Linux Disk Encryption Technology: FDE, FBE and eCryptfs Implementation Analysis

This article is the second installment in the Linux Kernel Security Technology series, focusing on disk encryption technology and mainstream implementation solutions. The content covers three main areas:

1. Technical Background : Introduction to data security across different states - Data in Use (with Full Memory Encryption like Intel TME and AMD SME), Data in Motion/Transit (SSL/TLS, SSH), and Data at Rest (disk encryption). The article explains various encryption classification dimensions including encryption object, user perception, and encryption algorithms.

2. Disk Encryption Solutions : Detailed analysis of two implementation approaches - Full-Disk Encryption (FDE) and Filesystem-Based Encryption (FBE). FDE includes hardware solutions (Self-Encrypting Drives) and software solutions (dm-crypt/LUKS, BitLocker, FileVault). FBE is divided into stackable cryptographic filesystems (eCryptfs, FUSE-based solutions) and native filesystem encryption (fscrypt supporting Ext4, F2FS, UBIFS). The article provides comprehensive comparison between FDE and FBE in terms of flexibility, performance, and implementation.

3. eCryptfs Deep Dive : Extensive analysis of eCryptfs including test cases demonstrating transparent encryption, file encryption characteristics, key management mechanisms (FEK - File Encryption Key, FEKEK - File Encryption Key Encryption Key), architecture design, and code flow analysis. The article explains how eCryptfs achieves per-file unique encryption keys and the key derivation process from user passphrase.

The article references multiple academic papers including "eCryptfs: an enterprise-class cryptographic filesystem for Linux" (2005) and "eCryptfs: a Stacked Cryptographic Filesystem" (2007), providing both theoretical foundations and practical implementation details for Linux disk encryption technology.