From nobody Mon May 25 08:12:39 2026
Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com
 [205.220.168.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC6EF3D669E
	for <linux-kernel@vger.kernel.org>; Sat, 16 May 2026 11:50:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=205.220.168.131
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1778932254; cv=none;
 b=E+eHCYAnDgGyhXvVr1JFNJlzwu5nTwenaDxGr4ef8SHzQ+W/M4C31TdrVR+XGmLGFqzBPTeTC1OBRpFxCChVnTrPm9Z0KCGvd+lQHS7mPe1xMeXlC9xmXcS8DkrSB2duZS1qzUpHk+VJqL43ULgZQJZ0YkjgW/0FG3CVRaFbf5k=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1778932254; c=relaxed/simple;
	bh=HsvOfF/WcvWpGuFgzOw3j+phD1tzcGCGNbFw2dXUCgg=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=gjyN2e83c3LhzKl3PGcEvRSI5/nO/q4PTBWqCddkY2ebIefOyi/Fncom2b4NHT9Xiir7OYxZEfFPk8o/Gp4KabvbUtKSSusQvZ98tp8ZRBmwhmx+Ld1Uk8+N7N762MXcPYg5VkJ4ifbNHOBuzKdNDUdRwC2BlkdmLocKWYEWreo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com;
 spf=pass smtp.mailfrom=oss.qualcomm.com;
 dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com
 header.b=kK9flCtn;
 dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com
 header.b=WIKxHzaT; arc=none smtp.client-ip=205.220.168.131
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=oss.qualcomm.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com
 header.b="kK9flCtn";
	dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com
 header.b="WIKxHzaT"
Received: from pps.filterd (m0279866.ppops.net [127.0.0.1])
	by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id
 64G4lpAG2863050
	for <linux-kernel@vger.kernel.org>; Sat, 16 May 2026 11:50:52 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=
	cc:content-transfer-encoding:date:from:in-reply-to:message-id
	:mime-version:references:subject:to; s=qcppdkim1; bh=Sl4Tqs3rL2g
	O+I8+VZQCtEcpE/idf6GLGIeKnd8ZYGk=; b=kK9flCtnJYpfpDXM0oagfIE6QV+
	WfOn/Oz4Oir3q9tSQSMZDk+TwWOl37EgEWyU/Jn4fmORtjf7QXupcwHpKQ7YwOGI
	Aak8WF0T5skxoq6pCWEbfF/hhBKprfCPFAbnYIHCHvcgiR/20KJJmOGZArs3Sh2q
	xFQ3dYV25EJQkJlKGogSTSSv8VVPwDchoRCuQY94j1Gp83nI6DnpUQLirzzQHIgD
	KUQXX/j6xNMUWCaxbFvoqicQSbip6kgEbQS2GRY+Gdlx7IXYSpFxgmwzFuaokHQd
	6OQK4sUGAeCtXbAY7E00St4xU+0EyH6baIsAXRI925istNLPIQrlqP0Gzfw==
Received: from mail-dy1-f197.google.com (mail-dy1-f197.google.com
 [74.125.82.197])
	by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4e6hv7rnmu-1
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT)
	for <linux-kernel@vger.kernel.org>; Sat, 16 May 2026 11:50:51 +0000 (GMT)
Received: by mail-dy1-f197.google.com with SMTP id
