My notes on making encrypted filesystems "Just Work(tm)"
Sjoerd Simons
sjoerd at luon.net
Mon Dec 13 11:04:38 PST 2004
On Mon, Dec 13, 2004 at 10:39:07AM -0500, David Zeuthen wrote:
> On Mon, 2004-12-13 at 11:41 +0100, Martin Pitt wrote:
> > > [1] : Here follows what metadata is stored on the actual block device
> > > that is encrypted; for this to work there must be at least 512 bytes (or
> > > something) somewhere well known on the block device that we can overwrite
> > > with a guarantee that the filesystem will still work. It also requires the
> > > encryption to be a block-based cipher as we will overwrite the portions
> > > of the crypted block device.
> >
> > In the interest of supporting encrypted home directories I propose to
> > not define a fixed size for the metadata. Instead the first block
> > should specify how many further metadata blocks are used (the dm
> > device then starts at the block right after the metadata).
> >
>
> Yeah, I'm a bit scared of that. One of the important use cases in my
> view is the ability to easily encrypt/decrypt a file system (on the fly,
> for USB keys, or on the next boot) without changing it's size [1]. For
> ext3 that means we only got 0x400 bytes in the beginning of the file
> system.
An extra option in the metadata to indicate the start the start of the
encrypted part will solve this and gives you the flexibility for both
solutions :)..
Sjoerd
--
Life is knowing how far to go without crossing the line.
_______________________________________________
hal mailing list
hal at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/hal
More information about the Hal
mailing list