Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst
Source file repositories/reference/linux-study-clean/Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst
File Facts
- System
- Linux kernel
- Corpus path
Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst- Extension
.rst- Size
- 4650 bytes
- Lines
- 130
- Domain
- Support Tooling And Documentation
- Bucket
- Documentation
- Inferred role
- Support Tooling And Documentation: documentation
- Status
- atlas-only
Why This File Exists
Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.
- Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.
Dependency Surface
- No C-style include directives detected by the generator.
Detected Declarations
- No top-level syscall, struct, function, initcall, or export declaration detected by the generator.
Annotated Snippet
==============
dm-inlinecrypt
==============
Device-Mapper's "inlinecrypt" target provides transparent encryption of block devices
using the inline encryption hardware.
For a more detailed description of inline encryption, see:
https://docs.kernel.org/block/inline-encryption.html
Parameters::
<cipher> <key> <iv_offset> <device path> \
<offset> [<#opt_params> <opt_params>]
<cipher>
Encryption cipher type.
The cipher specifications format is::
cipher
Examples::
aes-xts-plain64
The cipher type corresponds to the encryption modes supported by
inline crypto in the block layer. Currently, only
BLK_ENCRYPTION_MODE_AES_256_XTS (i.e. aes-xts-plain64) is supported.
<key>
Key used for encryption. It is encoded either as a hexadecimal number
or it can be passed as <key_string> prefixed with single colon
character (':') for keys residing in kernel keyring service.
You can only use key sizes that are valid for the selected cipher.
Note that the size in bytes of a valid key must be in bellow range.
[BLK_CRYPTO_KEY_TYPE_RAW, BLK_CRYPTO_KEY_TYPE_HW_WRAPPED]
<key_string>
The kernel keyring key is identified by string in following format:
<key_size>:<keyring_type>:<key_description>.
<key_size>
The encryption key size in bytes. The kernel key payload size must match
the value passed in <key_size>.
<keyring_type>
The type of the key inside the kernel keyring. It can be either 'logon',
or 'trusted' kernel key type.
<key_description>
The kernel keyring key description inlinecrypt target should look for
when loading key of <keyring_type>.
<iv_offset>
The IV offset is a sector count that is added to the sector number
before creating the IV.
<device path>
This is the device that is going to be used as backend and contains the
encrypted data. You can specify it as a path like /dev/xxx or a device
number <major>:<minor>.
<offset>
Starting sector within the device where the encrypted data begins.
<#opt_params>
Number of optional parameters. If there are no optional parameters,
the optional parameters section can be skipped or #opt_params can be zero.
Annotation
- Atlas domain: Support Tooling And Documentation / Documentation.
- Implementation status: atlas-only.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.