LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel
User Name
Password
Linux - Kernel This forum is for all discussion relating to the Linux kernel.

Notices


Reply
  Search this Thread
Old 10-23-2015, 04:18 PM   #1
filker0
LQ Newbie
 
Registered: Oct 2015
Location: Cedar Rapids, IA, USA
Distribution: Ubuntu, Debian, others
Posts: 4

Rep: Reputation: Disabled
Encrypted ext4 file system with Linux 4.2.3 and e2fsprogs 1.43 (WIP)


I have gotten the ext4 encryption working using the latest Debian Stretch updates (kernel 4.2.3 based) with a custom kernel build that has CONFIG_EXT4_FS_ENCRYPTION enabled, however I'm unhappy with the procedure. I have the latest e2fsprogs sources from kernel.org, and I know the patches that bring the kernel up to 4.2.4 do not affect this feature.

Here's what has worked:
  1. Created a new ext4 file system on a HD partition so I don't mess up my "/" ("sudo mkfs.ext4 /dev/sda4")
  2. Created a directory as the mount point for the new file system ("sudo mkdir /encrypt")
  3. Mounted the newly minted ext4 file system ("mount /dev/sda4 /encrypt")
  4. Created a parent and ser directory on the newly mounted file system ("sudo mkdir -p /encrypt/users/castsim") There will be multiple user accounts, each with a directory under "/encrypt/user".
  5. Changed ownership of the newly created user directory ("sudo chown castsim:castsim /encrypt/users/castsim")
  6. Generated salt for the key to be used for encryption ("head -c 16 /dev/random | xxd -p >salt.txt")
  7. Added a salty password to the keyring using "e4crypt" ("e2crypt add_key -S 0x`cat salt.txt`", also tried using "sudo" at the beginning of the command line). At this point I get an error from "e4crypt": "EXT4_IOC_GET_ENCRYPTION_PWSALT: Operation not supported"
  8. I then unmount the /encrypt file system ("umount /encrypt")
  9. Mount the file system on /dev/sda4 with the option "test_dummy_encryption" ("mount /dev/sda4 /encrypt -o test_dummy_encryption")
  10. Create a useless file on the mounted file system, then delete it, thus updating the super-block ("sudo touch /encrypt/delete-me; sudo rm /encrypt/delete-me")
  11. Unmount the file system, then remount it without the "test_dummy_encryption" option ("sudo umount /encrypt; sudo mount /sda4 /encrypt")
  12. Retry the "e4crypt" command ("e2crypt add_key -S 0x`cat salt.txt`"), this time it succeeds, and reports that the key associated with "/encrypt/users/castsim" is "[0887c6acbc55a34b]". I save that hex string in a file.
  13. I copy a number of files into "/encrypt/users/castsim" and make sure I can see them.
  14. Unmount the /encrypt file system and reboot.
  15. Log in and repeat the "e4crypt" command, mount the file system on "/encrypt", verify that the directory "/encrypt/users/castsim" contains files with encrypted names.
  16. Use the same "e2crypt" command line that was used to set up encryption. Verify that the directory "/encrypt/users/castsim" now contains files with the correct names and contents.

On examination of the kernel source module "fs/ext4/ioctl.c", I find that the "Operation not supported" error is because the encryption flag is not set in the "incompatible features" flags of the file system super-block. I found no way to set this through a "mkfs.ext4" option (though it may be there). The only way I've found to set the encryption support flag is to mount the file system with the option "test_dummy_encryption", create then delete a file on the file system, then dismount it.

I don't like the mount with the test option, create a file, delete the file, dismount sequence. Documenting it for others is a pain. Is there a better way of setting the "encrypt" flag in an ext4 file system super-block under Linux 4.2 with e2fsprogs 1.43?

Thanks in advance...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] e2fsprogs upgrade - odd appearance on the root file system czezz Slackware 3 01-19-2015 04:21 AM
Resizing / on encrypted system [debian jessie, ext4, lvm(?)] iwtbf Linux - Newbie 2 03-11-2014 07:08 AM
How to change file system from ext4 journeying to ext4 writeback ? 5883 Linux - Newbie 6 03-10-2014 08:04 AM
OS-X and Linux ext4 file system deadbug Other *NIX 3 07-25-2009 06:11 AM
LXer: The Ext4 Linux file system LXer Syndicated Linux News 0 05-29-2009 05:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel

All times are GMT -5. The time now is 07:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration