My notes on making encrypted filesystems "Just Work(tm)"
David Zeuthen
david at fubar.dk
Wed Dec 15 10:44:07 PST 2004
On Tue, 2004-12-14 at 11:31 +0100, Martin Pitt wrote:
> Hi!
>
> David Zeuthen [2004-12-12 21:47 -0500]:
> > [1] : Here follows what metadata is stored on the actual block device
> > that is encrypted; for this to work there must be at least 512 bytes (or
> > something) somewhere well known on the block device that we can overwrite
> > with a guarantee that the filesystem will still work. It also requires the
> > encryption to be a block-based cipher as we will overwrite the portions
> > of the crypted block device.
> >
> > This is true for ext3 as the first 1024 bytes are not used (superblock
> > is at offset 0x0400).
>
> BTW, I think it is a bad idea to rely on unused portions of the file
> system. Not all file systems leave the first block unused (like XFS)
> and in the future we might see new important file systems or changes
> to existing ones.
>
> I think the sanest approach really is to reserve some space
> exclusively for metadata and start the dm device at some offset.
>
We should support both, yes.
David
_______________________________________________
hal mailing list
hal at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/hal
More information about the Hal
mailing list