Google is adding metadata encryption to the F2FS file system.

Flash Friendly File System has long provided encryption support for transparent file systems through Linux’s FSCRYPT framework, but now Google engineers are working to allow file system metadata to be encrypted as well. The patch released Monday allows all F2FS metadata except the superb block itself to be encrypted.

Google is adding metadata encryption to the F2FS file system.

Controls metADATA_crypt_key encryption with the ” s-mount” option, which specifies the encryption key to use from the login key ring. That is, all blocks in the file system are encrypted except super blocks. These suggested patches can be found through the kernel mailing list to further enhance the security of data on the F2FS file system.

The F2FS (Flash-Friendly File System) is a flash file system developed primarily by Kim (Korean: 김재극) at Samsung Group and suitable for Linux core use. This file system was originally designed for NAND flash storage devices such as SSDs, eMMCs, and SD cards, which are widely available from mobile devices to servers.