16cf2a73cSMauro Carvalho Chehab======== 26cf2a73cSMauro Carvalho Chehabdm-crypt 36cf2a73cSMauro Carvalho Chehab======== 46cf2a73cSMauro Carvalho Chehab 56cf2a73cSMauro Carvalho ChehabDevice-Mapper's "crypt" target provides transparent encryption of block devices 66cf2a73cSMauro Carvalho Chehabusing the kernel crypto API. 76cf2a73cSMauro Carvalho Chehab 86cf2a73cSMauro Carvalho ChehabFor a more detailed description of supported parameters see: 96cf2a73cSMauro Carvalho Chehabhttps://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt 106cf2a73cSMauro Carvalho Chehab 116cf2a73cSMauro Carvalho ChehabParameters:: 126cf2a73cSMauro Carvalho Chehab 136cf2a73cSMauro Carvalho Chehab <cipher> <key> <iv_offset> <device path> \ 146cf2a73cSMauro Carvalho Chehab <offset> [<#opt_params> <opt_params>] 156cf2a73cSMauro Carvalho Chehab 166cf2a73cSMauro Carvalho Chehab<cipher> 176cf2a73cSMauro Carvalho Chehab Encryption cipher, encryption mode and Initial Vector (IV) generator. 186cf2a73cSMauro Carvalho Chehab 196cf2a73cSMauro Carvalho Chehab The cipher specifications format is:: 206cf2a73cSMauro Carvalho Chehab 216cf2a73cSMauro Carvalho Chehab cipher[:keycount]-chainmode-ivmode[:ivopts] 226cf2a73cSMauro Carvalho Chehab 236cf2a73cSMauro Carvalho Chehab Examples:: 246cf2a73cSMauro Carvalho Chehab 256cf2a73cSMauro Carvalho Chehab aes-cbc-essiv:sha256 266cf2a73cSMauro Carvalho Chehab aes-xts-plain64 276cf2a73cSMauro Carvalho Chehab serpent-xts-plain64 286cf2a73cSMauro Carvalho Chehab 296cf2a73cSMauro Carvalho Chehab Cipher format also supports direct specification with kernel crypt API 306cf2a73cSMauro Carvalho Chehab format (selected by capi: prefix). The IV specification is the same 316cf2a73cSMauro Carvalho Chehab as for the first format type. 326cf2a73cSMauro Carvalho Chehab This format is mainly used for specification of authenticated modes. 336cf2a73cSMauro Carvalho Chehab 346cf2a73cSMauro Carvalho Chehab The crypto API cipher specifications format is:: 356cf2a73cSMauro Carvalho Chehab 366cf2a73cSMauro Carvalho Chehab capi:cipher_api_spec-ivmode[:ivopts] 376cf2a73cSMauro Carvalho Chehab 386cf2a73cSMauro Carvalho Chehab Examples:: 396cf2a73cSMauro Carvalho Chehab 406cf2a73cSMauro Carvalho Chehab capi:cbc(aes)-essiv:sha256 416cf2a73cSMauro Carvalho Chehab capi:xts(aes)-plain64 426cf2a73cSMauro Carvalho Chehab 436cf2a73cSMauro Carvalho Chehab Examples of authenticated modes:: 446cf2a73cSMauro Carvalho Chehab 456cf2a73cSMauro Carvalho Chehab capi:gcm(aes)-random 466cf2a73cSMauro Carvalho Chehab capi:authenc(hmac(sha256),xts(aes))-random 476cf2a73cSMauro Carvalho Chehab capi:rfc7539(chacha20,poly1305)-random 486cf2a73cSMauro Carvalho Chehab 49b2105aa2SAndrew Klychkov The /proc/crypto contains a list of currently loaded crypto modes. 506cf2a73cSMauro Carvalho Chehab 516cf2a73cSMauro Carvalho Chehab<key> 526cf2a73cSMauro Carvalho Chehab Key used for encryption. It is encoded either as a hexadecimal number 536cf2a73cSMauro Carvalho Chehab or it can be passed as <key_string> prefixed with single colon 546cf2a73cSMauro Carvalho Chehab character (':') for keys residing in kernel keyring service. 556cf2a73cSMauro Carvalho Chehab You can only use key sizes that are valid for the selected cipher 566cf2a73cSMauro Carvalho Chehab in combination with the selected iv mode. 576cf2a73cSMauro Carvalho Chehab Note that for some iv modes the key string can contain additional 586cf2a73cSMauro Carvalho Chehab keys (for example IV seed) so the key contains more parts concatenated 596cf2a73cSMauro Carvalho Chehab into a single string. 606cf2a73cSMauro Carvalho Chehab 616cf2a73cSMauro Carvalho Chehab<key_string> 626cf2a73cSMauro Carvalho Chehab The kernel keyring key is identified by string in following format: 636cf2a73cSMauro Carvalho Chehab <key_size>:<key_type>:<key_description>. 646cf2a73cSMauro Carvalho Chehab 656cf2a73cSMauro Carvalho Chehab<key_size> 666cf2a73cSMauro Carvalho Chehab The encryption key size in bytes. The kernel key payload size must match 676cf2a73cSMauro Carvalho Chehab the value passed in <key_size>. 