 5a478bee46e88-2f2d983d109so2075972eec.0
        for <linux-kernel@vger.kernel.org>;
 Sat, 16 May 2026 04:50:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=oss.qualcomm.com; s=google; t=1778932251; x=1779537051;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Sl4Tqs3rL2gO+I8+VZQCtEcpE/idf6GLGIeKnd8ZYGk=;
        b=WIKxHzaTVHK9siq9HqadkjFUgfq/xHTbpXLj3Xq5ahScz0vAvwQTml+P2op6rgh7ee
         8HBTTFAbUKavCV8CpCJlU6IC1a+Ss2gyfGQWwNwXhzaz0zRrMQpJ3j8dbDlwkmnSVP3k
         ViLYsfMHN3Wc2Wu73bmoIjFrnyFhRT7KQ0Qh1oYqlumPH145BAEoXUwPEHAijfFz/grz
         dIiCEQX68hY5shBBl+iuaiLLMFh0L/BMJkjd471GSU+Jt/dvK5jqMSVQzgRSvltCfCnv
         jmmqjMW2XpfORj8uLAoZ0NvDIBzzs/PezD+GlRdshQpXcmIumIMP1KKhkXmSOC54twff
         uY2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1778932251; x=1779537051;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=Sl4Tqs3rL2gO+I8+VZQCtEcpE/idf6GLGIeKnd8ZYGk=;
        b=LHtoBEfxd+eCYetXTqSl+egTatA92cqDf3h22L1yA07qhRSssIgrOaA/1/doTmMWfa
         dC+dVKpyLPFIfqoQMcpr5YvlDoe3x6NIBNUc+DavHLNVGZzvqgA/WFZdqC604i76h26h
         L5+e/Nvvi4aaIoDzD3tfQYeEFVnWd+9jAFon0LRx6NOHL9AD9dZT8nm+gA1HlQi/ZUBH
         C2j0xA4xFrZ6qcqQCyM33Zrqcck9ugP8g7fq3QeX01HqZJu613MZLngnO8GUzAokj6zu
         KncfUWxlP61qIEkxMVg3jdNKQCoO/TY6t6d2Yjlf6LpHC3F73ozkl27fw1l4rwsO+Ns3
         mW9w==
X-Forwarded-Encrypted: i=1;
 AFNElJ/HpCTQsAedf0oeSLIEgRMC/v94C1OmgOrZUwDIU/d+3dZfPpvBuWinAPpdiARYGuw3c5STH0pyQGdxa6Y=@vger.kernel.org
X-Gm-Message-State: AOJu0Yx+5gxSZ8lst2RxW3Zo+5F+gfWkfF4VDwPvfdomEAlrJ66Un4YS
	y5b15yTITjLv/NH+9Ytp6IHKUmJv80Sa/F34/+b2bDFDcll2Y34A5X2NvRCHkcP0tTlzyEtYKig
	FnxQK1UQSjCmO3M8EUZjc++C6XWG8VbeY2J0FLXOapRUSXoUimSLyblKmjIYQSeWd5OmiZd28nl
	8=
X-Gm-Gg: Acq92OFkIAS0/5jeiS3ku3Yl4afo/ALkdMm+T8GZJijep5Uvl3gyC6v6OG3rFXAVSfV
	MIk0cG2SHI/jfjYksMyb09/2Np8JAc9l65lEbVGtZsGje+S52XPzXn3tUPov0yLCgCVIpRacDJ0
	FLXxXfYrFUyc+IJ9ce8+jhUgog7B+VMGZzzIlx1WOSdjibhz8HEeitWNcfcgEHUM1RDJD5oabvB
	lXcNCYtnxcoxCul9rai2O8lEnRdChS1LQyS0e7bO184c6zLQ/1JXSVaZOi4+PSKl5ibR53+KEZR
	uVEEwt7Rf0uY6lnrCW0tJuFQvgbOggxUgm75ynA2G4WmH78ip6LPv/bnZGiWgdfj3kejqh1eVcv
	pDfSKyID9kQLtKIIjMo4uFDw3h7p2qUmCqkC96HlZ1EUyTse32eNsZVr3zMVXBl0yaVMzl//A7E
	waEa9Mk+wa6H56njY=
X-Received: by 2002:a05:7300:ec17:b0:2e7:c701:aa85 with SMTP id
 5a478bee46e88-30398626570mr4111484eec.17.1778932251033;
        Sat, 16 May 2026 04:50:51 -0700 (PDT)
X-Received: by 2002:a05:7300:ec17:b0:2e7:c701:aa85 with SMTP id
 5a478bee46e88-30398626570mr4111468eec.17.1778932250456;
        Sat, 16 May 2026 04:50:50 -0700 (PDT)
Received: from u20-san1p10573.qualcomm.com (i-global254.qualcomm.com.
