Hello,
The customer requires transparent data encryption within their DLP system. All data on external storage must be encrypted and decrypted transparently.
How can the data stream (read/write) be controlled? Are there any recommended way?
Thank you in advance!
The customer requires transparent data encryption within their DLP system. All data on external storage must be encrypted and decrypted transparently.
How can the data stream (read/write) be controlled? Are there any recommended ways?
Currently, I don't think there is any good solution for this. Historically, whole disk encryption could be implemented relatively straightforwardly at the IOMedia layer using an IOKit KEXT. However, at this point, KEXT development is no longer really supported, and DriverKit does not really provide an equivalent API (notably, neither of the SCSI DriverKit families can be used for this). If you'd like DriverKit to provide support for media layer drivers, then please file a bug here and post that bug number back here.
Moving above the media layer, FSKit could be used to implement this; however, at this point, that would require implementing a full block storage file system. That's certainly possible but obviously requires quite substantial effort.
__
Kevin Elliott
DTS Engineer, CoreOS/Hardware
