Documentation/ABI/testing/sysfs-fs-f2fs | 5 +- Documentation/filesystems/f2fs.rst | 30 ++++ fs/crypto/crypto.c | 47 +++++++ fs/crypto/fscrypt_private.h | 3 +- fs/crypto/keysetup.c | 174 ++++++++++++++++++++++++ fs/f2fs/Kconfig | 14 ++ fs/f2fs/data.c | 8 +- fs/f2fs/f2fs.h | 37 ++++- fs/f2fs/file.c | 24 +++- fs/f2fs/inline.c | 134 ++++++++++++++++-- fs/f2fs/super.c | 12 ++ fs/f2fs/sysfs.c | 8 ++ include/linux/fscrypt.h | 24 ++++ 13 files changed, 497 insertions(+), 23 deletions(-)
F2FS currently disables inline data for encrypted regular files because the inline payload is stored in the inode block and does not go through the regular bio-based fscrypt path. This wastes space for small encrypted files on Android devices using F2FS inlinecrypt. This series adds an encrypted_inline_data on-disk feature for F2FS. With this feature enabled, encrypted regular files may keep small contents in the inode block. The inline payload is encrypted before being stored in the inode and decrypted back into page-cache plaintext on read. The fscrypt changes are scoped to filesystem-managed data-unit crypto. F2FS first asks fscrypt whether the inode's key/policy supports this path. It prepares the software transform only when encrypted inline payloads are read or written. Inlinecrypt support is limited to v2 IV_INO_LBLK_64 and IV_INO_LBLK_32 policies, including the hardware-wrapped key configurations supported by fscrypt. Per-file inlinecrypt keys and DIRECT_KEY policies are not supported for encrypted inline data. The basic encrypted inline-data tests pass. The test creates encrypted small files and verifies that they retain inline data. It also checks normal read/write correctness and confirms from the raw inode block that the inline payload does not contain plaintext. Changes in v3: - Support fscrypt's v2 IV_INO_LBLK_64/32 hardware-wrapped key configurations. - Drop DIRECT_KEY support for encrypted inline data. - Refresh comments and documentation for the updated key support matrix. LiaoYuanhong-vivo (3): fscrypt: prepare software keys for filesystem-managed data units f2fs: support encrypted inline data Documentation: f2fs: document encrypted inline data Documentation/ABI/testing/sysfs-fs-f2fs | 5 +- Documentation/filesystems/f2fs.rst | 30 ++++ fs/crypto/crypto.c | 47 +++++++ fs/crypto/fscrypt_private.h | 3 +- fs/crypto/keysetup.c | 174 ++++++++++++++++++++++++ fs/f2fs/Kconfig | 14 ++ fs/f2fs/data.c | 8 +- fs/f2fs/f2fs.h | 37 ++++- fs/f2fs/file.c | 24 +++- fs/f2fs/inline.c | 134 ++++++++++++++++-- fs/f2fs/super.c | 12 ++ fs/f2fs/sysfs.c | 8 ++ include/linux/fscrypt.h | 24 ++++ 13 files changed, 497 insertions(+), 23 deletions(-) -- 2.34.1
[+Cc linux-ext4@vger.kernel.org] On Mon, Jun 15, 2026 at 08:55:12PM +0800, LiaoYuanhong-vivo wrote: > F2FS currently disables inline data for encrypted regular files because the > inline payload is stored in the inode block and does not go through the > regular bio-based fscrypt path. This wastes space for small encrypted > files on Android devices using F2FS inlinecrypt. > > This series adds an encrypted_inline_data on-disk feature for F2FS. > With this feature enabled, encrypted regular files may keep small contents > in the inode block. The inline payload is encrypted before being stored in > the inode and decrypted back into page-cache plaintext on read. > > The fscrypt changes are scoped to filesystem-managed data-unit crypto. > F2FS first asks fscrypt whether the inode's key/policy supports this path. > It prepares the software transform only when encrypted inline payloads are > read or written. Inlinecrypt support is limited to v2 IV_INO_LBLK_64 and > IV_INO_LBLK_32 policies, including the hardware-wrapped key configurations > supported by fscrypt. Per-file inlinecrypt keys and DIRECT_KEY policies > are not supported for encrypted inline data. I still think we should hold off on this, for the reasons I gave at https://lore.kernel.org/r/20260515184124.GA4903@quark/ As soon as you start using hardware-wrapped keys this will become irrelevant, as it can't be used in that case. I see you added "support" for that case anyway by deriving contents encryption keys from the sw_secret. But that bypasses the security model, which isn't okay. I'm also working to simplify ext4 and f2fs's file contents encryption implementation by standardizing on blk-crypto. That aligns well with what btrfs encryption is going to do as well. So this isn't a great time to be making f2fs's file contents encryption implementation even more complex by going in a different direction. If there was demand for this feature from the ext4 side for general-purpose Linux distros as well, that would make it a bit more appealing, as it would show broader demand. But with the proposal being f2fs-specific and effectively just for Android devices that *don't* use wrapped keys, that feels too narrow for the added complexity. This proposal also lacks test cases in xfstests and/or Android's vts_kernel_encryption_test that verify that the inline data is actually being encrypted correctly. Those tests are essential, and we *must not* add new file contents encryption implementations without such tests. - Eric
Hi Eric, Thanks for the explanation. I understand the concern about deriving software contents keys from sw_secret for hardware-wrapped-key files. I agree this is not the right security model, and I will stop pursuing this direction for now. Could you share more about the direction you have in mind for simplifying f2fs/ext4 contents encryption around blk-crypto? For f2fs inline_data, there is still a real space-saving benefit on phones, since many encrypted files are smaller than 4K. Is there any acceptable future direction to support this kind of inode-resident data with blk-crypto or hardware-wrapped keys? Thanks, Liao Yuanhong
On Tue, Jun 16, 2026 at 05:46:12PM +0800, LiaoYuanhong-vivo wrote: > Could you share more about the direction you have in mind for simplifying > f2fs/ext4 contents encryption around blk-crypto? Currently ext4 and f2fs each have two implementations of file contents encryption and decryption: - One where the en/decryption is done in the filesystem layer - One where the filesystem attaches a bio_crypt_ctx to the bios and the en/decryption is done either in the block layer by blk-crypto-fallback or by inline encryption hardware I'd like to drop the first one, for simplicity and to reduce the burden on ongoing developments like large folio support. > For f2fs inline_data, there is still a real space-saving benefit on phones, > since many encrypted files are smaller than 4K. Is there any acceptable > future direction to support this kind of inode-resident data with > blk-crypto or hardware-wrapped keys? It is incompatible with inline encryption hardware. A CPU-based solution like Intel Key Locker or RISC-V High Assurance Cryptography could provide similar security properties. But there's nothing for arm64 yet. And I should mention that no one has wanted to use Key Locker anyway because it's really slow. - Eric
© 2016 - 2026 Red Hat, Inc.