1/ Seems to me BTRFS is going to be implemented ?? right ?
according to the latest release notes of the 1.24 update 7 version : Add support for Btrfs filesystem when creating volumes (Linux Only).
2/ there is something that caught my attention :
Allow choosing a filesystem other than FAT for Outer volume but display warning about risks of such choice.
Could you be more telling about what those risks could be please ?
thanks a lot
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, I have added the possibility of creating volumes formatted as Btrfs but it requires having "mkfs.btrfs" installed on the system (on Ubuntu this can be installed through the package btrfs-progs). I did some tests and it looks ok for usage but it is new and feedback is needed to see if there are any issues when using it for VeraCrypt volumes.
Concerning using a filesystem other than FAT for Outer volume, here is a the warning that is displayed when the user make such choice:
WARNING: You have selected a filesystem other than FAT for the outer volume.
Please Note that in this case VeraCrypt can't calculate the exact maximum allowed size for the hidden volume and it will use only an estimation that can be wrong.
Thus, it is your responsibility to use an adequate value for the size of the hidden volume so that it doesn\'t overlap the outer volume.
So basically, the risk is that the estimated allowed size for Hidden volume displayed by VeraCrypt can be wrong since we only know how to scan the cluster bitmap of FAT filesystem and for other filesystem we can only do an estimation of the available clusters. And if the Hidden volume region overlaps a region of cluster used by Outer volume, then an obvious problem will happen.
👍
1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
First feedback for BTRFS,
I did the following (I am newbie to it) :
I dowloaded the package btrfs-progs and then installed it on Debian Buster/Emmabuntu
Next I installed VC update 7
Then I tried to create a small file container
To my surprise on the Format Options / Filesystem Options window of VC :
there are only None, Fat, Linux Ext2/3/4, NTFS, Exfat listed.....but no BTRFS ??
Did I get your answer wrongly ?
Here below the outputs of the command lines I got from Debian Buster/Emmabuntu :
emmabuntus@emmabuntus:~/Téléchargements$ sudo dpkg -i btrfs-progs_4.20.1-2_amd64.deb
(Lecture de la base de données... 289199 fichiers et répertoires déjà installés.)
Préparation du dépaquetage de btrfs-progs_4.20.1-2_amd64.deb ...
Dépaquetage de btrfs-progs (4.20.1-2) sur (4.20.1-2) ...
Paramétrage de btrfs-progs (4.20.1-2) ...
Traitement des actions différées (« triggers ») pour initramfs-tools (0.133+deb10u1) ...
update-initramfs: Generating /boot/initrd.img-4.19.0-8-amd64
cryptsetup: ERROR: Couldn't resolve device overlay
cryptsetup: WARNING: Couldn't determine root device
cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries
nor crypto modules. If that's on purpose, you may want to uninstall the
'cryptsetup-initramfs' package in order to disable the cryptsetup initramfs
integration and avoid this warning.
live-boot: core filesystems devices utils udev blockdev dns.
Traitement des actions différées (« triggers ») pour man-db (2.8.5-2) ...
emmabuntus@emmabuntus:~/Téléchargements$ sudo mkfs.btrfs
btrfs-progs v4.20.1
See http://btrfs.wiki.kernel.org for more information.
Usage: mkfs.btrfs [options] dev [ dev ... ]
Options:
allocation profiles:
-d|--data PROFILE data profile, raid0, raid1, raid5, raid6, raid10, dup or single
-m|--metadata PROFILE metadata profile, values like for data profile
-M|--mixed mix metadata and data together
features:
-n|--nodesize SIZE size of btree nodes
-s|--sectorsize SIZE data block size (may not be mountable by current kernel)
-O|--features LIST comma separated list of filesystem features (use '-O list-all' to list features)
-L|--label LABEL set the filesystem label
-U|--uuid UUID specify the filesystem UUID (must be unique)
creation:
-b|--byte-count SIZE set filesystem size to SIZE (on the first device)
-r|--rootdir DIR copy files from DIR to the image root directory
--shrink (with --rootdir) shrink the filled filesystem to minimal size
-K|--nodiscard do not perform whole device TRIM
-f|--force force overwrite of existing filesystem
general:
-q|--quiet no messages except errors
-V|--version print the mkfs.btrfs version and exit
--help print this help and exit
deprecated:
-A|--alloc-start START the offset to start the filesystem
-l|--leafsize SIZE deprecated, alias for nodesize
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The minimum size for a BTRFS volume is 114294784 bytes (cf https://sourceforge.net/p/veracrypt/code/ci/master/tree/src/Core/VolumeCreator.h#l24). This minimum value is imposed by mkfs.btrfs and if you try to invoque it manually on a small volume you will receive the error message "ERROR: minimum size for each btrfs device is 114294784".
