FSCRYPT's Inline Encryption Support Updated For Possible Inclusion In Linux 5.6
Written by Michael Larabel in Linux Storage on 24 December 2019 at 03:20 AM EST. 7 Comments
LINUX STORAGE --
Back in October we reported on work done by Google on FSCRYPT inline encryption support for allowing the Linux file-system encryption framework to handle the encrypt/decrypt more optimally for modern mobile SoCs with inline encryption hardware. It's looking like that work might be ready to go now for Linux 5.6 after missing out on the 5.5 cycle.

Besides the previous article, the work can be summed up by the message on this commit:
Add support for inline encryption to fs/crypto/. With "inline encryption", the block layer handles the decryption/encryption as part of the bio, instead of the filesystem doing the crypto itself via Linux's crypto API. This model is needed in order to take advantage of the inline encryption hardware present on most modern mobile SoCs.

To use inline encryption, the filesystem needs to be mounted with '-o inlinecrypt'. The contents of any encrypted files will then be encrypted using blk-crypto, instead of using the traditional filesystem-layer crypto. Fscrypt still provides the key and IV to use, and the actual ciphertext on-disk is still the same; therefore it's testable using the existing fscrypt ciphertext verification tests.

Besides plumbing the FSCRYPT framework with this inline encryption support, the code is also wired through for supporting this functionality with the UFS, F2FS, and EXT4 file-systems.

This more efficient Linux file-system encryption for modern SoCs is currently being worked on via the inline-encryption FSCRYPT branch, which could see mainline early next year.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week