Comments (4)
The stm32 crypto driver is upstream, but looking at the git log there have been loads of bug fixes recently because someone actually bothered to run the crypto API self-tests against it. So yes, you shouldn't use that driver unless you've made sure you've gotten all the bug fixes and then run the full self-tests. Also, as usual hardware crypto drivers should only be used when they've verified to be faster/better than software crypto. Sometimes they are actually a lot worse than software crypto...
from fscryptctl.
It works for me; I just tested it with UBIFS on Linux v5.10.151.
Are you using a hardware crypto accelerator for AES-256-CBC (or AES-256-CTS) mode? Especially one where the driver might not be upstream and might not have been tested with the kernel's crypto API self-tests? That sort of thing has been a problem before, e.g. with #9.
In your kernel log, what does the message fscrypt: AES-256-CTS-CBC using implementation ...
show?
from fscryptctl.
@ebiggers : thanks for testing very much appreciated :-)
here are the logs
root@stm32mp157c:~# dmesg | grep AES
[ 893.021388] fscrypt: AES-256-CTS-CBC using implementation "cts(stm32-cbc-aes)"
[ 893.047050] fscrypt: AES-256-XTS using implementation "xts(stm32-ecb-aes)"
It looks indeed that the stm32 HW accelarator is used ! I will disable it and give it another try.
from fscryptctl.
@ebiggers I tried without HW crypto accerlerator and it's working now
# dmesg | grep AES
[ 100.707380] fscrypt: AES-256-CTS-CBC using implementation "cts(cbc(aes-generic))"
[ 108.612606] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-generic))"
# fscryptctl add_key /mnt/ < key.data
4b265c2c9cb58fd072c0fa173af63e63
# ls -l /mnt/
drwxr-xr-x 2 root root 352 Oct 29 19:37 bin
drwxr-xr-x 3 root root 256 Oct 29 19:37 usr
# ls -l /mnt/bin/
lrwxrwxrwx 1 root root 34 Oct 29 19:37 file-symlink -> bin/somefile
-rw-r--r-- 1 root root 10 Oct 29 19:37 somefile
Thank you so much for your support 👍
from fscryptctl.
Related Issues (16)
- Point to issues for design discussion HOT 1
- Release time? HOT 2
- Usage example incomplete HOT 1
- Unable to write file on ecrypted directory with zero-ed key HOT 3
- fscryptctl insert_key does not persist during switch_root HOT 14
- Add versioning support HOT 1
- remove policy HOT 1
- FAILED test.py::test_set_get_policy_aes_256_xts - Failed: DID NOT RAISE <class 'OSError'> HOT 3
- Execution HOT 1
- Setup Travis CI
- fscryptctl compatibilty with mkfs.ubifs HOT 17
- In fscryptctl user space, after removing the key from key ring, the encrypted directories file names continues to be in clear form. HOT 11
- Add support for libfscryptctl.so creation. HOT 4
- Error when unlocking filesystem. HOT 1
- Incorrect file name HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fscryptctl.