 [199.106.103.254])
        by smtp.gmail.com with ESMTPSA id
 5a478bee46e88-30293e2e69esm11782612eec.1.2026.05.16.04.50.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 16 May 2026 04:50:50 -0700 (PDT)
From: Linlin Zhang <linlin.zhang@oss.qualcomm.com>
To: Mikulas Patocka <mpatocka@redhat.com>, Eric Biggers <ebiggers@kernel.org>
Cc: Alasdair Kergon <agk@redhat.com>, Mike Snitzer <snitzer@kernel.org>,
        Benjamin Marzinski <bmarzins@redhat.com>,
        Neeraj Soni <neeraj.soni@oss.qualcomm.com>, dm-devel@lists.linux.dev,
        linux-kernel@vger.kernel.org
Subject: [PATCH v2 1/1] dm-inlinecrypt: add support for hardware-wrapped keys
Date: Sat, 16 May 2026 04:50:45 -0700
Message-Id: <20260516115045.3958326-2-linlin.zhang@oss.qualcomm.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20260516115045.3958326-1-linlin.zhang@oss.qualcomm.com>
References: <20260516115045.3958326-1-linlin.zhang@oss.qualcomm.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTE2MDExNiBTYWx0ZWRfX8Oav9JUPAOgT
 CVx3b/fEo+JO/qzDddDbc5M5I39dHttmvIRFGqraswkKvLN9Qfuk7bUPjt9ExuqQNqOgPobXka8
 yBteZPnauRFTn+bagsyp46/R2Xlj90y6/LcnywmWlNgEB/t3WgRCJb6HHSlp9/50iz4ZVtCXsl1
 dsQQ5iMkS41KXRESGobuorgLuLVf3ceoBfRrXCX6bsTf+UYvxn3fO/g1KHBPQKIyIP/DOQ7oskE
 ECtEC020DzxyZAH3HIIglSD4HN1kKi8f5EPJHINvebaLZS2XTyx5v/qVBbuPBLOFjOmBWCw5zvw
 GIvMtd08YGpJZxS+STWGtre2neBlncn0svQeq1zW2UPPtCTCwuXlyVyrxC68vvoutDK/5Yxuo1r
 txfXM/tqAEvQBh6Mo+ciREkXc+7M08GsPIGCYPIFQ59GMWK7pcFtW4XhBmvMHywsE+XQlsY/lr3
 JHBheNV6WBS1Mqyqi1g==
X-Authority-Analysis: v=2.4 cv=a8oAM0SF c=1 sm=1 tr=0 ts=6a085a1b cx=c_pps
 a=Uww141gWH0fZj/3QKPojxA==:117 a=JYp8KDb2vCoCEuGobkYCKw==:17
 a=NGcC8JguVDcA:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22
 a=u7WPNUs3qKkmUXheDGA7:22 a=YMgV9FUhrdKAYTUUvYB2:22 a=VwQbUJbxAAAA:8
 a=EUspDBNiAAAA:8 a=KrrCeawaZyiTPODpdG8A:9 a=PxkB5W3o20Ba91AHUih5:22
X-Proofpoint-ORIG-GUID: eCl7xBNJs_MsgveYjq7twGvyMyQbk-ls
X-Proofpoint-GUID: eCl7xBNJs_MsgveYjq7twGvyMyQbk-ls
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49
 definitions=2026-05-16_01,2026-05-15_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 spamscore=0 phishscore=0 suspectscore=0 priorityscore=1501 impostorscore=0
 clxscore=1015 bulkscore=0 lowpriorityscore=0 adultscore=0 malwarescore=0
 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0
 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605160116
Content-Type: text/plain; charset="utf-8"

Add support for hardware-wrapped encryption keys to the
dm-inlinecrypt target.

Introduce a new parameter <is_wrappedkey> to indicate whether
the provided key is a raw key or a hardware-wrapped key. Based
on this flag, the appropriate blk-crypto key type is selected
when initializing the key.