So, in order to have Btrfs listed in VeraCrypt, please choose a volume size larger than the value mentionned above.
👍
1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ubuntu is already experimenting with the ZFS filesystem as root.
Could VeraCrypt support ZFS (and maybe OpenZFS on Windows in future, for better reliability? It’s under development on GitHub).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I was able to encrypt a whole external device (SD card 32 Gb), on my test :
It is the very first time that
*the Outer part can be something else than FAT !
Usually a Linux user will have FAT as Outer Volume, and whatever Filesystem he wants on the hidden area.
Here with BTRFS, you can have BTRFS on both Outer + Hidden area !!!
On a total of 29.7 Gb available, the hidden part was announced to be near 24 Gb maximum possible size. (it is near to 80% of the original size of the device, which is not bad at all)
I did not get a message that I selected a file system other than FAT and there was no warning about that too.
The estimation of free 24 Gb available was given automatically by Veracrypt and no warning about any risks of overlapping the Outer volume.
At this time, I do not know if what I did is reliable...?
and more important,
if external device are suitable with the use of BTRFS ???
I guess I did things correctly...however It should be easier to copy an external back up with another one,
as the checksumming is done by BTRFS
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The warning about not selecting FAT is displayed even when Btrfs is choosen so it is not possible that you didn't get the warning. Just to be sure, I did a test using official package for 1.24-Update7 on Debian Buster and the warning is displayed as you can see in the screenshot below. So, I think you made a mistake in the combobox selection.
Concerning the size of hidden volume, it is only an estimation as I said previously and one should add a security margin to it by reducing its value.
Also, it is strongly advises to mount outer volume with hidden volume protection to avoid corrupting hidden volume because filesystems other than FAT/exFAT don't always allocate sector in a linear manner.
As for reliability of BTRFS on external device, I don't have the answer.
👍
1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The size of hidden volume depends on the targeted usage. For better plausible deniability, the outer volume should be used regularly like a normal volume and so in order to avoid suspicion, the size of hidden volume should be as small as possible. I would say that reserving 80% of the total space to the outer volume and only 20% for the hidden volume is a good trade-off.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
At the moment, BTRFS is not implemented within Veracrypt,
Is it planned anytime soon ?
The only option left is to create a container using any file system and thereafter,
one can replace it with BTRFS within DISKS utility on LINUX
I am new to BTRFS concept but would like to give it a try,
Is it crossplatform ?
Has anyone used it in a container file system ??
Are there some limitations or failures ?
thanks
Last edit: infodan36 2020-05-14
Hi Mounir,
1/ Seems to me BTRFS is going to be implemented ?? right ?
according to the latest release notes of the 1.24 update 7 version :
Add support for Btrfs filesystem when creating volumes (Linux Only).
2/ there is something that caught my attention :
Allow choosing a filesystem other than FAT for Outer volume but display warning about risks of such choice.
Could you be more telling about what those risks could be please ?
thanks a lot
Yes, I have added the possibility of creating volumes formatted as Btrfs but it requires having "mkfs.btrfs" installed on the system (on Ubuntu this can be installed through the package btrfs-progs). I did some tests and it looks ok for usage but it is new and feedback is needed to see if there are any issues when using it for VeraCrypt volumes.
Concerning using a filesystem other than FAT for Outer volume, here is a the warning that is displayed when the user make such choice:
So basically, the risk is that the estimated allowed size for Hidden volume displayed by VeraCrypt can be wrong since we only know how to scan the cluster bitmap of FAT filesystem and for other filesystem we can only do an estimation of the available clusters. And if the Hidden volume region overlaps a region of cluster used by Outer volume, then an obvious problem will happen.
@idrassi, how does one know what type of FS they are using? Does it prominently ask?
Last edit: Mr. Beedell, Roke Julian Lockhart (RJLB) 2023-11-16
Ah, apologies - got my answer at https://sourceforge.net/p/veracrypt/discussion/features/thread/6e8b64e40f/#f0a1
Thank you Mounir for the release of the update 7
First feedback for BTRFS,
I did the following (I am newbie to it) :
I dowloaded the package btrfs-progs and then installed it on Debian Buster/Emmabuntu
Next I installed VC update 7
Then I tried to create a small file container
To my surprise on the Format Options / Filesystem Options window of VC :
there are only None, Fat, Linux Ext2/3/4, NTFS, Exfat listed.....but no BTRFS ??
Did I get your answer wrongly ?
Here below the outputs of the command lines I got from Debian Buster/Emmabuntu :
emmabuntus@emmabuntus:~/Téléchargements$ sudo dpkg -i btrfs-progs_4.20.1-2_amd64.deb
(Lecture de la base de données... 289199 fichiers et répertoires déjà installés.)
Préparation du dépaquetage de btrfs-progs_4.20.1-2_amd64.deb ...
Dépaquetage de btrfs-progs (4.20.1-2) sur (4.20.1-2) ...
Paramétrage de btrfs-progs (4.20.1-2) ...
Traitement des actions différées (« triggers ») pour initramfs-tools (0.133+deb10u1) ...
update-initramfs: Generating /boot/initrd.img-4.19.0-8-amd64
cryptsetup: ERROR: Couldn't resolve device overlay
cryptsetup: WARNING: Couldn't determine root device
cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries
nor crypto modules. If that's on purpose, you may want to uninstall the
'cryptsetup-initramfs' package in order to disable the cryptsetup initramfs
integration and avoid this warning.
live-boot: core filesystems devices utils udev blockdev dns.
Traitement des actions différées (« triggers ») pour man-db (2.8.5-2) ...
emmabuntus@emmabuntus:~/Téléchargements$ sudo mkfs.btrfs
btrfs-progs v4.20.1
See http://btrfs.wiki.kernel.org for more information.
Usage: mkfs.btrfs [options] dev [ dev ... ]
Options:
allocation profiles:
-d|--data PROFILE data profile, raid0, raid1, raid5, raid6, raid10, dup or single
-m|--metadata PROFILE metadata profile, values like for data profile
-M|--mixed mix metadata and data together
features:
-n|--nodesize SIZE size of btree nodes
-s|--sectorsize SIZE data block size (may not be mountable by current kernel)
-O|--features LIST comma separated list of filesystem features (use '-O list-all' to list features)
-L|--label LABEL set the filesystem label
-U|--uuid UUID specify the filesystem UUID (must be unique)
creation:
-b|--byte-count SIZE set filesystem size to SIZE (on the first device)
-r|--rootdir DIR copy files from DIR to the image root directory
--shrink (with --rootdir) shrink the filled filesystem to minimal size
-K|--nodiscard do not perform whole device TRIM
-f|--force force overwrite of existing filesystem
general:
-q|--quiet no messages except errors
-V|--version print the mkfs.btrfs version and exit
--help print this help and exit
deprecated:
-A|--alloc-start START the offset to start the filesystem
-l|--leafsize SIZE deprecated, alias for nodesize
The minimum size for a BTRFS volume is
114294784bytes (cf https://sourceforge.net/p/veracrypt/code/ci/master/tree/src/Core/VolumeCreator.h#l24). This minimum value is imposed bymkfs.btrfsand if you try to invoque it manually on a small volume you will receive the error message "ERROR: minimum size for each btrfs device is 114294784".So, in order to have Btrfs listed in VeraCrypt, please choose a volume size larger than the value mentionned above.
Ubuntu is already experimenting with the ZFS filesystem as root.
Could VeraCrypt support ZFS (and maybe OpenZFS on Windows in future, for better reliability? It’s under development on GitHub).
Thank you Mounir
My second feedback :
I was able to encrypt a whole external device (SD card 32 Gb), on my test :
It is the very first time that
*the Outer part can be something else than FAT !
Usually a Linux user will have FAT as Outer Volume, and whatever Filesystem he wants on the hidden area.
Here with BTRFS, you can have BTRFS on both Outer + Hidden area !!!
On a total of 29.7 Gb available, the hidden part was announced to be near 24 Gb maximum possible size. (it is near to 80% of the original size of the device, which is not bad at all)
I did not get a message that I selected a file system other than FAT and there was no warning about that too.
The estimation of free 24 Gb available was given automatically by Veracrypt and no warning about any risks of overlapping the Outer volume.
At this time, I do not know if what I did is reliable...?
and more important,
if external device are suitable with the use of BTRFS ???
I guess I did things correctly...however It should be easier to copy an external back up with another one,
as the checksumming is done by BTRFS
The warning about not selecting FAT is displayed even when Btrfs is choosen so it is not possible that you didn't get the warning. Just to be sure, I did a test using official package for 1.24-Update7 on Debian Buster and the warning is displayed as you can see in the screenshot below. So, I think you made a mistake in the combobox selection.
Concerning the size of hidden volume, it is only an estimation as I said previously and one should add a security margin to it by reducing its value.
Also, it is strongly advises to mount outer volume with hidden volume protection to avoid corrupting hidden volume because filesystems other than FAT/exFAT don't always allocate sector in a linear manner.
As for reliability of BTRFS on external device, I don't have the answer.
Hello Mounir
Again, you are correct
Please accept my appologies !
I strictly use the protection to mount outer volume with hidden volume protection anyway.
How much percentage of the volume,
would you use personnaly for the hidden area in this case ??
thanks again
The size of hidden volume depends on the targeted usage. For better plausible deniability, the outer volume should be used regularly like a normal volume and so in order to avoid suspicion, the size of hidden volume should be as small as possible. I would say that reserving 80% of the total space to the outer volume and only 20% for the hidden volume is a good trade-off.