Improved Fscrypt File Encryption Handling Aims For Linux 5.4
Written by Michael Larabel in Linux Storage on 11 August 2019 at 08:17 AM EDT. 6 Comments
LINUX STORAGE --
Fscrypt is the common Linux kernel framework leveraged by the likes of the EXT4, F2FS, and UBIFS file-systems for providing native encryption support. While that Fscrypt-based file encryption has been part of the kernel for several releases now, there's been some shortcomings in how the encryption keys are handled but that should be cleared up for the upcoming Linux 5.4 cycle.

Eric Biggers of Google has been working to improve the key management for fscrypt. The solution he's been working on for a while is support for a file-system level key-ring with ioctls that allows keys to be easily added and removed.

The issues being addressed by this code are avoiding bugs in how fscrypt is currently abusing an OS-level access control mechanism, no current ability to properly remove a key, weaknesses in the key derivation function, and fscrypt not checking that the correct key was supplied as a current security vulnerability.

More details on this code still being worked on but will hopefully be ready for Linux 5.4 can be found via this message.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week