Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp4235789imc; Thu, 14 Mar 2019 16:08:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqyvys+x7fa6FZmspSKDrpKGQCdHKZXrPhELg5zl3kzmsTcTJVhOyoL9HrgMtrubXgWfe44S X-Received: by 2002:a17:902:8217:: with SMTP id x23mr847113pln.332.1552604934487; Thu, 14 Mar 2019 16:08:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552604934; cv=none; d=google.com; s=arc-20160816; b=uGjUtb5ye4WLJzISDh/s08w+q97dwsvJylZOs531oYKVwqpQ7vu/7xNX2SUIR8Givs QSIk4ZcvU4E7K7yCpfE7oeKhRmRIDxLEKRY566YG+bj+OxDksTdafoZvodtyZwcJtHnW fKyO9VsqsXHtWp+gr1/sIvCdZj2jBmT6SSjk1RRxZe4j/jRJ6gwZZaLDnY1CFGRc6iCj 2bhbPEBIwjDJzZBe6XAkanC99j2wTCgqR/vebqSN2Gqi2GFnIF3xxwSbwmSDO8A9sAYp qncDJ5X0u/cRdWrdgwTwU4iGgUAZ7mLKwsbS6Fp+jkefwbW0MIZ+Gl0Ki/HPljOo9D8L tRvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date; bh=ZyqBk+YnEDLZiN909J6Qw2L/G8zL1JRA/zGVlWry210=; b=bNRtwkDa2X5xM5sU+vk+6hI+Xudx9OCplSjQ9Y4G5bSDu8NP4dzGbCofEH14VGg4Pz 9f+Nif882jKSc2WnmSnZA2n0LZsWJML70/uwSmT2wcg8N7FNC68GpoYhzfa8G1Hjs5RP OQfxZSuHnfHmwudrlj9/7W3TaRK+Y1gyMWB/xXZ8gBZORQEFOuMmxyYsOaSW2fLfqLLU dceDQAmjMfGeSGiJkzwIJPX+nsT6JaFr40XPFyX1wqazr/HtO6ajIjFIX4Gc26rTdiCN tFZbS0QUZr4QCEFTNT8H0N6KofN+hMdsa7tJyVAp7LuoxVSJgYRlyLTdx5P+0899ijZ1 Z+wQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n11si255130pgq.131.2019.03.14.16.08.25; Thu, 14 Mar 2019 16:08:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728035AbfCNXH1 (ORCPT + 99 others); Thu, 14 Mar 2019 19:07:27 -0400 Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:44811 "EHLO outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727489AbfCNXH1 (ORCPT ); Thu, 14 Mar 2019 19:07:27 -0400 Received: from callcc.thunk.org (guestnat-104-133-0-99.corp.google.com [104.133.0.99] (may be forged)) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x2EN72P5022266 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 14 Mar 2019 19:07:03 -0400 Received: by callcc.thunk.org (Postfix, from userid 15806) id 27E6A420AA8; Thu, 14 Mar 2019 19:07:02 -0400 (EDT) Date: Thu, 14 Mar 2019 19:07:02 -0400 From: "Theodore Ts'o" To: Richard Weinberger Cc: Eric Biggers , linux-mtd@lists.infradead.org, linux-fscrypt@vger.kernel.org, jaegeuk@kernel.org, linux-unionfs@vger.kernel.org, miklos@szeredi.hu, amir73il@gmail.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, paullawrence@google.com Subject: Re: [PATCH 4/4] ubifs: Implement new mount option, fscrypt_key_required Message-ID: <20190314230702.GE6482@mit.edu> Mail-Followup-To: Theodore Ts'o , Richard Weinberger , Eric Biggers , linux-mtd@lists.infradead.org, linux-fscrypt@vger.kernel.org, jaegeuk@kernel.org, linux-unionfs@vger.kernel.org, miklos@szeredi.hu, amir73il@gmail.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, paullawrence@google.com References: <20190314171559.27584-5-richard@nod.at> <20190314174913.GA30026@gmail.com> <1957441.Hty6t2mpXG@blindfold> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1957441.Hty6t2mpXG@blindfold> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Richard --- stepping back for a moment, in your use case, are you assuming that the encryption key is always going to be present while the system is running? Ubifs can't use dm-crypt, since it doesn't have a block device, but if you could, is much more like dm-crypt, in that you have the key *before* the file system is mounted, and you don't really expect the key to ever be expunged from the system while it is mounted? If that's true, maybe the real mismatch is in using fscrypt in the first place --- and in fact, something where you encrypt everything, including the file system metadata (ala dm-crypt), would actually give you much better security properties. - Ted