The kernel patches for F2FS metadata encryption are at: https://lore.kernel.org/linux-fscrypt/20201005073606.1949772-4-satyat@xxxxxxxxxx/ This patch implements the userspace changes required for metadata encryption support as implemented in the kernel changes above. All blocks in the filesystem are encrypted with the user provided metadata encryption key except for the superblock (and its redundant copy). The DUN for a block is its offset from the start of the filesystem. This patch introduces two new options for the userspace tools: '-A' to specify the encryption algorithm, and '-M' to specify the encryption key. mkfs.f2fs will store the encryption algorithm used for metadata encryption in the superblock itself, so '-A' is only applicable to mkfs.f2fs. The rest of the tools only take the '-M' option, and will obtain the encryption algorithm from the superblock of the FS. Limitations: Metadata encryption with sparse storage has not been implemented yet in this patch. This patch requires the metadata encryption key to be readable from userspace, and does not ensure that it is zeroed before the program exits for any reason. Satya Tangirala (1): f2fs-tools: Introduce metadata encryption support fsck/main.c | 47 ++++++- fsck/mount.c | 33 ++++- include/f2fs_fs.h | 10 +- include/f2fs_metadata_crypt.h | 21 ++++ lib/Makefile.am | 4 +- lib/f2fs_metadata_crypt.c | 226 ++++++++++++++++++++++++++++++++++ lib/libf2fs_io.c | 87 +++++++++++-- mkfs/f2fs_format.c | 5 +- mkfs/f2fs_format_main.c | 33 ++++- 9 files changed, 446 insertions(+), 20 deletions(-) create mode 100644 include/f2fs_metadata_crypt.h create mode 100644 lib/f2fs_metadata_crypt.c -- 2.28.0.806.g8561365e88-goog
|