686cf2a73cSMauro Carvalho Chehab 696cf2a73cSMauro Carvalho Chehab<key_type> 70*363880c4SAhmad Fatoum Either 'logon', 'user', 'encrypted' or 'trusted' kernel key type. 716cf2a73cSMauro Carvalho Chehab 726cf2a73cSMauro Carvalho Chehab<key_description> 736cf2a73cSMauro Carvalho Chehab The kernel keyring key description crypt target should look for 746cf2a73cSMauro Carvalho Chehab when loading key of <key_type>. 756cf2a73cSMauro Carvalho Chehab 766cf2a73cSMauro Carvalho Chehab<keycount> 776cf2a73cSMauro Carvalho Chehab Multi-key compatibility mode. You can define <keycount> keys and 786cf2a73cSMauro Carvalho Chehab then sectors are encrypted according to their offsets (sector 0 uses key0; 796cf2a73cSMauro Carvalho Chehab sector 1 uses key1 etc.). <keycount> must be a power of two. 806cf2a73cSMauro Carvalho Chehab 816cf2a73cSMauro Carvalho Chehab<iv_offset> 826cf2a73cSMauro Carvalho Chehab The IV offset is a sector count that is added to the sector number 836cf2a73cSMauro Carvalho Chehab before creating the IV. 846cf2a73cSMauro Carvalho Chehab 856cf2a73cSMauro Carvalho Chehab<device path> 866cf2a73cSMauro Carvalho Chehab This is the device that is going to be used as backend and contains the 876cf2a73cSMauro Carvalho Chehab encrypted data. You can specify it as a path like /dev/xxx or a device 886cf2a73cSMauro Carvalho Chehab number <major>:<minor>. 896cf2a73cSMauro Carvalho Chehab 906cf2a73cSMauro Carvalho Chehab<offset> 916cf2a73cSMauro Carvalho Chehab Starting sector within the device where the encrypted data begins. 926cf2a73cSMauro Carvalho Chehab 936cf2a73cSMauro Carvalho Chehab<#opt_params> 946cf2a73cSMauro Carvalho Chehab Number of optional parameters. If there are no optional parameters, 95b2105aa2SAndrew Klychkov the optional parameters section can be skipped or #opt_params can be zero. 966cf2a73cSMauro Carvalho Chehab Otherwise #opt_params is the number of following arguments. 976cf2a73cSMauro Carvalho Chehab 986cf2a73cSMauro Carvalho Chehab Example of optional parameters section: 996cf2a73cSMauro Carvalho Chehab 3 allow_discards same_cpu_crypt submit_from_crypt_cpus 1006cf2a73cSMauro Carvalho Chehab 1016cf2a73cSMauro Carvalho Chehaballow_discards 1026cf2a73cSMauro Carvalho Chehab Block discard requests (a.k.a. TRIM) are passed through the crypt device. 1036cf2a73cSMauro Carvalho Chehab The default is to ignore discard requests. 1046cf2a73cSMauro Carvalho Chehab 1056cf2a73cSMauro Carvalho Chehab WARNING: Assess the specific security risks carefully before enabling this 1066cf2a73cSMauro Carvalho Chehab option. For example, allowing discards on encrypted devices may lead to 1076cf2a73cSMauro Carvalho Chehab the leak of information about the ciphertext device (filesystem type, 1086cf2a73cSMauro Carvalho Chehab used space etc.) if the discarded blocks can be located easily on the 1096cf2a73cSMauro Carvalho Chehab device later. 1106cf2a73cSMauro Carvalho Chehab 1116cf2a73cSMauro Carvalho Chehabsame_cpu_crypt 1126cf2a73cSMauro Carvalho Chehab Perform encryption using the same cpu that IO was submitted on. 1136cf2a73cSMauro Carvalho Chehab The default is to use an unbound workqueue so that encryption work 1146cf2a73cSMauro Carvalho Chehab is automatically balanced between available CPUs. 1156cf2a73cSMauro Carvalho Chehab 1166cf2a73cSMauro Carvalho Chehabsubmit_from_crypt_cpus 1176cf2a73cSMauro Carvalho Chehab Disable offloading writes to a separate thread after encryption. 1186cf2a73cSMauro Carvalho Chehab There are some situations where offloading write bios from the 1196cf2a73cSMauro Carvalho Chehab encryption threads to a single thread degrades performance 1206cf2a73cSMauro Carvalho Chehab significantly. The default is to offload write bios to the same 1216cf2a73cSMauro Carvalho Chehab thread because it benefits CFQ to have writes submitted using the 1226cf2a73cSMauro Carvalho Chehab same context. 