Explore the emerging technology of inline encryption support in storage hardware through this Linux Plumbers Conference talk. Dive into the benefits of built-in encryption capabilities, particularly for mobile SoCs running Android and as part of UFS and eMMC standards. Learn how these devices perform encryption and decryption between the application processor and disk without impacting latency or CPU overhead. Discover the advantages of inline encryption hardware's ability to hold multiple encryption keys simultaneously and dynamically reprogram for specific requests, making it ideal for file-based encryption (fscrypt) support. Examine the challenges of implementing a unified approach for inline encryption hardware support in the Linux kernel. Explore a proposed solution through an RFC patchset that adds inline encryption support to the block subsystem, UFS driver, f2fs, and fscrypt. Gain insights into key aspects of the approach, including filesystem-hardware encryption key communication, storage driver support implementation, layered device compatibility, software crypto fallback, and potential future encryption improvements. Understand how this work can streamline encryption tasks such as metadata encryption, file-based encryption on removable storage, and the unification of encryption implementation across fscrypt, dm-crypt, and eCryptfs.
Overview
Syllabus
LPC2019 - Inline Encryption Support
Taught by
Linux Plumbers Conference