From: Artem Bityutskiy <dedekind1@gmail.com> To: Joel Reardon <joel@clambassador.com> Cc: linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [patch] Add design document for UBIFS secure deletion Date: Wed, 21 Mar 2012 18:10:18 +0200 [thread overview] Message-ID: <1332346218.14983.20.camel@sauron.fi.intel.com> (raw) In-Reply-To: <alpine.DEB.2.00.1203191752300.22256@eristoteles.iwoars.net> [-- Attachment #1: Type: text/plain, Size: 2386 bytes --] On Mon, 2012-03-19 at 17:54 +0100, Joel Reardon wrote: > Design document should be self explanatory. > > Signed-off-by: Joel Reardon <reardonj@inf.ethz.ch> > > --- > Documentation/filesystems/ubifsec.txt | 358 +++++++++++++++++++++++++++++++++ > 1 files changed, 358 insertions(+), 0 deletions(-) > create mode 100644 Documentation/filesystems/ubifsec.txt > > diff --git a/Documentation/filesystems/ubifsec.txt b/Documentation/filesystems/ubifsec.txt > new file mode 100644 > index 0000000..4eb41fb > --- /dev/null > +++ b/Documentation/filesystems/ubifsec.txt > @@ -0,0 +1,357 @@ > +UBIFS Secure Deletion Enhancement > + > +Written by Joel Reardon <reardonj@inf.ethz.ch> > +Last revised: 19.3.2012 > + > +Introduction > +============ > +UBIFSec provides efficient secure deletion for the flash file system UBIFS. > +Trivial secure deletion by overwriting the deleted data does not work for > +flash memory, as there is a large difference between the size of the I/O unit > +(page) and the erasure unit (erase block). I think for correctness you should use term "LEB" everywhere, not "eraseblock". > UBIFSec encrypts each data node > +with a distinct key and stores the keys colocated in a key storage area (KSA). > +Secure deletion is achieved by atomically updating the (small) set of erase > +blocks that constitute the KSA to remove keys corresponding to deleted data, > +thereby deleting the data nodes they encrypted. > + > +Key Storage Area (KSA) > +====================== > +UBIFSec uses a small migrating set of erase blocks to store all the data "Migrating" set? To me it sounds like the KSA area changes the position withing the UBI volume. I'd suggest to remove word "migrating". > +node's keys---this set is called the Key Storage Area (KSA). The KSA is > +managed separately from the rest of the file system. In particular, it does > +not behave like a log-structured file system: when a KSA erase block is > +updated, its contents are written to a new erase block s/to a new erase block/to a new KSA LEB/ ? > , the logical reference > +to the KSA block is updated, and the previous version of the KSA erase block s/KSA block/KSA LEB/ ? Also, it is not clear what is the "logical reference" - would be nice to probably introduce this notion before using it. -- Best Regards, Artem Bityutskiy [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 836 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Artem Bityutskiy <dedekind1@gmail.com> To: Joel Reardon <joel@clambassador.com> Cc: linux-fsdevel@vger.kernel.org, linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [patch] Add design document for UBIFS secure deletion Date: Wed, 21 Mar 2012 18:10:18 +0200 [thread overview] Message-ID: <1332346218.14983.20.camel@sauron.fi.intel.com> (raw) In-Reply-To: <alpine.DEB.2.00.1203191752300.22256@eristoteles.iwoars.net> [-- Attachment #1: Type: text/plain, Size: 2386 bytes --] On Mon, 2012-03-19 at 17:54 +0100, Joel Reardon wrote: > Design document should be self explanatory. > > Signed-off-by: Joel Reardon <reardonj@inf.ethz.ch> > > --- > Documentation/filesystems/ubifsec.txt | 358 +++++++++++++++++++++++++++++++++ > 1 files changed, 358 insertions(+), 0 deletions(-) > create mode 100644 Documentation/filesystems/ubifsec.txt > > diff --git a/Documentation/filesystems/ubifsec.txt b/Documentation/filesystems/ubifsec.txt > new file mode 100644 > index 0000000..4eb41fb > --- /dev/null > +++ b/Documentation/filesystems/ubifsec.txt > @@ -0,0 +1,357 @@ > +UBIFS Secure Deletion Enhancement > + > +Written by Joel Reardon <reardonj@inf.ethz.ch> > +Last revised: 19.3.2012 > + > +Introduction > +============ > +UBIFSec provides efficient secure deletion for the flash file system UBIFS. > +Trivial secure deletion by overwriting the deleted data does not work for > +flash memory, as there is a large difference between the size of the I/O unit > +(page) and the erasure unit (erase block). I think for correctness you should use term "LEB" everywhere, not "eraseblock". > UBIFSec encrypts each data node > +with a distinct key and stores the keys colocated in a key storage area (KSA). > +Secure deletion is achieved by atomically updating the (small) set of erase > +blocks that constitute the KSA to remove keys corresponding to deleted data, > +thereby deleting the data nodes they encrypted. > + > +Key Storage Area (KSA) > +====================== > +UBIFSec uses a small migrating set of erase blocks to store all the data "Migrating" set? To me it sounds like the KSA area changes the position withing the UBI volume. I'd suggest to remove word "migrating". > +node's keys---this set is called the Key Storage Area (KSA). The KSA is > +managed separately from the rest of the file system. In particular, it does > +not behave like a log-structured file system: when a KSA erase block is > +updated, its contents are written to a new erase block s/to a new erase block/to a new KSA LEB/ ? > , the logical reference > +to the KSA block is updated, and the previous version of the KSA erase block s/KSA block/KSA LEB/ ? Also, it is not clear what is the "logical reference" - would be nice to probably introduce this notion before using it. -- Best Regards, Artem Bityutskiy [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2012-03-21 16:07 UTC|newest] Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-02-09 15:24 [patch] Adding Secure Deletion to UBIFS Joel Reardon 2012-02-09 15:24 ` Joel Reardon 2012-02-09 15:24 ` Joel Reardon 2012-02-13 16:54 ` Artem Bityutskiy 2012-02-13 16:54 ` Artem Bityutskiy 2012-02-23 14:59 ` Joel Reardon 2012-02-23 14:59 ` Joel Reardon 2012-02-23 15:29 ` [patch] Add encryption key parameter to compress/decompress functions Joel Reardon 2012-02-23 15:29 ` Joel Reardon 2012-03-09 7:17 ` Artem Bityutskiy 2012-03-09 7:17 ` Artem Bityutskiy 2012-03-19 16:54 ` [patch] Add design document for UBIFS secure deletion Joel Reardon 2012-03-19 16:54 ` Joel Reardon 2012-03-20 20:10 ` Randy Dunlap 2012-03-20 20:10 ` Randy Dunlap 2012-03-21 13:26 ` Joel Reardon 2012-03-21 13:26 ` Joel Reardon 2012-03-21 16:20 ` Artem Bityutskiy 2012-03-21 16:20 ` Artem Bityutskiy 2012-03-21 16:10 ` Artem Bityutskiy [this message] 2012-03-21 16:10 ` Artem Bityutskiy 2012-03-23 13:50 ` Joel Reardon 2012-03-23 13:50 ` Joel Reardon 2012-03-23 15:38 ` Artem Bityutskiy 2012-03-23 15:38 ` Artem Bityutskiy 2012-03-23 16:38 ` Joel Reardon 2012-03-23 16:38 ` Joel Reardon 2012-03-26 15:03 ` Artem Bityutskiy 2012-03-26 15:03 ` Artem Bityutskiy 2012-02-29 17:09 ` [patch] Adding Secure Deletion to UBIFS