FSCRYPT Inline Encryption Ready To Offer Better Performance On Modern SoCs
After being worked on a number of months, the FSCRYPT file-system encryption framework for the Linux kernel is enabling inline encryption support with the 5.9 kernel.
Inline encryption for FSCRYPT has been in the works for a number of months spanning multiple cycles while now all the stars have aligned for Linux 5.9. Leveraging inline encryption with Linux 5.9 means using the BLK-CRYPTO support merged the previous cycle and in turn being able to benefit from inline encryption hardware found on most mobile SoCs with their UFS/eMMC host controllers.
This FSCRPYT inline encryption support has been worked on by Google presumably with a focus on Android smartphones for better encrypted storage performance.
This blk-crypto-backed inline encryption for FSCRYPT isn't being used by default with Linux 5.9+ but requires setting inlinecrypt as a mount option with F2FS or EXT4 file-systems that utilize FSCRYPT for their optional per-directory data encryption support. Still being addressed is direct I/O on encrypted files.
More details on the changes for Linux 5.9 via this pull request.
On a similar note, already sent in for Linux 5.9 as well are the crypto updates. Linux 5.9's crypto subsystem is seeing support for allocating transforms on a specific NUMA node, a new SHA256 helper, and a number of new crypto and hardware random number generator drivers.