> i am interested in encrypted filesystems and was wondering if xfs would be
> good to encrypt...
It might be a little tough!
> my thoughts was to intercept the reading/writing of inodes from/to disk and
> doing the en-decryption there...
> the passphrase for the encryption would be entered during the mounting of
> the filesystem (and deleted from memory during the unmount!)...
> so my questions...
> is there a technical reason why xfs is unsuitable for this???
If you have an encryption algorithm which does not change the size of
the information, i.e. the encrypted data takes the same number of
bytes as the non-encrypted data, then things are a lot easier. My
memory of encryption says that this is not normally the case unless
you are using very basic algorithms which are easy to crack.
Once your algorithm changes the size of data it gets really hard to
deal with managing disk layout.
> has anybody thought about this before???
> i have found a method called 'xfs_iflush_int' does all writing to the hard
> disk go through here, or are there many places in the code that would need
> to be modified for decrypting/encrypting???
The tricky part is the journal, do you want to protect the journal as well?
Inodes written to the journal in a different format from the on disk format.
XFS has in memory and on disk inodes, the on disk format is mapped to the
internal format when we read in the buffer and the internal format is
mapped back again when we write it out. So in principal there are not
many places you need to change things, provided the disk layout does not
have to change.
> is this a stupid idea??? :)
Stupid no, ambitious yes.
> ps i hope this is the right place to send this message...
> pps is there anybody else interesed???