How to encrypt a btrfs subvolume?
Is it possible to encrypt a btrfs subvolume only (no need to be "transparent encryption")?
No, BTRFS does not currently have built-in support for encryption. Today, to encrypt a filesystem (not just a sub-volume) you'd need DM-Crypt/LUKS. See https://btrfs.wiki.kernel.org/index.php/FAQ#Does_btrfs_support_encryption.3F
Related videos on Youtube
renyuneyun
Updated on September 18, 2022Comments
-
renyuneyun almost 2 years
I'm looking for information about encryption with btrfs. I have experience with full-disk (LVM actually) encryption, so this time I only need to look at some btrfs specific questions.
I have found this article on archlinux wiki, and find this method is just the same as the previous encryption way I used (some time ago), except for the fact that they are using btrfs subvolumes instead of LVM.
For me, I don't want / need a full-partition encryption as the
home
subvolume(s) is(are) the only place where I'd like to encrypt. (Actually there are more subvolumes underhome
, but that's another question.)
However, through my search, I don't find any information about how to encrypt a btrfs subvolume only. The only most relevant thing I find is this mail from the btrfs mailing list, which is an experimental patch which provides transparent(?) encryption of btrfs (subvolume).
I also couldn't think out of my mind what method can be used to encrypt a subvolume only.So, my main question is:
Is it possible to encrypt a btrfs subvolume only (no need to be "transparent encryption")? If yes, how?
Side note: Creating an encrypted block (file) and mount it on the "subvolume" is not an acceptable method since it is not a "subvolume" at all.
-
Alessio over 6 yearsAFAIK, btrfs doesn't support subvolume encryption..at least it didn't last time I looked closely at btrfs a few years ago. zfsonlinux added it last year ("datasets" are the ZFS equivalent to "subvolumes").
-
-
renyuneyun over 6 yearsWere I correct, BTRFS's (supposed) encryption support is for transparent encryption. Is there no way to perform manual encryption on subvolumes?
-
Emmanuel Rosa over 6 yearsThe encryption support you mentioned is experimental and as far as I know is not included in mainline. I don't know how well maintained those patches are. Today, encryption for BTRFS is done at the block device level using DM-Crypt/LUKS, which encompasses the entire filesystem; hence there's no sub-volume encryption.