Re: [f2fs-dev] Consolidated file encryption interface/semantics?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 11, 2016 at 11:47:56PM -0800, Jaegeuk Kim wrote:
> 
> Actually, I tried to prepare this quite long time ago [1], which was stuck
> that moment unfortunately, since I needed to wait for how AOSP finally treats
> with this feature. At some moment later, I couldn't even follow up every ext4
> changes into this patch set, since the feature was not quickly settled down in
> AOSP rather than what I expected.

Yeah, unfortunately the feature didn't end up landing in M because
there was an ARM/Android specific bug that couldn't be found using
xfstests running on x86 (this is why I detoured to port xfstests and
xfsprogs so they could build against bionic C library; I'm still
hoping to find someone who is willing to help create an adb-xfstests
system ala kvm-xfstests and gce-xfstests which fastboots the kernel to
be tested and then launches the tests and collects the results using
adb, by the way).

In any case, I did finally find the bug, but not in time for the M
release.  So if you take the latest ext4 crypto bug fixes from
upstream and apply them to the AOSP versions of the Nexus 9, Nexus 5X,
and Nexus 6P kernels, and then replace AOSP version of e2fsprogs with
the upstream e2fsprogs (use the master or next branch, and run the
script ./util/gen-android-files to create the Android.mk files), and
finally then change the fstab file in the 
aosp/devices/<manufacturer>/<model>/fstab.<model> file and change the
mount options so instead of "forceencrypt=/dev/block/platform/..." it
uses the mount option "fileencryption" for the /data partition, this
should allow you to build an AOSP system image that should work well
enough to demo / test the kernel features.

Some of the future work that I have planned or in progress:

1) Patches that allow userspace to move / backup a set of encrypted
files from one file system to another without having access to the
key.  Dmitri asked for this as a feature request for desktop/laptop
uses of ext4 encryption, and happily it turns out there is a reason
why this would be useful for Android as well.  These patches have been
floated on the ext4 list, but I don't yet have support for moving /
backing up symlinks, so these patches won't be landing during the
current merge window.

2) Work to allow IP blocks that have line speed encryption engines,
such Qualcomm (as evidenced by the patch they tried to send for
ecryptfs at https://lkml.org/lkml/2015/11/9/660), but one which is
done in an upstream acceptable way, which means plumbing the crypto
support through the block layer in a way which is SOC vendor agnostic.
(Probably using a similar mechanism to how we tie DIF/DIX information
to a block I/O request.)  I'm hoping Qualcomm and possibly other SOC
vendors will be willing to work with me so this we can have something
which is upstream acceptable (since I don't plan to accept a patch
which adds some random, hacky, function pointers to code that only
lives in a BSP kernel).  This may be a useful thing to discuss at the
in Raleigh at the LSF/MM workshop in April, assuming I can get
representatives from the relevant SOC vendors to show up.

> But, now it seems that there's no strong reason to postpone this work any more.
> If Ted doen't mind, I'd like to investigate all the diffs between ext4 and f2fs
> first.

Sure, if you could help with this I'd greatly appreciate it.

There have been a number of improvements and optimizations since the
last time you sync'ed the f2fs code with ext4, but I'm sure you'll see
that as you look at the various commits.

Regards,

					- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux