Merge pull request #205 from ebiggers/autoselect-v2

Automatically enable policy_version 2 when kernel support is detected

5 files changed, 31 insertions, 13 deletions

diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go
index 4a59d30..f84102e 100644
--- a/cmd/fscrypt/commands.go
+++ b/cmd/fscrypt/commands.go
@@ -62,7 +62,7 @@ var Setup = cli.Command{
 		the README). This may require root privileges.`,
 		mountpointArg, actions.ConfigFileLocation,
 		shortDisplay(timeTargetFlag)),
-	Flags:  []cli.Flag{timeTargetFlag, legacyFlag, forceFlag},
+	Flags:  []cli.Flag{timeTargetFlag, forceFlag},
 	Action: setupAction,
 }
 
diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go
index bef6c2a..8bda921 100644
--- a/cmd/fscrypt/errors.go
+++ b/cmd/fscrypt/errors.go
@@ -113,6 +113,10 @@ func getErrorSuggestions(err error) string {
 		return fmt.Sprintf(`You can only use %s to access the user
 			keyring of another user if you are running as root.`,
 			shortDisplay(userFlag))
+	case keyring.ErrV2PoliciesUnsupported:
+		return fmt.Sprintf(`v2 encryption policies are only supported by kernel
+		version 5.4 and later. Either use a newer kernel, or change
+		policy_version to 1 in %s.`, actions.ConfigFileLocation)
 	case actions.ErrBadConfigFile:
 		return `Run "sudo fscrypt setup" to recreate the file.`
 	case actions.ErrNoConfigFile:
@@ -127,6 +131,13 @@ func getErrorSuggestions(err error) string {
 			metadata is corrupted.`
 	case actions.ErrMissingProtectorName:
 		return fmt.Sprintf("Use %s to specify a protector name.", shortDisplay(nameFlag))
+	case actions.ErrAccessDeniedPossiblyV2:
+		return fmt.Sprintf(`This may be caused by the directory using a v2
+		encryption policy and the current kernel not supporting it. If
+		indeed the case, then this directory can only be used on kernel
+		v5.4 and later. You can create directories accessible on older
+		kernels by changing policy_version to 1 in %s.`,
+			actions.ConfigFileLocation)
 	case ErrNoDestructiveOps:
 		return fmt.Sprintf("Use %s to automatically run destructive operations.", shortDisplay(forceFlag))
 	case ErrSpecifyProtector:
diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go
index ce2f30e..9679a8d 100644
--- a/cmd/fscrypt/flags.go
+++ b/cmd/fscrypt/flags.go
@@ -114,7 +114,7 @@ var (
 	// UPDATE THIS ARRAY WHEN ADDING NEW FLAGS!!!
 	// TODO(joerichey) add presubmit rule to enforce this
 	allFlags = []prettyFlag{helpFlag, versionFlag, verboseFlag, quietFlag,
-		forceFlag, legacyFlag, skipUnlockFlag, timeTargetFlag,
+		forceFlag, skipUnlockFlag, timeTargetFlag,
 		sourceFlag, nameFlag, keyFileFlag, protectorFlag,
 		unlockWithFlag, policyFlag, allUsersFlag, noRecoveryFlag}
 	// universalFlags contains flags that should be on every command
@@ -148,12 +148,6 @@ var (
 			WARNING: This bypasses confirmations for protective
 			operations, use with care.`),
 	}
-	legacyFlag = &boolFlag{
-		Name: "legacy",
-		Usage: `Allow for support of older kernels with ext4 (before
-			v4.8) and F2FS (before v4.6) filesystems.`,
-		Default: true,
-	}
 	skipUnlockFlag = &boolFlag{
 		Name: "skip-unlock",
 		Usage: `Leave the directory in a locked state after setup.
diff --git a/cmd/fscrypt/format.go b/cmd/fscrypt/format.go
index 48a5a86..cc268aa 100644
--- a/cmd/fscrypt/format.go
+++ b/cmd/fscrypt/format.go
@@ -98,11 +98,10 @@ func shortDisplay(f prettyFlag) string {
 //
 //  --help                     Prints help screen for commands and subcommands.
 //
-// If a default is specified, this if appended to the usage. Example:
+// If a default is specified, then it is appended to the usage. Example:
 //
-//  --legacy                   Allow for support of older kernels with ext4
-//                             (before v4.8) and F2FS (before v4.6) filesystems.
-//                             (default: true)
+//  --time=TIME                Calibrate passphrase hashing to take the
+//                             specified amount of TIME (default: 1s)
 //
 func longDisplay(f prettyFlag, defaultString ...string) string {
 	usage := f.GetUsage()
diff --git a/cmd/fscrypt/setup.go b/cmd/fscrypt/setup.go
index 69787bb..7b9bebb 100644
--- a/cmd/fscrypt/setup.go
+++ b/cmd/fscrypt/setup.go
@@ -50,8 +50,22 @@ func createGlobalConfig(w io.Writer, path string) error {
 		return err
 	}
 
+	// v2 encryption policies are recommended, so set policy_version 2 when
+	// the kernel supports it. v2 policies are supported by upstream Linux
+	// v5.4 and later. For now we simply check the kernel version. Ideally
+	// we'd instead check whether setting a v2 policy actually works, in
+	// order to also detect backports of the kernel patches. However, that's
+	// hard because from this context (creating /etc/fscrypt.conf) we may
+	// not yet have access to a filesystem that supports encryption.
+	var policyVersion int64
+	if util.IsKernelVersionAtLeast(5, 4) {
+		fmt.Fprintln(w, "Defaulting to policy_version 2 because kernel supports it.")
+		policyVersion = 2
+	} else {
+		fmt.Fprintln(w, "Defaulting to policy_version 1 because kernel doesn't support v2.")
+	}
 	fmt.Fprintln(w, "Customizing passphrase hashing difficulty for this system...")
-	err = actions.CreateConfigFile(timeTargetFlag.Value, legacyFlag.Value)
+	err = actions.CreateConfigFile(timeTargetFlag.Value, policyVersion)
 	if err != nil {
 		return err
 	}