# File-based encryption (Linux Ubuntu)

Source: [https://docs.qualcomm.com/doc/80-88500-2/topic/56_File_based_encryption.html](https://docs.qualcomm.com/doc/80-88500-2/topic/56_File_based_encryption.html)

File-based encryption (FBE) encrypts files with different keys. The ext4, F2FS, and UBIFS file systems support the file encryption using a common API called `fscrypt`. With `fscrypt`, encryption is applied at the directory level. `fscrypt` is also the name of a user space tool. Ubuntu on the Qualcomm Robotics RB5 device has `fscrypt` installed in Rootfs and supports FBE using an inline encryption method.

Different directories use different encryption keys. In an encrypted directory, file contents, filenames, and symlinks are encrypted. All subdirectories are encrypted too. Nonfilename metadata, such as timestamps, the sizes and number of files, and extended attributes are not encrypted.

To support the inline encryption framework, use the following configurations:
      
- `CONFIG_BLK_INLINE_ENCRYPTION=y`
- `CONFIG_SCSI_UFS_CRYPTO=y`
- `CONFIG_SCSI_UFS_CRYPTO_QTI=y`
- `CONFIG_DM_DEFAULT_KEY=y`
- `CONFIG_MMC_CQHCI_CRYPTO=y`
- `CONFIG_MMC_CQHCI_CRYPTO_QTI=y`
- `CONFIG_QTI_CRYPTO_COMMON=y`
- `CONFIG_QTI_CRYPTO_TZ=y`
- `CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y`

- **[Enable encrypt and stable_inodes feature flag for ext4 file system](https://docs.qualcomm.com/doc/80-88500-2/topic/57_Enable_encrypt_and_stable_inodes_feature_flag_for_ext4_file_system.html)**
- **[Enable the fscrypt userspace tool](https://docs.qualcomm.com/doc/80-88500-2/topic/58_Enable_the_fscrypt_userspace_tool.html)**
- **[Encrypt empty directory](https://docs.qualcomm.com/doc/80-88500-2/topic/59_Encrypt_empty_directory_.html)**

**Parent Topic:** [Build system](https://docs.qualcomm.com/doc/80-88500-2/topic/4_Qualcomm_Robotics_RB5_build_system.html)

Last Published: Aug 18, 2023

[Previous Topic
FAQ for update-alternatives – useradd issue](https://docs.qualcomm.com/bundle/publicresource/80-88500-2/topics/55_FAQ_for_update_alternatives___useradd_issue.md) [Next Topic
Enable encrypt and stable\_inodes feature flag for ext4 file system](https://docs.qualcomm.com/bundle/publicresource/80-88500-2/topics/57_Enable_encrypt_and_stable_inodes_feature_flag_for_ext4_file_system.md)