When using loopback device with dio, we can't rely on page flag.
Bug: 141601405
Bug: 141860559
Bug: 140882488
Change-Id: I09526c25e8d5333853e777f29333f9fa8da37459
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Default key will be used to encrypt the metadata of file
system. For metadata inode/bio file encryption type will be invalid
hence data unit number (dun) update in file system specific per file
key driver will not work.
Change-Id: Ib79c35d4b76be4b1cf3732673cc251bfca71f466
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
This patch fixes assigning bi_crypt_key for moving data which was previously
encrypted by f2fs.
Note that, dm-default-key should not assign bi_crypt_key, if bi_crypt_skip is
set.
The issue sceanrios is:
1. write data with user key by f2fs
- ENC(KU, IVU, DATA)
2. log out user key
3. read data #1 w/o user key from LBA #a
4. dm-default-key assigns default key
- DEC(KD, LBA#a, ENC(KU, IVU, DATA))
5. write data #1 w/o user key into LBA #b
6. dm-default-key assigns default key
- ENC(KD, LBA#b, DEC(KD, LBA#a, ENC(KU, IVU, DATA)))
7. Read DATA out with valid logged-in user key
- DEC(KU, IVU, ENC(KD, LBA#b, DEC(KD, LBA#a, ENC(KU, IVU, DATA))))
So, this patch introduces bi_crypt_skip to avoid 4. ~ 6 with right flow:
1. write data with user key by f2fs
- ENC(KU, IVU, DATA)
2. log out user key
3. read data #1 w/o user key from LBA #a
4. dm-default-key skip to assign default key
- ENC(KU, IVU, DATA)
5. write data #1 w/o user key into LBA #b
6. dm-default-key skips to assign default key
- ENC(KU, IVU, DATA)
7. Try to read DATA with valid logged-in user key
- DEC(KU, IVU, ENC(KU, IVU, DATA))
Issue: 68721442
Change-Id: Icefe85f608b7c3c84beb2bfa4267efd0f3787453
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Signed-off-by: Shivaprasad Hongal <shongal@codeaurora.org>
[neersoni@codeaurora.corg: resolved merged conflicts, compilation issues.]
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Inline Crypto Engine dun setting is done based on its version.
For version <= 2 storage driver handles the dun setting.
For version > 2 dun is handled in trustzone ice driver.
Change-Id: If88ea132c4151712e8402b64b3b88bd3daf2fd18
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
EXT4 FS and F2FS has different way of setting Data Unit Number (DUN)
size value for UFS and eMMC storage devices. EXT4 FS uses sector number
while F2FS uses inode|pgidx. Check Storage and file system type
before setting the DUN value in Inline Crypto Engine (ICE).
Change-Id: If822863893fc0725a5ff0410e7418c352ad70fc1
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Even if invalidate key scm call is failed crypto
engine clocks should be disabled as fresh set key
call will any way enable clocks again. This will
also help in power savings.
Change-Id: I640150228112a3d36f49cb52a7de0df6cc6a4662
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Use non-retrying version of scm calls to
configure ICE keys. This ensures that control is
returned to upper layer as quickly as possible.
Change-Id: Idbecd9301d2f361c17a720c4ac0dcdc393985676
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Hardware File Based Encryption (FBE) uses crypto engine to
encrypt the user data with unique key for each file.
File name and data both are encrypted with this feature.
1. security/pfk: changes to support per file
encryption for f2fs using hardware crypto engine.
2. fs/ext4: adapted crypto APIs for generic crypto layer.
3. fs/f2fs: support hardware crypto engine based per file
encryption.
4. fs/crypto: export APIs to support hardware crypto
engine based per file encryption.
Other changes made to provide support framework for per
file encryption.
Change-Id: I7981fa7f8f0c4bc058b80b7b8e342cfd81697c74
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
HW File Based Encryption (FBE) uses Crypto Engine to
encrypt the user data with unique key for each file.
File name and data both are encrypted with this feature.
- security/pfk: New module to support per file
encryption using CE.
- fs/ext4: changes made to support using crypto engine
to encyrpt the data.
Other changes made to provide support framework for per
file encryption.
Change-Id: I82b05a73b10ad8c26b0e400cdf246c67a8060f0e
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
This reverts commit 7b939265f4.
This is temporary due to hard conflicts against android-4.9.84.
Intake is switched from android-4.9-o to android-4.9 with LSK
tag 4.9.84 and more time is needed to rework the FBE changeset
[1] according to the new upstream changes coming from
android-4.9.
[1] c23efa5 security: pfk: Error code was overwritten
7b93926 Enable HW File Based Encryption on ext4 file system
Change-Id: I6b539a549fe0016339558025807910c3946f1daf
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
This reverts commit c23efa56f6.
This is temporary due to hard conflicts against android-4.9.84.
Intake is switched from android-4.9-o to android-4.9 with LSK
tag 4.9.84 and more time is needed to rework the FBE changeset
[1] according to the new upstream changes coming from
android-4.9.
[1] c23efa5 security: pfk: Error code was overwritten
7b93926 Enable HW File Based Encryption on ext4 file system
Change-Id: Iadb627691de77c195eb8644b2e9329ed9b764d64
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Invalidate scm calls overwrites set key call
error code in case set key call has failed.
Change-Id: I9c9d9026ab1f5c593f78fd0e592e2270aa28292c
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
HW File Based Encryption (FBE) uses Crypto Engine to
encrypt the user data with unique key for each file.
File name and data both are encrypted with this feature.
1. security/pfk: New module to support per file
encryption using CE.
2. fs/ext4: changes made to support using crypto engine
to encyrpt the data.
Other changes made to provide support framework for per
file encryption.
Change-Id: I90d1a6df69ab30fd2476d9aad661e3ae1375e01d
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
