Skip to content

Default to automatically using v2 encryption policies when available #182

Description

@ebiggers

#148 added support for v2 encryption policies, which have various security and usability advantages, including solving #128, #116, and #118. They require kernel v5.4 or later. But due to the kernel prerequisite, currently the user has to set "policy_version": "2" in /etc/fscrypt.conf. We should make it so that /etc/fscrypt.conf can contain "policy_version": "auto", where this means that fscrypt will use the best policy version that is available on the current kernel; and we should put this in the default /etc/fscrypt.conf generated by fscrypt setup.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions