On Wed, Aug 07, 2019 at 10:49:36PM -0700, Eric Biggers wrote: > FWIW, the only order that actually makes sense is decrypt->decompress->verity. *nod* Especially once we get the inline encryption support for fscrypt so the storage layer can offload the encrypt/decrypt to hardware via the bio containing plaintext. That pretty much forces fscrypt to be the lowest layer of the filesystem transformation stack. This hardware offload capability also places lots of limits on what you can do with block-based verity layers below the filesystem. e.g. using dm-verity when you don't know if there's hardware encryption below or software encryption on top becomes problematic... So really, from a filesystem and iomap perspective, What Eric says is the right - it's the only order that makes sense... Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx
