On Thu, Dec 5, 2019 at 8:04 AM Lennart Poettering <mzerqung(a)0pointer.de> wrote:
If you use LUKS/dm-crypt without dm-integrity and you have a clue
where things are located then you can change files without anything
being able to detect that. (On btrfs you might have some luck, since
it has data checksumming, but ext4 and other traditional file systems
do not).
xxhash, sha256, and blake2 coming to Btrfs in kernel 5.5, with online
conversion between them.
And it's easier to figure out where stuff is located then you
might
think since we live in a world where people use SSDs and mount file
systems with "discard", so that what are used blocks and what are free
blocks is propagated to the underlying device. Moreover file systems
write in certain patterns, i.e. try to keep large files in one stream
together, put files in the same directories adjacent to each other and
so on, and are usually roughly reproducible.
Fedora install time default for LUKS encrypted volumes is to unlocked
with cryptsetup open --allow-discards, which is set in /etc/crypttab
by using the discard option. This is since Fedora 27.
https://fedoraproject.org/wiki/Changes/EnableTrimOnDmCrypt
However, the installer doesn't enable the discard mount option for any
file system in /etc/fstab, and fstrim.timer is disabled by default.
Therefore the feature is a no op for most users, who are unlikely to
enable file system discards using either method.
--
Chris Murphy