# Storage encryption

Storage encryption enhances security by supporting the transparent
encryption of files and directories.

The Qualcomm Linux supports storage encryption with the [Inline crypto engine](https://docs.qualcomm.com/doc/80-70017-11/topic/crypto-core.html#section-glj-gfy-lzb) and a hardware-wrapped
key. It provides better efficiency and enhanced key protection.

The storage encryption feature allows:

- Provision of standard keys ranging from 32 bytes to 64 bytes for
content encryption
- Encryption of filenames and file content with separate keys
- Generation of 32‑byte key identifiers

The Qualcomm universal flash storage (UFS) driver is added to support the `fscrypt` API.

Note

The embedded multimedia card (eMMC) support will be provided in a future release.

For more information on the `fscrypt` API, see the Linux kernel
documentation at: `https://www.kernel.org/doc/Documentation/filesystems/fscrypt.rst`.

For related kernel documentation, see the following files:

- Inline encryption: `https://www.kernel.org/doc/Documentation/block/inline-encryption.rst`
- I/O control (IOCTL) support for storage encryption:
`` [https://www.kernel.org/doc/Documentation/userspace-api/ioctl/ioctl-number](https://www.kernel.org/doc/Documentation/userspace-api/ioctl/ioctl-number).rst``

You can invoke the storage encryption functionality using the
open-source `fscryptctl` tool, available
at [https://github.com/google/fscryptctl](https://github.com/google/fscryptctl).

Last Published: Jan 30, 2025

[Previous Topic
Storage security](https://docs.qualcomm.com/bundle/publicresource/80-70017-11/topics/secure-file-system.md) [Next Topic
SMC invoke](https://docs.qualcomm.com/bundle/publicresource/80-70017-11/topics/smcinvoke.md)