On Tue, Nov 29, 2022 at 11:28:29AM -0500, Peter Naulls wrote: > On 11/29/22 10:32, Daniel Golle wrote: > > On Tue, Nov 29, 2022 at 10:23:48AM -0500, Peter Naulls wrote: > > > > > > This backports the upstream label feature in block2mtd to the 5.10.x > > > kernel > > > in 22.03: > > > > > > https://github.com/torvalds/linux/blob/master/drivers/mtd/devices/block2mtd.c > > > > Where are we using block2mtd and why? > > > > I should have added more context. I don't think there's really a "we" here, > this is something I needed, and it's more for discussion than anything. I > don't > think it has a general use in OpenWrt at present, and given the release status > of 22.03 you could even argue it shouldn't go in. > > My application is for encrypting the rootfs_data partition to meet security > audit requirements (rootfs too, but that's a different step). I know there > hasn't been much appetite for this in the past, and I'm painfully aware of the > OSS nature here vs encryption, but here we are. This is a requirement for > our product, whether I get pushback or not. > > In any case, block2mtd allows me to present devices from cryptsetup to jffs2. > I'm working on some additional patches to make this all work with 'mount_root' > and sysupgrade, so we'll see - it will be experimental in nature for sure, and > may not ultimately be the best way to do things. That's OK.
There is nothing wrong with that use-case, and it can even be interesting for other downstream users. Encrypted rootfs_data is generally a good idea, especially when rootfs_data is used to store private key material (think: VPN keys) or other kind of credentials. I was more wondering why you are using JFFS2 on a block device, instead of e.g. using F2FS or EXT4 which are intended for block devices. _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
