Re: btrfs native encryption

[David Sterba]

On Mon, Jun 12, 2017 at 02:40:38PM +0200, David Sterba wrote:
> On Fri, Jun 09, 2017 at 08:50:12AM -0700, Filip Bystricky wrote:
> > Dear btrfs maintainers,
> > Google is evaluating btrfs for its potential use in android, but
> > currently the lack of native file-based encryption unfortunately makes
> > it a nonstarter.
> 
> The file-based encryption is covered by the fscrypt API, that's
> implemented in ext4/f2fs, so implementing that in btrfs could allow you
> to start evaluating btrfs.

For reference I'll add it here,
https://github.com/asj/linux-btrfs-fscryptv1 seems to implement it, I've
only scrolled through it so I don't know how usable is it in this state.
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: btrfs native encryption

[David Sterba]

On Fri, Jun 09, 2017 at 08:50:12AM -0700, Filip Bystricky wrote:
> Dear btrfs maintainers,
> Google is evaluating btrfs for its potential use in android, but
> currently the lack of native file-based encryption unfortunately makes
> it a nonstarter.

The file-based encryption is covered by the fscrypt API, that's
implemented in ext4/f2fs, so implementing that in btrfs could allow you
to start evaluating btrfs. As other pointed, the usecases with snapshots
and reflinks need to be reviewed.

> According to the FAQ (specifically the answer to
> "Does btrfs support encryption"), nobody is currently working on this.
> How up-to-date is that answer, and are there any new plans to add
> native FBE in the future?

Wiki is a snapshot of status, knowledge and best practices from mixed
times, so not everything is up to date or accurate. That no one is
working on encryption is partially true, as we've seen some proposed
patches that received objections and from my perspective are not close
to being considered for merging.

The fscrypt functionality has been designed and the API defined, so it's
a matter of implementation on the btrfs side. Anything else is in the
phase of design and prototyping.
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: btrfs native encryption

[Anand Jain]

 dealing with inheritance of
encryption when making snapshots, and dealing with reflinks.


 Right. To address this, there is a proposal to bring encryption down 
to the extent level, it solves these limitations.


Thanks, Anand
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: btrfs native encryption

[Anand Jain]

  For phase-1 the idea was to make btrfs encryption inline with 
fs/crytpo which wasn't available when it started, so certainly there are 
things which could straight away filter out after its known what went 
into fs/crypto from ext4, especially the cryptography part.


 Now, 4.10 kernel based, btrfs encryption using fs/crypto is here [1]. 
It has under gone limited testing by me and yet to arrive at a 
conclusion on the file-name encryption, though its discussions are here 
[2], and patches aren't sent out to the BTRFS ML yet.



[1] Phase-1.
  Progs: https://github.com/asj/btrfs-progs-fscryptv1
  Kernel: https://github.com/asj/linux-btrfs-fscryptv1

[2] File name encryption discussions are here:
 (I don't see some of the emails I have in the google search, so 
instead I have listed the subject for your search).

   On the ext4 ML:
Sub: fs/crypto: file-name encryption, optional ?
Sub: fs/crypto: root read-access without key

Thanks, Anand
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: btrfs native encryption

[Chris Murphy]

On Fri, Jun 9, 2017 at 9:50 AM, Filip Bystricky
 wrote:
> Dear btrfs maintainers,
> Google is evaluating btrfs for its potential use in android, but
> currently the lack of native file-based encryption unfortunately makes
> it a nonstarter. According to the FAQ (specifically the answer to
> "Does btrfs support encryption"), nobody is currently working on this.
> How up-to-date is that answer, and are there any new plans to add
> native FBE in the future?


The ext4 and f2fs encryption implementations were moved to the VFS, so
in theory it can be used for XFS and Btrfs. A usability gotcha that
probably is manageable on Android is dealing with inheritance of
encryption when making snapshots, and dealing with reflinks.

https://lwn.net/Articles/677620/

-- 
Chris Murphy
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: btrfs native encryption

[Hugo Mills]

On Fri, Jun 09, 2017 at 08:50:12AM -0700, Filip Bystricky wrote:
> Dear btrfs maintainers,
> Google is evaluating btrfs for its potential use in android, but
> currently the lack of native file-based encryption unfortunately makes
> it a nonstarter. According to the FAQ (specifically the answer to
> "Does btrfs support encryption"), nobody is currently working on this.
> How up-to-date is that answer, and are there any new plans to add
> native FBE in the future?

   There were initial patches from Anand Jain back in September, but
they weren't well-received in terms of the (lack of) cryptography
design. IIRC, the patches provided file-level data encryption without
encrypting metadata. I haven't seen anything since then (although
Anand was planning on doing a session on btrfs encryption at LSF/MM in
March -- I don't know if that happened, or what the outcome was).

   So, there's some interest in a fairly minimal implementation, but
progress doesn't seem to be particularly fast.

   Hugo.

-- 
Hugo Mills | "Are you the man who rules the Universe?" "Well, I
hugo@... carfax.org.uk | try not to."
http://carfax.org.uk/  |
PGP: E2AB1DE4  |Life, the Universe and Everything.


signature.asc
Description: Digital signature

btrfs native encryption

[Filip Bystricky]

Dear btrfs maintainers,
Google is evaluating btrfs for its potential use in android, but
currently the lack of native file-based encryption unfortunately makes
it a nonstarter. According to the FAQ (specifically the answer to
"Does btrfs support encryption"), nobody is currently working on this.
How up-to-date is that answer, and are there any new plans to add
native FBE in the future?

Thanks,
Filip Bystricky
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html