Side-channel attacks¶

fscrypt is only resistant to side-channel attacks, such as timing orelectromagnetic attacks, to the extent that the underlying LinuxCryptographic API algorithms are. If a vulnerable algorithm is used,such as a table-based implementation of AES, it may be possible for anattacker to mount a side channel attack against the online system.Side channel attacks may also be mounted against applicationsconsuming decrypted data.

Unauthorized file access¶

After an encryption key has been added, fscrypt does not hide theplaintext file contents or filenames from other users on the samesystem. Instead, existing access control mechanisms such as file modebits, POSIX ACLs, LSMs, or namespaces should be used for this purpose.

(For the reasoning behind this, understand that while the key isadded, the confidentiality of the data, from the perspective of thesystem itself, isnot protected by the mathematical properties ofencryption but rather only by the correctness of the kernel.Therefore, any encryption-specific access control checks would merelybe enforced by kernelcode and therefore would be largely redundantwith the wide variety of access control mechanisms already available.)

Kernel memory compromise¶

An attacker who compromises the system enough to read from arbitrarymemory, e.g. by mounting a physical attack or by exploiting a kernelsecurity vulnerability, can compromise all encryption keys that arecurrently in use.

However, fscrypt allows encryption keys to be removed from the kernel,which may protect them from later compromise.

In more detail, the FS_IOC_REMOVE_ENCRYPTION_KEY ioctl (or theFS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl) can wipe a masterencryption key from kernel memory. If it does so, it will also try toevict all cached inodes which had been “unlocked” using the key,thereby wiping their per-file keys and making them once again appear“locked”, i.e. in ciphertext or encrypted form.

However, these ioctls have some limitations:

• Per-file keys for in-use files willnot be removed or wiped.Therefore, for maximum effect, userspace should close the relevantencrypted files and directories before removing a master key, aswell as kill any processes whose working directory is in an affectedencrypted directory.
• The kernel cannot magically wipe copies of the master key(s) thatuserspace might have as well. Therefore, userspace must wipe allcopies of the master key(s) it makes as well; normally this shouldbe done immediately after FS_IOC_ADD_ENCRYPTION_KEY, without waitingfor FS_IOC_REMOVE_ENCRYPTION_KEY. Naturally, the same also appliesto all higher levels in the key hierarchy. Userspace should alsofollow other security precautions such as mlock()ing memorycontaining keys to prevent it from being swapped out.
• In general, decrypted contents and filenames in the kernel VFScaches are freed but not wiped. Therefore, portions thereof may berecoverable from freed memory, even after the corresponding key(s)were wiped. To partially solve this, you can setCONFIG_PAGE_POISONING=y in your kernel config and add page_poison=1to your kernel command line. However, this has a performance cost.
• Secret keys might still exist in CPU registers, in cryptoaccelerator hardware (if used by the crypto API to implement any ofthe algorithms), or in other places not explicitly considered here.

Limitations of v1 policies¶

v1 encryption policies have some weaknesses with respect to onlineattacks:

• There is no verification that the provided master key is correct.Therefore, a malicious user can temporarily associate the wrong keywith another user’s encrypted files to which they have read-onlyaccess. Because of filesystem caching, the wrong key will then beused by the other user’s accesses to those files, even if the otheruser has the correct key in their own keyring. This violates themeaning of “read-only access”.
• A compromise of a per-file key also compromises the master key fromwhich it was derived.
• Non-root users cannot securely remove encryption keys.

All the above problems are fixed with v2 encryption policies. Forthis reason among others, it is recommended to use v2 encryptionpolicies on all new encrypted directories.

FS_IOC_SET_ENCRYPTION_POLICY¶

The FS_IOC_SET_ENCRYPTION_POLICY ioctl sets an encryption policy on anempty directory or verifies that a directory or regular file alreadyhas the specified encryption policy. It takes in a pointer to astructfscrypt_policy_v1 or astructfscrypt_policy_v2, defined as follows:

#define FSCRYPT_POLICY_V1               0#define FSCRYPT_KEY_DESCRIPTOR_SIZE     8struct fscrypt_policy_v1 {        __u8 version;        __u8 contents_encryption_mode;        __u8 filenames_encryption_mode;        __u8 flags;        __u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];};#define fscrypt_policy  fscrypt_policy_v1#define FSCRYPT_POLICY_V2               2#define FSCRYPT_KEY_IDENTIFIER_SIZE     16struct fscrypt_policy_v2 {        __u8 version;        __u8 contents_encryption_mode;        __u8 filenames_encryption_mode;        __u8 flags;        __u8 __reserved[4];        __u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];};

