[PATCH] linux: add in labels for block2mtd
Daniel Golle
daniel at makrotopia.org
Tue Nov 29 08:50:28 PST 2022
On Tue, Nov 29, 2022 at 11:28:29AM -0500, Peter Naulls wrote:
> On 11/29/22 10:32, Daniel Golle wrote:
> > On Tue, Nov 29, 2022 at 10:23:48AM -0500, Peter Naulls wrote:
> > >
> > > This backports the upstream label feature in block2mtd to the 5.10.x kernel
> > > in 22.03:
> > >
> > > https://github.com/torvalds/linux/blob/master/drivers/mtd/devices/block2mtd.c
> >
> > Where are we using block2mtd and why?
> >
>
> I should have added more context. I don't think there's really a "we" here,
> this is something I needed, and it's more for discussion than anything. I don't
> think it has a general use in OpenWrt at present, and given the release status
> of 22.03 you could even argue it shouldn't go in.
>
> My application is for encrypting the rootfs_data partition to meet security
> audit requirements (rootfs too, but that's a different step). I know there
> hasn't been much appetite for this in the past, and I'm painfully aware of the
> OSS nature here vs encryption, but here we are. This is a requirement for
> our product, whether I get pushback or not.
>
> In any case, block2mtd allows me to present devices from cryptsetup to jffs2.
> I'm working on some additional patches to make this all work with 'mount_root'
> and sysupgrade, so we'll see - it will be experimental in nature for sure, and
> may not ultimately be the best way to do things. That's OK.
There is nothing wrong with that use-case, and it can even be
interesting for other downstream users. Encrypted rootfs_data is
generally a good idea, especially when rootfs_data is used to store
private key material (think: VPN keys) or other kind of credentials.
I was more wondering why you are using JFFS2 on a block device, instead
of e.g. using F2FS or EXT4 which are intended for block devices.
More information about the openwrt-devel
mailing list