Added required changes to fit properly android-4.19.79-95
crypto content into msm-4.19 branch. Modifications in
abi_gki_aarch64.xml are discarded completely. The order of
applying is bottom to top:
1f876610fe ANDROID: dm: Add wrapped key support in dm-default-key
b785dbcb87 ANDROID: dm: add support for passing through derive_raw_secret
66b3c81270 ANDROID: block: Prevent crypto fallback for wrapped keys
36500bffb9 fscrypt: support passing a keyring key to FS_IOC_ADD_ENCRYPTION_KEY
b32863f17f ANDROID: dm: add dm-default-key target for metadata encryption
94706caf62 ANDROID: dm: enable may_passthrough_inline_crypto on some targets
44e1174c18 ANDROID: dm: add support for passing through inline crypto support
e65d08ae68 ANDROID: block: Introduce passthrough keyslot manager
8f48f6657d ANDROID: ext4, f2fs: enable direct I/O with inline encryption
bbee78199f FROMLIST: scsi: ufs: add program_key() variant op
0f1c72a2f5 ANDROID: block: export symbols needed for modules to use inline crypto
35b62551b9 ANDROID: block: fix some inline crypto bugs
23b81578bf ANDROID: fscrypt: add support for hardware-wrapped keys
a076eebee0 ANDROID: block: add KSM op to derive software secret from wrapped key
3e8c41805f ANDROID: block: provide key size as input to inline crypto APIs
bb7f6203fb ANDROID: ufshcd-crypto: export cap find API
b01c73ea71 BACKPORT: FROMLIST: Update Inline Encryption from v5 to v6 of patch series
Change-Id: Ic741913aa478500da94a52eace02bb9192e581b9
Git-repo: https://android.googlesource.com/kernel/common/+/refs/heads/android-4.19
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
This is a preparation change for merging android-4.19.95 into
msm-4.19 branch.
The following changes are reverted. They will be introduced to
msm-4.19 at later stage:
114c59d6d9 ANDROID: f2fs: fix possible merge of unencrypted with encrypted I/O
3a468438a9 ANDROID: scsi: ufs-qcom: Enable BROKEN_CRYPTO quirk flag
6f915cf27d ANDROID: scsi: ufs-hisi: Enable BROKEN_CRYPTO quirk flag
86739e75ac ANDROID: scsi: ufs: Add quirk bit for controllers that don't play well with inline crypto
d2e05e75f6 ANDROID: scsi: ufs: UFS init should not require inline crypto
484f187320 ANDROID: scsi: ufs: UFS crypto variant operations API
f269cf51a1 ANDROID: gki_defconfig: enable inline encryption
f2ca2620dd BACKPORT: FROMLIST: ext4: add inline encryption support
e274bd387a BACKPORT: FROMLIST: f2fs: add inline encryption support
0797369594 BACKPORT: FROMLIST: fscrypt: add inline encryption support
a502a18f9d BACKPORT: FROMLIST: scsi: ufs: Add inline encryption support to UFS
eedb625131 BACKPORT: FROMLIST: scsi: ufs: UFS crypto API
e00aafeeaa BACKPORT: FROMLIST: scsi: ufs: UFS driver v2.1 spec crypto additions
392ad89e96 BACKPORT: FROMLIST: block: blk-crypto for Inline Encryption
8fda305325 ANDROID: block: Fix bio_crypt_should_process WARN_ON
20efc30a3e BACKPORT: FROMLIST: block: Add encryption context to struct bio
b0a4fb22e5 BACKPORT: FROMLIST: block: Keyslot Manager for Inline Encryption
2fedb52dd7 FROMLIST: f2fs: add support for IV_INO_LBLK_64 encryption policies
11fd37527f FROMLIST: ext4: add support for IV_INO_LBLK_64 encryption policies
94231712cf BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_64 policies
6806fd6ad5 FROMLIST: fscrypt: zeroize fscrypt_info before freeing
97c9fb779b FROMLIST: fscrypt: remove struct fscrypt_ctx
659011272b BACKPORT: FROMLIST: fscrypt: invoke crypto API for ESSIV handling
651f77d338 ANDROID: sdcardfs: evict dentries on fscrypt key removal
4932f53723 ANDROID: fscrypt: add key removal notifier chain
45b1509e24 ext4 crypto: fix to check feature status before get policy
c0751a1be4 fscrypt: document the new ioctls and policy version
435089d69f ubifs: wire up new fscrypt ioctls
c80449defc f2fs: wire up new fscrypt ioctls
8178d688b5 ext4: wire up new fscrypt ioctls
30d0df156b fscrypt: require that key be added when setting a v2 encryption policy
080389cb51 fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl
