On Wed, Sep 07, 2022 at 04:42:40PM -0400, Sweet Tea Dorminy wrote: > > > > diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c > > > index 7216ac1f860c..929a0308676c 100644 > > > --- a/fs/btrfs/file.c > > > +++ b/fs/btrfs/file.c > > > @@ -3695,6 +3695,9 @@ static int btrfs_file_open(struct inode *inode, struct file *filp) > > > int ret; > > > filp->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC; > > > + ret = fscrypt_file_open(inode, filp); > > > + if (ret) > > > + return ret; > > > ret = fsverity_file_open(inode, filp); > > > > Can fsverity and fscrypt can be used at the same time? > > Yes, and there's a fstest, generic/576, checking the hooks are in the right > order. In order to use them at the same time, you'd need to implement encryption of the verity metadata, which it appears you haven't done yet. So for now it can't be allowed by btrfs. ext4 and f2fs get the verity metadata encryption "for free" because they store it appended to the file contents. That's why ext4 and f2fs allow fscrypt+fsverity together. However, btrfs stores the verity metadata separately, so it would need to handle encrypting it explicitly. - Eric
|