Announcement

Collapse
No announcement yet.

DM-INLINECRYPT Being Worked On To Leverage Inline Block Device Encryption

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • DM-INLINECRYPT Being Worked On To Leverage Inline Block Device Encryption

    Phoronix: DM-INLINECRYPT Being Worked On To Leverage Inline Block Device Encryption

    In addition to Eric Biggers of Google being busy working on various crypto and hashing performance optimizations, the longtime Linux developer has also been working on "dm-inlinecrypt" for better leveraging inline block device encryption...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I'm wondering what the use-case is for this.

    There's a description here:



    As far as I can see, it allows for FIPS 140-2 compliance without needing to validate encryption software running on the 'host' cpu. Since validation of such software is lengthy and expensive, it means you don't have to rerun the validation process as often; which is probably a good thing.

    I could be wrong - this is not my area of expertise. Anyone care to comment?

    Comment


    • #3
      Originally posted by Old Grouch View Post
      I'm wondering what the use-case is for this.

      There's a description here:



      As far as I can see, it allows for FIPS 140-2 compliance without needing to validate encryption software running on the 'host' cpu. Since validation of such software is lengthy and expensive, it means you don't have to rerun the validation process as often; which is probably a good thing.

      I could be wrong - this is not my area of expertise. Anyone care to comment?
      I think performance would also be better for certain workloads. What confuses me is that Self-Encrypting Drives (storage devices with hardware-based encryption) already exist; the only instance not already covered by SED would be block-level writes over an untrusted network. In that case, the network would bottleneck you long before software-based encryption could.

      Comment


      • #4
        Originally posted by ATLief View Post
        What confuses me is that Self-Encrypting Drives (storage devices with hardware-based encryption) already exist; the only instance not already covered by SED would be block-level writes over an untrusted network.
        I have never looked into this; can one do software raid over multiple SEDs? Including actions like hot adding and removing drives?

        Comment

        Working...
        X