Re: [PATCH v4 0/7] Support kdump with LUKS encryption by reusing LUKS volume keys

[Coiby Xu]

Hi Baoquan,

On Fri, Jun 07, 2024 at 06:06:18PM +0800, Baoquan He wrote:
> Hi Coiby,
>
> On 05/23/24 at 01:04pm, Coiby Xu wrote:
> > LUKS is the standard for Linux disk encryption. Many users choose LUKS
> > and in some use cases like Confidential VM it's mandated. With kdump
> > enabled, when the 1st kernel crashes, the system could boot into the
> > kdump/crash kernel and dump the memory image i.e. /proc/vmcore to a
> > specified target. Currently, when dumping vmcore to a LUKS
> > encrypted device, there are two problems,
>
> I am done with this round of reviewing. The overall approach looks good
> to me, while there are places to improve or fix. I have added comment on
> all things I am concerned about, please check. Thanks for the effort.

Thanks for taking time on thoroughly reviewing the patches and
suggesting various improvements! I believe all comments have been
addressed now except for testing sme/tdx:)

> By the way, do you get confirmation on the solution from encryption/keys
> developer of redhat internally or upstream? With my understanding, it
> looks good. It may need their confirmation or approval in some ways.

Yes, actually cryptsetup's maintainer Milan pointed me to
libcryptsetup's new API and suggested me to reach out to Ondrej for
help. And Ondrej has already finished the major work in upstream
cryptsetup and systemd. But it will be good for them to have further
confirmation and I'll ask for their help. Thanks for the reminder!

> Thanks
> Baoquan

--
Best regards,
Coiby