[gpfsug-discuss] GPFS, LTFS/EE and data-in-inode?

Sobey, Richard A r.sobey at imperial.ac.uk
Mon Jul 24 15:50:57 BST 2017


I suppose the distinction between data, metadata and data IN metadata could be made. Whilst it is clear to me (us) now, perhaps the thought was that the data would be encrypted even if it was stored inside the metadata.

My two pence.

Richard

From: gpfsug-discuss-bounces at spectrumscale.org [mailto:gpfsug-discuss-bounces at spectrumscale.org] On Behalf Of James Davis
Sent: 24 July 2017 15:45
To: gpfsug-discuss at spectrumscale.org
Subject: Re: [gpfsug-discuss] GPFS, LTFS/EE and data-in-inode?

Hey all,

On the documentation of encryption restrictions and encryption/HAWC interplay...

The encryption documentation currently states:

"Secure storage uses encryption to make data unreadable to anyone who does not possess the necessary encryption keys...Only data, not metadata, is encrypted."

The HAWC restrictions include:

"Encrypted data is never stored in the recovery log..."

If this is unclear, I'm open to suggestions for improvements.

Cordially,

Jamie

----- Original message -----
From: valdis.kletnieks at vt.edu<mailto:valdis.kletnieks at vt.edu>
Sent by: gpfsug-discuss-bounces at spectrumscale.org<mailto:gpfsug-discuss-bounces at spectrumscale.org>
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>>
Cc:
Subject: Re: [gpfsug-discuss] GPFS, LTFS/EE and data-in-inode?
Date: Fri, Jul 21, 2017 6:24 PM

On Fri, 21 Jul 2017 22:04:32 -0000, Sven Oehme said:
> i talked with a few others to confirm this, but unfortunate this is a
> limitation of the code today (maybe not well documented which we will look
> into). Encryption only encrypts data blocks, it doesn't encrypt metadata.
>  Hence, if encryption is enabled, we don't store data in the inode, because
> then it wouldn't be encrypted.  For the same reason HAWC and encryption are
> incompatible.

I can live with that restriction if it's documented better, thanks...


[Document Icon]attq4saq.dat<https://mail.notes.na.collabserv.com/livemail/0/82a99bcc9635f22a6009b956b15655c7/Body/M1.2/attq4saq.dat?OpenElement>

Type: application/pgp-signature
Name: attq4saq.dat

_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170724/a7ed5d9a/attachment.htm>


More information about the gpfsug-discuss mailing list