Tuesday, January 9, 2018

filesystems - Encryption, loop device and journaling file system on Linux


I've been reading up on tools like Truecrypt, loop-AES and Cryptoloop that use a "loop device" to create an encrypted disk volume within a file.


On the README page for loop-AES, it has this paragraph about journaling file systems:


http://loop-aes.sourceforge.net/loop-AES.README



Don't use a journaling file system on
top of file backed loop device. Device
backed loop device can be used with
journaling file systems as device
backed loops guarantee that writes
reach disk platters in order required
by journaling file system (write
caching must be disabled on the disk
drive, of course). With file backed
loop devices, correct write ordering
may extend only to page cache (which
resides in RAM) of underlying file
system. VM can write such pages to
disk in any order it wishes, and thus
break write order expectation of
journaling file system.



Do you know what they mean by "on top of file backed loop device"? Are they referring to a situation where my disk is physically formatted with a journaling file system (like ext3, ext4, or XFS) and then within that file system I create a file which houses the virtual disk volume? Or are they describing the reverse, where the journaling file system is within the file that houses the virtual disk volume?


I have my Linux partitions formatted as ext4, so if they're referring to the first situation, I would have to resize partitions and create an ext2 or FAT partition to save the file that will house the Truecrypt/loop-AES/Cryptoloop volume.


Answer



A "file backed loop device" is a loop-mounted disk file.


Such as mounting /home/mike/mydisk.raw on /mnt.


Device backed is when you've mounted something from /dev, like /dev/sda3


The situation they are referring to has the following structure:


Files
  |
  v
Journaled Filesystem
  |
  v
Encrypted loop mount
  |
  v
Disk file
  |
  v
Journaled Filesystem
  |
  v
Physical device

As you can see there are two filesystems in the chain with two lots of caching and two lots of journaling. Not only wasteful but can cause problems with write-ordering. So just don't use journaling on the top-level filesystem. It's simple enough to turn off.


The situation they say I OK has the following structure:


Files
  |
  v
Journaled Filesystem
  |
  v
Encrypted loop mount
  |
  v
Physical disk

You see there is only one filesystem (and only one set of journaling and caching) in that arrangement.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...