Although the Fedora 33 desktop version has determined to use the Btrfs file system by default, for users who use the server version or do not want to use the default settings, Fedora 33 provides Stratis 2.1 as another option.
Stratis is a volume-managing filesystem (VMF), developed by the Fedora team, and “supports per-pool encryption of the devices that form a pool’s data tier. A pool may be encrypted, or its constituent encrypted devices may be activated, by means of a key stored in the kernel keyring.”
There was a proposal last month to introduce Stratis 2.1, the latest version of Stratis, to Fedora 33. The Fedora Engineering and Steering Committee (FESCo) has now approved the proposal. Therefore, it is expected that Fedora 33 released this fall will have the opportunity to use Stratis 2.1.
The most important new feature of Stratis 2.1 is support for per-pool encryption, which is one of the reasons that prompted Fedora 33 to adopt it. In addition, Stratis 2.1 also provides a new management and monitoring interface, as well as other enhancements.
This release implements encryption support and adds several new D-Bus interfaces to administer or monitor that support.
It implements encryption support in the following way:
- A single instance of stratisd can support both encrypted and unencrypted pools.
The choice to encrypt a pool must be made at the time a pool is created.
- At present, the use of a cache and of encryption are mutually exclusive; if the pool is created with encryption enabled, then it is not possible to create a cache.
- Each pool may be encrypted by means of a key in the kernel keyring; each encrypted pool may make use of a different key, but all devices in a pool are encrypted with a single key.
- Any additional devices that are added to an encrypted pool’s data tier will be encrypted using the key that was specified when the pool was initialized.