Unless there's a huge performance win in having FS-level encryption - I fail to see why *any* FS should have its own encryption support.
Originally Posted by Pajn
Instead of solving security and performance issues in one layer (dm-crypt) you are now forced to solve the same (?) issue across different FS' (ext4-crypt, btrfs-crypt, etc).
Granted, all FS' can share the same crypto code and implement it differently on disk - but this will be more-or-less the same as improving dm-crypt (which in the case of btrfs COW, may be a hard requirement).
Seems to be distro specific issue.
Originally Posted by jaxxed
At least in Fedora and RHEL/CentOS (Plymouth), the initial password is used to unlock all crypto partitions.
You get a second prompt only if the initial password fails.
I'd say it depends. For many applications I don't really need crypto everywhere, just on sensitive data.
Originally Posted by zxy_thf
AES hardware is fine but it has its limits. Also, it means that data must go through CPU and can't be transferred through DMA.
Also, doing it within FS might enable some cool stuff. Like having some files multiple encrypted and so you'd have to have key combo to access them ( like key from computer admin, database owner and user of the database) etc.