My notes on making encrypted filesystems "Just Work(tm)"
sjoerd at luon.net
Mon Dec 13 11:04:38 PST 2004
On Mon, Dec 13, 2004 at 10:39:07AM -0500, David Zeuthen wrote:
> On Mon, 2004-12-13 at 11:41 +0100, Martin Pitt wrote:
> > >  : Here follows what metadata is stored on the actual block device
> > > that is encrypted; for this to work there must be at least 512 bytes (or
> > > something) somewhere well known on the block device that we can overwrite
> > > with a guarantee that the filesystem will still work. It also requires the
> > > encryption to be a block-based cipher as we will overwrite the portions
> > > of the crypted block device.
> > In the interest of supporting encrypted home directories I propose to
> > not define a fixed size for the metadata. Instead the first block
> > should specify how many further metadata blocks are used (the dm
> > device then starts at the block right after the metadata).
> Yeah, I'm a bit scared of that. One of the important use cases in my
> view is the ability to easily encrypt/decrypt a file system (on the fly,
> for USB keys, or on the next boot) without changing it's size . For
> ext3 that means we only got 0x400 bytes in the beginning of the file
An extra option in the metadata to indicate the start the start of the
encrypted part will solve this and gives you the flexibility for both
Life is knowing how far to go without crossing the line.
hal mailing list
hal at lists.freedesktop.org
More information about the Hal