On such a filesystem, inodes may have EXT4_ENCRYPT_FLAG set.
For a regular file, this means its contents are encrypted; for a
directory, this means the filenames in its directory entries are
encrypted; and for a symlink, this means its target is encrypted. Since
GRUB cannot decrypt encrypted contents or filenames, just issue an error
if it would need to do so. This is sufficient to allow unencrypted boot
files to co-exist with encrypted files elsewhere on the filesystem.
(Note that encrypted regular files and symlinks will not normally be
encountered outside an encrypted directory; however, it's possible via
hard links, so they still need to be handled.)
Tested by booting from an ext4 /boot partition on which I had run
'tune2fs -O encrypt'. I also verified that the expected error messages
are printed when trying to access encrypted directories, files, and
symlinks from the GRUB command line. Also ran 'sudo ./grub-fs-tester
ext4_encrypt'; note that this requires e2fsprogs v1.43+ and Linux v4.1+.
Signed-off-by: Eric Biggers <ebiggers@google.com>
1. Make sure files are not multiple of block size. This will ensure tail packing
for squash4 and may also trigger more codes paths in other filesystems.
2. Call mksquashfs with -always-use-fragments to force tail packing.
proot creates hidden files with .proot prefix and name
derived from real file name. So decrease file name length
and path depth. For some reason depth 85 also results in
undeleteable directory, so use 84 instead of 85.
LVM miscalculates bitmap size with small extent, so start with 16K as
for other RAID types.
Until version 2.02.103 LVM counts metadata segments twice when checking
available space, reduce segment count by one to account for this bug.
Write activity with LVM/RAID can happen after filesystem is unmounted.
In my testing modification time of loop files was 15 - 20 seconds
after unmount. So use time as close to unmount as possible as
reference instead.