On Mon, May 04, 2015 at 09:00:16AM +0800, Herbert Xu wrote: > > Sorry for the confusion. Please just revert my patch. > > I was trying to figure out what was causing various crypto modules > to be built-in in my test config and this was the latest change that > *looked* as if it might have caused my problem. Obviously I didn't > test it properly after making that change. > > It should just be reverted because if ext4 was built-in then you > do want to have the crypto stuff built-in just in case the root fs > was encrypted. Whoops, I _just_ sent a pull request to Linus. The patch as it stands actually allows both behaviors, depending on whether you answer 'y' or 'm' to EXT4_ENCRYPTION question. Given that one of the main purposes of per-filesystem encryption is that we only have to encrypt the user files, so the system files can remain unencrypted for performance reasons[1], I can imagine scenarios where it's conceivable that someone might want to keep the crypto as modules. My main unhappiness with the Kconfig option is that it's a bit user unfriendly/confusing what it means for CONFIG_EXT4_ENCRYPTION to be 'y' versus 'm'. So I may end up reverting it, but since I've already sent the pull request to Linus, I'm going to sleep on this for a bit. Cheers, - Ted [1] Though not for Intel chips; Intel acceleration of AES is so fast there you might as well encrypt everything; and for single-user laptops I still recommend dm-crypt. Unfortunately, there are some ARM chips which either do not have hardware accelerated AES, or where their hardware accleration is decidedly poor.... -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