This structure must be initialized as follows:

• version must be FSCRYPT_POLICY_V1 (0) if the struct isfscrypt_policy_v1 or FSCRYPT_POLICY_V2 (2) if the structisfscrypt_policy_v2. (Note: we refer to the originalpolicy version as “v1”, though its version code is really 0.) Fornew encrypted directories, use v2 policies.

• contents_encryption_mode andfilenames_encryption_mode mustbe set to constants from<linux/fscrypt.h> which identify theencryption modes to use. If unsure, use FSCRYPT_MODE_AES_256_XTS(1) forcontents_encryption_mode and FSCRYPT_MODE_AES_256_CTS(4) forfilenames_encryption_mode.

• flags contains optional flags from<linux/fscrypt.h>:

  • FSCRYPT_POLICY_FLAGS_PAD_*: The amount of NUL padding to use whenencrypting filenames. If unsure, use FSCRYPT_POLICY_FLAGS_PAD_32(0x3).
  • FSCRYPT_POLICY_FLAG_DIRECT_KEY: SeeDIRECT_KEY policies.
  • FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64: SeeIV_INO_LBLK_64policies.
  • FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32: SeeIV_INO_LBLK_32policies.

  v1 encryption policies only support the PAD_* and DIRECT_KEY flags.The other flags are only supported by v2 encryption policies.

  The DIRECT_KEY, IV_INO_LBLK_64, and IV_INO_LBLK_32 flags aremutually exclusive.

• For v2 encryption policies,__reserved must be zeroed.

• For v1 encryption policies,master_key_descriptor specifies howto find the master key in a keyring; seeAdding keys. It is upto userspace to choose a uniquemaster_key_descriptor for eachmaster key. The e4crypt and fscrypt tools use the first 8 bytes ofSHA-512(SHA-512(master_key)), but this particular scheme is notrequired. Also, the master key need not be in the keyring yet whenFS_IOC_SET_ENCRYPTION_POLICY is executed. However, it must be addedbefore any files can be created in the encrypted directory.

  For v2 encryption policies,master_key_descriptor has beenreplaced withmaster_key_identifier, which is longer and cannotbe arbitrarily chosen. Instead, the key must first be added usingFS_IOC_ADD_ENCRYPTION_KEY. Then, thekey_spec.u.identifierthe kernel returned in thestructfscrypt_add_key_arg mustbe used as themaster_key_identifier in thestructfscrypt_policy_v2.

If the file is not yet encrypted, then FS_IOC_SET_ENCRYPTION_POLICYverifies that the file is an empty directory. If so, the specifiedencryption policy is assigned to the directory, turning it into anencrypted directory. After that, and after providing thecorresponding master key as described inAdding keys, all regularfiles, directories (recursively), and symlinks created in thedirectory will be encrypted, inheriting the same encryption policy.The filenames in the directory’s entries will be encrypted as well.

Alternatively, if the file is already encrypted, thenFS_IOC_SET_ENCRYPTION_POLICY validates that the specified encryptionpolicy exactly matches the actual one. If they match, then the ioctlreturns 0. Otherwise, it fails with EEXIST. This works on bothregular files and directories, including nonempty directories.

When a v2 encryption policy is assigned to a directory, it is alsorequired that either the specified key has been added by the currentuser or that the caller has CAP_FOWNER in the initial user namespace.(This is needed to prevent a user from encrypting their data withanother user’s key.) The key must remain added whileFS_IOC_SET_ENCRYPTION_POLICY is executing. However, if the newencrypted directory does not need to be accessed immediately, then thekey can be removed right away afterwards.

Note that the ext4 filesystem does not allow the root directory to beencrypted, even if it is empty. Users who want to encrypt an entirefilesystem with one key should consider using dm-crypt instead.

