fscrypt.rst (0aea30a07ec6b50de0fc5f5b2ec34a68ead86b61) | fscrypt.rst (08830c8bc6cc7047d2cc8a136849a15fcb977044) |
---|---|
1===================================== 2Filesystem-level encryption (fscrypt) 3===================================== 4 5Introduction 6============ 7 8fscrypt is a library which filesystems can hook into to support --- 1242 unchanged lines hidden (view full) --- 1251 1252When inline encryption is used, filesystems just need to associate 1253encryption contexts with bios to specify how the block layer or the 1254inline encryption hardware will encrypt/decrypt the file contents. 1255 1256When inline encryption isn't used, filesystems must encrypt/decrypt 1257the file contents themselves, as described below: 1258 | 1===================================== 2Filesystem-level encryption (fscrypt) 3===================================== 4 5Introduction 6============ 7 8fscrypt is a library which filesystems can hook into to support --- 1242 unchanged lines hidden (view full) --- 1251 1252When inline encryption is used, filesystems just need to associate 1253encryption contexts with bios to specify how the block layer or the 1254inline encryption hardware will encrypt/decrypt the file contents. 1255 1256When inline encryption isn't used, filesystems must encrypt/decrypt 1257the file contents themselves, as described below: 1258 |
1259For the read path (->readpage()) of regular files, filesystems can | 1259For the read path (->read_folio()) of regular files, filesystems can |
1260read the ciphertext into the page cache and decrypt it in-place. The 1261page lock must be held until decryption has finished, to prevent the 1262page from becoming visible to userspace prematurely. 1263 1264For the write path (->writepage()) of regular files, filesystems 1265cannot encrypt data in-place in the page cache, since the cached 1266plaintext must be preserved. Instead, filesystems must encrypt into a 1267temporary buffer or "bounce page", then write out the temporary --- 88 unchanged lines hidden --- | 1260read the ciphertext into the page cache and decrypt it in-place. The 1261page lock must be held until decryption has finished, to prevent the 1262page from becoming visible to userspace prematurely. 1263 1264For the write path (->writepage()) of regular files, filesystems 1265cannot encrypt data in-place in the page cache, since the cached 1266plaintext must be preserved. Instead, filesystems must encrypt into a 1267temporary buffer or "bounce page", then write out the temporary --- 88 unchanged lines hidden --- |