1. Technical Field
The present invention relates to an approach for improving the input/output control and efficiency in an encrypted file system. More particularly, the present invention provides an approach that reduces the time that an application has to wait while storing data in an encrypted file system.
2. Description of the Related Art
Encrypted file systems include “full disk encryption” (also known as “whole disk encryption”) as well as filesystem-level encryption (also known as “folder encryption). As the name implies, in full disk encryption, nearly every file is encrypted including swap files and temporary files. Because nearly everything is encrypted, the user typically cannot decide which files to encrypt. On the other hand, filesystem level encryption is a form of disk encryption where individual files, directories (folders), or the file system itself are encrypted. Typically, filesystem level encryption is more flexible, especially in terms of the encryption keys used to encrypt the files and directories. Generally, file system metadata (e.g., directory structures, files names, etc.) are not encrypted with filesystem level encryption, while this metadata is traditionally encrypted under full disk encryption. Regardless of the particular type of encrypted file system, encrypted file systems are challenged in terms of input/output control as well as efficiency.
Encrypted file systems employ encryption algorithms to encrypt unencrypted data into an encrypted format before storing the encrypted data onto a nonvolatile storage device, such as a hard drive. Encrypting data into an encrypted format and then writing the encrypted data to the nonvolatile storage device is relatively time consuming. One challenge is that the software application waits for the encrypted file system to encrypt and store data before proceeding. This results in decreased efficiency in terms of both the encrypted file system as well as the software applications running in a system that uses an encrypted file system.