From: Joel Reardon <joel@clambassador.com>
To: Artem Bityutskiy <dedekind1@gmail.com>
Cc: linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [patch] Adding Secure Deletion to UBIFS
Date: Thu, 1 Mar 2012 14:41:31 +0100 (CET) [thread overview]
Message-ID: <alpine.DEB.2.00.1203011434220.2462@eristoteles.iwoars.net> (raw)
In-Reply-To: <1330536308.3545.158.camel@sauron.fi.intel.com>
This is true. The reason its done is as an optimization for the
following reason.
When deleting a data node, the key position is marked as deleted. The key
positions then requires a datanode read to find. By keeping it in memory (thus the TNC),
marking a key pos as deleted doesn't require a flash read. This improves
e.g., truncations and full file deletion speed, which would otherwise read
each data node from flash to get the positions. If it is not stored in
ubifs_branch (but still stored in the tree), then it would have to be
loaded once 'on-demand' after mounting. This is also an option, of course.
Currently, deleting a file performs a walk on all the TNC's data nodes
that are removed, so the extra mark-delete incurs no observable cost.
Cheers,
Joel Reardon
On Wed, 29 Feb 2012, Artem Bityutskiy wrote:
> On Thu, 2012-02-09 at 16:24 +0100, Joel Reardon wrote:
>>
>> Each data nodes includes a reference to a key in the KSA. This key is read and
>> used to decrypt the data. When a new data node is written, an unused key is
>> selected from the KSA and used to encrypt the data node. The reference to the
>> key is then included with the node. The keys in the KSA are written before
>> actually being used to encrypt data. To securely delete a data node, we simply
>> mark the corresponding key position as deleted, and during the next purging
>> operation the KSA erase block that contains the key is then updated to a
>> version that does not contain the key.
>
> Why do you need to have your '__u64 crypto_lookup' both in the data node
> and the index? Isn't it enough to have them only inside the data nodes?
> ubifs_branch anyway points to the data node and you can read your
> 'crypto_lookup' from there.
>
> --
> Best Regards,
> Artem Bityutskiy
>
WARNING: multiple messages have this Message-ID (diff)
From: Joel Reardon <joel@clambassador.com>
To: Artem Bityutskiy <dedekind1@gmail.com>
Cc: linux-fsdevel@vger.kernel.org, linux-mtd@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [patch] Adding Secure Deletion to UBIFS
Date: Thu, 1 Mar 2012 14:41:31 +0100 (CET) [thread overview]
Message-ID: <alpine.DEB.2.00.1203011434220.2462@eristoteles.iwoars.net> (raw)
In-Reply-To: <1330536308.3545.158.camel@sauron.fi.intel.com>
This is true. The reason its done is as an optimization for the
following reason.
When deleting a data node, the key position is marked as deleted. The key
positions then requires a datanode read to find. By keeping it in memory (thus the TNC),
marking a key pos as deleted doesn't require a flash read. This improves
e.g., truncations and full file deletion speed, which would otherwise read
each data node from flash to get the positions. If it is not stored in
ubifs_branch (but still stored in the tree), then it would have to be
loaded once 'on-demand' after mounting. This is also an option, of course.
Currently, deleting a file performs a walk on all the TNC's data nodes
that are removed, so the extra mark-delete incurs no observable cost.
Cheers,
Joel Reardon
On Wed, 29 Feb 2012, Artem Bityutskiy wrote:
> On Thu, 2012-02-09 at 16:24 +0100, Joel Reardon wrote:
>>
>> Each data nodes includes a reference to a key in the KSA. This key is read and
>> used to decrypt the data. When a new data node is written, an unused key is
>> selected from the KSA and used to encrypt the data node. The reference to the
>> key is then included with the node. The keys in the KSA are written before
>> actually being used to encrypt data. To securely delete a data node, we simply
>> mark the corresponding key position as deleted, and during the next purging
>> operation the KSA erase block that contains the key is then updated to a
>> version that does not contain the key.
>
> Why do you need to have your '__u64 crypto_lookup' both in the data node
> and the index? Isn't it enough to have them only inside the data nodes?
> ubifs_branch anyway points to the data node and you can read your
> 'crypto_lookup' from there.
