From: Eric Biggers <ebiggers@kernel.org>
To: Satya Tangirala <satyat@google.com>
Cc: "Theodore Y . Ts'o" <tytso@mit.edu>,
linux-kernel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-fscrypt@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>
Subject: Re: [f2fs-dev] [PATCH 2/3] fscrypt: Add metadata encryption support
Date: Thu, 8 Oct 2020 10:05:51 -0700 [thread overview]
Message-ID: <20201008170551.GB1869638@gmail.com> (raw)
In-Reply-To: <20201007232806.GB2544297@google.com>
On Wed, Oct 07, 2020 at 11:28:06PM +0000, Satya Tangirala wrote:
> > This needs Kconfig help text to describe what this feature is and why anyone
> > would want to enable it. It also needs an update to
> > Documentation/filesystems/fscrypt.rst, and a test in xfstests that tests that
> > the encryption is being done correctly.
> >
> Sure. I forgot to mention, fwiw I did hack xfstests to enable metadata
> encryption on each device to try to test the code, and also some other
> informal tests, but as you point out, I should send out actual xfstests
> to test this.
To be clear, I'm asking for tests which verify the actual ciphertext written to
disk. So similar to _verify_ciphertext_for_encryption_policy() in xfstests, or
to vts_kernel_encryption_test in Android's VTS.
> > Perhaps fscrypt_set_bio_crypt_ctx() should call this? It seems there should be
> > a single function that filesystems can call that handles setting the
> > bio_crypt_ctx for both file contents and metadata encryption.
> >
> I mistakenly dismissed this idea when I was coding this up :( - I'll do
> this for the next version... I think it'll also make supporting direct I/O
> easier in future :) . Also, I might require FS_ENCRYPTION_INLINE_CRYPT
> when enabling FS_ENCRYPTION_METADATA to maybe make the code slightly
> cleaner (unless there's a reason we want to support metadata encryption
> without FS inline encryption being enabled?).
Since metadata encryption would already depend on FS_ENCRYPTION and
BLK_INLINE_ENCRYPTION, I think it would be fine to require
FS_ENCRYPTION_INLINE_CRYPT too, in order to reduce the number of combinations.
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Satya Tangirala <satyat@google.com>
Cc: "Theodore Y . Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <chao@kernel.org>,
linux-kernel@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [PATCH 2/3] fscrypt: Add metadata encryption support
Date: Thu, 8 Oct 2020 10:05:51 -0700 [thread overview]
Message-ID: <20201008170551.GB1869638@gmail.com> (raw)
In-Reply-To: <20201007232806.GB2544297@google.com>
On Wed, Oct 07, 2020 at 11:28:06PM +0000, Satya Tangirala wrote:
> > This needs Kconfig help text to describe what this feature is and why anyone
> > would want to enable it. It also needs an update to
> > Documentation/filesystems/fscrypt.rst, and a test in xfstests that tests that
> > the encryption is being done correctly.
> >
> Sure. I forgot to mention, fwiw I did hack xfstests to enable metadata
> encryption on each device to try to test the code, and also some other
> informal tests, but as you point out, I should send out actual xfstests
> to test this.
To be clear, I'm asking for tests which verify the actual ciphertext written to
disk. So similar to _verify_ciphertext_for_encryption_policy() in xfstests, or
to vts_kernel_encryption_test in Android's VTS.
> > Perhaps fscrypt_set_bio_crypt_ctx() should call this? It seems there should be
> > a single function that filesystems can call that handles setting the
> > bio_crypt_ctx for both file contents and metadata encryption.
> >
> I mistakenly dismissed this idea when I was coding this up :( - I'll do
> this for the next version... I think it'll also make supporting direct I/O
> easier in future :) . Also, I might require FS_ENCRYPTION_INLINE_CRYPT
> when enabling FS_ENCRYPTION_METADATA to maybe make the code slightly
> cleaner (unless there's a reason we want to support metadata encryption
> without FS inline encryption being enabled?).
Since metadata encryption would already depend on FS_ENCRYPTION and
BLK_INLINE_ENCRYPTION, I think it would be fine to require
FS_ENCRYPTION_INLINE_CRYPT too, in order to reduce the number of combinations.
- Eric
next prev parent reply other threads:[~2020-10-08 17:06 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-05 7:36 [f2fs-dev] [PATCH 0/3] add support for metadata encryption to F2FS Satya Tangirala via Linux-f2fs-devel
2020-10-05 7:36 ` Satya Tangirala
2020-10-05 7:36 ` [f2fs-dev] [PATCH 1/3] fscrypt, f2fs: replace fscrypt_get_devices with fscrypt_get_device Satya Tangirala via Linux-f2fs-devel
2020-10-05 7:36 ` Satya Tangirala
2020-10-05 7:36 ` [f2fs-dev] [PATCH 2/3] fscrypt: Add metadata encryption support Satya Tangirala via Linux-f2fs-devel
2020-10-05 7:36 ` Satya Tangirala
2020-10-07 20:52 ` [f2fs-dev] " Eric Biggers
2020-10-07 20:52 ` Eric Biggers
2020-10-07 23:28 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-10-07 23:28 ` Satya Tangirala
2020-10-08 17:05 ` Eric Biggers [this message]
2020-10-08 17:05 ` Eric Biggers
2020-10-05 7:36 ` [f2fs-dev] [PATCH 3/3] f2fs: " Satya Tangirala via Linux-f2fs-devel
2020-10-05 7:36 ` Satya Tangirala
2020-10-05 10:19 ` kernel test robot
2020-10-05 10:19 ` kernel test robot
2020-10-07 21:20 ` [f2fs-dev] " Eric Biggers
2020-10-07 21:20 ` Eric Biggers
2020-10-08 0:31 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-10-08 0:31 ` Satya Tangirala
2020-10-05 7:43 ` [f2fs-dev] [PATCH 0/3] add support for metadata encryption to F2FS Satya Tangirala via Linux-f2fs-devel
2020-10-05 7:43 ` Satya Tangirala
2020-10-07 21:00 ` [f2fs-dev] " Eric Biggers
2020-10-07 21:00 ` Eric Biggers
2020-10-07 22:05 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-10-07 22:05 ` Satya Tangirala
2020-10-08 17:01 ` [f2fs-dev] " Eric Biggers
2020-10-08 17:01 ` Eric Biggers
2020-10-10 9:53 ` [f2fs-dev] " Chao Yu
2020-10-10 9:53 ` Chao Yu
2020-12-17 15:44 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-12-17 15:44 ` Satya Tangirala
2020-12-18 9:02 ` [f2fs-dev] " Chao Yu
2020-12-18 9:02 ` Chao Yu
2020-12-18 11:53 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-12-18 11:53 ` Satya Tangirala
2020-12-22 11:47 ` [f2fs-dev] " Chao Yu
2020-12-22 11:47 ` Chao Yu
2020-12-24 10:13 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2020-12-24 10:13 ` Satya Tangirala
2020-12-25 9:31 ` [f2fs-dev] " Chao Yu
2020-12-25 9:31 ` Chao Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201008170551.GB1869638@gmail.com \
--to=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=satyat@google.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.