Artem Bityutskiy 2012-02-29 17:09 ` Artem Bityutskiy 2012-03-15 14:48 ` [patch] Remove notion of key schemes Joel Reardon 2012-03-15 14:48 ` Joel Reardon 2012-03-16 12:43 ` Artem Bityutskiy 2012-03-16 12:43 ` Artem Bityutskiy 2012-03-16 12:51 ` Artem Bityutskiy 2012-03-16 12:51 ` Artem Bityutskiy 2012-03-16 13:34 ` Joel Reardon 2012-03-16 13:34 ` Joel Reardon 2012-03-16 13:41 ` Artem Bityutskiy 2012-03-16 13:41 ` Artem Bityutskiy 2012-03-16 15:02 ` Joel Reardon 2012-03-16 15:02 ` Joel Reardon 2012-03-19 14:56 ` Artem Bityutskiy 2012-03-19 14:56 ` Artem Bityutskiy 2012-02-20 20:15 ` [patch] Move CRC computation to separate function Joel Reardon 2012-02-20 20:15 ` Joel Reardon 2012-02-29 16:10 ` Artem Bityutskiy 2012-02-29 16:10 ` Artem Bityutskiy 2012-03-19 22:46 ` Joel Reardon 2012-03-19 22:46 ` Joel Reardon 2012-03-23 14:09 ` Artem Bityutskiy 2012-03-23 14:09 ` Artem Bityutskiy 2012-03-23 16:45 ` Joel Reardon 2012-03-23 16:45 ` Joel Reardon 2012-03-23 16:51 ` Artem Bityutskiy 2012-03-23 16:51 ` Artem Bityutskiy 2012-03-25 20:38 ` Joel Reardon 2012-03-25 20:38 ` Joel Reardon 2012-03-26 15:34 ` Artem Bityutskiy 2012-03-26 15:34 ` Artem Bityutskiy 2012-03-25 21:11 ` [patch] Add a encryption key parameter to the compress / decompress function Joel Reardon 2012-03-25 21:11 ` Joel Reardon 2012-03-25 21:38 ` [patch] Add cryptographic functionality when a key is passed to the compress / decompress functions Joel Reardon 2012-03-25 21:38 ` Joel Reardon 2012-03-27 8:33 ` Artem Bityutskiy 2012-03-27 8:33 ` Artem Bityutskiy 2012-03-29 14:39 ` [patch] UBIFS: " Joel Reardon 2012-03-29 14:39 ` Joel Reardon 2012-04-02 14:36 ` Artem Bityutskiy 2012-04-02 14:36 ` Artem Bityutskiy 2012-04-02 14:48 ` Joel Reardon 2012-04-02 14:48 ` Joel Reardon 2012-04-02 14:57 ` Artem Bityutskiy 2012-04-02 14:57 ` Artem Bityutskiy 2012-04-02 14:58 ` Joel Reardon 2012-04-02 14:58 ` Joel Reardon 2012-04-03 10:29 ` Joel Reardon 2012-04-03 10:29 ` Joel Reardon 2012-04-03 10:41 ` Guillaume LECERF 2012-04-03 10:41 ` Guillaume LECERF 2012-04-03 10:41 ` Guillaume LECERF 2012-04-03 11:35 ` Joel Reardon 2012-04-03 11:35 ` Joel Reardon 2012-04-12 14:05 ` Artem Bityutskiy 2012-04-12 14:05 ` Artem Bityutskiy 2012-03-27 8:27 ` [patch] Add a encryption key parameter to the compress / decompress function Artem Bityutskiy 2012-03-27 8:27 ` Artem Bityutskiy 2012-03-29 14:11 ` [patch] UBIFS: " Joel Reardon 2012-03-29 14:11 ` Joel Reardon 2012-04-02 14:02 ` Artem Bityutskiy 2012-04-02 14:02 ` Artem Bityutskiy 2012-02-29 17:25 ` [patch] Adding Secure Deletion to UBIFS Artem Bityutskiy 2012-02-29 17:25 ` Artem Bityutskiy 2012-03-01 13:41 ` Joel Reardon 2012-03-01 13:41 ` Joel Reardon 2012-03-09 7:36 ` Artem Bityutskiy 2012-03-09 7:36 ` Artem Bityutskiy 2012-03-09 19:29 ` Joel Reardon 2012-03-09 19:29 ` Joel Reardon 2012-03-12 13:30 ` Artem Bityutskiy 2012-03-12 13:30 ` Artem Bityutskiy 2012-03-12 13:34 ` Joel Reardon 2012-03-12 13:34 ` Joel Reardon 2012-03-12 13:36 ` Artem Bityutskiy 2012-03-12 13:36 ` Artem Bityutskiy 2012-03-12 13:37 ` Joel Reardon 2012-03-12 13:37 ` Joel Reardon 2012-03-14 10:20 ` Joel Reardon 2012-03-14 10:20 ` Joel Reardon 2012-03-14 10:27 ` Artem Bityutskiy 2012-03-14 10:27 ` Artem Bityutskiy
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1332346218.14983.20.camel@sauron.fi.intel.com \ --to=dedekind1@gmail.com \ --cc=joel@clambassador.com \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mtd@lists.infradead.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.