This allows dm-inlinecrypt to work with hardware that requires
keys to be wrapped and managed by the underlying inline
encryption engine.

Update the target argument parsing accordingly and pass the
key type to blk_crypto_init_key(). Documentation is also
updated to reflect the new parameter and usage.

Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com>
---
 .../device-mapper/dm-inlinecrypt.rst          | 10 ++-
 drivers/md/dm-inlinecrypt.c                   | 71 +++++++++++--------
 2 files changed, 50 insertions(+), 31 deletions(-)

diff --git a/Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst b/D=
ocumentation/admin-guide/device-mapper/dm-inlinecrypt.rst
index c71e600efb76..3a4ce2c5f228 100644
--- a/Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst
+++ b/Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst
@@ -10,7 +10,7 @@ https://docs.kernel.org/block/inline-encryption.html
=20
 Parameters::
=20
-	      <cipher> <key> <iv_offset> <device path> \
+	      <cipher> <key> <is_wrappedkey> <iv_offset> <device path> \
 	      <offset> [<#opt_params> <opt_params>]
=20
 <cipher>
@@ -52,6 +52,10 @@ Parameters::
     The kernel keyring key description inlinecrypt target should look for
     when loading key of <key_type>.
=20
+<is_wrappedkey>
+    The flag used to imply if the key is hardware-wrapped or not.
+    '0' means a raw key and '1' means a wrapped key.
+
 <iv_offset>
     The IV offset is a sector count that is added to the sector number
     before creating the IV.
@@ -113,11 +117,11 @@ using dmsetup
=20
 	#!/bin/sh
 	# Create a inlinecrypt device using dmsetup
-	dmsetup create inlinecrypt1 --table "0 `blockdev --getsz $1` inlinecrypt =
aes-xts-plain64 babebabebabebabebabebabebabebabebabebabebabebabebabebabebab=
ebabe 0 $1 0"
+	dmsetup create inlinecrypt1 --table "0 `blockdev --getsz $1` inlinecrypt =
aes-xts-plain64 babebabebabebabebabebabebabebabebabebabebabebabebabebabebab=
ebabe 0 0 $1 0"
=20
 ::
=20
 	#!/bin/sh
 	# Create a inlinecrypt device using dmsetup when encryption key is stored=
 in keyring service
-	dmsetup create inlinecrypt2 --table "0 `blockdev --getsz $1` inlinecrypt =
aes-xts-plain64 :64:logon:fde:dminlinecrypt_test_key 0 $1 0"
+	dmsetup create inlinecrypt2 --table "0 `blockdev --getsz $1` inlinecrypt =
aes-xts-plain64 :64:logon:fde:dminlinecrypt_test_key 0 0 $1 0"
=20
diff --git a/drivers/md/dm-inlinecrypt.c b/drivers/md/dm-inlinecrypt.c
index bd8e58a028c5..4e49edea59cf 100644
--- a/drivers/md/dm-inlinecrypt.c
+++ b/drivers/md/dm-inlinecrypt.c
@@ -29,6 +29,7 @@ static const struct dm_inlinecrypt_cipher {
  *	   For this purpose a "sector" is 512 bytes.
  * @cipher_string: the name of the encryption algorithm being used
  * @key_size: size of the encryption key in bytes
+ * @is_hw_wrapped: true if the key is a hardware-wrapped key, false for a =
raw key.
  * @iv_offset: starting offset for IVs.  IVs are generated as if the targe=
t were
  *	       preceded by @iv_offset 512-byte sectors.
