On 09/16/2016 04:49 AM, David Sterba wrote:
On Tue, Sep 13, 2016 at 09:39:46PM +0800, Anand Jain wrote:
This patchset adds btrfs encryption support.
The main objective of this series is to have bugs fixed and stability.
I have verified with fstests to confirm that there is no regression.
A design write-up is coming next,
You're approaching it from the wrong side. The detailed specification
must come first.
Hi Anand,
Thanks for sending these out. It's an important feature and I'm glad to
see it getting some love.
Right now, the design doc is really the most important part. The
encryption side of things requires a layer of extra verification that we
can't get from reviewing the code alone. We need to sit down with the
use cases and the workflow and make sure it meets all the requirements
of a secure system.
I'm the first to admit this needs a broader consensus than just
linux-btrfs@, and we want our reviewers to be able to go through things
without also having to understand every line of btrfs.
I do want to make sure that we can send/recv signed and encrypted
subvolumes, and be able to send them again unmodified. This will end up
needing a revision of the send/recv protocol, but it adds a use case
wrinkle that we need to iron out in the design docs.
I still prefer encryption at the subvolume level, but it's going to need
to be a superset of what is already possible with the vfs interfaces.
If we can do it with the existing interfaces, great. If not we should
be adding features into the generic code where it makes sense.
-chris
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
