Kernel: LWN's Latest Articles (Outside Paywall)
Inline encryption for filesystems
The encryption of data at rest is increasingly mandatory in a wide range of settings from mobile devices to data centers. Linux has supported encryption at both the filesystem and block-storage layers for some time, but that support comes with a cost: either the CPU must encrypt and decrypt vast amounts of data moving to and from persistent storage or it must orchestrate offloading that work to a separate device. It was thus only a matter of time before ways were found to offload that overhead to the storage hardware itself. Satya Tangirala's inline encryption patch set is intended to enable the kernel to take advantage of this hardware in a general manner.
The Linux storage stack consists of numerous layers, so it is unsurprising that an inline encryption implementation will require changes at a number of those layers. Hardware-offloaded encryption will clearly require support from the device driver to work, but the knowledge of which encryption keys to use typically comes from the filesystem running at the top of the stack. Communicating that information from the top to the bottom requires a certain amount of plumbing.
Restricting path name lookup with openat2()
Looking up a file given a path name seems like a straightforward task, but it turns out to be one of the more complex things the kernel does. Things get more complicated if one is trying to write robust (user-space) code that can do the right thing with paths that are controlled by a potentially hostile user. Attempts to make the open() and openat() system calls safer date back at least to an attempt to add O_BENEATH in 2014, but numerous problems remain. Aleksa Sarai, who has been working in this area for a while, has now concluded that a new version of openat(), naturally called openat2(), is required to truly solve this problem.
The immediate purpose behind openat2() is to allow a program to safely open a path that is possibly under the control of an attacker; in practice, that means placing restrictions on how the lookup process will be carried out. Past attempts have centered around adding new flags to openat(), but there are a couple of problems with that approach: openat() doesn't check for unknown flags, and the number of available bits for new flags is not large. The failure to check for unknown flags is a well-known antipattern. A program using a path-restricting flag needs to know whether the requested behavior is understood by the kernel or not; the alternative is to accept security vulnerabilities on kernels that do not implement those flags.
Ask the TAB
The Linux Foundation (LF) Technical Advisory Board (TAB) is meant to give the kernel community some representation within the foundation. In a "birds of a feather" (BoF) session at the 2019 Open Source Summit North America, four TAB members participated in an "Ask the TAB" session. Laura Abbott organized the BoF and Tim Bird, Greg Kroah-Hartman, and Steven Rostedt joined in as well. In the session, the history behind the TAB, its role, and some of its activities over the years were described.
Abbott started things off by noting that she is one of the newest members of the TAB, so she asked Kroah-Hartman, who is the longest-serving member, to give some of the history. At the time the Open Source Development Labs (OSDL) merged with the Free Standards Group in 2007 (which he characterized as "when we overthrew OSDL") to form the LF, the kernel community was quite unhappy with how OSDL had been run. The kernel developers made a list of six or eight demands and the LF met five of them. One of those was to form an advisory board to help the organization with various technical problems it might encounter.
Repurpose Your Old Laptop [with GNU/Linux]
Switching to a less intensive OS such as Linux or Chrome OS is likely to be less taxing on your hardware, therefore yielding better performance for you. Chrome OS might not be the best option however, as it’s based around cloud storage, which isn’t cheap. Linux, on the other hand, offers the best of both worlds. Windows users can easily get used to Linux, and the wide variety of distributions or distros (different releases of Linux OS) make using this OS quite a treat. Anyone looking to make the switch to Linux can easily accomplish the task using only a bootable pendrive and a laptop. Just make sure the laptop’s wifi adapter is compatible with your choice of Linux distro. Additionally, there are some things to note when shifting to Linux. You will lose out on some applications, such as Photoshop, Premiere Pro, etc. but since you’re going to be installing it on an old system, it’s unlikely you’d be using any of these softwares anyway. YouTube is going to be essential in your journey to Open Source greatness, and Chris Titus Tech’s ‘First time Linux installation’ series and Switched To Linux’s ‘Distro Reviews’ will provide you with a lot of info when getting started.