>
> --
> Best Regards,
> Artem Bityutskiy
>
next prev parent reply other threads:[~2012-03-01 13:41 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 15:24 [patch] Adding Secure Deletion to UBIFS Joel Reardon
2012-02-09 15:24 ` Joel Reardon
2012-02-09 15:24 ` Joel Reardon
2012-02-13 16:54 ` Artem Bityutskiy
2012-02-13 16:54 ` Artem Bityutskiy
2012-02-23 14:59 ` Joel Reardon
2012-02-23 14:59 ` Joel Reardon
2012-02-23 15:29 ` [patch] Add encryption key parameter to compress/decompress functions Joel Reardon
2012-02-23 15:29 ` Joel Reardon
2012-03-09 7:17 ` Artem Bityutskiy
2012-03-09 7:17 ` Artem Bityutskiy
2012-03-19 16:54 ` [patch] Add design document for UBIFS secure deletion Joel Reardon
2012-03-19 16:54 ` Joel Reardon
2012-03-20 20:10 ` Randy Dunlap
2012-03-20 20:10 ` Randy Dunlap
2012-03-21 13:26 ` Joel Reardon
2012-03-21 13:26 ` Joel Reardon
2012-03-21 16:20 ` Artem Bityutskiy
2012-03-21 16:20 ` Artem Bityutskiy
2012-03-21 16:10 ` Artem Bityutskiy
2012-03-21 16:10 ` Artem Bityutskiy
2012-03-23 13:50 ` Joel Reardon
2012-03-23 13:50 ` Joel Reardon
2012-03-23 15:38 ` Artem Bityutskiy
2012-03-23 15:38 ` Artem Bityutskiy
2012-03-23 16:38 ` Joel Reardon
2012-03-23 16:38 ` Joel Reardon
2012-03-26 15:03 ` Artem Bityutskiy
2012-03-26 15:03 ` Artem Bityutskiy
2012-02-29 17:09 ` [patch] Adding Secure Deletion to UBIFS Artem Bityutskiy
2012-02-29 17:09 ` Artem Bityutskiy
2012-03-15 14:48 ` [patch] Remove notion of key schemes Joel Reardon
2012-03-15 14:48 ` Joel Reardon
2012-03-16 12:43 ` Artem Bityutskiy
2012-03-16 12:43 ` Artem Bityutskiy
2012-03-16 12:51 ` Artem Bityutskiy
2012-03-16 12:51 ` Artem Bityutskiy
2012-03-16 13:34 ` Joel Reardon
2012-03-16 13:34 ` Joel Reardon
2012-03-16 13:41 ` Artem Bityutskiy
2012-03-16 13:41 ` Artem Bityutskiy
2012-03-16 15:02 ` Joel Reardon
2012-03-16 15:02 ` Joel Reardon
2012-03-19 14:56 ` Artem Bityutskiy
2012-03-19 14:56 ` Artem Bityutskiy
2012-02-20 20:15 ` [patch] Move CRC computation to separate function Joel Reardon
2012-02-20 20:15 ` Joel Reardon
2012-02-29 16:10 ` Artem Bityutskiy
2012-02-29 16:10 ` Artem Bityutskiy
2012-03-19 22:46 ` Joel Reardon
2012-03-19 22:46 ` Joel Reardon
2012-03-23 14:09 ` Artem Bityutskiy
2012-03-23 14:09 ` Artem Bityutskiy
2012-03-23 16:45 ` Joel Reardon
2012-03-23 16:45 ` Joel Reardon
2012-03-23 16:51 ` Artem Bityutskiy
2012-03-23 16:51 ` Artem Bityutskiy
2012-03-25 20:38 ` Joel Reardon
2012-03-25 20:38 ` Joel Reardon
2012-03-26 15:34 ` Artem Bityutskiy
2012-03-26 15:34 ` Artem Bityutskiy
2012-03-25 21:11 ` [patch] Add a encryption key parameter to the compress / decompress function Joel Reardon
2012-03-25 21:11 ` Joel Reardon
2012-03-25 21:38 ` [patch] Add cryptographic functionality when a key is passed to the compress / decompress functions Joel Reardon
2012-03-25 21:38 ` Joel Reardon
2012-03-27 8:33 ` Artem Bityutskiy
2012-03-27 8:33 ` Artem Bityutskiy
2012-03-29 14:39 ` [patch] UBIFS: " Joel Reardon
2012-03-29 14:39 ` Joel Reardon
2012-04-02 14:36 ` Artem Bityutskiy
2012-04-02 14:36 ` Artem Bityutskiy
2012-04-02 14:48 ` Joel Reardon
2012-04-02 14:48 ` Joel Reardon
2012-04-02 14:57 ` Artem Bityutskiy
2012-04-02 14:57 ` Artem Bityutskiy
2012-04-02 14:58 ` Joel Reardon
2012-04-02 14:58 ` Joel Reardon
2012-04-03 10:29 ` Joel Reardon
2012-04-03 10:29 ` Joel Reardon
2012-04-03 10:41 ` Guillaume LECERF
2012-04-03 10:41 ` Guillaume LECERF
2012-04-03 10:41 ` Guillaume LECERF
2012-04-03 11:35 ` Joel Reardon
2012-04-03 11:35 ` Joel Reardon
2012-04-12 14:05 ` Artem Bityutskiy
2012-04-12 14:05 ` Artem Bityutskiy
2012-03-27 8:27 ` [patch] Add a encryption key parameter to the compress / decompress function Artem Bityutskiy
2012-03-27 8:27 ` Artem Bityutskiy
2012-03-29 14:11 ` [patch] UBIFS: " Joel Reardon
2012-03-29 14:11 ` Joel Reardon
2012-04-02 14:02 ` Artem Bityutskiy
2012-04-02 14:02 ` Artem Bityutskiy
2012-02-29 17:25 ` [patch] Adding Secure Deletion to UBIFS Artem Bityutskiy
2012-02-29 17:25 ` Artem Bityutskiy
2012-03-01 13:41 ` Joel Reardon [this message]
2012-03-01 13:41 ` Joel Reardon
2012-03-09 7:36 ` Artem Bityutskiy
2012-03-09 7:36 ` Artem Bityutskiy
2012-03-09 19:29 ` Joel Reardon
2012-03-09 19:29 ` Joel Reardon
2012-03-12 13:30 ` Artem Bityutskiy
2012-03-12 13:30 ` Artem Bityutskiy
2012-03-12 13:34 ` Joel Reardon
2012-03-12 13:34 ` Joel Reardon
2012-03-12 13:36 ` Artem Bityutskiy
2012-03-12 13:36 ` Artem Bityutskiy
2012-03-12 13:37 ` Joel Reardon
2012-03-12 13:37 ` Joel Reardon
2012-03-14 10:20 ` Joel Reardon
2012-03-14 10:20 ` Joel Reardon
2012-03-14 10:27 ` Artem Bityutskiy
2012-03-14 10:27 ` Artem Bityutskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.00.1203011434220.2462@eristoteles.iwoars.net \
--to=joel@clambassador.com \
--cc=dedekind1@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.