[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 2 Feb 2021 13:12:21 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: Theodore Ts'o <tytso@....edu>
Cc: linux-ext4@...r.kernel.org
Subject: Re: [ANNOUNCE] e2fsprogs v1.46.0
On Tue, Feb 02, 2021 at 12:32:07PM -0500, Theodore Ts'o wrote:
> E2fsprogs now supports the stable_inodes (COMPAT_STABLE_INODES) feature.
> This needed to support the siphash file system encryption algorithm,
> which calculates the initial vector (IV) for encryption based on the
> UUID and the inode number. This means that we can't renumber inodes
> (for example, when shrinking a file system) and the UUID can't be
> changed without breaking the ability to decrypt the encryption.
Note that in the new encryption formats which stable_inodes allows, the
encryption algorithm is still AES-256-XTS, not SipHash. (SipHash is a hash
function, not an encryption algorithm.) It's the key derivation and IV
generation method that change.
> E2fsprogs now supports file systems which have both file system
> encryption and the casefold feature enabled. This requires Linux
> version 5.10.
The kernel patches for encrypt + casefold on ext4 haven't been merged yet. So
this combination actually won't be supported until Linux 5.12 at the earliest.
- Eric
Powered by blists - more mailing lists