From: "Theodore Ts'o" <tytso@mit.edu> To: Richard Weinberger <richard@nod.at> Cc: Eric Biggers <ebiggers@kernel.org>, linux-mtd@lists.infradead.org, linux-fscrypt@vger.kernel.org, jaegeuk@kernel.org, linux-unionfs@vger.kernel.org, miklos@szeredi.hu, amir73il@gmail.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, paullawrence@google.com Subject: Re: [PATCH 4/4] ubifs: Implement new mount option, fscrypt_key_required Date: Thu, 14 Mar 2019 19:07:02 -0400 [thread overview] Message-ID: <20190314230702.GE6482@mit.edu> (raw) In-Reply-To: <1957441.Hty6t2mpXG@blindfold> Richard --- stepping back for a moment, in your use case, are you assuming that the encryption key is always going to be present while the system is running? Ubifs can't use dm-crypt, since it doesn't have a block device, but if you could, is much more like dm-crypt, in that you have the key *before* the file system is mounted, and you don't really expect the key to ever be expunged from the system while it is mounted? If that's true, maybe the real mismatch is in using fscrypt in the first place --- and in fact, something where you encrypt everything, including the file system metadata (ala dm-crypt), would actually give you much better security properties. - Ted
WARNING: multiple messages have this Message-ID (diff)
From: "Theodore Ts'o" <tytso@mit.edu> To: Richard Weinberger <richard@nod.at> Cc: paullawrence@google.com, miklos@szeredi.hu, amir73il@gmail.com, linux-unionfs@vger.kernel.org, linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>, linux-fscrypt@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, jaegeuk@kernel.org Subject: Re: [PATCH 4/4] ubifs: Implement new mount option, fscrypt_key_required Date: Thu, 14 Mar 2019 19:07:02 -0400 [thread overview] Message-ID: <20190314230702.GE6482@mit.edu> (raw) In-Reply-To: <1957441.Hty6t2mpXG@blindfold> Richard --- stepping back for a moment, in your use case, are you assuming that the encryption key is always going to be present while the system is running? Ubifs can't use dm-crypt, since it doesn't have a block device, but if you could, is much more like dm-crypt, in that you have the key *before* the file system is mounted, and you don't really expect the key to ever be expunged from the system while it is mounted? If that's true, maybe the real mismatch is in using fscrypt in the first place --- and in fact, something where you encrypt everything, including the file system metadata (ala dm-crypt), would actually give you much better security properties. - Ted ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/
next prev parent reply other threads:[~2019-03-14 23:07 UTC|newest] Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-03-13 12:31 overlayfs vs. fscrypt Richard Weinberger 2019-03-13 12:31 ` Richard Weinberger 2019-03-13 12:36 ` Miklos Szeredi 2019-03-13 12:47 ` Richard Weinberger 2019-03-13 12:47 ` Richard Weinberger 2019-03-13 12:58 ` Miklos Szeredi 2019-03-13 13:00 ` Richard Weinberger 2019-03-13 13:00 ` Richard Weinberger 2019-03-13 13:24 ` Miklos Szeredi 2019-03-13 13:32 ` Richard Weinberger 2019-03-13 13:32 ` Richard Weinberger 2019-03-13 14:26 ` Amir Goldstein 2019-03-13 15:16 ` Theodore Ts'o 2019-03-13 15:30 ` Richard Weinberger 2019-03-13 15:30 ` Richard Weinberger 2019-03-13 15:36 ` James Bottomley 2019-03-13 15:51 ` Eric Biggers 2019-03-13 16:13 ` James Bottomley 2019-03-13 16:24 ` Richard Weinberger 2019-03-13 16:44 ` Theodore Ts'o 2019-03-13 17:45 ` James Bottomley 2019-03-13 18:58 ` Theodore Ts'o 2019-03-13 19:17 ` James Bottomley 2019-03-13 19:57 ` Eric Biggers 2019-03-13 20:06 ` James Bottomley 2019-03-13 20:25 ` Eric Biggers 2019-03-13 21:04 ` James Bottomley 2019-03-13 22:13 ` Eric Biggers 2019-03-13 22:29 ` James Bottomley 2019-03-13 22:58 ` Eric Biggers 2019-03-13 16:06 ` Al Viro 2019-03-13 16:44 ` Eric Biggers 2019-03-13 19:19 ` Al Viro 2019-03-13 19:43 ` Eric Biggers 2019-03-13 15:30 ` Eric Biggers 2019-03-13 15:30 ` Eric Biggers 2019-03-13 20:33 ` Richard Weinberger 2019-03-13 20:33 ` Richard Weinberger 2019-03-13 22:26 ` Eric Biggers 2019-03-13 22:26 ` Eric Biggers 2019-03-13 22:42 ` Richard Weinberger 2019-03-14 7:34 ` Miklos Szeredi 2019-03-14 17:15 ` [RFC] fscrypt_key_required mount option Richard Weinberger 2019-03-14 17:15 ` Richard Weinberger 2019-03-14 17:15 ` [PATCH 1/4] fscrypt: Implement FS_CFLG_OWN_D_OPS Richard Weinberger 2019-03-14 17:15 ` Richard Weinberger 2019-03-14 17:15 ` [PATCH 2/4] fscrypt: Export fscrypt_d_ops Richard Weinberger 2019-03-14 17:15 ` Richard Weinberger 2019-03-14 17:15 ` [PATCH 3/4] ubifs: Simplify fscrypt_get_encryption_info() error handling Richard Weinberger 2019-03-14 17:15 ` Richard Weinberger 2019-03-14 17:15 ` [PATCH 4/4] ubifs: Implement new mount option, fscrypt_key_required Richard Weinberger 2019-03-14 17:15 ` Richard Weinberger 2019-03-14 17:49 ` Eric Biggers 2019-03-14 17:49 ` Eric Biggers 2019-03-14 20:54 ` Richard Weinberger 2019-03-14 20:54 ` Richard Weinberger 2019-03-14 23:07 ` Theodore Ts'o [this message] 2019-03-14 23:07 ` Theodore Ts'o 2019-03-15 0:26 ` Unsubscribe Shane Volpe 2019-03-15 7:48 ` [PATCH 4/4] ubifs: Implement new mount option, fscrypt_key_required Richard Weinberger 2019-03-15 7:48 ` Richard Weinberger 2019-03-15 13:51 ` Theodore Ts'o 2019-03-15 13:51 ` Theodore Ts'o 2019-03-15 13:51 ` Theodore Ts'o 2019-03-15 13:59 ` Richard Weinberger 2019-03-15 13:59 ` Richard Weinberger 2019-03-14 23:15 ` James Bottomley 2019-03-14 23:15 ` James Bottomley 2019-03-14 23:42 ` Theodore Ts'o 2019-03-14 23:42 ` Theodore Ts'o 2019-03-14 23:55 ` James Bottomley 2019-03-14 23:55 ` James Bottomley 2019-03-13 15:01 ` overlayfs vs. fscrypt Eric Biggers 2019-03-13 15:01 ` Eric Biggers 2019-03-13 16:11 ` Al Viro 2019-03-13 16:33 ` Eric Biggers
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190314230702.GE6482@mit.edu \ --to=tytso@mit.edu \ --cc=amir73il@gmail.com \ --cc=ebiggers@kernel.org \ --cc=jaegeuk@kernel.org \ --cc=linux-fscrypt@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mtd@lists.infradead.org \ --cc=linux-unionfs@vger.kernel.org \ --cc=miklos@szeredi.hu \ --cc=paullawrence@google.com \ --cc=richard@nod.at \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.