Re: [PATCH v5 0/2] dm-integrity: Implement asynch digest support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Tue, 22 Jul 2025, Harald Freudenberger wrote:

> Support for ahashes in dm-integrity.
> 
> Changelog:
> 
> v1: First implementation. Tested with crc32, sha256, hmac-sha256 and
>     the s390 specific implementations for hmac-sha256 and protected
>     key phmac-sha256. Also ran with some instrumented code (in the digest
>     implementation) to verify that in fact now the code runs asynchronous.
> v2: Support shash and ahash. Based on Mikulas' idea about implementing
>     ahash support similar to dm-verity this version now adds support
>     for ahash but does not replace the shash support. For more details
>     see the text of the patch header.
> v3: The line to store the digestsize into the new internal variable
>     did not make it into the patch set which was sent out. So now
>     this important code piece is also there. Also rebuilded, sparse
>     checked and tested to make sure the patches are ok.
> v4: Thanks to Mikulas a total new implementation of the ahash support
>     for the dm-integrity layer :-)
> v5: Slight rework around the allocation and comparing of ahash and
>     shash algorithm.
>     V5 has been tested with the new introduced ahash phmac which is a
>     protected key ("hardware key") version of a hmac for s390. As of now
>     phmac is only available in Herbert Xu's cryptodev-2.6 kernel tree
>     but will be merged into mainline with the next merge window for
>     the 6.17 development kernel.
> 
> Mikulas Patocka (2):
>   dm-integrity: use internal variable for digestsize
>   dm-integrity: introduce ahash support for the internal hash
> 
>  drivers/md/dm-integrity.c | 370 +++++++++++++++++++++++++++-----------
>  1 file changed, 265 insertions(+), 105 deletions(-)
> 
> 
> base-commit: 89be9a83ccf1f88522317ce02f854f30d6115c41
> --
> 2.43.0
> 

Hi

Eric Biggers recently removed ahash support from dm-verity - see this 
commit:
https://kernel.googlesource.com/pub/scm/linux/kernel/git/device-mapper/linux-dm/+/f43309c6743257244f11f14d31c297ee6a410ded

Should I revert Eric's patch? - would you need dm-verity with asynchronous 
hashes on zseries too?

Is this patch series needed for performance (does it perform better than 
the in-cpu instructions)? Or is it need because of better security (the 
keys are hidden in the hardware)?

Mikulas
[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux