#fscrypt — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #fscrypt, aggregated by home.social.
-
@Sigma I understand. Without any real documented alternatives and migration paths, changes like this can be expected to trip up people though 🙃
- #fscrypt only supports some filesystems, setup and migration seem very manual and tedious, no #nixos wiki page or writeups
- #gocryptfs is FUSE, but also seems tedious, nothing for nixos either
- #CryFS is totally not designed for homedir encryption (though someome tried but stopped). -
@Sigma I understand. Without any real documented alternatives and migration paths, changes like this can be expected to trip up people though 🙃
- #fscrypt only supports some filesystems, setup and migration seem very manual and tedious, no #nixos wiki page or writeups
- #gocryptfs is FUSE, but also seems tedious, nothing for nixos either
- #CryFS is totally not designed for homedir encryption (though someome tried but stopped). -
@Sigma I understand. Without any real documented alternatives and migration paths, changes like this can be expected to trip up people though 🙃
- #fscrypt only supports some filesystems, setup and migration seem very manual and tedious, no #nixos wiki page or writeups
- #gocryptfs is FUSE, but also seems tedious, nothing for nixos either
- #CryFS is totally not designed for homedir encryption (though someome tried but stopped). -
@Sigma I understand. Without any real documented alternatives and migration paths, changes like this can be expected to trip up people though 🙃
- #fscrypt only supports some filesystems, setup and migration seem very manual and tedious, no #nixos wiki page or writeups
- #gocryptfs is FUSE, but also seems tedious, nothing for nixos either
- #CryFS is totally not designed for homedir encryption (though someome tried but stopped). -
@Sigma I understand. Without any real documented alternatives and migration paths, changes like this can be expected to trip up people though 🙃
- #fscrypt only supports some filesystems, setup and migration seem very manual and tedious, no #nixos wiki page or writeups
- #gocryptfs is FUSE, but also seems tedious, nothing for nixos either
- #CryFS is totally not designed for homedir encryption (though someome tried but stopped). -
Joe Richey released #fscrypt version 0.3.6. https://github.com/google/fscrypt
-
Joe Richey released #fscrypt version 0.3.5. https://github.com/google/fscrypt
-
#FSCRYPT In Linux 6.7 More Adaptable For Inline Encryption Hardware
-
Joe Richey released #fscrypt version 0.3.3. https://github.com/google/fscrypt
-
Sweet Tea Dorminy submitted an patch-set adding an encryption feature to #btrfs: https://lore.kernel.org/all/cover.1687[email protected]/
```This is a changeset adding encryption to btrfs. It is not complete; it does not support inline data or verity or authenticated encryption. It is primarily intended as a proof that the fscrypt extent encryption changeset it builds on work.```
For the mentioned #fscrypt changes see:
https://lore.kernel.org/linux-fscrypt/[email protected]/ #Linux #kernel #LinuxKernel -
Hm, interesting, #fedora seems to be moving to full-disk-encryption using #btrfs and #fscrypt by default, along with signing unified kernel images (UKIs) and using the #TPM. No measuring/attestation AFAICT yet, but a very good move forward!
They also want to separately encrypt homes, and even mention #systemd #homed in the Pagure:
https://pagure.io/fedora-workstation/blob/master/f/notes/encryption.md
However they write:> *It cannot be universal for all Fedora systems - some things like NFS home directories are out of scope for systemd-homed. Logging in remotely via ssh is not supported. (???)*
I'm pretty sure ssh is supported and even documented, and #NFS should be of no business to homed? But NFS+automount should work perfectly fine with #homed, or did I misunderstand something?
Maybe someone with more knowledge than me should chip in, otherwise they will re-invent the wheel (and doing separately encrypted homes is hard to do correctly!)
-
Joe Richey released #fscrypt version 0.3.4. https://github.com/google/fscrypt
-
Support for SM4 encryption in #fscrypt was merged for #LinuxKernel 6.2 as part of the fscrypt updates, but the maintainer recommends against using it: https://git.kernel.org/torvalds/c/8129bac60f30936d2339535841db5b66d0520a67 #Linux #kernel