1236cf2a73cSMauro Carvalho Chehab 1244a5caa4aSMilan Brozno_read_workqueue 1254a5caa4aSMilan Broz Bypass dm-crypt internal workqueue and process read requests synchronously. 1264a5caa4aSMilan Broz 1274a5caa4aSMilan Brozno_write_workqueue 1284a5caa4aSMilan Broz Bypass dm-crypt internal workqueue and process write requests synchronously. 1294a5caa4aSMilan Broz This option is automatically enabled for host-managed zoned block devices 1304a5caa4aSMilan Broz (e.g. host-managed SMR hard-disks). 1314a5caa4aSMilan Broz 1326cf2a73cSMauro Carvalho Chehabintegrity:<bytes>:<type> 1336cf2a73cSMauro Carvalho Chehab The device requires additional <bytes> metadata per-sector stored 1346cf2a73cSMauro Carvalho Chehab in per-bio integrity structure. This metadata must by provided 1356cf2a73cSMauro Carvalho Chehab by underlying dm-integrity target. 1366cf2a73cSMauro Carvalho Chehab 1376cf2a73cSMauro Carvalho Chehab The <type> can be "none" if metadata is used only for persistent IV. 1386cf2a73cSMauro Carvalho Chehab 1396cf2a73cSMauro Carvalho Chehab For Authenticated Encryption with Additional Data (AEAD) 1406cf2a73cSMauro Carvalho Chehab the <type> is "aead". An AEAD mode additionally calculates and verifies 1416cf2a73cSMauro Carvalho Chehab integrity for the encrypted device. The additional space is then 1426cf2a73cSMauro Carvalho Chehab used for storing authentication tag (and persistent IV if needed). 1436cf2a73cSMauro Carvalho Chehab 1446cf2a73cSMauro Carvalho Chehabsector_size:<bytes> 1456cf2a73cSMauro Carvalho Chehab Use <bytes> as the encryption unit instead of 512 bytes sectors. 1466cf2a73cSMauro Carvalho Chehab This option can be in range 512 - 4096 bytes and must be power of two. 1476cf2a73cSMauro Carvalho Chehab Virtual device will announce this size as a minimal IO and logical sector. 1486cf2a73cSMauro Carvalho Chehab 1496cf2a73cSMauro Carvalho Chehabiv_large_sectors 1506cf2a73cSMauro Carvalho Chehab IV generators will use sector number counted in <sector_size> units 1516cf2a73cSMauro Carvalho Chehab instead of default 512 bytes sectors. 1526cf2a73cSMauro Carvalho Chehab 1536cf2a73cSMauro Carvalho Chehab For example, if <sector_size> is 4096 bytes, plain64 IV for the second 1546cf2a73cSMauro Carvalho Chehab sector will be 8 (without flag) and 1 if iv_large_sectors is present. 1556cf2a73cSMauro Carvalho Chehab The <iv_offset> must be multiple of <sector_size> (in 512 bytes units) 1566cf2a73cSMauro Carvalho Chehab if this flag is specified. 1576cf2a73cSMauro Carvalho Chehab 1586cf2a73cSMauro Carvalho ChehabExample scripts 1596cf2a73cSMauro Carvalho Chehab=============== 1606cf2a73cSMauro Carvalho ChehabLUKS (Linux Unified Key Setup) is now the preferred way to set up disk 1616cf2a73cSMauro Carvalho Chehabencryption with dm-crypt using the 'cryptsetup' utility, see 1626cf2a73cSMauro Carvalho Chehabhttps://gitlab.com/cryptsetup/cryptsetup 1636cf2a73cSMauro Carvalho Chehab 1646cf2a73cSMauro Carvalho Chehab:: 1656cf2a73cSMauro Carvalho Chehab 1666cf2a73cSMauro Carvalho Chehab #!/bin/sh 1676cf2a73cSMauro Carvalho Chehab # Create a crypt device using dmsetup 1686cf2a73cSMauro Carvalho Chehab dmsetup create crypt1 --table "0 `blockdev --getsz $1` crypt aes-cbc-essiv:sha256 babebabebabebabebabebabebabebabe 0 $1 0" 1696cf2a73cSMauro Carvalho Chehab 1706cf2a73cSMauro Carvalho Chehab:: 1716cf2a73cSMauro Carvalho Chehab 1726cf2a73cSMauro Carvalho Chehab #!/bin/sh 1736cf2a73cSMauro Carvalho Chehab # Create a crypt device using dmsetup when encryption key is stored in keyring service 1746cf2a73cSMauro Carvalho Chehab dmsetup create crypt2 --table "0 `blockdev --getsize $1` crypt aes-cbc-essiv:sha256 :32:logon:my_prefix:my_key 0 $1 0" 1756cf2a73cSMauro Carvalho Chehab 1766cf2a73cSMauro Carvalho Chehab:: 1776cf2a73cSMauro Carvalho Chehab 1786cf2a73cSMauro Carvalho Chehab #!/bin/sh 1796cf2a73cSMauro Carvalho Chehab # Create a crypt device using cryptsetup and LUKS header with default cipher 1806cf2a73cSMauro Carvalho Chehab cryptsetup luksFormat $1 1816cf2a73cSMauro Carvalho Chehab cryptsetup luksOpen $1 crypt1 182