54b259f68d
The blk-crypto framework adds support for inline encryption. There are numerous changes throughout the storage stack. This patch documents the main design choices in the block layer, the API presented to users of the block layer (like fscrypt or layered devices) and the API presented to drivers for adding support for inline encryption. Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
264 lines
14 KiB
ReStructuredText
264 lines
14 KiB
ReStructuredText
.. SPDX-License-Identifier: GPL-2.0
|
|
|
|
=================
|
|
Inline Encryption
|
|
=================
|
|
|
|
Background
|
|
==========
|
|
|
|
Inline encryption hardware sits logically between memory and the disk, and can
|
|
en/decrypt data as it goes in/out of the disk. Inline encryption hardware has a
|
|
fixed number of "keyslots" - slots into which encryption contexts (i.e. the
|
|
encryption key, encryption algorithm, data unit size) can be programmed by the
|
|
kernel at any time. Each request sent to the disk can be tagged with the index
|
|
of a keyslot (and also a data unit number to act as an encryption tweak), and
|
|
the inline encryption hardware will en/decrypt the data in the request with the
|
|
encryption context programmed into that keyslot. This is very different from
|
|
full disk encryption solutions like self encrypting drives/TCG OPAL/ATA
|
|
Security standards, since with inline encryption, any block on disk could be
|
|
encrypted with any encryption context the kernel chooses.
|
|
|
|
|
|
Objective
|
|
=========
|
|
|
|
We want to support inline encryption (IE) in the kernel.
|
|
To allow for testing, we also want a crypto API fallback when actual
|
|
IE hardware is absent. We also want IE to work with layered devices
|
|
like dm and loopback (i.e. we want to be able to use the IE hardware
|
|
of the underlying devices if present, or else fall back to crypto API
|
|
en/decryption).
|
|
|
|
|
|
Constraints and notes
|
|
=====================
|
|
|
|
- IE hardware has a limited number of "keyslots" that can be programmed
|
|
with an encryption context (key, algorithm, data unit size, etc.) at any time.
|
|
One can specify a keyslot in a data request made to the device, and the
|
|
device will en/decrypt the data using the encryption context programmed into
|
|
that specified keyslot. When possible, we want to make multiple requests with
|
|
the same encryption context share the same keyslot.
|
|
|
|
- We need a way for upper layers like filesystems to specify an encryption
|
|
context to use for en/decrypting a struct bio, and a device driver (like UFS)
|
|
needs to be able to use that encryption context when it processes the bio.
|
|
|
|
- We need a way for device drivers to expose their inline encryption
|
|
capabilities in a unified way to the upper layers.
|
|
|
|
|
|
Design
|
|
======
|
|
|
|
We add a :c:type:`struct bio_crypt_ctx` to :c:type:`struct bio` that can
|
|
represent an encryption context, because we need to be able to pass this
|
|
encryption context from the upper layers (like the fs layer) to the
|
|
device driver to act upon.
|
|
|
|
While IE hardware works on the notion of keyslots, the FS layer has no
|
|
knowledge of keyslots - it simply wants to specify an encryption context to
|
|
use while en/decrypting a bio.
|
|
|
|
We introduce a keyslot manager (KSM) that handles the translation from
|
|
encryption contexts specified by the FS to keyslots on the IE hardware.
|
|
This KSM also serves as the way IE hardware can expose its capabilities to
|
|
upper layers. The generic mode of operation is: each device driver that wants
|
|
to support IE will construct a KSM and set it up in its struct request_queue.
|
|
Upper layers that want to use IE on this device can then use this KSM in
|
|
the device's struct request_queue to translate an encryption context into
|
|
a keyslot. The presence of the KSM in the request queue shall be used to mean
|
|
that the device supports IE.
|
|
|
|
The KSM uses refcounts to track which keyslots are idle (either they have no
|
|
encryption context programmed, or there are no in-flight struct bios
|
|
referencing that keyslot). When a new encryption context needs a keyslot, it
|
|
tries to find a keyslot that has already been programmed with the same
|
|
encryption context, and if there is no such keyslot, it evicts the least
|
|
recently used idle keyslot and programs the new encryption context into that
|
|
one. If no idle keyslots are available, then the caller will sleep until there
|
|
is at least one.
|
|
|
|
|
|
blk-mq changes, other block layer changes and blk-crypto-fallback
|
|
=================================================================
|
|
|
|
We add a pointer to a ``bi_crypt_context`` and ``keyslot`` to
|
|
:c:type:`struct request`. These will be referred to as the ``crypto fields``
|
|
for the request. This ``keyslot`` is the keyslot into which the
|
|
``bi_crypt_context`` has been programmed in the KSM of the ``request_queue``
|
|
that this request is being sent to.
|
|
|
|
We introduce ``block/blk-crypto-fallback.c``, which allows upper layers to remain
|
|
blissfully unaware of whether or not real inline encryption hardware is present
|
|
underneath. When a bio is submitted with a target ``request_queue`` that doesn't
|
|
support the encryption context specified with the bio, the block layer will
|
|
en/decrypt the bio with the blk-crypto-fallback.
