FS#29799 - [initscripts][cryptsetup] encrypted temporary filesystems
Attached to Project:
Arch Linux
Opened by erdbeer (erdbeer) - Monday, 07 May 2012, 12:11 GMT
Last edited by Tom Gundersen (tomegun) - Tuesday, 08 May 2012, 20:02 GMT
Opened by erdbeer (erdbeer) - Monday, 07 May 2012, 12:11 GMT
Last edited by Tom Gundersen (tomegun) - Tuesday, 08 May 2012, 20:02 GMT
|
Details
Description:
I'd like to have encrypted temporary filesystems. Patch for /etc/rc.d/functions: http://pastebin.com/raw.php?i=hYX1Qp3M How it works: Write "TMP" in the password column in /etc/crypttab and add it in /etc/fstab. When the system boots, a new ext4 filesystem will be created. |
This task depends upon
- Why not just make the partition once yourself and add it to fstab/crypttab?
- Why ext4? Why not reiserfs? or ext3? or btrfs?
- What's the use case?
That said, I'd like a clear usecase first. Why not just use a tmpfs for your temporary data, and add the partition you intended to encrypt as swapspace (which can be encrypted). That should give you the same level of security, as long as using a tmpfs is ok for you. In my experience using a swap-backed tmpfs is always preferable to a regular filesystem, but I'd be open to any tests that prove me wrong :-)
So you don't have to enter a password every time you boot.
> - Why ext4? Why not reiserfs? or ext3? or btrfs?
Why not ext4? I chose it because it is fast and reliable.
> - What's the use case?
There might be some people who don't have enough ram for a tmpfs and who don't want anything user-writable to be unencrypted on the disk. I've seen this feature in debian, so I thought there are people who use this (if not, why would they implement it?). A swap-backed tmpfs might work as well. Why is it preferable to a regular filesystem?
Pros:
* We already support this and don't have to add any code.
* You'll likely get higher performance. When using ext4 the kernel will write your data to disk frequently (as one aim is to avoid data-loss on a crash), on a tmpfs the data is only written to disk if you run out of ram (as the data is temporary and in case of a crash/reboot we want to throw it away anyway). See http://www.toofishes.net/blog/mysql-and-tmp-tmpfs/ for some numbers from one usecase (obviously YMMV).
* Writing all your data to disk, only to delete it on reboot seems like a waste of time to me.
Cons:
* If you are doing a lot of swapping, you might see reduced performance. This is because (allegedly) your data is deleted from disk when it moves from swap to ram, so if it must move back you need to write it again. Using ext4 the data will stay on disk, so if you have to evict it from memory no writing is needed. I have not seen any numbers on this, only heard it described. If it can be shown that this is a problem, we could consider implementing this FS (though I'd think it would be a lot nicer if the kernel's swap could be taught to do the right thing).
As to why Debian (and others) would implement encrypted tmp on ext4: until some kernel releases ago tmpfs had lots of limitations compared to other filesystems (limit on the size of files it could store, etc). These have been sorted out and these days it is just like any other filesystem.
Regarding the popularity of this feature: I pointed out a conceptual flaw in the systemd implementation (it is broken) a long time ago, and while fixing it was put on the TODO, no one seems to have complained about it nor has any resources been put towards fixing it. So I guess it is hardly used (if at all) on Fedora/OpenSUSE/+++.