From nobody Mon Jun  8 23:57:49 2026
Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com
 [205.220.168.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CBB23815D8
	for <linux-kernel@vger.kernel.org>; Mon, 25 May 2026 12:13:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=205.220.168.131
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779711238; cv=none;
 b=R2NymK21kUX60UCUPTcywh8rNv3l4v8WWUvz5xxuVmAvNio+LrwMGLCSQjpQpF2Rs7Nfzmhsj8beavqvEotqBlRGKbOmGGHR5UvVmq9hBFMnUHyenVLsVtKMJyw2BjDo9Btnva8jK7h/12NNn3KzIdzvizTmx95X4fyVUQdouh4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779711238; c=relaxed/simple;
	bh=/4q5SKHnarsZjvQtvTuR/8//1DZSB0QZDm6o2TCtk5U=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=BjNd3UxfNO35vdg2jpHAsfBFgwd1YSaPYNE4JDTAvmYSkL/y3oANTJPWJSZ71AuLAdorGqHQINPyIZ2BrMH+6X7ChDCOtkMkFFr7HY9lswMtrAiyXIjVfa9mlsZdhbhgW9Awpdp3ccPkGirHT9H6ZofhSIUksznyfypOXDYWi4c=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com;
 spf=pass smtp.mailfrom=oss.qualcomm.com;
 dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com
 header.b=E8zxzaK7;
 dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com
 header.b=TRsmj+s6; arc=none smtp.client-ip=205.220.168.131
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=oss.qualcomm.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com
 header.b="E8zxzaK7";
	dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com
 header.b="TRsmj+s6"
Received: from pps.filterd (m0279864.ppops.net [127.0.0.1])
	by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id
 64P7c2dn1889308
	for <linux-kernel@vger.kernel.org>; Mon, 25 May 2026 12:13:56 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=
	cc:content-transfer-encoding:date:from:in-reply-to:message-id
	:mime-version:references:subject:to; s=qcppdkim1; bh=7ynmZufDjRg
	f1FwaoBl/o9v3N5HQZnGqFH7Md0cfKT8=; b=E8zxzaK7j1Vayl9xFW9Fi4nCNZQ
	UQHFAcGichSfi2kdVVJWfmEXa2LWpicN8Yw5m1V1NUV0acFCwgQ2Zr6ebDnlg92p
	yrz6XNZyIw26rIwOJGGD50edzYvXzsqLALoc9Tc1tCjC0bKuoCZO5qyxibaebcvP
	zDznFQuQQQpXr4SpiKPRVa+O7TAjug4aT0ciqJ7GPWiUVRfWXxZ5e8btyWwovZ+s
	LK6UEPB8vcBOMpwiIzTUjJtChvhwl0jZWYwJaq1TdpASxKPTaq2jVRmqATUg/p53
	ejhgYkAbV8CJ5IQeds+wc8d0kJ09/Fb+8nID2eqmB4YiKKJ9Pxf7phUQXJA==
Received: from mail-dy1-f199.google.com (mail-dy1-f199.google.com
 [74.125.82.199])
	by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4ebba0wrmk-1
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT)
	for <linux-kernel@vger.kernel.org>; Mon, 25 May 2026 12:13:56 +0000 (GMT)
Received: by mail-dy1-f199.google.com with SMTP id