FS_IOC_SET_ENCRYPTION_POLICY can fail with the following errors:

• EACCES: the file is not owned by the process’s uid, nor does theprocess have the CAP_FOWNER capability in a namespace with the fileowner’s uid mapped
• EEXIST: the file is already encrypted with an encryption policydifferent from the one specified
• EINVAL: an invalid encryption policy was specified (invalidversion, mode(s), or flags; or reserved bits were set); or a v1encryption policy was specified but the directory has the casefoldflag enabled (casefolding is incompatible with v1 policies).
• ENOKEY: a v2 encryption policy was specified, but the key withthe specifiedmaster_key_identifier has not been added, nor doesthe process have the CAP_FOWNER capability in the initial usernamespace
• ENOTDIR: the file is unencrypted and is a regular file, not adirectory
• ENOTEMPTY: the file is unencrypted and is a nonempty directory
• ENOTTY: this type of filesystem does not implement encryption
• EOPNOTSUPP: the kernel was not configured with encryptionsupport for filesystems, or the filesystem superblock has nothad encryption enabled on it. (For example, to use encryption on anext4 filesystem, CONFIG_FS_ENCRYPTION must be enabled in thekernel config, and the superblock must have had the “encrypt”feature flag enabled usingtune2fs-Oencrypt ormkfs.ext4-Oencrypt.)
• EPERM: this directory may not be encrypted, e.g. because it isthe root directory of an ext4 filesystem
• EROFS: the filesystem is readonly

FS_IOC_GET_ENCRYPTION_POLICY_EX¶

The FS_IOC_GET_ENCRYPTION_POLICY_EX ioctl retrieves the encryptionpolicy, if any, for a directory or regular file. No additionalpermissions are required beyond the ability to open the file. Ittakes in a pointer to astructfscrypt_get_policy_ex_arg,defined as follows:

struct fscrypt_get_policy_ex_arg {        __u64 policy_size; /* input/output */        union {                __u8 version;                struct fscrypt_policy_v1 v1;                struct fscrypt_policy_v2 v2;        } policy; /* output */};

The caller must initializepolicy_size to the size available forthe policy struct, i.e.sizeof(arg.policy).

On success, the policy struct is returned inpolicy, and itsactual size is returned inpolicy_size.policy.version shouldbe checked to determine the version of policy returned. Note that theversion code for the “v1” policy is actually 0 (FSCRYPT_POLICY_V1).

FS_IOC_GET_ENCRYPTION_POLICY_EX can fail with the following errors:

• EINVAL: the file is encrypted, but it uses an unrecognizedencryption policy version
• ENODATA: the file is not encrypted
• ENOTTY: this type of filesystem does not implement encryption,or this kernel is too old to support FS_IOC_GET_ENCRYPTION_POLICY_EX(try FS_IOC_GET_ENCRYPTION_POLICY instead)
• EOPNOTSUPP: the kernel was not configured with encryptionsupport for this filesystem, or the filesystem superblock has nothad encryption enabled on it
• EOVERFLOW: the file is encrypted and uses a recognizedencryption policy version, but the policy struct does not fit intothe provided buffer

Note: if you only need to know whether a file is encrypted or not, onmost filesystems it is also possible to use the FS_IOC_GETFLAGS ioctland check for FS_ENCRYPT_FL, or to use the statx() system call andcheck for STATX_ATTR_ENCRYPTED in stx_attributes.

FS_IOC_GET_ENCRYPTION_POLICY¶

The FS_IOC_GET_ENCRYPTION_POLICY ioctl can also retrieve theencryption policy, if any, for a directory or regular file. However,unlikeFS_IOC_GET_ENCRYPTION_POLICY_EX,FS_IOC_GET_ENCRYPTION_POLICY only supports the original policyversion. It takes in a pointer directly to astructfscrypt_policy_v1 rather than astructfscrypt_get_policy_ex_arg.

The error codes for FS_IOC_GET_ENCRYPTION_POLICY are the same as thosefor FS_IOC_GET_ENCRYPTION_POLICY_EX, except thatFS_IOC_GET_ENCRYPTION_POLICY also returnsEINVAL if the file isencrypted using a newer encryption policy version.

