On Fri, May 17, 2024 at 10:17:20AM -0700, Darrick J. Wong wrote: > > Note that the verity metadata *must* be encrypted when the file is, > > since it contains hashes of the plaintext data. > > Refresh my memory of fscrypt -- does it encrypt directory names, xattr > names, and xattr values too? Or does it only do that to file data? It does encrypt the file names in the directories, but nothing in xattrs as far as I can tell. > And if we copy the ext4 method of putting the merkle data after eof and > loading it into the pagecache, how much of the generic fs/verity cleanup > patches do we really need? We shouldn't need anything. A bunch of cleanup and the support for not generating a hash for holes might still be nice to have, though.
