
With F2FS continuing to see an uptick in usage on Android devices, Google engineers have been working on allowing metadata encryption for this file-system.
Patches sent out on Monday allow for encrypting of all F2FS metadata besides the superblock itself. The metadata encryption is then controlled via the metadata_crypt_key= mount option for specifying the encryption key to use from the logon keyring. In turn all blocks besides the superblock on the file-system are encrypted. The only other apparent caveat with this metadata encryption is direct I/O not being supported but will fallback to buffered I/O.
These proposed patches for further beefing up the security of data on F2FS file-systems can be found via the kernel mailing list.
9 Comments