On Thu, Sep 22, 2016 at 04:21:30PM +0200, Richard Weinberger wrote: > > Got it. So, the use case is preventing off-line attacks. > But I fear this is only a drop in the bucket. What we really need is > meta data authentication. True security requires a system-wide design, sure. For example, you might want a locked bootloader that will only boot signed kernels. The kernel might then require to use a read-only root file system with dm-verity to make sure the system software can't be trojan'ed. And then you want the system software to enforce that the top-level directories which contain encrypted information are protected using the correct keys, perhaps using some trusted hardware store where the user's keys are stored (and only released when the proper password / pin is given). Given all of those induction steps, *then* the file system level checks that require that all subdirectories and files in an encrypted directories must be encrypted using the same key as their parent will provide the security you need. Cheers, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html