From: Eric Biggers <ebiggers@kernel.org> To: Satya Tangirala <satyat@google.com> Cc: "Theodore Y . Ts'o" <tytso@mit.edu>, Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <chao@kernel.org>, linux-kernel@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net Subject: Re: [PATCH 2/3] fscrypt: Add metadata encryption support Date: Thu, 8 Oct 2020 10:05:51 -0700 [thread overview] Message-ID: <20201008170551.GB1869638@gmail.com> (raw) In-Reply-To: <20201007232806.GB2544297@google.com> On Wed, Oct 07, 2020 at 11:28:06PM +0000, Satya Tangirala wrote: > > This needs Kconfig help text to describe what this feature is and why anyone > > would want to enable it. It also needs an update to > > Documentation/filesystems/fscrypt.rst, and a test in xfstests that tests that > > the encryption is being done correctly. > > > Sure. I forgot to mention, fwiw I did hack xfstests to enable metadata > encryption on each device to try to test the code, and also some other > informal tests, but as you point out, I should send out actual xfstests > to test this. To be clear, I'm asking for tests which verify the actual ciphertext written to disk. So similar to _verify_ciphertext_for_encryption_policy() in xfstests, or to vts_kernel_encryption_test in Android's VTS. > > Perhaps fscrypt_set_bio_crypt_ctx() should call this? It seems there should be > > a single function that filesystems can call that handles setting the > > bio_crypt_ctx for both file contents and metadata encryption. > > > I mistakenly dismissed this idea when I was coding this up :( - I'll do > this for the next version... I think it'll also make supporting direct I/O > easier in future :) . Also, I might require FS_ENCRYPTION_INLINE_CRYPT > when enabling FS_ENCRYPTION_METADATA to maybe make the code slightly > cleaner (unless there's a reason we want to support metadata encryption > without FS inline encryption being enabled?). Since metadata encryption would already depend on FS_ENCRYPTION and BLK_INLINE_ENCRYPTION, I think it would be fine to require FS_ENCRYPTION_INLINE_CRYPT too, in order to reduce the number of combinations. - Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org> To: Satya Tangirala <satyat@google.com> Cc: "Theodore Y . Ts'o" <tytso@mit.edu>, linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-fscrypt@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org> Subject: Re: [f2fs-dev] [PATCH 2/3] fscrypt: Add metadata encryption support Date: Thu, 8 Oct 2020 10:05:51 -0700 [thread overview] Message-ID: <20201008170551.GB1869638@gmail.com> (raw) In-Reply-To: <20201007232806.GB2544297@google.com> On Wed, Oct 07, 2020 at 11:28:06PM +0000, Satya Tangirala wrote: > > This needs Kconfig help text to describe what this feature is and why anyone > > would want to enable it. It also needs an update to > > Documentation/filesystems/fscrypt.rst, and a test in xfstests that tests that > > the encryption is being done correctly. > > > Sure. I forgot to mention, fwiw I did hack xfstests to enable metadata > encryption on each device to try to test the code, and also some other > informal tests, but as you point out, I should send out actual xfstests > to test this. To be clear, I'm asking for tests which verify the actual ciphertext written to disk. So similar to _verify_ciphertext_for_encryption_policy() in xfstests, or to vts_kernel_encryption_test in Android's VTS. > > Perhaps fscrypt_set_bio_crypt_ctx() should call this? It seems there should be > > a single function that filesystems can call that handles setting the > > bio_crypt_ctx for both file contents and metadata encryption. > > > I mistakenly dismissed this idea when I was coding this up :( - I'll do > this for the next version... I think it'll also make supporting direct I/O > easier in future :) . Also, I might require FS_ENCRYPTION_INLINE_CRYPT > when enabling FS_ENCRYPTION_METADATA to maybe make the code slightly > cleaner (unless there's a reason we want to support metadata encryption > without FS inline encryption being enabled?). Since metadata encryption would already depend on FS_ENCRYPTION and BLK_INLINE_ENCRYPTION, I think it would be fine to require FS_ENCRYPTION_INLINE_CRYPT too, in order to reduce the number of combinations. - Eric _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2020-10-08 17:05 UTC|newest] Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-10-05 7:36 [PATCH 0/3] add support for metadata encryption to F2FS Satya Tangirala 2020-10-05 7:36 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-10-05 7:36 ` [PATCH 1/3] fscrypt, f2fs: replace fscrypt_get_devices with fscrypt_get_device Satya Tangirala 2020-10-05 7:36 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-10-05 7:36 ` [PATCH 2/3] fscrypt: Add metadata encryption support Satya Tangirala 2020-10-05 7:36 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-10-07 20:52 ` Eric Biggers 2020-10-07 20:52 ` [f2fs-dev] " Eric Biggers 2020-10-07 23:28 ` Satya Tangirala 2020-10-07 23:28 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-10-08 17:05 ` Eric Biggers [this message] 2020-10-08 17:05 ` Eric Biggers 2020-10-05 7:36 ` [PATCH 3/3] f2fs: " Satya Tangirala 2020-10-05 7:36 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-10-05 10:19 ` kernel test robot 2020-10-05 10:19 ` kernel test robot 2020-10-07 21:20 ` Eric Biggers 2020-10-07 21:20 ` [f2fs-dev] " Eric Biggers 2020-10-08 0:31 ` Satya Tangirala 2020-10-08 0:31 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-10-05 7:43 ` [PATCH 0/3] add support for metadata encryption to F2FS Satya Tangirala 2020-10-05 7:43 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-10-07 21:00 ` Eric Biggers 2020-10-07 21:00 ` [f2fs-dev] " Eric Biggers 2020-10-07 22:05 ` Satya Tangirala 2020-10-07 22:05 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-10-08 17:01 ` Eric Biggers 2020-10-08 17:01 ` [f2fs-dev] " Eric Biggers 2020-10-10 9:53 ` Chao Yu 2020-10-10 9:53 ` [f2fs-dev] " Chao Yu 2020-12-17 15:44 ` Satya Tangirala 2020-12-17 15:44 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-12-18 9:02 ` Chao Yu 2020-12-18 9:02 ` [f2fs-dev] " Chao Yu 2020-12-18 11:53 ` Satya Tangirala 2020-12-18 11:53 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-12-22 11:47 ` Chao Yu 2020-12-22 11:47 ` [f2fs-dev] " Chao Yu 2020-12-24 10:13 ` Satya Tangirala 2020-12-24 10:13 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel 2020-12-25 9:31 ` Chao Yu 2020-12-25 9:31 ` [f2fs-dev] " Chao Yu
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20201008170551.GB1869638@gmail.com \ --to=ebiggers@kernel.org \ --cc=chao@kernel.org \ --cc=jaegeuk@kernel.org \ --cc=linux-f2fs-devel@lists.sourceforge.net \ --cc=linux-fscrypt@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=satyat@google.com \ --cc=tytso@mit.edu \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.