FS_IOC_ADD_ENCRYPTION_KEY¶

The FS_IOC_ADD_ENCRYPTION_KEY ioctl adds a master encryption key tothe filesystem, making all files on the filesystem which wereencrypted using that key appear “unlocked”, i.e. in plaintext form.It can be executed on any file or directory on the target filesystem,but using the filesystem’s root directory is recommended. It takes ina pointer to astructfscrypt_add_key_arg, defined asfollows:

struct fscrypt_add_key_arg {        struct fscrypt_key_specifier key_spec;        __u32 raw_size;        __u32 key_id;        __u32 __reserved[8];        __u8 raw[];};#define FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR        1#define FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER        2struct fscrypt_key_specifier {        __u32 type;     /* one of FSCRYPT_KEY_SPEC_TYPE_* */        __u32 __reserved;        union {                __u8 __reserved[32]; /* reserve some extra space */                __u8 descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];                __u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];        } u;};struct fscrypt_provisioning_key_payload {        __u32 type;        __u32 __reserved;        __u8 raw[];};

structfscrypt_add_key_arg must be zeroed, then initializedas follows:

• If the key is being added for use by v1 encryption policies, thenkey_spec.type must contain FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR, andkey_spec.u.descriptor must contain the descriptor of the keybeing added, corresponding to the value in themaster_key_descriptor field ofstructfscrypt_policy_v1. To add this type of key, the calling processmust have the CAP_SYS_ADMIN capability in the initial usernamespace.

  Alternatively, if the key is being added for use by v2 encryptionpolicies, thenkey_spec.type must containFSCRYPT_KEY_SPEC_TYPE_IDENTIFIER, andkey_spec.u.identifier isanoutput field which the kernel fills in with a cryptographichash of the key. To add this type of key, the calling process doesnot need any privileges. However, the number of keys that can beadded is limited by the user’s quota for the keyrings service (seeDocumentation/security/keys/core.rst).

• raw_size must be the size of theraw key provided, in bytes.Alternatively, ifkey_id is nonzero, this field must be 0, sincein that case the size is implied by the specified Linux keyring key.

• key_id is 0 if the raw key is given directly in therawfield. Otherwisekey_id is the ID of a Linux keyring key oftype “fscrypt-provisioning” whose payload is astructfscrypt_provisioning_key_payload whoseraw field contains theraw key and whosetype field matcheskey_spec.type. Sinceraw is variable-length, the total size of this key’s payloadmust besizeof(structfscrypt_provisioning_key_payload) plus theraw key size. The process must have Search permission on this key.

  Most users should leave this 0 and specify the raw key directly.The support for specifying a Linux keyring key is intended mainly toallow re-adding keys after a filesystem is unmounted and re-mounted,without having to store the raw keys in userspace memory.

• raw is a variable-length field which must contain the actualkey,raw_size bytes long. Alternatively, ifkey_id isnonzero, then this field is unused.

For v2 policy keys, the kernel keeps track of which user (identifiedby effective user ID) added the key, and only allows the key to beremoved by that user — or by “root”, if they useFS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS.

However, if another user has added the key, it may be desirable toprevent that other user from unexpectedly removing it. Therefore,FS_IOC_ADD_ENCRYPTION_KEY may also be used to add a v2 policy keyagain, even if it’s already added by other user(s). In this case,FS_IOC_ADD_ENCRYPTION_KEY will just install a claim to the key for thecurrent user, rather than actually add the key again (but the raw keymust still be provided, as a proof of knowledge).

FS_IOC_ADD_ENCRYPTION_KEY returns 0 if either the key or a claim tothe key was either added or already exists.

FS_IOC_ADD_ENCRYPTION_KEY can fail with the following errors:

• EACCES: FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR was specified, but thecaller does not have the CAP_SYS_ADMIN capability in the initialuser namespace; or the raw key was specified by Linux key ID but theprocess lacks Search permission on the key.
• EDQUOT: the key quota for this user would be exceeded by addingthe key
• EINVAL: invalid key size or key specifier type, or reserved bitswere set
• EKEYREJECTED: the raw key was specified by Linux key ID, but thekey has the wrong type
• ENOKEY: the raw key was specified by Linux key ID, but no keyexists with that ID
• ENOTTY: this type of filesystem does not implement encryption
• EOPNOTSUPP: the kernel was not configured with encryptionsupport for this filesystem, or the filesystem superblock has nothad encryption enabled on it

Legacy method¶

For v1 encryption policies, a master encryption key can also beprovided by adding it to a process-subscribed keyring, e.g. to asession keyring, or to a user keyring if the user keyring is linkedinto the session keyring.

This method is deprecated (and not supported for v2 encryptionpolicies) for several reasons. First, it cannot be used incombination with FS_IOC_REMOVE_ENCRYPTION_KEY (seeRemoving keys),so for removing a key a workaround such as keyctl_unlink() incombination withsync;echo2>/proc/sys/vm/drop_caches wouldhave to be used. Second, it doesn’t match the fact that thelocked/unlocked status of encrypted files (i.e. whether they appear tobe in plaintext form or in ciphertext form) is global. This mismatchhas caused much confusion as well as real problems when processesrunning under different UIDs, such as asudo command, need toaccess encrypted files.

Nevertheless, to add a key to one of the process-subscribed keyrings,the add_key() system call can be used (see:Documentation/security/keys/core.rst). The key type must be“logon”; keys of this type are kept in kernel memory and cannot beread back by userspace. The key description must be “fscrypt:”followed by the 16-character lower case hex representation of themaster_key_descriptor that was set in the encryption policy. Thekey payload must conform to the following structure:

#define FSCRYPT_MAX_KEY_SIZE            64struct fscrypt_key {        __u32 mode;        __u8 raw[FSCRYPT_MAX_KEY_SIZE];        __u32 size;};

mode is ignored; just set it to 0. The actual key is provided inraw withsize indicating its size in bytes. That is, thebytesraw[0..size-1] (inclusive) are the actual key.

The key description prefix “fscrypt:” may alternatively be replacedwith a filesystem-specific prefix such as “ext4:”. However, thefilesystem-specific prefixes are deprecated and should not be used innew programs.

FS_IOC_REMOVE_ENCRYPTION_KEY¶

The FS_IOC_REMOVE_ENCRYPTION_KEY ioctl removes a claim to a masterencryption key from the filesystem, and possibly removes the keyitself. It can be executed on any file or directory on the targetfilesystem, but using the filesystem’s root directory is recommended.It takes in a pointer to astructfscrypt_remove_key_arg,defined as follows:

struct fscrypt_remove_key_arg {        struct fscrypt_key_specifier key_spec;#define FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY      0x00000001#define FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS     0x00000002        __u32 removal_status_flags;     /* output */        __u32 __reserved[5];};

This structure must be zeroed, then initialized as follows:

• The key to remove is specified bykey_spec:

  • To remove a key used by v1 encryption policies, setkey_spec.type to FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR and fillinkey_spec.u.descriptor. To remove this type of key, thecalling process must have the CAP_SYS_ADMIN capability in theinitial user namespace.
  • To remove a key used by v2 encryption policies, setkey_spec.type to FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER and fillinkey_spec.u.identifier.

For v2 policy keys, this ioctl is usable by non-root users. However,to make this possible, it actually just removes the current user’sclaim to the key, undoing a single call to FS_IOC_ADD_ENCRYPTION_KEY.Only after all claims are removed is the key really removed.

For example, if FS_IOC_ADD_ENCRYPTION_KEY was called with uid 1000,then the key will be “claimed” by uid 1000, andFS_IOC_REMOVE_ENCRYPTION_KEY will only succeed as uid 1000. Or, ifboth uids 1000 and 2000 added the key, then for each uidFS_IOC_REMOVE_ENCRYPTION_KEY will only remove their own claim. Onlyonceboth are removed is the key really removed. (Think of it likeunlinking a file that may have hard links.)

If FS_IOC_REMOVE_ENCRYPTION_KEY really removes the key, it will alsotry to “lock” all files that had been unlocked with the key. It won’tlock files that are still in-use, so this ioctl is expected to be usedin cooperation with userspace ensuring that none of the files arestill open. However, if necessary, this ioctl can be executed againlater to retry locking any remaining files.

