On Tue, Feb 02, 2021 at 12:32:07PM -0500, Theodore Ts'o wrote: > E2fsprogs now supports the stable_inodes (COMPAT_STABLE_INODES) feature. > This needed to support the siphash file system encryption algorithm, > which calculates the initial vector (IV) for encryption based on the > UUID and the inode number. This means that we can't renumber inodes > (for example, when shrinking a file system) and the UUID can't be > changed without breaking the ability to decrypt the encryption. Note that in the new encryption formats which stable_inodes allows, the encryption algorithm is still AES-256-XTS, not SipHash. (SipHash is a hash function, not an encryption algorithm.) It's the key derivation and IV generation method that change. > E2fsprogs now supports file systems which have both file system > encryption and the casefold feature enabled. This requires Linux > version 5.10. The kernel patches for encrypt + casefold on ext4 haven't been merged yet. So this combination actually won't be supported until Linux 5.12 at the earliest. - Eric
