On Tue, Nov 29, 2022 at 12:05:51PM -0500, Peter Naulls wrote: > On 11/29/22 11:50, Daniel Golle wrote: > > > > > There is nothing wrong with that use-case, and it can even be > > interesting for other downstream users. Encrypted rootfs_data is > > generally a good idea, especially when rootfs_data is used to store > > private key material (think: VPN keys) or other kind of credentials. > > > > I was more wondering why you are using JFFS2 on a block device, instead > > of e.g. using F2FS or EXT4 which are intended for block devices. > > Our flash is NOR. We will probably move to NAND in the next iteration of > hardware, but this is what we have for now. > > I'm open to other ways to make it work, but this is the arrangement that > I was able to make work in my research and testing, and that a colleague > used successfully on a non-OpenWrt system.
Ok, that makes sense then. So basically you are basically using mtd->mtdblock->cryptsetup/luks->block2mtd->jffs2 I thought you are on a device with actual block storage. For your case I also can't come up with anything better which works out-of-the-box for NOR flash. Supporting fscrypt in JFFS2 would be more elegant, but that's a bit more demanding than just using what is already there and works... _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
