Re: UBIFS Encryption - Richard Weinberger

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Richard Weinberger <richard@nod.at>
To: Stefano Babic <sbabic@denx.de>,
	"linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org>
Cc: ezequiel@vanguardiasur.com.ar
Subject: Re: UBIFS Encryption
Date: Tue, 14 Jun 2016 12:10:06 +0200	[thread overview]
Message-ID: <575FD7FE.8030107@nod.at> (raw)
In-Reply-To: <575FD3A7.4050905@denx.de>

Hi!

Am 14.06.2016 um 11:51 schrieb Stefano Babic:
> Hi,
> 
> I have the necessity to encrypt UBIFS - I have read that there is some
> movement about this, for example here:
> 
> 	http://lists.infradead.org/pipermail/linux-mtd/2016-March/066277.html
> 
> and some years ago there was another attempt:
> 
> 	https://patchwork.ozlabs.org/patch/150160/

File level encryption for UBIFS did not materialize yet because my customer
decided against encryption and the project degraded to a "would be a nice to
have feature I'll do in my spare time when I'm bored" state.

That said, the feature was requested a few times but nobody was willing to do
a proper implementation nor fund it so far.

> It looks like from patchwork that the above patch was merged, but it is
> not. Anyway, this looks as a starting point to add encryption /
> decryption routine, for example using crypto hardware, to the compress /
> decompress functions. In my understanding (I have a i.MX6 with CAAM
> crypto hardware), this can be possible - but I am asking here if there
> are some progress and which could be the best long term solution.

Please use the VFS approach like ext4 and f2fs do. That way a lot of existing
infra structure can re-used. Think of key management.

Thanks,
//richard

     prev parent reply	other threads:[~2016-06-14 10:10 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-14  9:51 UBIFS Encryption Stefano Babic
2016-06-14 10:10 ` Richard Weinberger [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=575FD7FE.8030107@nod.at \
    --to=richard@nod.at \
    --cc=ezequiel@vanguardiasur.com.ar \
    --cc=linux-mtd@lists.infradead.org \
    --cc=sbabic@denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.