FS_IOC_REMOVE_ENCRYPTION_KEY returns 0 if either the key was removed(but may still have files remaining to be locked), the user’s claim tothe key was removed, or the key was already removed but had filesremaining to be the locked so the ioctl retried locking them. In anyof these cases,removal_status_flags is filled in with thefollowing informational status flags:

• FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY: set if some file(s)are still in-use. Not guaranteed to be set in the case where onlythe user’s claim to the key was removed.
• FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS: set if only theuser’s claim to the key was removed, not the key itself

FS_IOC_REMOVE_ENCRYPTION_KEY can fail with the following errors:

• EACCES: The FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR key specifier typewas specified, but the caller does not have the CAP_SYS_ADMINcapability in the initial user namespace
• EINVAL: invalid key specifier type, or reserved bits were set
• ENOKEY: the key object was not found at all, i.e. it was neveradded in the first place or was already fully removed including allfiles locked; or, the user does not have a claim to the key (butsomeone else does).
• ENOTTY: this type of filesystem does not implement encryption
• EOPNOTSUPP: the kernel was not configured with encryptionsupport for this filesystem, or the filesystem superblock has nothad encryption enabled on it

FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS¶

FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS is exactly the same asFS_IOC_REMOVE_ENCRYPTION_KEY, except that for v2 policy keys, theALL_USERS version of the ioctl will remove all users’ claims to thekey, not just the current user’s. I.e., the key itself will always beremoved, no matter how many users have added it. This difference isonly meaningful if non-root users are adding and removing keys.

Because of this, FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS also requires“root”, namely the CAP_SYS_ADMIN capability in the initial usernamespace. Otherwise it will fail with EACCES.

FS_IOC_GET_ENCRYPTION_KEY_STATUS¶

The FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl retrieves the status of amaster encryption key. It can be executed on any file or directory onthe target filesystem, but using the filesystem’s root directory isrecommended. It takes in a pointer to astructfscrypt_get_key_status_arg, defined as follows:

struct fscrypt_get_key_status_arg {        /* input */        struct fscrypt_key_specifier key_spec;        __u32 __reserved[6];        /* output */#define FSCRYPT_KEY_STATUS_ABSENT               1#define FSCRYPT_KEY_STATUS_PRESENT              2#define FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED 3        __u32 status;#define FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF   0x00000001        __u32 status_flags;        __u32 user_count;        __u32 __out_reserved[13];};

The caller must zero all input fields, then fill inkey_spec:

• To get the status of a key for v1 encryption policies, setkey_spec.type to FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR and fillinkey_spec.u.descriptor.
• To get the status of a key for v2 encryption policies, setkey_spec.type to FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER and fillinkey_spec.u.identifier.

On success, 0 is returned and the kernel fills in the output fields:

• status indicates whether the key is absent, present, orincompletely removed. Incompletely removed means that the mastersecret has been removed, but some files are still in use; i.e.,FS_IOC_REMOVE_ENCRYPTION_KEY returned 0 but set the informationalstatus flag FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY.

• status_flags can contain the following flags:

  • FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF indicates that the keyhas added by the current user. This is only set for keysidentified byidentifier rather than bydescriptor.

• user_count specifies the number of users who have added the key.This is only set for keys identified byidentifier rather thanbydescriptor.

FS_IOC_GET_ENCRYPTION_KEY_STATUS can fail with the following errors:

• EINVAL: invalid key specifier type, or reserved bits were set
• ENOTTY: this type of filesystem does not implement encryption
• EOPNOTSUPP: the kernel was not configured with encryptionsupport for this filesystem, or the filesystem superblock has nothad encryption enabled on it

Among other use cases, FS_IOC_GET_ENCRYPTION_KEY_STATUS can be usefulfor determining whether the key for a given encrypted directory needsto be added before prompting the user for the passphrase needed toderive the key.

FS_IOC_GET_ENCRYPTION_KEY_STATUS can only get the status of keys inthe filesystem-level keyring, i.e. the keyring managed byFS_IOC_ADD_ENCRYPTION_KEY andFS_IOC_REMOVE_ENCRYPTION_KEY. Itcannot get the status of a key that has only been added for use by v1encryption policies using the legacy mechanism involvingprocess-subscribed keyrings.

kvm-xfstests -c ext4,f2fs -g encryptkvm-xfstests -c ext4,f2fs -g encrypt -m inlinecrypt

kvm-xfstests -c ubifs -g encrypt

kvm-xfstests -c ext4/encrypt,f2fs/encrypt -g autokvm-xfstests -c ext4/encrypt,f2fs/encrypt -g auto -m inlinecrypt

gce-xfstests -c ext4/encrypt,f2fs/encrypt -g autogce-xfstests -c ext4/encrypt,f2fs/encrypt -g auto -m inlinecrypt