Iain wrote:
> I.e. I have a file ENCRYPTED_STUFF that is my loop file containing a resierfs
> filesystem. It is stored on a partition that has a reiserfs filesystem. Is
> that ok? Reiser doesn't seem to have the data=ordered options that ext3 has.
That will not work reliably, not in loop-AES, and not in cryptoapi. Well, it
may seem to work, until your encrypted reiserfs re-plays a bogus or damaged
journal that destroys your encrypted fs.
Problem is that reiserfs guarantees only meta-data integrity but does not
guarantee file-data integrity in system crash situation, yet it assumes that
all lower layer devices do provide data integrity and ordered writes. When
you put journaled fs on loop that can't provide data integrity and ordered
writes all the way down to disk platters, you have problems.
Good setups:
ext2 -> loop -> partition
ext3 -> loop -> partition
reiserfs -> loop -> partition
ext2 -> loop -> ext2 -> partition
ext2 -> loop -> reiserfs -> partition
reiserfs -> loop -> ext3 -> partition
^
|
data=journal
or
data=ordered
Bad setups:
reiserfs -> loop -> reiserfs -> partition
reiserfs -> loop -> ext2 -> partition
ext3 -> loop -> ext2 -> partition
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
