fscrypt.rst - OpenGrok cross reference for /kernel/linux/linux-6.6/Documentation/filesystems/fscrypt.rst

Lines Matching full:policies
148 Limitations of v1 policies
151 v1 encryption policies have some weaknesses with respect to online
167 All the above problems are fixed with v2 encryption policies.  For
169 policies on all new encrypted directories.
212 the key is used for v1 encryption policies or for v2 encryption
213 policies.  Users **must not** use the same key for both v1 and v2
214 encryption policies.  (No real-world attack is currently known on this
218 For v1 encryption policies, the KDF only supports deriving per-file
224 For v2 encryption policies, the KDF is HKDF-SHA512.  The master key is
259 DIRECT_KEY policies
275 - For v1 encryption policies, the encryption is done directly with the
277   key for any other purpose, even for other v1 policies.
279 - For v2 encryption policies, the encryption is done with a per-mode
281   other v2 encryption policies.
283 IV_INO_LBLK_64 policies
298 IV_INO_LBLK_32 policies
301 IV_INO_LBLK_32 policies work like IV_INO_LBLK_64, except that for
315 For master keys used for v2 encryption policies, a unique 16-byte "key
465 - With `DIRECT_KEY policies`_, the file's nonce is appended to the IV.
468 - With `IV_INO_LBLK_64 policies`_, the logical block number is limited
472 - With `IV_INO_LBLK_32 policies`_, the logical block number is limited
489 alternatively has the file's nonce (for `DIRECT_KEY policies`_) or
490 inode number (for `IV_INO_LBLK_64 policies`_) included in the IVs.
557   For new encrypted directories, use v2 policies.
566   v1 encryption policies only support three combinations of modes:
569   (FSCRYPT_MODE_ADIANTUM, FSCRYPT_MODE_ADIANTUM).  v2 policies support
577   - FSCRYPT_POLICY_FLAG_DIRECT_KEY: See `DIRECT_KEY policies`_.
579     policies`_.
581     policies`_.
583   v1 encryption policies only support the PAD_* and DIRECT_KEY flags.
584   The other flags are only supported by v2 encryption policies.
589 - For v2 encryption policies, ``__reserved`` must be zeroed.
591 - For v1 encryption policies, ``master_key_descriptor`` specifies how
600   For v2 encryption policies, ``master_key_descriptor`` has been
646   flag enabled (casefolding is incompatible with v1 policies).
807 - If the key is being added for use by v1 encryption policies, then
816   policies, then ``key_spec.type`` must contain
885 For v1 encryption policies, a master encryption key can also be
891 policies) for several reasons.  First, it cannot be used in
969     - To remove a key used by v1 encryption policies, set
975     - To remove a key used by v2 encryption policies, set
1071     - To get the status of a key for v1 encryption policies, set
1075     - To get the status of a key for v2 encryption policies, set
1114 encryption policies using the legacy mechanism involving
1229 this by validating all top-level encryption policies prior to access.
1340 keys`_ and `DIRECT_KEY policies`_.