include/linux/blk-crypto-profile.h
Source file repositories/reference/linux-study-clean/include/linux/blk-crypto-profile.h
File Facts
- System
- Linux kernel
- Corpus path
include/linux/blk-crypto-profile.h- Extension
.h- Size
- 8100 bytes
- Lines
- 229
- Domain
- Representative Device Path
- Bucket
- PCIe NVMe Storage Path
- Inferred role
- Representative Device Path: implementation source
- Status
- source implementation candidate
Why This File Exists
Part of the selected hardware vertical slice: PCI discovery, driver binding, NVMe queues, block requests, DMA, interrupts, and completion.
- Part of the selected hardware vertical slice: PCI discovery, driver binding, NVMe queues, block requests, DMA, interrupts, and completion.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/bio.hlinux/blk-crypto.h
Detected Declarations
struct blk_crypto_profilestruct blk_crypto_ll_opsstruct blk_crypto_profile
Annotated Snippet
struct blk_crypto_ll_ops {
/**
* @keyslot_program: Program a key into the inline encryption hardware.
*
* Program @key into the specified @slot in the inline encryption
* hardware, overwriting any key that the keyslot may already contain.
* The keyslot is guaranteed to not be in-use by any I/O.
*
* This is required if the device has keyslots. Otherwise (i.e. if the
* device is a layered device, or if the device is real hardware that
* simply doesn't have the concept of keyslots) it is never called.
*
* Must return 0 on success, or -errno on failure.
*/
int (*keyslot_program)(struct blk_crypto_profile *profile,
const struct blk_crypto_key *key,
unsigned int slot);
/**
* @keyslot_evict: Evict a key from the inline encryption hardware.
*
* If the device has keyslots, this function must evict the key from the
* specified @slot. The slot will contain @key, but there should be no
* need for the @key argument to be used as @slot should be sufficient.
* The keyslot is guaranteed to not be in-use by any I/O.
*
* If the device doesn't have keyslots itself, this function must evict
* @key from any underlying devices. @slot won't be valid in this case.
*
* If there are no keyslots and no underlying devices, this function
* isn't required.
*
* Must return 0 on success, or -errno on failure.
*/
int (*keyslot_evict)(struct blk_crypto_profile *profile,
const struct blk_crypto_key *key,
unsigned int slot);
/**
* @derive_sw_secret: Derive the software secret from a hardware-wrapped
* key in ephemerally-wrapped form.
*
* This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED
* is supported.
*
* Must return 0 on success, -EBADMSG if the key is invalid, or another
* -errno code on other errors.
*/
int (*derive_sw_secret)(struct blk_crypto_profile *profile,
const u8 *eph_key, size_t eph_key_size,
u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]);
/**
* @import_key: Create a hardware-wrapped key by importing a raw key.
*
* This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED
* is supported.
*
* On success, must write the new key in long-term wrapped form to
* @lt_key and return its size in bytes. On failure, must return a
* -errno value.
*/
int (*import_key)(struct blk_crypto_profile *profile,
const u8 *raw_key, size_t raw_key_size,
u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
/**
* @generate_key: Generate a hardware-wrapped key.
*
* This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED
* is supported.
*
* On success, must write the new key in long-term wrapped form to
* @lt_key and return its size in bytes. On failure, must return a
* -errno value.
*/
int (*generate_key)(struct blk_crypto_profile *profile,
u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
/**
* @prepare_key: Prepare a hardware-wrapped key to be used.
*
* Prepare a hardware-wrapped key to be used by converting it from
* long-term wrapped form to ephemerally-wrapped form. This only needs
* to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED is supported.
*
* On success, must write the key in ephemerally-wrapped form to
* @eph_key and return its size in bytes. On failure, must return
* -EBADMSG if the key is invalid, or another -errno on other error.
Annotation
- Immediate include surface: `linux/bio.h`, `linux/blk-crypto.h`.
- Detected declarations: `struct blk_crypto_profile`, `struct blk_crypto_ll_ops`, `struct blk_crypto_profile`.
- Atlas domain: Representative Device Path / PCIe NVMe Storage Path.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.