On 16.04.20 г. 17:24 ч., David Sterba wrote: > naming of the new checksums (hmac-sha256 or hmac-blake2 should be ok)> - key specification via mount option But the key shouldn't really be visible in /proc/mounts since it's readable by ordinary users, god knows how many more pseudo files there are which can provide the same situation. If the specification of the key is a reference to a loaded key then yes but otherwise I think that's a security risk, unless it's possible to hide passed options from /proc/mounts i.e pass it but make it internal to the filesystem ? > - all progs must work with filesystems with the keyed hash, so how to > specify the auth key in a consistent way
