lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 3 May 2015 13:53:20 -0400
From:	Theodore Ts'o <>
To:	Anssi Hannula <>
Cc:	Herbert Xu <>,
	Andreas Dilger <>,, Michael Halcrow <>
Subject: Re: ext4 crypto: Do not select from EXT4_FS_ENCRYPTION

On Sun, May 03, 2015 at 03:34:14PM +0300, Anssi Hannula wrote:
> Hi,
> 01.05.2015, 03:18, Herbert Xu kirjoitti:
> > This patch adds a tristate EXT4_ENCRYPTION to do the selections
> > for EXT4_FS_ENCRYPTION because selecting from a bool causes all
> > the selected options to be built-in, even if EXT4 itself is a
> > module.
> Hmm, are you sure?
> Since CONFIG_EXT4_FS_ENCRYPTION itself depends on CONFIG_EXT4_FS, the
> selector for the selected options becomes (CONFIG_EXT4_FS_ENCRYPTION &&
> Per my testing on git master (without this patch), if EXT4_FS=m and
> EXT4_FS_ENCRYPTION=y, both "built-in" and "module" options are allowed
> for the selected options (checked CONFIG_ENCRYPTED_KEYS myself).

I believe the situation which is causing concern is when someone wants
to build a kernel where EXT4_FS=y, but they want the cryptographic
algorithms to be modules.  In that case, since EXT4_FS_ENCRYPTION is
'y', it forces the all of the crypto modules to be built into the
kernel, and so it forecloses that option from someone who is building
or packaging a kernel.

	       		   	     - Ted
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists