On 11/20/13 07:36, Vladimir 'φ-coder/phcoder' Serbinenko wrote:
It's not that easy. Trouble is that you need to also prevent inconsistent rollback and for this you need to have a hash tree. Then since power failure is a possibility you need this tree to be consistent at every moment. Those issues are a bit easier to handle on FS level. ZFS supports HMACs. BtrFS perhaps will one day.
Minor terminology nit: ZFS has a MAC not an HMAC. HMAC implies a hash based MAC such as HMAC-SHA256.
ZFS uses AES-CCM or AES-GCM modes which are AEAD modes that produce an Auth/MAC tag. You could do an equivalent thing with AES-CBC or AES-XTS plus HMAC-SHA256 (the original ZFS crypto prototype was AES-CBC with HMAC-SHA256 but I switched to AES-CCM/GCM).
-- Darren J Moffat _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
