Sweet Tea Dorminy submitted an patch-set adding an encryption feature to #btrfs: https://lore.kernel.org/all/cover.1687988380.git.sweettea-kernel@dorminy.me/

```This is a changeset adding encryption to btrfs. It is not complete; it does not support inline data or verity or authenticated encryption. It is primarily intended as a proof that the fscrypt extent encryption changeset it builds on work.```

For the mentioned #fscrypt changes see:
https://lore.kernel.org/linux-fscrypt/cover.1687988119.git.sweettea-kernel@dorminy.me/ #Linux #kernel #LinuxKernel

Hm, interesting, #fedora seems to be moving to full-disk-encryption using #btrfs and #fscrypt by default, along with signing unified kernel images (UKIs) and using the #TPM. No measuring/attestation AFAICT yet, but a very good move forward!

They also want to separately encrypt homes, and even mention #systemd #homed in the Pagure:
https://pagure.io/fedora-workstation/blob/master/f/notes/encryption.md
However they write:

> *It cannot be universal for all Fedora systems - some things like NFS home directories are out of scope for systemd-homed. Logging in remotely via ssh is not supported. (???)*

I'm pretty sure ssh is supported and even documented, and #NFS should be of no business to homed? But NFS+automount should work perfectly fine with #homed, or did I misunderstand something?

Maybe someone with more knowledge than me should chip in, otherwise they will re-invent the wheel (and doing separately encrypted homes is hard to do correctly!)

Joe Richey released #fscrypt version 0.3.4. https://github.com/google/fscrypt

Support for SM4 encryption in #fscrypt was merged for #LinuxKernel 6.2 as part of the fscrypt updates, but the maintainer recommends against using it: https://git.kernel.org/torvalds/c/8129bac60f30936d2339535841db5b66d0520a67 #Linux #kernel

@WhoNeedszZz do you know at what time exacly do #fscrypt unlocks folders encrypted with PAM?