CBE SB control: don't encrypt invalid keys #72
Description
Thanks to @throwException we discovered that the CBE driver often requests the encryption of keys that are all zeroes. This is caused by the superblock control module that always encrypts both the slot for the current key and the slot for the previous key when writing out a superblock to the block back-end. But the latter contains a valid key only while the CBE is rekeying. When not in rekeying, the latter encryption step should be spared out not only because of efficiency but also because it led to certain hardware Trust Anchors not accepting the zero key material and fail on the corresponding requests.