ext4 encryption trap - Pavel Machek

public inbox for linux-ext4@vger.kernel.org
 help / color / mirror / Atom feed

From: Pavel Machek <pavel@ucw.cz>
To: tytso@mit.edu, adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org
Subject: ext4 encryption trap
Date: Mon, 29 Aug 2016 12:08:16 +0200	[thread overview]
Message-ID: <20160829100816.GA14524@amd> (raw)

Hi!

You encrypt a directory -- sounds easy, right? Support is in 4.4
kernel, my machines run newer kernels than that. Encrypting root would
be hard, but encrypting parts of data partition should be easy.

Ok, lets follow howto... Need to do tune2fs. Right. Aha, still does
not work, looks like I'll need to reboot.

Hmm. Will not boot. Grub no longer recognizes my /data partition, and
that's where new kernels are. Old kernels are in /boot, but those are
now useless. Lets copy new kernel on machine using USB stick. Does not
boot. Fun.

tune2fs on root filesystem is useless, as it is too old. New one
is ... on the data partition. Right. Ok, lets bring newer version of
tune2fs in. "encryption" feature can not be cleared.

Argh! Come on, I did not even create single encrypted directory on the
partition. I want the damn bit to go off, so I can go back to working
configuration. "Old kernels can not read encrypted files" sounds ok,
but "old kernels can not mount filesystem at all" is not acceptable
here :-(.

Is there way to go back? Restoring 400GB from backups would not be fun
:-(.

On a related note, would it be possible to return some kind of error
when encrypted directory is accessed without available keys? I use
unison for backups/sync, and if I ever make a mistake of trying to
sync in non-decrypted state, results would be very very bad...

Thanks,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

next             reply	other threads:[~2016-08-29 10:08 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-29 10:08 Pavel Machek [this message]
2016-08-29 10:40 ` ext4 encryption trap Bernd Schubert
2016-08-29 10:49   ` Pavel Machek
2016-08-29 11:36     ` Pavel Machek
2016-08-29 12:46       ` Pavel Machek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160829100816.GA14524@amd \
    --to=pavel@ucw.cz \
    --cc=adilger.kernel@dilger.ca \
    --cc=linux-ext4@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox