F2FS as the Flash-Friendly File-System has long supported transparent file-system encryption via Linux's FSCRYPT framework but now Google engineers are working on allowing the file-system metadata to also be encrypted.

With F2FS continuing to see an uptick in usage on Android devices, Google engineers have been working on allowing metadata encryption for this file-system.

Patches sent out on Monday allow for encrypting of all F2FS metadata besides the superblock itself. The metadata encryption is then controlled via the metadata_crypt_key= mount option for specifying the encryption key to use from the logon keyring. In turn all blocks besides the superblock on the file-system are encrypted. The only other apparent caveat with this metadata encryption is direct I/O not being supported but will fallback to buffered I/O.

These proposed patches for further beefing up the security of data on F2FS file-systems can be found via the kernel mailing list.