 5a478bee46e88-2ef37c3f773so9656742eec.1
        for <linux-kernel@vger.kernel.org>;
 Mon, 25 May 2026 05:13:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=oss.qualcomm.com; s=google; t=1779711236; x=1780316036;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=7ynmZufDjRgf1FwaoBl/o9v3N5HQZnGqFH7Md0cfKT8=;
        b=TRsmj+s6qyuJqbmXmdAWj9wVKj8IajG5Y25tLv3lx7wVa+q5bWTqxRIR8lwI0E5SOC
         TfGvI65Zv26iVSdx75SrrqZlmpdpl7JFDlAGiSfwe8D4XHPDJHFAB26WuexnKNPDfzVj
         RDIb+v5jptJss334NCx02Wc1+oJWfbg3QtoS5hxIAmHEb+hyZDIK/RwcwrPk9DZyDlxl
         lYBkcywAdYVF8eJEOzUM2klmsqJ0I1ri7XsMg5kF1OurcaHcBBU109hucYvPyfLrJu+4
         pKFYdiGIWofNKWy/mkzd0BcZ8ifAqNGQU0F1lLxA+FKB5zxr4VMLGgi0bK9DhitD+E3M
         kNFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779711236; x=1780316036;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=7ynmZufDjRgf1FwaoBl/o9v3N5HQZnGqFH7Md0cfKT8=;
        b=Az+J+stDHk8A6ZZTOtsavSUMhHlIlHijpDV3G9tMgc8xsrU+i6e2wntf+85iKR2amf
         M9N/BNO0BstYAp2NCtkCOeubK7jYyQFX5hwgX31EOSP0VEJY8MCQDdCGzUJXEc/TxY/B
         psBRZCtWOwYnqxhWjhUaHRt0j9KkWGhPqbtBsiai1PjhvfqPU1xalIuLkCyF6N+d3aHk
         ysFcC2biPGCP/9iVsIDSqkLzTeahZjROI5fVpMxFvorVbQeRJxhPJWTN7N1vYHYlbhuR
         klrKaAzCrffsprTmC1msdW1ZLEOkmhP7yRkavDLXNUendrr4UvFXph5ozF1fPrTp+UwZ
         Ychw==
X-Forwarded-Encrypted: i=1;
 AFNElJ9Q3GoNkzv6eCR+b7QJ42YC3DPUslF5vITK4OnriwD3bMq7qjyf6nkbsTrIXHCy3nK6tv/HLlcAJ8mc3j4=@vger.kernel.org
X-Gm-Message-State: AOJu0YwPtv/XP03U210xubHlkd+NfzlYaVYsxNP3fOGRDUEIldeTNUI8
	Uz/hILHyRBL2ktfHI9SUZf5jaIGEwX+/iQtVda6CssrvSKuhSjVpyqbEaSRnC3vIUqGw95+8r/1
	NKYaBk7gZ2DlJVzRIHWFQwJfkzCX9ea0DIYYWcrJrWV/qQtQ6vLmg0d1MptN1wif8g44=
X-Gm-Gg: Acq92OEQf3h5lKnEH05isLtP7TnWYmP/t1LrC7W4DgB+w3YcgWYsSL4drfui43unJfv
	mNH4BfJFQFppG8Gq3bhpTkzJ/kHyAXkiyXDsNj7c3EvQgfSWZPL0QD7T4hghGbJCGvtiULgfps5
	c7r0SLPG/mVbPUoVvq3dC/hlqWBIDjzKqm7ubt6UXpM9s1EzEa4SeNMt6NOuv/8wef/ecjzJbP+
	RpuaQ9b2Eke4AWgMV75CRI+6naEPIDIv2SwehAhB7lzL4Absysct3fzMDanUFXJqgEI6SqOrCUC
	tMtjh2joIbTnLGEvtvHg0a517DbwcvVJ14+h8gxM9VVUFz90tPXHZwoT/cOaF5LEJb/vXnpMxTw
	FsUyoTARi6ViU2vxzy8qSFlEqb5DoCiII33Lx2lYzYR3AjWqeKM1LGJUny+ufFHHuhCovA+xN9x
	PFRR7zTqi9jKeSXkU=
X-Received: by 2002:a05:7300:fb8b:b0:2ea:cd38:f921 with SMTP id
 5a478bee46e88-3044912c345mr6233918eec.26.1779711235716;
        Mon, 25 May 2026 05:13:55 -0700 (PDT)
X-Received: by 2002:a05:7300:fb8b:b0:2ea:cd38:f921 with SMTP id
 5a478bee46e88-3044912c345mr6233886eec.26.1779711234979;
        Mon, 25 May 2026 05:13:54 -0700 (PDT)
Received: from u20-san1p10573.qualcomm.com (i-global254.qualcomm.com.
