Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst

Source file repositories/reference/linux-study-clean/Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst

File Facts

System
Linux kernel
Corpus path
Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst
Extension
.rst
Size
4650 bytes
Lines
130
Domain
Support Tooling And Documentation
Bucket
Documentation
Inferred role
Support Tooling And Documentation: documentation
Status
atlas-only

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

==============
dm-inlinecrypt
==============

Device-Mapper's "inlinecrypt" target provides transparent encryption of block devices
using the inline encryption hardware.

For a more detailed description of inline encryption, see:
https://docs.kernel.org/block/inline-encryption.html

Parameters::

	      <cipher> <key> <iv_offset> <device path> \
	      <offset> [<#opt_params> <opt_params>]

<cipher>
    Encryption cipher type.

    The cipher specifications format is::

       cipher

    Examples::

       aes-xts-plain64

    The cipher type corresponds to the encryption modes supported by
    inline crypto in the block layer. Currently, only
    BLK_ENCRYPTION_MODE_AES_256_XTS (i.e. aes-xts-plain64) is supported.

<key>
    Key used for encryption. It is encoded either as a hexadecimal number
    or it can be passed as <key_string> prefixed with single colon
    character (':') for keys residing in kernel keyring service.
    You can only use key sizes that are valid for the selected cipher.
    Note that the size in bytes of a valid key must be in bellow range.

        [BLK_CRYPTO_KEY_TYPE_RAW, BLK_CRYPTO_KEY_TYPE_HW_WRAPPED]

<key_string>
    The kernel keyring key is identified by string in following format:
    <key_size>:<keyring_type>:<key_description>.

<key_size>
    The encryption key size in bytes. The kernel key payload size must match
    the value passed in <key_size>.

<keyring_type>
    The type of the key inside the kernel keyring. It can be either 'logon',
    or 'trusted' kernel key type.

<key_description>
    The kernel keyring key description inlinecrypt target should look for
    when loading key of <keyring_type>.

<iv_offset>
    The IV offset is a sector count that is added to the sector number
    before creating the IV.

<device path>
    This is the device that is going to be used as backend and contains the
    encrypted data.  You can specify it as a path like /dev/xxx or a device
    number <major>:<minor>.

<offset>
    Starting sector within the device where the encrypted data begins.

<#opt_params>
    Number of optional parameters. If there are no optional parameters,
    the optional parameters section can be skipped or #opt_params can be zero.

Annotation

Implementation Notes