Btrfs Authenticated File-System Support Looks To Be Revived

Last year a SUSE developer sent out a set of patches adding authentication support to the Btrfs file-system. Btrfs already has checksums on meta-data blocks and data blocks while the original implementation of these authentication patches was performing HMAC on a SHA256 checksum as a keyed hash. A proper key in turn is then needed to mount a verified file-system.

That Btrfs authentication support wasn't picked up at the time and the SUSE engineer, Johannes Thumshirn, since left the company. But following new inquiries over the work, it sounds like it will be revived for this authentication that could be used for the likes of embedded devices and containers.

Btrfs maintainer David Sterba also came out saying he isn't against the feature albeit the current specification wasn't complete enough. Sterba says for inclusion he would be looking for blake2b to be supported, HMAC must match the kernel implementation, and all Btrfs programs must work with the keyed hash.

More details within the new discussion thread over authentication / keyed hash support for Btrfs. At least now there is an active discussion happening over this feature and more expressing their interest in the said functionality.