site  contact  subhomenews

QV now has encrypted folders

September 30, 2024 — BarryK

I posted early this year about fscrypt patch for btrfs, see related posts:

However, back then had to abandon fscrypt for btrfs, as the kernel crashed at bootup.

Unfortunately, the btrfs developers have not shown any sign of being interested in progressing with this. The "v5" patch from March 2024 is still the latest. Anyway, I decided to take another look at it, applied the patches to the 6.8.12 kernel (as the patches were developed on the 6.8.x kernel source). This time booted up without having folder encryption, just to see if the patches have some degree of sanity -- nope, got to the desktop, then the btrfs filesystem shortly afterward changed automatically to read-only -- btrfs does that if it detects an error, to avoid further damage.

I booted up a few times, and it consistently got to the desktop and then went to read-only.

So, giving up on that. I really do want encrypted folders, so time for some lateral thinking...

What I have done is create a sparse file with an ext4 filesystem. After bootup, this is what is in the working-partition, showing hidden folders and files:

img2

File '.sparse-ext4' is a sparse file with an ext4 filesystem. It is mounted on folder '.sparse-mnt'. Inside, it contains a folder hierarchy like this:

.sparse-mnt
files home
1 2 3 ...

What happens at bootup in the initrd, that 'files' folder gets mounted on '/files', and one of those number-folders, depending what snapshot booting into, gets mounted on '/home'. After bootup, this is what you see:

img1

...looks normal, but now, '/files' and '/home' are encrypted folders, that got unlocked by the password at bootup.

Here are the github commits:

https://github.com/bkauler/woof-quantum-vis/commit/370ddf467637f0e2a5dbe36ce0ca097ee5d8ac35

https://github.com/bkauler/woof-quantum-vis/commit/9c0a7ffdce5210b7f3dba6484652aeba79f4a6be

From the user's point of voew, QV works as before. In the initrd menu you can choose which snapshot to boot into, create a new snapshot, or delete a snapshot.

As before, '/files' is not snapshotted -- it is for your personal storage and thus appropriate to just accumulate whatever you put into it.

There is a different '/home' folder for each snapshot, but as this is in an ext4 partition, if a new snapshot is created, the entire content of the current '/home' gets copied to the new snapshot.

There are some finishing-off details, will tackle those tomorrow.

Regarding the sparse file; that is a large file that only occupies as much storage as there is content in the ext4 filesystem. So, store more files, it grows. However, if delete files, the sparse file will shrink, as it is mounted with the "discard" option. That is an interesting topic.

Note that the change to an ext4 sparse file is determined at build-time in woofQV, by means of a variable QV_FILES_SPARSE -- in running QV, this variable can be found in /root/.packages/build-choices. Decided to do it this way as didn't want to "burn the bridges", in case the btrfs developers do eventually come up with a working fscrypt patch.

EDIT 2024-10-01:
Decided not to have '/home' in a ext4 sparse file. It is enough if anything that a user wants to keep private, can be kept in '/files'. Besides, I am hoping that one day the btrfs developers will make progress with fscrypt.
      

Tags: quirky