Encrypted Btrfs Subvolumes: Keeping Container Storage Safe
1.3 هزار بار بازدید -
10 ماه پیش
-
https://media.ccc.de/v/all-systems-go...
At Meta, we've been working to add encryption support to btrfs, with exciting implications for per-container security. Traditionally encryption has either dealt with whole disks, with LUKS, or with a few filesystems: ext4, f2fs, ubifs, and ceph, lacking in advanced volume management. Btrfs has several features these filesystems don't: deduplicating/reflinking identical data, subvolume/snapshot management, and integrated checksumming. These features allow giving containers their own encrypted subvolume with a key only loaded when the container is running, preventing container storage from being read while turned off, and making deletion of expired containers' storage secure.
Sweet Tea Dorminy
https://cfp.all-systems-go.io/all-sys...
#asg2023
At Meta, we've been working to add encryption support to btrfs, with exciting implications for per-container security. Traditionally encryption has either dealt with whole disks, with LUKS, or with a few filesystems: ext4, f2fs, ubifs, and ceph, lacking in advanced volume management. Btrfs has several features these filesystems don't: deduplicating/reflinking identical data, subvolume/snapshot management, and integrated checksumming. These features allow giving containers their own encrypted subvolume with a key only loaded when the container is running, preventing container storage from being read while turned off, and making deletion of expired containers' storage secure.
Sweet Tea Dorminy
https://cfp.all-systems-go.io/all-sys...
#asg2023
10 ماه پیش
در تاریخ 1402/06/22 منتشر شده
است.
1,314
بـار بازدید شده