Am Mittwoch, 13. März 2019, 16:16:33 CET schrieb Theodore Ts'o: > So before we talk about how to make things work from a technical > perspective, we should consider what the use case happens to be, and > what are the security requirements. *Why* are we trying to use the > combination of overlayfs and fscrypt, and what are the security > properties we are trying to provide to someone who is relying on this > combination? Well, as stated, on (deeply) embedded systems overlayfs is common. You have a lowerdir with read-only files and an read-write upper dir. Of course both lower and upper directory need to be encrypted. In my case ubifs+fscrypt, sometimes also combined with an encrypted+authenticated squashfs. Thanks, //richard
