Google Is Adding Support For Metadata Encryption To F2FS
With F2FS continuing to see an uptick in usage on Android devices, Google engineers have been working on allowing metadata encryption for this file-system.
Patches sent out on Monday allow for encrypting of all F2FS metadata besides the superblock itself. The metadata encryption is then controlled via the metadata_crypt_key= mount option for specifying the encryption key to use from the logon keyring. In turn all blocks besides the superblock on the file-system are encrypted. The only other apparent caveat with this metadata encryption is direct I/O not being supported but will fallback to buffered I/O.
These proposed patches for further beefing up the security of data on F2FS file-systems can be found via the kernel mailing list.