fscrypt.rst - OpenGrok cross reference for /Linux-v6.1/Documentation/filesystems/fscrypt.rst

Lines Matching full:filesystem
2 Filesystem-level encryption (fscrypt)
25 Unlike dm-crypt, fscrypt operates at the filesystem level rather than
28 filesystem.  This is useful for multi-user systems where each user's
30 However, except for filenames, fscrypt does not encrypt filesystem
33 Unlike eCryptfs, which is a stacked filesystem, fscrypt is integrated
66 if an attacker is able to manipulate the filesystem offline prior to
67 an authorized user later accessing the filesystem.
157   access.  Because of filesystem caching, the wrong key will then be
252 filesystem's inode table, and there didn't appear to be any
288 number, and filesystem UUID.  This normally results in all files
292 Consequently, shrinking the filesystem may not be allowed.
380 For file contents, each filesystem block is encrypted independently.
551 Note that the ext4 filesystem does not allow the root directory to be
553 filesystem with one key should consider using dm-crypt instead.
573 - ``ENOTTY``: this type of filesystem does not implement encryption
575   support for filesystems, or the filesystem superblock has not
577   ext4 filesystem, CONFIG_FS_ENCRYPTION must be enabled in the
582   the root directory of an ext4 filesystem
583 - ``EROFS``: the filesystem is readonly
630 - ``ENOTTY``: this type of filesystem does not implement encryption,
634   support for this filesystem, or the filesystem superblock has not
660 Getting the per-filesystem salt
665 generated 16-byte value stored in the filesystem superblock.  This
690 the filesystem, making all files on the filesystem which were
692 It can be executed on any file or directory on the target filesystem,
693 but using the filesystem's root directory is recommended.  It takes in
759   allow re-adding keys after a filesystem is unmounted and re-mounted,
796 - ``ENOTTY``: this type of filesystem does not implement encryption
798   support for this filesystem, or the filesystem superblock has not
843 with a filesystem-specific prefix such as "ext4:".  However, the
844 filesystem-specific prefixes are deprecated and should not be used in
870 encryption key from the filesystem, and possibly removes the key
872 filesystem, but using the filesystem's root directory is recommended.
941 - ``ENOTTY``: this type of filesystem does not implement encryption
943   support for this filesystem, or the filesystem superblock has not
968 the target filesystem, but using the filesystem's root directory is
1019 - ``ENOTTY``: this type of filesystem does not implement encryption
1021   support for this filesystem, or the filesystem superblock has not
1030 the filesystem-level keyring, i.e. the keyring managed by
1073 - The ext4 filesystem does not support data journaling with encrypted
1080   EXT4 filesystem with a 4K block size, unencrypted symlinks can be up
1090 Some filesystem operations may be performed on encrypted regular
1175 when mounting the filesystem.
1186 Currently fscrypt always uses the filesystem block size (which is
1202   the filesystem must be mounted with ``-o inlinecrypt`` and inline
1206 * The I/O request must be fully aligned to the filesystem block size.
1209   must be multiples of this value.  Note that the filesystem block
1289 filename hashes.  When a ->lookup() is requested, the filesystem
1297 impossible for the filesystem's fsck tool to optimize encrypted
1300 asked to do a ->lookup() with the key, the filesystem just encrypts
1307 the filesystem just base64url-decodes the user-supplied name to get
1314 filesystem-specific hash(es) needed for directory lookups.  This
1315 allows the filesystem to still, with a high degree of confidence, map
1329 filesystem test suite.  First, run all the tests in the "encrypt"
1330 group on the relevant filesystem(s).  One can also run the tests
1356 kvm-xfstests, use the "encrypt" filesystem configuration::