[PATCH v1 00/17] btrfs: add encryption feature
cross-posted from: lemmy.ml/post/1840134
<pre style="background-color:#ffffff;"> <span style="color:#323232;">This is a changeset adding encryption to btrfs. It is not complete; it </span><span style="color:#323232;">does not support inline data or verity or authenticated encryption. It </span><span style="color:#323232;">is primarily intended as a proof that the fscrypt extent encryption </span><span style="color:#323232;">changeset it builds on work. </span><span style="color:#323232;"> </span><span style="color:#323232;">As per the design doc refined in the fall of last year [1], btrfs </span><span style="color:#323232;">encryption has several steps: first, adding extent encryption to fscrypt </span><span style="color:#323232;">and then btrfs; second, adding authenticated encryption support to the </span><span style="color:#323232;">block layer, fscrypt, and then btrfs; and later adding potentially the </span><span style="color:#323232;">ability to change the key used by a directory (either for all data or </span><span style="color:#323232;">just newly written data) and/or allowing use of inline extents and </span><span style="color:#323232;">verity items in combination with encryption and/or enabling send/receive </span><span style="color:#323232;">of encrypted volumes. As such, this change is only the first step and is </span><span style="color:#323232;">unsafe. </span><span style="color:#323232;"> </span><span style="color:#323232;">This change does not pass a couple of encryption xfstests, because of </span><span style="color:#323232;">different properties of extent encryption. It hasn't been tested with </span><span style="color:#323232;">direct IO or RAID. Because currently extent encryption always uses inline </span><span style="color:#323232;">encryption (i.e. IO-block-only) for data encryption, it does not support </span><span style="color:#323232;">encryption of inline extents; similarly, since btrfs stores verity items </span><span style="color:#323232;">in the tree instead of in inline encryptable blocks on disk as other </span><span style="color:#323232;">filesystems do, btrfs cannot currently encrypt verity items. Finally, </span><span style="color:#323232;">this is insecure; the checksums are calculated on the unencrypted data </span><span style="color:#323232;">and stored unencrypted, which is a potential information leak. (This </span><span style="color:#323232;">will be addressed by authenticated encryption). </span><span style="color:#323232;"> </span><span style="color:#323232;">This changeset is built on two prior changesets to fscrypt: [2] and [3] </span><span style="color:#323232;">and should have no effect on unencrypted usage. </span><span style="color:#323232;"> </span><span style="color:#323232;">[1] https://docs.google.com/document/d/1janjxewlewtVPqctkWOjSa7OhCgB8Gdx7iDaCDQQNZA/edit?usp=sharing </span><span style="color:#323232;">[2] </span><span style="color:#323232;">https://lore.kernel.org/linux-fscrypt/[email protected]/ </span><span style="color:#323232;">[3] </span><span style="color:#323232;">https://lore.kernel.org/linux-fscrypt/[email protected] </span>
Add comment