HAMMER encryption

Matthew Dillon dillon at apollo.backplane.com
Tue Jul 22 09:49:37 PDT 2008


:Are there any plans to add encryption to HAMMER?
:
:Matt, could you provide a quick overview (for potential  HAMMER encryption
:developers) of where, when and how you believe the encryption layer
:can/should be added to HAMMER?
:
:TIA.
:
:--
:G. Mirov

    Well, general whole-disk encryption would best be done in a block
    device driver.

    Per-file encryption could be done for file data and file names,
    but I wouldn't recommend it for the inode data structure (file size,
    modes, ownership, etc).  File data is pretty straight forward,
    everything runs through the buffer cache so hammer_vop_read() and
    hammer_vop_write() would be the place.  A bio_done call-back would
    have to be used to decrypt direct-read data.  Encrypting file names
    could be done in the various hammer_vop_*() procedures that deal with
    file names (remove, rename, create, resolve, etc), and readdir would
    have to deal with decrypting names.

    There is one issue with decryption and that is the buffer cache buffer
    might map bogus pages for areas the kernel does not want to overwrite.
    Since bogus pages are just one shared page for the entire system
    they might contain garbage after a read.

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>





More information about the Users mailing list