Built-in encryption in bcachefs sounds great, that’s the only thing that BTRFS has been missing for me so far.
Bonus points if it can be decrypted on boot like LUKS, and double bonus points if its scriptable like cryptsetup (retrieve key from hardware device, or network, or flash stick etc)
https://bcachefs.org/Encryption/
Will likely give bcachefs a spin as soon as it drops in Debian Unstable 😁
Triple bonus points if it can do swap files on the encrypted filesystem.
Does it lockup like ZFS?
Dunno yet. I’m going to remain optimistic until then.
Can’t BTRFS be used on a LUKS volume? Or does it have disadvantages?
Yeppp this is what I currently do, and offers the best performance IMO compared to using something like gocryptfs in userspace on top of BTRFS. Pretty happy with it except a few small things…
It can be a bit of a faff to mount on a new machine if its file manager doesn’t support encrypted volumes natively ☹️. On your daily you can have it all sorted in your crypttab and fstab so it’s not an issue there
My main problem though is if it’s an external USB device you have encrypted with LUKS, the handles and devices stay there after an unexpected USB disconnect… so you can’t actually unmount or remount the dm-crypt device after that happens. Anytime you try, the kernel blocks you saying the device is busy - only fix i’m aware of is a reboot.
If the encryption is managed by the filesystem itself, one would probably assume this kind of mounting & unexpected disconnect scenario would be handled as gracefully as possible
I see, good points.
I have also experienced that dangling devices break remounting it, but I think there’s a quicker solution for it:
dmsetup remove insert_device_name_here.
It’s still a manual thing, though, but 2 steps better. Maybe it can be automated somehow, I haven’t looked into that yet.
I’m a happy btrfs user, but it’s most definitely a great thing to see what seems like a really clean implementation like this that is able to learn from the many years of collective experience with ZFS and btrfs.
Good. For one thing, we can move on to drama about something else. But, also, I’d like to play with it without having to build a kernel.
I am on nixos and I can do exactly that.
Is this the new “Arch, btw?”
😂 hope its not
Seemingly. I’m also on nixos
I also use NixOS btw
I’m always nervous when hearing about new filesystems since a certain high profile news incident a several years back.
I really, really, really hope that Kent Overstreet has a really good relationship with any partner or spouse he may or may not have.
