lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 2 Nov 2019 15:10:17 -0700
From:   Guenter Roeck <>
To:     Eric Biggers <>
Cc:     Doug Anderson <>,
        Gwendal Grignou <>,
        Chao Yu <>,
        Ryo Hashimoto <>,
        Vadim Sukhomlinov <>,
        Guenter Roeck <>,
        Andrey Pronin <>,,
        Andreas Dilger <>,
        "Theodore Y. Ts'o" <>,
        Jonathan Corbet <>,
        LKML <>,
        Jaegeuk Kim <>,,
        linux-ext4 <>,
Subject: Re: [PATCH] Revert "ext4 crypto: fix to check feature status before
 get policy"

On Fri, Nov 1, 2019 at 11:17 AM Guenter Roeck <> wrote:
[ ... ]
> > Ah, I think I found it:
> >
> >
> >
> > The init process does EXT4_IOC_GET_ENCRYPTION_POLICY on /, and if the error is
> > EOPNOTSUPP, it skips creating the "dircrypto" keyring.  So then cryptohome can't
> > add keys later.  (Note the error message you got, "Error adding dircrypto key".)
> >
> > So it looks like the kernel patch broke both that and
> > ext4_dir_encryption_supported().
> >
> ext4_dir_encryption_supported() was already changed to use the sysfs
> file, and changing the upstart code to check the sysfs file does
> indeed fix the problem for good. I'll do some more tests and push the
> necessary changes into our code base if I don't hit some other issue.

This change is now in our code base:

If the revert has not made it upstream, I would suggest to hold it off
for the time being. I'll do more testing next week, but as it looks
like it may no longer be needed, at least not from a Chrome OS


Powered by blists - more mailing lists