HAMMER encryption
Matthew Dillon
dillon at apollo.backplane.com
Tue Jul 22 09:49:37 PDT 2008
:Are there any plans to add encryption to HAMMER?
:
:Matt, could you provide a quick overview (for potential HAMMER encryption
:developers) of where, when and how you believe the encryption layer
:can/should be added to HAMMER?
:
:TIA.
:
:--
:G. Mirov
Well, general whole-disk encryption would best be done in a block
device driver.
Per-file encryption could be done for file data and file names,
but I wouldn't recommend it for the inode data structure (file size,
modes, ownership, etc). File data is pretty straight forward,
everything runs through the buffer cache so hammer_vop_read() and
hammer_vop_write() would be the place. A bio_done call-back would
have to be used to decrypt direct-read data. Encrypting file names
could be done in the various hammer_vop_*() procedures that deal with
file names (remove, rename, create, resolve, etc), and readdir would
have to deal with decrypting names.
There is one issue with decryption and that is the buffer cache buffer
might map bogus pages for areas the kernel does not want to overwrite.
Since bogus pages are just one shared page for the entire system
they might contain garbage after a read.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Users
mailing list