|
|
|
|
If the bio is a ``WRITE`` bio, a bounce bio is allocated, and the data in the bio
|
|
is encrypted stored in the bounce bio - blk-mq will then proceed to process the
|
|
bounce bio as if it were not encrypted at all (except when blk-integrity is
|
|
concerned). ``blk-crypto-fallback`` sets the bounce bio's ``bi_end_io`` to an
|
|
internal function that cleans up the bounce bio and ends the original bio.
|
|
|
|
If the bio is a ``READ`` bio, the bio's ``bi_end_io`` (and also ``bi_private``)
|
|
is saved and overwritten by ``blk-crypto-fallback`` to
|
|
``bio_crypto_fallback_decrypt_bio``. The bio's ``bi_crypt_context`` is also
|
|
overwritten with ``NULL``, so that to the rest of the stack, the bio looks
|
|
as if it was a regular bio that never had an encryption context specified.
|
|
``bio_crypto_fallback_decrypt_bio`` will decrypt the bio, restore the original
|
|
``bi_end_io`` (and also ``bi_private``) and end the bio again.
|
|
|
|
Regardless of whether real inline encryption hardware is used or the
|
|
blk-crypto-fallback is used, the ciphertext written to disk (and hence the
|
|
on-disk format of data) will be the same (assuming the hardware's implementation
|
|
of the algorithm being used adheres to spec and functions correctly).
|
|
|
|
If a ``request queue``'s inline encryption hardware claimed to support the
|
|
encryption context specified with a bio, then it will not be handled by the
|
|
``blk-crypto-fallback``. We will eventually reach a point in blk-mq when a
|
|
:c:type:`struct request` needs to be allocated for that bio. At that point,
|
|
blk-mq tries to program the encryption context into the ``request_queue``'s
|
|
keyslot_manager, and obtain a keyslot, which it stores in its newly added
|
|
``keyslot`` field. This keyslot is released when the request is completed.
|
|
|
|
When the first bio is added to a request, ``blk_crypto_rq_bio_prep`` is called,
|
|
which sets the request's ``crypt_ctx`` to a copy of the bio's
|
|
``bi_crypt_context``. bio_crypt_do_front_merge is called whenever a subsequent
|
|
bio is merged to the front of the request, which updates the ``crypt_ctx`` of
|
|
the request so that it matches the newly merged bio's ``bi_crypt_context``. In particular, the request keeps a copy of the ``bi_crypt_context`` of the first
|
|
bio in its bio-list (blk-mq needs to be careful to maintain this invariant
|
|
during bio and request merges).
|
|
|
|
To make it possible for inline encryption to work with request queue based
|
|
layered devices, when a request is cloned, its ``crypto fields`` are cloned as
|
|
well. When the cloned request is submitted, blk-mq programs the
|
|
``bi_crypt_context`` of the request into the clone's request_queue's keyslot
|
|
manager, and stores the returned keyslot in the clone's ``keyslot``.
|
|
|
|
|
|
API presented to users of the block layer
|
|
=========================================
|
|
|
|
``struct blk_crypto_key`` represents a crypto key (the raw key, size of the
|
|
key, the crypto algorithm to use, the data unit size to use, and the number of
|
|
bytes required to represent data unit numbers that will be specified with the
|
|
``bi_crypt_context``).
|
|
|
|
``blk_crypto_init_key`` allows upper layers to initialize such a
|
|
``blk_crypto_key``.
|
|
|
|
``bio_crypt_set_ctx`` should be called on any bio that a user of
|
|
the block layer wants en/decrypted via inline encryption (or the
|
|
blk-crypto-fallback, if hardware support isn't available for the desired
|
|
crypto configuration). This function takes the ``blk_crypto_key`` and the
|
|
data unit number (DUN) to use when en/decrypting the bio.
|
|
|
|
``blk_crypto_config_supported`` allows upper layers to query whether or not the
|
|
an encryption context passed to request queue can be handled by blk-crypto
|
|
(either by real inline encryption hardware, or by the blk-crypto-fallback).
|
|
This is useful e.g. when blk-crypto-fallback is disabled, and the upper layer
|
|
wants to use an algorithm that may not supported by hardware - this function
|
|
lets the upper layer know ahead of time that the algorithm isn't supported,
|
|
and the upper layer can fallback to something else if appropriate.
|
|
|
|
``blk_crypto_start_using_key`` - Upper layers must call this function on
|
|
``blk_crypto_key`` and a ``request_queue`` before using the key with any bio
|
|
headed for that ``request_queue``. This function ensures that either the
|
|
hardware supports the key's crypto settings, or the crypto API fallback has
|
|
transforms for the needed mode allocated and ready to go. Note that this
|
|
function may allocate an ``skcipher``, and must not be called from the data
|
|
path, since allocating ``skciphers`` from the data path can deadlock.
|
|
|
|
``blk_crypto_evict_key`` *must* be called by upper layers before a
|
|
``blk_crypto_key`` is freed. Further, it *must* only be called only once
|
|
there are no more in-flight requests that use that ``blk_crypto_key``.
|
|
``blk_crypto_evict_key`` will ensure that a key is removed from any keyslots in
|
|
inline encryption hardware that the key might have been programmed into (or the blk-crypto-fallback).
|
|
|
|
API presented to device drivers
|
|
===============================
|
|
|
|
A :c:type:``struct blk_keyslot_manager`` should be set up by device drivers in
|
|
the ``request_queue`` of the device. The device driver needs to call
|
|
``blk_ksm_init`` on the ``blk_keyslot_manager``, which specifying the number of
|
|
keyslots supported by the hardware.
|
|
|
|
The device driver also needs to tell the KSM how to actually manipulate the
|
|
IE hardware in the device to do things like programming the crypto key into
|
|
the IE hardware into a particular keyslot. All this is achieved through the
|
|
:c:type:`struct blk_ksm_ll_ops` field in the KSM that the device driver
|
|
must fill up after initing the ``blk_keyslot_manager``.
|
|
|
|
The KSM also handles runtime power management for the device when applicable
|
|
(e.g. when it wants to program a crypto key into the IE hardware, the device
|
|
must be runtime powered on) - so the device driver must also set the ``dev``
|
|
field in the ksm to point to the `struct device` for the KSM to use for runtime
|
|
power management.
|
|
|
|
``blk_ksm_reprogram_all_keys`` can be called by device drivers if the device
|
|
needs each and every of its keyslots to be reprogrammed with the key it
|
|
"should have" at the point in time when the function is called. This is useful
|
|
e.g. if a device loses all its keys on runtime power down/up.
|
|
|
|
``blk_ksm_destroy`` should be called to free up all resources used by a keyslot
|
|
manager upon ``blk_ksm_init``, once the ``blk_keyslot_manager`` is no longer
|
|
needed.
|
|
|
|
|
|
Layered Devices
|
|
===============
|
|
|
|
Request queue based layered devices like dm-rq that wish to support IE need to
|
|
create their own keyslot manager for their request queue, and expose whatever
|
|
functionality they choose. When a layered device wants to pass a clone of that
|
|
request to another ``request_queue``, blk-crypto will initialize and prepare the
|
|
clone as necessary - see ``blk_crypto_insert_cloned_request`` in
|
|
``blk-crypto.c``.
|
|
|
|
|
|
Future Optimizations for layered devices
|
|
========================================
|
|
|
|
Creating a keyslot manager for a layered device uses up memory for each
|
|
keyslot, and in general, a layered device merely passes the request on to a
|
|
"child" device, so the keyslots in the layered device itself are completely
|
|
unused, and don't need any refcounting or keyslot programming. We can instead
|
|
define a new type of KSM; the "passthrough KSM", that layered devices can use
|
|
to advertise an unlimited number of keyslots, and support for any encryption
|
|
algorithms they choose, while not actually using any memory for each keyslot.
|
|
Another use case for the "passthrough KSM" is for IE devices that do not have a
|
|
limited number of keyslots.
|
|
|
|
|
|
Interaction between inline encryption and blk integrity
|
|
=======================================================
|
|
|
|
At the time of this patch, there is no real hardware that supports both these
|
|
features. However, these features do interact with each other, and it's not
|
|
completely trivial to make them both work together properly. In particular,
|
|
when a WRITE bio wants to use inline encryption on a device that supports both
|
|
features, the bio will have an encryption context specified, after which
|
|
its integrity information is calculated (using the plaintext data, since
|
|
the encryption will happen while data is being written), and the data and
|
|
integrity info is sent to the device. Obviously, the integrity info must be
|
|
verified before the data is encrypted. After the data is encrypted, the device
|
|
must not store the integrity info that it received with the plaintext data
|
|
since that might reveal information about the plaintext data. As such, it must
|
|
re-generate the integrity info from the ciphertext data and store that on disk
|
|
instead. Another issue with storing the integrity info of the plaintext data is
|
|
that it changes the on disk format depending on whether hardware inline
|
|
encryption support is present or the kernel crypto API fallback is used (since
|
|
if the fallback is used, the device will receive the integrity info of the
|
|
ciphertext, not that of the plaintext).
|
|
|
|
Because there isn't any real hardware yet, it seems prudent to assume that
|
|
hardware implementations might not implement both features together correctly,
|
|
and disallow the combination for now. Whenever a device supports integrity, the
|
|
kernel will pretend that the device does not support hardware inline encryption
|
|
(by essentially setting the keyslot manager in the request_queue of the device
|
|
to NULL). When the crypto API fallback is enabled, this means that all bios with
|
|
and encryption context will use the fallback, and IO will complete as usual.
|
|
When the fallback is disabled, a bio with an encryption context will be failed.
|