  * @sector_size: crypto sector size in bytes (usually 4096)
@@ -41,6 +42,7 @@ struct inlinecrypt_ctx {
 	sector_t start;
 	const char *cipher_string;
 	unsigned int key_size;
+	bool is_hw_wrapped;
 	u64 iv_offset;
 	unsigned int sector_size;
 	unsigned int sector_bits;
@@ -83,8 +85,8 @@ static bool contains_whitespace(const char *str)
 	return false;
 }
=20
-static int set_key_user(struct key *key, char *bin_key,
-			const unsigned int bin_key_size)
+static int set_key_user(struct key *key, char *key_bytes,
+			const unsigned int key_bytes_size)
 {
 	const struct user_key_payload *ukp;
=20
@@ -92,23 +94,23 @@ static int set_key_user(struct key *key, char *bin_key,
 	if (!ukp)
 		return -EKEYREVOKED;
=20
-	if (bin_key_size !=3D ukp->datalen)
+	if (key_bytes_size !=3D ukp->datalen)
 		return -EINVAL;
=20
-	memcpy(bin_key, ukp->data, bin_key_size);
+	memcpy(key_bytes, ukp->data, key_bytes_size);
=20
 	return 0;
 }
=20
-static int inlinecrypt_get_keyring_key(const char *key_string, u8 *bin_key,
-					const unsigned int bin_key_size)
+static int inlinecrypt_get_keyring_key(const char *key_string, u8 *key_byt=
es,
+					const unsigned int key_bytes_size)
 {
 	char *key_desc;
 	int ret;
 	struct key_type *type;
 	struct key *key;
-	int (*set_key)(struct key *key, char *bin_key,
-				   const unsigned int bin_key_size);
+	int (*set_key)(struct key *key, char *key_bytes,
+				   const unsigned int key_bytes_size);
=20
 	/*
 	 * Reject key_string with whitespace. dm core currently lacks code for
@@ -137,7 +139,7 @@ static int inlinecrypt_get_keyring_key(const char *key_=
string, u8 *bin_key,
=20
 	down_read(&key->sem);
=20
-	ret =3D set_key(key, (char *)bin_key, bin_key_size);
+	ret =3D set_key(key, (char *)key_bytes, key_bytes_size);
=20
 	up_read(&key->sem);
 	key_put(key);
@@ -178,8 +180,8 @@ static int get_key_size(char **key_string)
=20
 #else
=20
-static int inlinecrypt_get_keyring_key(const char *key_string, u8 *bin_key,
-					const unsigned int bin_key_size)
+static int inlinecrypt_get_keyring_key(const char *key_string, u8 *key_byt=
es,
+					const unsigned int key_bytes_size)
 {
 	return -EINVAL;
 }
@@ -284,7 +286,7 @@ static int inlinecrypt_ctr_optional(struct dm_target *t=
i,
=20
 /*
  * Construct an inlinecrypt mapping:
- * <cipher> [<key>|:<key_size>:<logon>:<key_description>] <iv_offset> <dev=
_path> <start>
+ * <cipher> [<key>|:<key_size>:<logon>:<key_description>] <is_wrappedkey> =
<iv_offset> <dev_path> <start>
  *
  * This syntax matches dm-crypt's, but the set of supported functionality =
has
  * been stripped down.
@@ -293,13 +295,14 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsi=
gned int argc, char **argv)
 {
 	struct inlinecrypt_ctx *ctx;
 	const struct dm_inlinecrypt_cipher *cipher;
-	u8 raw_key[BLK_CRYPTO_MAX_ANY_KEY_SIZE];
+	u8 key_bytes[BLK_CRYPTO_MAX_ANY_KEY_SIZE];
+	enum blk_crypto_key_type key_type;
 	unsigned int dun_bytes;
 	unsigned long long tmpll;
 	char dummy;
 	int err;
=20
-	if (argc < 5) {
+	if (argc < 6) {
 		ti->error =3D "Not enough arguments";
 		return -EINVAL;
 	}
@@ -333,21 +336,33 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsi=
gned int argc, char **argv)
 	}
 	ctx->key_size =3D err;
=20
-	err =3D inlinecrypt_get_key(argv[1], raw_key, ctx->key_size);
+	err =3D inlinecrypt_get_key(argv[1], key_bytes, ctx->key_size);
 	if (err) {
 		ti->error =3D "Malformed key string";
 		goto bad;
 	}
=20
+	/* <is_wrappedkey> */
+	if (sscanf(argv[2], "%d%c", &err, &dummy) !=3D 1 ||
+			(err !=3D 0 && err !=3D 1)) {
+		ti->error =3D "Invalid is_wrappedkey flag";
+		err =3D -EINVAL;
+		goto bad;
+	}
+	ctx->is_hw_wrapped =3D err;
+	key_type =3D ctx->is_hw_wrapped ?
