/blk-crypto-sysfs.c
@@ -31,6 +31,13 @@ static struct blk_crypto_attr *attr_to_crypto_attr(struct attribute *attr)
return container_of(attr, struct blk_crypto_attr, attr);
}
+static ssize_t hw_wrapped_keys_show(struct blk_crypto_profile *profile,
+ struct blk_crypto_attr *attr, char *page)
+{
+ /* Always show supported, since the file doesn't exist otherwise. */
+ return sysfs_emit(page, "supported\n");
+}
+
static ssize_t max_dun_bits_show(struct blk_crypto_profile *profile,
struct blk_crypto_attr *attr, char *page)
{
@@ -43,20 +50,48 @@ static ssize_t num_keyslots_show(struct blk_crypto_profile *profile,
return sysfs_emit(page, "%u\n", profile->num_slots);
}
+static ssize_t standard_keys_show(struct blk_crypto_profile *profile,
+ struct blk_crypto_attr *attr, char *page)
+{
+ /* Always show supported, since the file doesn't exist otherwise. */
+ return sysfs_emit(page, "supported\n");
+}
+
#define BLK_CRYPTO_RO_ATTR(_name) \
static struct blk_crypto_attr _name##_attr = __ATTR_RO(_name)
+BLK_CRYPTO_RO_ATTR(hw_wrapped_keys);
BLK_CRYPTO_RO_ATTR(max_dun_bits);
BLK_CRYPTO_RO_ATTR(num_keyslots);
+BLK_CRYPTO_RO_ATTR(standard_keys);
+
+static umode_t blk_crypto_is_visible(struct kobject *kobj,
+ struct attribute *attr, int n)
+{
+ struct blk_crypto_profile *profile = kobj_to_crypto_profile(kobj);
+ struct blk_crypto_attr *a = attr_to_crypto_attr(attr);
+
+ if (a == &hw_wrapped_keys_attr &&
+ !(profile->key_types_supported & BLK_CRYPTO_KEY_TYPE_HW_WRAPPED))
+ return 0;
+ if (a == &standard_keys_attr &&
+ !(profile->key_types_supported & BLK_CRYPTO_KEY_TYPE_STANDARD))
+ return 0;
+
+ return 0444;
+}
static struct attribute *blk_crypto_attrs[] = {
+ &hw_wrapped_keys_attr.attr,
&max_dun_bits_attr.attr,
&num_keyslots_attr.attr,
+ &standard_keys_attr.attr,
NULL,
};
static const struct attribute_group blk_crypto_attr_group = {
.attrs = blk_crypto_attrs,
+ .is_visible = blk_crypto_is_visible,
};
/*
--
2.37.3
next prev parent reply other threads:[~2022-09-27 1:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-27 1:47 [RFC PATCH v6 0/4] Support for hardware-wrapped inline encryption keys Eric Biggers
2022-09-27 1:47 ` [RFC PATCH v6 1/4] blk-crypto: add basic hardware-wrapped key support Eric Biggers
2022-09-27 1:47 ` Eric Biggers [this message]
2022-09-27 1:47 ` [RFC PATCH v6 3/4] blk-crypto: add ioctls to create and prepare hardware-wrapped keys Eric Biggers
2022-09-27 1:47 ` [RFC PATCH v6 4/4] fscrypt: add support for " Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220927014718.125308-3-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=israelr@nvidia.com \
--cc=kernel-team@android.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).