fscrypt.rst - OpenGrok cross reference for /linux/Documentation/filesystems/fscrypt.rst

Lines Matching full:policies
171 Limitations of v1 policies
174 v1 encryption policies have some weaknesses with respect to online
190 All the above problems are fixed with v2 encryption policies.  For
192 policies on all new encrypted directories.
239 the key is used for v1 encryption policies or for v2 encryption
240 policies.  Users **must not** use the same key for both v1 and v2
241 encryption policies.  (No real-world attack is currently known on this
245 For v1 encryption policies, the KDF only supports deriving per-file
251 For v2 encryption policies, the KDF is HKDF-SHA512.  The master key is
286 DIRECT_KEY policies
302 - For v1 encryption policies, the encryption is done directly with the
304   key for any other purpose, even for other v1 policies.
306 - For v2 encryption policies, the encryption is done with a per-mode
308   other v2 encryption policies.
310 IV_INO_LBLK_64 policies
325 IV_INO_LBLK_32 policies
328 IV_INO_LBLK_32 policies work like IV_INO_LBLK_64, except that for
342 For master keys used for v2 encryption policies, a unique 16-byte "key
513 - With `DIRECT_KEY policies`_, the data unit index is placed in bits
516 - With `IV_INO_LBLK_64 policies`_, the data unit index is placed in
521 - With `IV_INO_LBLK_32 policies`_, the file's inode number is hashed
542 alternatively has the file's nonce (for `DIRECT_KEY policies`_) or
543 inode number (for `IV_INO_LBLK_64 policies`_) included in the IVs.
611   For new encrypted directories, use v2 policies.
620   v1 encryption policies only support three combinations of modes:
623   (FSCRYPT_MODE_ADIANTUM, FSCRYPT_MODE_ADIANTUM).  v2 policies support
631   - FSCRYPT_POLICY_FLAG_DIRECT_KEY: See `DIRECT_KEY policies`_.
633     policies`_.
635     policies`_.
637   v1 encryption policies only support the PAD_* and DIRECT_KEY flags.
638   The other flags are only supported by v2 encryption policies.
666 - For v2 encryption policies, ``__reserved`` must be zeroed.
668 - For v1 encryption policies, ``master_key_descriptor`` specifies how
677   For v2 encryption policies, ``master_key_descriptor`` has been
723   flag enabled (casefolding is incompatible with v1 policies).
886 - If the key is being added for use by v1 encryption policies, then
895   policies, then ``key_spec.type`` must contain
975 For v1 encryption policies, a master encryption key can also be
981 policies) for several reasons.  First, it cannot be used in
1058     - To remove a key used by v1 encryption policies, set
1064     - To remove a key used by v2 encryption policies, set
1160     - To get the status of a key for v1 encryption policies, set
1164     - To get the status of a key for v2 encryption policies, set
1203 encryption policies using the legacy mechanism involving
1318 this by validating all top-level encryption policies prior to access.
1394 `IV_INO_LBLK_64 policies`_ and `IV_INO_LBLK_32 policies`_, as it
1491 keys`_ and `DIRECT_KEY policies`_.