this post was submitted on 31 Oct 2023
174 points (100.0% liked)

Linux

48655 readers
1528 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I got this email this morning: https://lkml.org/lkml/2023/10/30/1098 🥳

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

Native encryption is when the filesystem driver does the decryption in addition to the regular decoding job. Dmcrypt is where encryption is done by a separate component that's part of the kernel. Dmcrypt decrypts the raw block device (partition) and creates an unencrypted virtual block device (usually in /dev/mapper/). The filesystem driver then decodes this virtual device to give the final data access. It's like having a filesystem within a filesystem.

Regular bootloaders like Grub can't decrypt anything. So the /boot device is usually on a separate unencrypted partition. You need the initramfs to be able to decrypt and decode the partition. That's not very complicated - most users don't even need to deal with it.

Dmcrypt is arguably more secure than native encryption, since you won't know the filesystem type until you decrypt the partition first. On the other hand, native encryption is likely to be faster and more flexible for complex filesystems like ZFS, Btrfs and BCachefs.