Cipher mode considerations
The cryptographic algorithm used by the infrastructure for protected volume encryption is called PAES cipher and is implemented by the paes_s390 kernel module. When you format a volume using LUKS2, you need to specify this PAES cipher together with a block cipher mode of your choice.
The PAES cipher supports the following block cipher modes:
- xts
- XTS: XEX-based tweaked-codebook mode with ciphertext stealing.
- cbc
- CBC: Cipher Block Chaining
- ctr
- CTR: Counter mode
- ecb
- ECB: Electronic Codebook
Important: In the infrastructure for protected volume encryption, only use the
XTS cipher mode. This XEX-based tweaked-codebook mode with ciphertext stealing (XTS) is the block
cipher mode recommended by the NIST to encrypt data at-rest. In this mode, the plaintext blocks are XOR-ed
with the previous ciphertext block before being encrypted by the block cipher. And in contrast to
CBC, it is not vulnerable against code injection attacks.
Restriction: The ESSIV (encrypted sector salt initial vector) mode to generate initialization vectors cannot be used with cryptsetup and the PAES cipher.