lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170807134942.u3ep5ivfq4ublueb@thunk.org>
Date:   Mon, 7 Aug 2017 09:49:42 -0400
From:   Theodore Ts'o <tytso@....edu>
To:     Dai Xiang <xiangx.dai@...el.com>
Cc:     linux-ext4@...r.kernel.org
Subject: Re: How to enable CONFIG_EXT4_ENCRYPTION

On Mon, Aug 07, 2017 at 05:51:26PM +0800, Dai Xiang wrote:
> On Mon, Aug 07, 2017 at 11:25:02AM +0800, Dai Xiang wrote:
> > Hi!
> > 
> > I use xfstests with ext4 fs to test, and i found a skip:
> > 
> > ext4/024         [not run] kernel does not support ext4 encryption

Yeah, the message printed is misleading, and should be fixed.
Checking to see whether the kernel supports encryption can be done by
checking for the existence of the file:

/sys/fs/ext4/features/encryption

> i print the cmd:
> /usr/sbin/xfs_io -i -c set_encpolicy /fs/scratch/tmpdir
> /fs/scratch/tmpdir: failed to set encryption policy: Inappropriate
> ioctl for device <===
> 
> Seems do not related to kconfig?

Yes, the issue is that you need to create the file system (or set via
tune2fs) the feature flag "encrypt".  To best test the read/write
paths, you should set the mount option test_dummy_encryption.  The
kvm-xfstests and gce-xfstests framework do all of this automatically.
>From xfstests-bld/kvm-xfstests/test-appliance/files/root/cfg/fs/ext4/encrypt:

SIZE=small
export EXT_MKFS_OPTIONS="-O encrypt"
export EXT_MOUNT_OPTIONS="test_dummy_encryption"
REQUIRE_FEATURE=encryption
TESTNAME="Ext4 encryption"

There are a number tests that are known to fail; primarily having to
do with quota support, which doesn't play well with
test_dummy_encryption (that's more of a test problem than anything
else).  See the encrypt.exclude file in that directory for more
details.

Cheers,

					- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