 [199.106.103.254])
        by smtp.gmail.com with ESMTPSA id
 5a478bee46e88-304535ae870sm7552264eec.19.2026.05.25.05.13.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 25 May 2026 05:13:54 -0700 (PDT)
From: Linlin Zhang <linlin.zhang@oss.qualcomm.com>
To: Mikulas Patocka <mpatocka@redhat.com>, Eric Biggers <ebiggers@kernel.org>,
        Milan Broz <gmazyland@gmail.com>
Cc: Alasdair Kergon <agk@redhat.com>, Mike Snitzer <snitzer@kernel.org>,
        Benjamin Marzinski <bmarzins@redhat.com>,
        Neeraj Soni <neeraj.soni@oss.qualcomm.com>, dm-devel@lists.linux.dev,
        linux-kernel@vger.kernel.org
Subject: [PATCH v3 1/1] dm-inlinecrypt: add support for hardware-wrapped keys
Date: Mon, 25 May 2026 05:13:48 -0700
Message-Id: <20260525121348.1321282-2-linlin.zhang@oss.qualcomm.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20260525121348.1321282-1-linlin.zhang@oss.qualcomm.com>
References: <20260525121348.1321282-1-linlin.zhang@oss.qualcomm.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Proofpoint-ORIG-GUID: G0BnSHIzC3XiQwr1ZbUt8HbtsyAFp0ou
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI1MDEyNiBTYWx0ZWRfX6e2CY3BiDk/8
 kbyO1DaU9kExjU/mWaVxGiTJAtO2qg8C48CkGrgZhZI9MxpXE/EbOUvOxM4Rpcq+7/w6WQx3ucr
 TP7M+5KpIz1N093SweRPC483Fj4RYPWaA7h4ZU3RbAoKCKMNhM/p21XciGpRCp0Zh9jTNTo1e8m
 db53nXMLjZw+QW7qMlqVeyr2E9iq+PoKoZKQ6xxxdikkrdPH/RVgCN28OeT3WZ9hhBL/M7qStGk
 P0TI23fU0YI6iuGCbT4+D5qeZbzkKK+gsZxiWtOqNeEn8f5dC6UgqTmJfa+NhbjI0T1+TG9pks2
 kjHeaLoV0E3palOs+BrhzB2pujq8bTjQHD2VC/fjsBBBfPfy0r0U9axnPlHVF6ONw2sO1yNu8cC
 nJ7HZ51uH5sTB9GJs+9aQr93zlf2afDs2qNNRQgKQudMmmgcnyUmLg5VAO5Am16n2/oJx84r0Qs
 kBWgrnUsOFE0kfMXjPQ==
X-Proofpoint-GUID: G0BnSHIzC3XiQwr1ZbUt8HbtsyAFp0ou
X-Authority-Analysis: v=2.4 cv=Xca5Co55 c=1 sm=1 tr=0 ts=6a143d04 cx=c_pps
 a=cFYjgdjTJScbgFmBucgdfQ==:117 a=JYp8KDb2vCoCEuGobkYCKw==:17
 a=NGcC8JguVDcA:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22
 a=u7WPNUs3qKkmUXheDGA7:22 a=DJpcGTmdVt4CTyJn9g5Z:22 a=EUspDBNiAAAA:8
 a=3b9_pEqgJirTJOw7QqIA:9 a=scEy_gLbYbu1JhEsrz4S:22
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49
 definitions=2026-05-25_03,2026-05-18_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 spamscore=0 malwarescore=0 adultscore=0 priorityscore=1501 impostorscore=0
 clxscore=1015 lowpriorityscore=0 bulkscore=0 phishscore=0 suspectscore=0
 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0
 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605250126
Content-Type: text/plain; charset="utf-8"

Add support for hardware-wrapped encryption keys to the
dm-inlinecrypt target.

Introduce a new optional argument <key_type> to indicate
whether the provided key is a raw key or a hardware-wrapped
key. Based on this flag, the appropriate blk-crypto key type
is selected when initializing the key.

This allows dm-inlinecrypt to work with hardware that requires
keys to be wrapped and managed by the underlying inline
encryption engine.

Update the target argument parsing accordingly and pass the
key type to blk_crypto_init_key(). Documentation is also
updated to reflect the new parameter and usage.

Signed-off-by: Linlin Zhang <linlin.zhang@oss.qualcomm.com>
---
 .../device-mapper/dm-inlinecrypt.rst          | 20 +++---
 drivers/md/dm-inlinecrypt.c                   | 63 ++++++++++++-------
 2 files changed, 54 insertions(+), 29 deletions(-)

diff --git a/Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst b/D=
ocumentation/admin-guide/device-mapper/dm-inlinecrypt.rst
index c71e600efb76..8f7961f99a88 100644
--- a/Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst
+++ b/Documentation/admin-guide/device-mapper/dm-inlinecrypt.rst
@@ -39,18 +39,19 @@ Parameters::
=20
 <key_string>
     The kernel keyring key is identified by string in following format:
-    <key_size>:<key_type>:<key_description>.
+    <key_size>:<keyring_type>:<key_description>.
=20
 <key_size>
     The encryption key size in bytes. The kernel key payload size must mat=
ch
     the value passed in <key_size>.
=20
-<key_type>
-    Either 'logon', or 'trusted' kernel key type.
+<keyring_type>
+    The type of the key inside the kernel keyring. It can be either 'logon=
',
+    or 'trusted' kernel key type.
=20
 <key_description>
     The kernel keyring key description inlinecrypt target should look for
-    when loading key of <key_type>.
+    when loading key of <keyring_type>.
=20
 <iv_offset>
     The IV offset is a sector count that is added to the sector number
@@ -70,7 +71,12 @@ Parameters::
     Otherwise #opt_params is the number of following arguments.
=20
     Example of optional parameters section:
-        allow_discards sector_size:4096 iv_large_sectors
+        keytype:raw allow_discards sector_size:4096 iv_large_sectors
+
+<key_type>
+    The type of the key as seen by the block layer, either standard or
+    hardware-wrapped. The string is supplied in the table as <keytype:raw>
+    or <keytype:hw-wrapped>.
=20
 allow_discards
     Block discard requests (a.k.a. TRIM) are passed through the inlinecrypt
@@ -113,11 +119,11 @@ using dmsetup
=20
 	#!/bin/sh
 	# Create a inlinecrypt device using dmsetup
-	dmsetup create inlinecrypt1 --table "0 `blockdev --getsz $1` inlinecrypt =
aes-xts-plain64 babebabebabebabebabebabebabebabebabebabebabebabebabebabebab=
ebabe 0 $1 0"
+	dmsetup create inlinecrypt1 --table "0 `blockdev --getsz $1` inlinecrypt =
aes-xts-plain64 babebabebabebabebabebabebabebabebabebabebabebabebabebabebab=
ebabe 0 0 $1 0 1 keytype:raw"
=20
 ::
=20
 	#!/bin/sh
 	# Create a inlinecrypt device using dmsetup when encryption key is stored=
 in keyring service
-	dmsetup create inlinecrypt2 --table "0 `blockdev --getsz $1` inlinecrypt =
aes-xts-plain64 :64:logon:fde:dminlinecrypt_test_key 0 $1 0"
+	dmsetup create inlinecrypt2 --table "0 `blockdev --getsz $1` inlinecrypt =
aes-xts-plain64 :64:logon:fde:dminlinecrypt_test_key 0 0 $1 0 1 keytype:raw"
=20
diff --git a/drivers/md/dm-inlinecrypt.c b/drivers/md/dm-inlinecrypt.c
index bd8e58a028c5..be1b4aa8f28b 100644
--- a/drivers/md/dm-inlinecrypt.c
+++ b/drivers/md/dm-inlinecrypt.c
@@ -33,6 +33,7 @@ static const struct dm_inlinecrypt_cipher {
  *	       preceded by @iv_offset 512-byte sectors.
  * @sector_size: crypto sector size in bytes (usually 4096)
  * @sector_bits: log2(sector_size)
+ * @key_type: type of the key -- either raw or hardware-wrapped
  * @key: the encryption key to use
  * @max_dun: the maximum DUN that may be used (computed from other params)
  */
@@ -44,6 +45,7 @@ struct inlinecrypt_ctx {
 	u64 iv_offset;
 	unsigned int sector_size;
 	unsigned int sector_bits;
+	enum blk_crypto_key_type key_type;
 	struct blk_crypto_key key;
 	u64 max_dun;
 };
@@ -83,8 +85,8 @@ static bool contains_whitespace(const char *str)
 	return false;
 }
=20
-static int set_key_user(struct key *key, char *bin_key,
-			const unsigned int bin_key_size)
+static int set_key_user(struct key *key, char *key_bytes,
+			const unsigned int key_bytes_size)
 {
 	const struct user_key_payload *ukp;
=20
@@ -92,23 +94,23 @@ static int set_key_user(struct key *key, char *bin_key,
 	if (!ukp)
 		return -EKEYREVOKED;
=20
-	if (bin_key_size !=3D ukp->datalen)
+	if (key_bytes_size !=3D ukp->datalen)
 		return -EINVAL;
=20
-	memcpy(bin_key, ukp->data, bin_key_size);
+	memcpy(key_bytes, ukp->data, key_bytes_size);
=20
 	return 0;
 }
=20
-static int inlinecrypt_get_keyring_key(const char *key_string, u8 *bin_key,
-					const unsigned int bin_key_size)
+static int inlinecrypt_get_keyring_key(const char *key_string, u8 *key_byt=
es,
+					const unsigned int key_bytes_size)
 {
 	char *key_desc;
 	int ret;
 	struct key_type *type;
 	struct key *key;
-	int (*set_key)(struct key *key, char *bin_key,
-				   const unsigned int bin_key_size);
+	int (*set_key)(struct key *key, char *key_bytes,
+				   const unsigned int key_bytes_size);
=20
 	/*
 	 * Reject key_string with whitespace. dm core currently lacks code for
@@ -137,7 +139,7 @@ static int inlinecrypt_get_keyring_key(const char *key_=
string, u8 *bin_key,
=20
 	down_read(&key->sem);
=20
-	ret =3D set_key(key, (char *)bin_key, bin_key_size);
+	ret =3D set_key(key, (char *)key_bytes, key_bytes_size);
=20
 	up_read(&key->sem);
 	key_put(key);
@@ -178,8 +180,8 @@ static int get_key_size(char **key_string)
=20
 #else
=20
-static int inlinecrypt_get_keyring_key(const char *key_string, u8 *bin_key,
-					const unsigned int bin_key_size)
+static int inlinecrypt_get_keyring_key(const char *key_string, u8 *key_byt=
es,
+					const unsigned int key_bytes_size)
 {
 	return -EINVAL;
 }
@@ -234,7 +236,7 @@ static int inlinecrypt_ctr_optional(struct dm_target *t=
i,
 	struct inlinecrypt_ctx *ctx =3D ti->private;
 	struct dm_arg_set as;
 	static const struct dm_arg _args[] =3D {
-		{0, 3, "Invalid number of feature args"},
+		{0, 4, "Invalid number of feature args"},
 	};
 	unsigned int opt_params;
 	const char *opt_string;
@@ -255,7 +257,23 @@ static int inlinecrypt_ctr_optional(struct dm_target *=
ti,
 			ti->error =3D "Not enough feature arguments";
 			return -EINVAL;
 		}
-		if (!strcmp(opt_string, "allow_discards")) {
+		if (str_has_prefix(opt_string, "keytype:")) {
+			const char *val =3D opt_string + strlen("keytype:");
+
+			if (!*val) {
+				ti->error =3D "Invalid block key type";
+				return -EINVAL;
+			}
+
+			if (!strcmp(val, "raw")) {
+				ctx->key_type =3D BLK_CRYPTO_KEY_TYPE_RAW;
+			} else if (!strcmp(val, "hw-wrapped")) {
+				ctx->key_type =3D BLK_CRYPTO_KEY_TYPE_HW_WRAPPED;
+			} else {
+				ti->error =3D "Invalid block key type";
+				return -EINVAL;
+			}
+		} else if (!strcmp(opt_string, "allow_discards")) {
 			ti->num_discard_bios =3D 1;
 		} else if (sscanf(opt_string, "sector_size:%u%c",
 				  &ctx->sector_size, &dummy) =3D=3D 1) {
@@ -293,7 +311,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsign=
ed int argc, char **argv)
 {
 	struct inlinecrypt_ctx *ctx;
 	const struct dm_inlinecrypt_cipher *cipher;
-	u8 raw_key[BLK_CRYPTO_MAX_ANY_KEY_SIZE];
+	u8 key_bytes[BLK_CRYPTO_MAX_ANY_KEY_SIZE];
 	unsigned int dun_bytes;
 	unsigned long long tmpll;
 	char dummy;
@@ -333,7 +351,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsign=
ed int argc, char **argv)
 	}
 	ctx->key_size =3D err;
=20
-	err =3D inlinecrypt_get_key(argv[1], raw_key, ctx->key_size);
+	err =3D inlinecrypt_get_key(argv[1], key_bytes, ctx->key_size);
 	if (err) {
 		ti->error =3D "Malformed key string";
 		goto bad;
@@ -365,6 +383,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsign=
ed int argc, char **argv)
=20
 	/* optional arguments */
 	ctx->sector_size =3D SECTOR_SIZE;
+	ctx->key_type =3D BLK_CRYPTO_KEY_TYPE_RAW;
 	if (argc > 5) {
 		err =3D inlinecrypt_ctr_optional(ti, argc - 5, &argv[5]);
 		if (err)
@@ -385,10 +404,9 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsig=
ned int argc, char **argv)
 		       (ctx->sector_bits - SECTOR_SHIFT);
 	dun_bytes =3D DIV_ROUND_UP(fls64(ctx->max_dun), 8);
=20
-	err =3D blk_crypto_init_key(&ctx->key, raw_key, ctx->key_size,
-				  BLK_CRYPTO_KEY_TYPE_RAW,
-				  cipher->mode_num, dun_bytes,
-				  ctx->sector_size);
+	err =3D blk_crypto_init_key(&ctx->key, key_bytes, ctx->key_size,
+				  ctx->key_type, cipher->mode_num,
+				  dun_bytes, ctx->sector_size);
 	if (err) {
 		ti->error =3D "Error initializing blk-crypto key";
 		goto bad;
@@ -408,7 +426,7 @@ static int inlinecrypt_ctr(struct dm_target *ti, unsign=
ed int argc, char **argv)
 bad:
 	inlinecrypt_dtr(ti);
 out:
-	memzero_explicit(raw_key, sizeof(raw_key));
+	memzero_explicit(key_bytes, sizeof(key_bytes));
 	return err;
 }
=20
@@ -502,8 +520,9 @@ static void inlinecrypt_status(struct dm_target *ti, st=
atus_type_t type,
 		 * the returned table.  Userspace is responsible for redacting
 		 * the key when needed.
 		 */
-		DMEMIT("%s %*phN %llu %s %llu", ctx->cipher_string,
-		       ctx->key.size, ctx->key.bytes, ctx->iv_offset,
+		DMEMIT("%s %*phN %u %llu %s %llu", ctx->cipher_string,
+		       ctx->key.size, ctx->key.bytes,
+		       ctx->key_type, ctx->iv_offset,
 		       ctx->dev->name, ctx->start);
 		num_feature_args +=3D !!ti->num_discard_bios;
 		if (ctx->sector_size !=3D SECTOR_SIZE)
--=20
2.34.1