From: Dai Xiang <xiangx.dai@intel.com>
To: Eric Biggers <ebiggers3@gmail.com>
Cc: Theodore Ts'o <tytso@mit.edu>,
linux-ext4@vger.kernel.org, Xiang Dai <xiangx.dai@intel.com>
Subject: Re: How to enable CONFIG_EXT4_ENCRYPTION
Date: Tue, 8 Aug 2017 09:27:38 +0800 [thread overview]
Message-ID: <20170808012738.6rlknzovmyhjn4rg@linux> (raw)
In-Reply-To: <20170807193138.GA46084@gmail.com>
On Mon, Aug 07, 2017 at 12:31:38PM -0700, Eric Biggers wrote:
> On Mon, Aug 07, 2017 at 09:49:42AM -0400, Theodore Ts'o wrote:
> > On Mon, Aug 07, 2017 at 05:51:26PM +0800, Dai Xiang wrote:
> > > On Mon, Aug 07, 2017 at 11:25:02AM +0800, Dai Xiang wrote:
> > > > Hi!
> > > >
> > > > I use xfstests with ext4 fs to test, and i found a skip:
> > > >
> > > > ext4/024 [not run] kernel does not support ext4 encryption
> >
> > Yeah, the message printed is misleading, and should be fixed.
> > Checking to see whether the kernel supports encryption can be done by
> > checking for the existence of the file:
> >
> > /sys/fs/ext4/features/encryption
> >
> > > i print the cmd:
> > > /usr/sbin/xfs_io -i -c set_encpolicy /fs/scratch/tmpdir
> > > /fs/scratch/tmpdir: failed to set encryption policy: Inappropriate
> > > ioctl for device <===
> > >
> > > Seems do not related to kconfig?
> >
> > Yes, the issue is that you need to create the file system (or set via
> > tune2fs) the feature flag "encrypt". To best test the read/write
> > paths, you should set the mount option test_dummy_encryption. The
> > kvm-xfstests and gce-xfstests framework do all of this automatically.
> > From xfstests-bld/kvm-xfstests/test-appliance/files/root/cfg/fs/ext4/encrypt:
> >
> > SIZE=small
> > export EXT_MKFS_OPTIONS="-O encrypt"
> > export EXT_MOUNT_OPTIONS="test_dummy_encryption"
> > REQUIRE_FEATURE=encryption
> > TESTNAME="Ext4 encryption"
> >
> > There are a number tests that are known to fail; primarily having to
> > do with quota support, which doesn't play well with
> > test_dummy_encryption (that's more of a test problem than anything
> > else). See the encrypt.exclude file in that directory for more
> > details.
> >
>
> Actually, this is one of the tests in the "encrypt" group, which format the
> scratch device with "-O encrypt". So I believe the printed message is correct.
> Are you 100% sure that CONFIG_EXT4_ENCRYPTION is enabled in your kernel config
> and that you are running the correct kernel?
I use v4.13-rc3 kernerl, and i find this info refer to https://wiki.archlinux.org/index.php/ext4#Using_file-based_encryption:
Ext4 forbids encrypting the root (/) directory and will produce an error on kernel 4.13 and later
Does it impact?
>
> Eric
next prev parent reply other threads:[~2017-08-08 1:27 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-07 3:25 How to enable CONFIG_EXT4_ENCRYPTION Dai Xiang
2017-08-07 9:51 ` Dai Xiang
2017-08-07 13:49 ` Theodore Ts'o
2017-08-07 19:31 ` Eric Biggers
2017-08-08 1:27 ` Dai Xiang [this message]
2017-08-08 5:50 ` Eric Biggers
2017-08-08 6:03 ` Dai Xiang
2017-08-08 13:19 ` Theodore Ts'o
2017-08-08 3:22 ` Dai Xiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170808012738.6rlknzovmyhjn4rg@linux \
--to=xiangx.dai@intel.com \
--cc=ebiggers3@gmail.com \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).