Another Attempt At Adding Encryption Support To Btrfs
While the Btrfs file-system supports many next-gen features from SSD optimizations to transparent file-system compression to snapshots, it hasn't natively offered any encryption support. There have been Btrfs encryption attempts in the past, but nothing that has panned out in mainline short of running Btrfs atop dm-crypt. A new patch series was published overnight having another go at adding AES encryption to Btrfs.
Mark Harmstone, the developer who has been maintaining "WinBtrfs" as Btrfs support for Windows, sent out a set of 19 patches that would add basic AES encryption support to Btrfs. These patches do not build atop fscrypt, which is how EXT4 and F2FS have offered up their encryption capabilities, but rather is its own implementation.
The patches provide per-extent AES encryption and compared to earlier patches would allow for both encryption and compression on the same data. Currently though these proposed patches do not provide encryption of filenames and in this mode CoW behavior is enforced and direct I/O is disabled.
Those curious in checking out these experimental Btrfs kernel patches along with a basic user-space program demonstrating the new Btrfs encryption ioctl can find the details via this patch series on the Linux kernel mailing list. We'll see if this attempt at Btrfs encryption gains enough ground to be on a trajectory towards the mainline kernel.
Mark Harmstone, the developer who has been maintaining "WinBtrfs" as Btrfs support for Windows, sent out a set of 19 patches that would add basic AES encryption support to Btrfs. These patches do not build atop fscrypt, which is how EXT4 and F2FS have offered up their encryption capabilities, but rather is its own implementation.
The patches provide per-extent AES encryption and compared to earlier patches would allow for both encryption and compression on the same data. Currently though these proposed patches do not provide encryption of filenames and in this mode CoW behavior is enforced and direct I/O is disabled.
Those curious in checking out these experimental Btrfs kernel patches along with a basic user-space program demonstrating the new Btrfs encryption ioctl can find the details via this patch series on the Linux kernel mailing list. We'll see if this attempt at Btrfs encryption gains enough ground to be on a trajectory towards the mainline kernel.
36 Comments