8e1c887424 fscrypt: allow unprivileged users to add/remove keys for v2 policies
73ce50dc2d fscrypt: v2 encryption policy support
6ad6af5912 fscrypt: add an HKDF-SHA512 implementation
dbfc6584b3 fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl
cacc84e003 fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
9846255919 fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl
c677e5771b fscrypt: rename keyinfo.c to keysetup.c
43d5219366 fscrypt: move v1 policy key setup to keysetup_v1.c
c55916aa36 fscrypt: refactor key setup code in preparation for v2 policies
d4b1cd7abe fscrypt: rename fscrypt_master_key to fscrypt_direct_key
3246be1337 fscrypt: add ->ci_inode to fscrypt_info
fc987b387a fscrypt: use FSCRYPT_* definitions, not FS_*
678ee27619 fscrypt: use FSCRYPT_ prefix for uapi constants
a48b7adcd9 fs, fscrypt: move uapi definitions to new header <linux/fscrypt.h>
932301a530 fscrypt: use ENOPKG when crypto API support missing
60f50d1347 fscrypt: improve warnings for missing crypto API support
830d573a4a fscrypt: improve warning messages for unsupported encryption contexts
9aa799b7e7 fscrypt: make fscrypt_msg() take inode instead of super_block
10c0af12c7 fscrypt: clean up base64 encoding/decoding
9842574ae4 fscrypt: remove loadable module related code
Change-Id: I12036285cc65adcf79ff96ccf980408c8267c957
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
We introduce blk-crypto, which manages programming keyslots for struct
bios. With blk-crypto, filesystems only need to call bio_crypt_set_ctx with
the encryption key, algorithm and data_unit_num; they don't have to worry
about getting a keyslot for each encryption context, as blk-crypto handles
that. Blk-crypto also makes it possible for layered devices like device
mapper to make use of inline encryption hardware.
Blk-crypto delegates crypto operations to inline encryption hardware when
available, and also contains a software fallback to the kernel crypto API.
For more details, refer to Documentation/block/inline-encryption.rst.
Bug: 137270441
Test: tested as series; see I26aac0ac7845a9064f28bb1421eb2522828a6dec
Change-Id: I6a98e518e5de50f1d4110441568ecd142a02e900
Signed-off-by: Satya Tangirala <satyat@google.com>
Link: https://patchwork.kernel.org/patch/11214731/
bio_crypt_should_process would WARN that the bio did not have a
keyslot in any keyslot manager even when we were on the decrypt path
of blk-crypto, which is a bug. The WARN is now conditional on the
caller being responible for handling encryption rather than blk-crypto
(i.e. the WARN happens only if this function return true).
Bug: 137270441
Test: tested as series; see I26aac0ac7845a9064f28bb1421eb2522828a6dec
Change-Id: Id7ef6b066d43bebae146b28edc76e506c7b03235
Signed-off-by: Satya Tangirala <satyat@google.com>
We must have some way of letting a storage device driver know what
encryption context it should use for en/decrypting a request. However,
it's the filesystem/fscrypt that knows about and manages encryption
contexts. As such, when the filesystem layer submits a bio to the block
layer, and this bio eventually reaches a device driver with support for
inline encryption, the device driver will need to have been told the
encryption context for that bio.
We want to communicate the encryption context from the filesystem layer
to the storage device along with the bio, when the bio is submitted to the
block layer. To do this, we add a struct bio_crypt_ctx to struct bio, which
can represent an encryption context (note that we can't use the bi_private
field in struct bio to do this because that field does not function to pass
information across layers in the storage stack). We also introduce various
functions to manipulate the bio_crypt_ctx and make the bio/request merging
logic aware of the bio_crypt_ctx.
Bug: 137270441
Test: tested as series; see I26aac0ac7845a9064f28bb1421eb2522828a6dec
Change-Id: I16d99bb97f8cd7971cc11281a0d7120c5f87d83c
Signed-off-by: Satya Tangirala <satyat@google.com>
Link: https://patchwork.kernel.org/patch/11214719/
