Re: partially encrypted filesystem

From: Linus Torvalds (torvalds_at_osdl.org)
Date: 12/04/03

  • Next message: Ethan Weinstein: "Re: HT apparently not detected properly on 2.4.23"
    Date:	Wed, 3 Dec 2003 16:08:17 -0800 (PST)
    To: Jörn Engel <joern@wohnheim.fh-wedel.de>
    
    

    On Wed, 3 Dec 2003, Jörn Engel wrote:
    >
    > Haven't heard about anything working yet, but it shouldn't be too hard
    > to change something existing. For jffs2, I would guesstimate one or
    > two month to add the necessary bits, but jffs2 is not first choice as
    > a hard drive filesystem. Not sure about other filesystems.

    Encryption is not that easy to just tack on to most existing filesystems
    for one simple reason: for performance (and memory footprint) reasons,
    most of the filesystems out there are doing "IO in place". In other words,
    they do IO directly into and directly from the page cache.

    With an encrypted filesystem, you can't do that. Or rather: you can do it
    if the filesystem is read-only, but you definitely CANNOT do it on
    writing. For writing you have to marshall the output buffer somewhere
    else (and quite frankly, it tends to become a lot easier if you can do
    that for reading too).

    And that in turn causes problems. You get all kinds of interesting
    deadlock schenarios when write-out requires more memory in order to
    succeed. So you need to get careful. Reading ends up being the much easier
    case (doesn't have the same deadlock issues _and_ you could do it in-place
    anyway).

    So encryption per se isn't hard. But adding the extra indirect buffer
    layer _can_ be pretty nasty, and makes it nontrivial to retrofit later.

    ** NOTE NOTE NOTE **

    If you don't need to mmap() the files, writing becomes much easier.
    Because then you can make rules like "the page cache accesses always
    happen with the page locked", and then the encryption layer can do the
    encryption in-place.

    So it is potentially much easier to make encrypted files a special case,
    and disallow mmap on them, and also disallow concurrent read/write on
    encrypted files. This may be acceptable for a lot of uses (most programs
    still work without mmap - but you won't be able to encrypt demand-loaded
    binaries, for example).

                    Linus
    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/


  • Next message: Ethan Weinstein: "Re: HT apparently not detected properly on 2.4.23"

    Relevant Pages

    • Re: [Full-disclosure] ESFS - The encrypted steganography filesystem
      ... but in this case you can erease the driver whenever you don't ... of a FS could be either random data, or it could be a hidden partition. ... in hopes that it'll become a fully featured filesystem. ... encryption in a filesystem, so you can say "oh, yes, I have encrypted ...
      (Full-Disclosure)
    • Re: [Full-disclosure] ESFS - The encrypted steganography filesystem
      ... A user will require your drivers to access their data and hence the ... of a FS could be either random data, or it could be a hidden partition. ... it's a filesystem. ... encryption in a filesystem, so you can say "oh, yes, I have encrypted ...
      (Full-Disclosure)
    • Re: RFC: pefs - stacked cryptographic filesystem
      ... filesystem. ... I've got to ask a probably dumb question...how is this better then geli ... Stacked filesystem is likely to be slower due to extra overhead ... thing in common - encryption - everything else is different. ...
      (freebsd-current)
    • Encrypted Filesystem
      ... - Seamless application to the root filesystem ... accordingly by the encryption layer ... all with varying degrees of modification to the kernel ... - NFS-based (CFS, TCFS) ...
      (Linux-Kernel)
    • Re: Encrypted Filesystem
      ... Bounce kernel & fs ideas off the kernel ... > - Seamless application to the root filesystem ... > accordingly by the encryption layer ... not as well accepted or tested as CFS ...
      (Linux-Kernel)