F2FS With Linux 5.11 To Support Casefolding With Encryption

For over one year the Flash-Friendly File-System (F2FS) has supported case-folding for optional case-insensitive file/folder support. The past number of years F2FS has also supported FSCRYPT-based file encryption. But now as we roll into 2021, support is finally seemingly ready for mainline in supporting casefolding with encryption enabled.

The combination of having case-folding and encryption on the same data hasn't been supported by F2FS. For the past number of months the FSCRYPT file-system encryption framework leveraged by F2FS and other file-systems has been working on the case-folding with FSCRYPT and ironing out all those details.

Queued now in the F2FS "dev" code and thus likely slated for the upcoming Linux 5.11 kernel barring any last minute issues is casefolding with encryption being wired up for F2FS. This should allow proper case-folding to work on encrypted directories.

"To index casefolded+encrypted directories, we use the SipHash of the casefolded name, keyed by a key derived from the directory's fscrypt master key. This ensures that the dirhash doesn't leak information about the plaintext filenames. Encryption keys are unavailable during roll-forward recovery, so we can't compute the dirhash when recovering a new dentry in an encrypted + casefolded directory. To avoid having to force a checkpoint when a new file is fsync'ed, store the dirhash on-disk appended to i_name." More details in the dev commit.

The Linux 5.11 merge window is opening before Christmas while the stable kernel release should make it out around the end of February.