Re: Encrypted filesystem

Systemkennung Linux (linux@mailhost.uni-koblenz.de)
Sun, 2 Feb 1997 05:09:00 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jakub Jelinek: "Re: csum_partial_copy_fromuser patch, #2"
Previous message: Jon Lewis: "Re: Runtime library"

> In article <199701312059.VAA04638@informatik.uni-koblenz.de>,
> Systemkennung Linux <linux@informatik.uni-koblenz.de> wrote:
> >First of all you could hook an encrypting filesystem as a kind of an
> >userspace NFS server into the OS. CFS does this already and due to
> >[...]
>
> This kludgy technique is for the poor farts who don't have the source
> to their OS. We can do better... using the loopback FS it's clean and
> the auxilliary code is trivial.

Indeed, the "poor fart portability issue" is one of the advantages of
putting the thing into user space. Another advantage is that crypto-
graphy is CPU bound and you can easily solve the scheduling problem
that way as well as make the filesystem scale to multiple CPUs.
Finally the amount of data for keys etc. that needs to be stored by
the filesystem can become large; in userspace you have virtual memory
available.

Downside - where no lock(2) or similar is available keys might end up
in the paging space; with high performance encryption hardware kernel
space might become necessary for performance.

Ralf

Next message: Jakub Jelinek: "Re: csum_partial_copy_fromuser patch, #2"
Previous message: Jon Lewis: "Re: Runtime library"