+			   BLK_CRYPTO_KEY_TYPE_HW_WRAPPED :
+			   BLK_CRYPTO_KEY_TYPE_RAW;
+
 	/* <iv_offset> */
-	if (sscanf(argv[2], "%llu%c", &ctx->iv_offset, &dummy) !=3D 1) {
+	if (sscanf(argv[3], "%llu%c", &ctx->iv_offset, &dummy) !=3D 1) {
 		ti->error =3D "Invalid iv_offset sector";
 		err =3D -EINVAL;
 		goto bad;
 	}
=20
 	/* <dev_path> */
-	err =3D dm_get_device(ti, argv[3], dm_table_get_mode(ti->table),
+	err =3D dm_get_device(ti, argv[4], dm_table_get_mode(ti->table),
 			    &ctx->dev);
 	if (err) {
 		ti->error =3D "Device lookup failed";
@@ -355,7 +370,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsign=
ed int argc, char **argv)
 	}
=20
 	/* <start> */
-	if (sscanf(argv[4], "%llu%c", &tmpll, &dummy) !=3D 1 ||
+	if (sscanf(argv[5], "%llu%c", &tmpll, &dummy) !=3D 1 ||
 	    tmpll !=3D (sector_t)tmpll) {
 		ti->error =3D "Invalid start sector";
 		err =3D -EINVAL;
@@ -365,8 +380,8 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsign=
ed int argc, char **argv)
=20
 	/* optional arguments */
 	ctx->sector_size =3D SECTOR_SIZE;
-	if (argc > 5) {
-		err =3D inlinecrypt_ctr_optional(ti, argc - 5, &argv[5]);
+	if (argc > 6) {
+		err =3D inlinecrypt_ctr_optional(ti, argc - 6, &argv[6]);
 		if (err)
 			goto bad;
 	}
@@ -385,10 +400,9 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsig=
ned int argc, char **argv)
 		       (ctx->sector_bits - SECTOR_SHIFT);
 	dun_bytes =3D DIV_ROUND_UP(fls64(ctx->max_dun), 8);
=20
-	err =3D blk_crypto_init_key(&ctx->key, raw_key, ctx->key_size,
-				  BLK_CRYPTO_KEY_TYPE_RAW,
-				  cipher->mode_num, dun_bytes,
-				  ctx->sector_size);
+	err =3D blk_crypto_init_key(&ctx->key, key_bytes, ctx->key_size,
+				  key_type, cipher->mode_num,
+				  dun_bytes, ctx->sector_size);
 	if (err) {
 		ti->error =3D "Error initializing blk-crypto key";
 		goto bad;
@@ -408,7 +422,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsign=
ed int argc, char **argv)
 bad:
 	inlinecrypt_dtr(ti);
 out:
-	memzero_explicit(raw_key, sizeof(raw_key));
+	memzero_explicit(key_bytes, sizeof(key_bytes));
 	return err;
 }
=20
@@ -502,9 +516,10 @@ static void inlinecrypt_status(struct dm_target *ti, s=
tatus_type_t type,
 		 * the returned table.  Userspace is responsible for redacting
 		 * the key when needed.
 		 */
-		DMEMIT("%s %*phN %llu %s %llu", ctx->cipher_string,
-		       ctx->key.size, ctx->key.bytes, ctx->iv_offset,
-		       ctx->dev->name, ctx->start);
+		DMEMIT("%s %*phN %u %llu %s %llu", ctx->cipher_string,
+		       ctx->key.size, ctx->key.bytes,
+		       ctx->is_hw_wrapped ? 1 : 0,
+		       ctx->iv_offset, ctx->dev->name, ctx->start);
 		num_feature_args +=3D !!ti->num_discard_bios;
 		if (ctx->sector_size !=3D SECTOR_SIZE)
 			num_feature_args +=3D 2;
--=20
2.34.1