Re: [PATCH v3 00/15] x86: Support Key Locker

From: Eric Biggers
Date: Tue Nov 30 2021 - 02:23:50 EST


On Tue, Nov 30, 2021 at 06:36:15AM +0000, Bae, Chang Seok wrote:
> On Nov 29, 2021, at 19:27, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> > On Wed, Nov 24, 2021 at 12:06:45PM -0800, Chang S. Bae wrote:
> >>
> >> == Non Use Cases ==
> >>
> >> Bare metal disk encryption is the only use case intended by these patches.
> >
> > If that's the case, why are so many encryption modes being added (ECB, CTR, CBC,
> > and XTS)? Wouldn't just XTS be sufficient?
>
> Right, it would reduce the crypt library changes significantly. But it is
> clueless whether XTS is sufficient to support DM-crypt, because a user may
> select the kernel’s crypto API via ‘capi:', [1].
>

Just because dm-crypt allows you to create a ECB or CTR encrypted disk does not
mean that it is a good idea.

- Eric