From: "Theodore Ts'o" <tytso@mit.edu>
To: John Stultz <jstultz@google.com>
Cc: Arnd Bergmann <arnd@arndb.de>,
Matthew Wilcox <willy@infradead.org>,
Arnd Bergmann <arnd@kernel.org>, Tyler Hicks <code@tyhicks.com>,
Damien Le Moal <damien.lemoal@opensource.wdc.com>,
ecryptfs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: ecryptfs is unmaintained and untested
Date: Tue, 14 Oct 2025 13:52:18 -0400 [thread overview]
Message-ID: <20251014175218.GB566507@mit.edu> (raw)
In-Reply-To: <CANDhNCp=06eNkOqNX2dFrnYhpZX0xsEd06U1xCwORk1mwt=MCw@mail.gmail.com>
On Tue, Oct 14, 2025 at 09:38:52AM -0700, John Stultz wrote:
> Yeah, though to my understanding fscrypt complicates backing up the
> data in its encrypted form.
Unfortunately, yes, that's correct. Michael and I did throw around a
rough design for doing encrypted backups and saving the encrypted
per-file encryption key. Actually doing the _backup_ wasn't that
difficult; but doing the *restore* was very tricky/painful.
Ultimately, we never implemented it because it wasn't necessarily for
the Android/ChromeOS use case, and because we weren't getting a lot of
interest for the desktop, without which having a better
general-purpose backup is lower priority.
> I've wondered if maybe something as simple as fuse mounting a password
> protected zip file would do, but I'm guessing something a little more
> modern like a fuse + age approach would be better. Unfortunately I'm
> not finding anything so far.
Darrick is doing a lot of work to significantly improve the
performance of fuse2fs. So perhaps fuse mounting a dm-crypt device
backed by a loop device might be a possibility?
- Ted
next prev parent reply other threads:[~2025-10-14 17:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-28 14:18 [PATCH] eccryptfs: select CONFIG_BUFFER_HEAD Arnd Bergmann
2024-10-28 15:02 ` ecryptfs is unmaintained and untested Matthew Wilcox
2024-10-28 21:50 ` Arnd Bergmann
2024-10-29 4:33 ` Theodore Ts'o
2024-10-30 21:06 ` Tyler Hicks
2026-02-16 11:53 ` René Herman
2025-10-14 6:07 ` John Stultz
2025-10-14 14:39 ` Theodore Ts'o
2025-10-14 16:38 ` John Stultz
2025-10-14 16:54 ` Martin Steigerwald
2025-10-14 17:52 ` Theodore Ts'o [this message]
2025-10-14 16:52 ` Martin Steigerwald
2025-10-14 20:35 ` Eric Biggers
2025-10-15 1:31 ` Theodore Ts'o
2025-10-15 2:23 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251014175218.GB566507@mit.edu \
--to=tytso@mit.edu \
--cc=arnd@arndb.de \
--cc=arnd@kernel.org \
--cc=code@tyhicks.com \
--cc=damien.lemoal@opensource.wdc.com \
--cc=ecryptfs@vger.kernel.org \
--cc=jstultz@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox