FSCRYPT Inline Encryption Readied Ahead Of Linux 5.5 Kernel For EXT4 + F2FS
Fscrypt as the file-system encryption framework used by the likes of EXT4 and F2FS for offering native encryption capabilities continues being improved upon, especially by the likes of Google that are making use of it for Android devices.
Being revved up for possible inclusion in the upcoming Linux 5.5 kernel merge window is the ability to support "inline encryption" with fscrypt. The work by Google's Satya Tangirala and Eric Biggers is summed up as "the block layer handles the decryption/encryption as part of the bio, instead of the filesystem doing the crypto itself via Linux's crypto API. This model is needed in order to take advantage of the inline encryption hardware present on most modern mobile SoCs."
With the mobile SoC focus is obviously of big benefit to current Android devices but obviously other users can take advantage of it as well. Making use of inline encryption at this point isn't the default with the proposed kernel code but requires a inlinecrypt mount option. When mounted with "inlinecrypt", the files are encrypted using blk-crypto while still integrating with the rest of the FSCRYPT framework.
With the current code, inline encryption support is made available to the main users of this encryption framework as EXT4 and F2FS while UFS support is also present.
This current FSCRYPT inline encryption support can be explored via this kernel Git branch.
Being revved up for possible inclusion in the upcoming Linux 5.5 kernel merge window is the ability to support "inline encryption" with fscrypt. The work by Google's Satya Tangirala and Eric Biggers is summed up as "the block layer handles the decryption/encryption as part of the bio, instead of the filesystem doing the crypto itself via Linux's crypto API. This model is needed in order to take advantage of the inline encryption hardware present on most modern mobile SoCs."
With the mobile SoC focus is obviously of big benefit to current Android devices but obviously other users can take advantage of it as well. Making use of inline encryption at this point isn't the default with the proposed kernel code but requires a inlinecrypt mount option. When mounted with "inlinecrypt", the files are encrypted using blk-crypto while still integrating with the rest of the FSCRYPT framework.
With the current code, inline encryption support is made available to the main users of this encryption framework as EXT4 and F2FS while UFS support is also present.
This current FSCRYPT inline encryption support can be explored via this kernel Git branch.
2 Comments