Comments (4)
ebiggers
commented on May 3, 2024
1
The stm32 crypto driver is upstream, but looking at the git log there have been loads of bug fixes recently because someone actually bothered to run the crypto API self-tests against it. So yes, you shouldn't use that driver unless you've made sure you've gotten all the bug fixes and then run the full self-tests. Also, as usual hardware crypto drivers should only be used when they've verified to be faster/better than software crypto. Sometimes they are actually a lot worse than software crypto...
from fscryptctl.
ebiggers
commented on May 3, 2024
It works for me; I just tested it with UBIFS on Linux v5.10.151.
Are you using a hardware crypto accelerator for AES-256-CBC (or AES-256-CTS) mode? Especially one where the driver might not be upstream and might not have been tested with the kernel's crypto API self-tests? That sort of thing has been a problem before, e.g. with #9.
In your kernel log, what does the message fscrypt: AES-256-CTS-CBC using implementation ... show?
from fscryptctl.
embetrix
commented on May 3, 2024
@ebiggers : thanks for testing very much appreciated :-)
here are the logs
root@stm32mp157c:~# dmesg | grep AES
[ 893.021388] fscrypt: AES-256-CTS-CBC using implementation "cts(stm32-cbc-aes)"
[ 893.047050] fscrypt: AES-256-XTS using implementation "xts(stm32-ecb-aes)"
It looks indeed that the stm32 HW accelarator is used ! I will disable it and give it another try.
from fscryptctl.
embetrix
commented on May 3, 2024
@ebiggers I tried without HW crypto accerlerator and it's working now
# dmesg | grep AES
[ 100.707380] fscrypt: AES-256-CTS-CBC using implementation "cts(cbc(aes-generic))"
[ 108.612606] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-generic))"
# fscryptctl add_key /mnt/ < key.data
4b265c2c9cb58fd072c0fa173af63e63
# ls -l /mnt/
drwxr-xr-x 2 root root 352 Oct 29 19:37 bin
drwxr-xr-x 3 root root 256 Oct 29 19:37 usr
# ls -l /mnt/bin/
lrwxrwxrwx 1 root root 34 Oct 29 19:37 file-symlink -> bin/somefile
-rw-r--r-- 1 root root 10 Oct 29 19:37 somefile
Thank you so much for your support 👍
from fscryptctl.
Related Issues (16)
- Point to issues for design discussion HOT 1
- Release time? HOT 2
- Usage example incomplete HOT 1
- Unable to write file on ecrypted directory with zero-ed key HOT 3
- fscryptctl insert_key does not persist during switch_root HOT 14
- Add versioning support HOT 1
- remove policy HOT 1
- FAILED test.py::test_set_get_policy_aes_256_xts - Failed: DID NOT RAISE <class 'OSError'> HOT 3
- Execution HOT 1
- Setup Travis CI
- fscryptctl compatibilty with mkfs.ubifs HOT 17
- In fscryptctl user space, after removing the key from key ring, the encrypted directories file names continues to be in clear form. HOT 11
- Add support for libfscryptctl.so creation. HOT 4
- Error when unlocking filesystem. HOT 1
- Incorrect file name HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fscryptctl.