diff options
author | Jaegeuk Kim <jaegeuk@kernel.org> | 2016-05-04 22:05:01 -0700 |
---|---|---|
committer | Jaegeuk Kim <jaegeuk@kernel.org> | 2016-05-07 10:32:33 -0700 |
commit | b5a7aef1ef436ec005fef0efe31a676ec5f4ab31 (patch) | |
tree | c3eb022f963b70eadb066e8c87b7041236955289 /fs/f2fs/recovery.c | |
parent | 09210c973af30320edc03a6325422cdd0f03b580 (diff) | |
download | linux-b5a7aef1ef436ec005fef0efe31a676ec5f4ab31.tar.gz linux-b5a7aef1ef436ec005fef0efe31a676ec5f4ab31.tar.bz2 linux-b5a7aef1ef436ec005fef0efe31a676ec5f4ab31.zip |
fscrypto/f2fs: allow fs-specific key prefix for fs encryption
This patch allows fscrypto to handle a second key prefix given by filesystem.
The main reason is to provide backward compatibility, since previously f2fs
used "f2fs:" as a crypto prefix instead of "fscrypt:".
Later, ext4 should also provide key_prefix() to give "ext4:".
One concern decribed by Ted would be kinda double check overhead of prefixes.
In x86, for example, validate_user_key consumes 8 ms after boot-up, which turns
out derive_key_aes() consumed most of the time to load specific crypto module.
After such the cold miss, it shows almost zero latencies, which treats as a
negligible overhead.
Note that request_key() detects wrong prefix in prior to derive_key_aes() even.
Cc: Ted Tso <tytso@mit.edu>
Cc: stable@vger.kernel.org # v4.6
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Diffstat (limited to 'fs/f2fs/recovery.c')
0 files changed, 0 insertions, 0 deletions