v1.0.0

Major version bump since changes are a lot.

New features

• New lite format repositories no longer have any restrictions on file name lengths (OS limits still apply, but underlying filesystem limits don't).
  • Here "filename" refers to individual components of the full path. For example, in /usr/local/bin, the filenames are usr, local, and bin.
  • Existing repositories can be upgraded by securefs migrate-long-name, provided that they don't have any symlinks.
  • Basically if a filename is too long, it is encrypted and stored in a SQLite database. This incurs a small performance overhead but such long names should be rare occurrences. For more information, see here.
• New options for full format repositories
  • Case insensitive yet case preserving (like the default behavior of NTFS)
  • Unicode normalization insensitive and preserving (like the default behavior of APFS/HFS+).
  • These enable better compatibility with native filesystems. Note both of the features cannot be changed after creation.
• The config file format and default name is changed
  • The config file is now in protobuf.
  • The default name is now .config.pb rather than .securefs.json, since some people do not like revealing the name securefs to potential peekers.
  • Everything except the password derivation parameters are now encrypted and validated. Information such as max padding size is no longer visible without the password.
  • Loading old repos with JSON config is still supported. To upgrade, please run securefs chpass (in which case the config file will misleadingly stay the same name but be protobuf).
• Creating format code 1 and 3 filesystems are now impossible. Mounting them still works.
• The internals of the code base is heavily refactored to allow for easier feature development in the future.

Performance

• Reads and writes are now coalesced such that throughput on non-cached disks are significantly faster.
• We have implemented a workaround for libfuse2's performance problem where threads are repeatedly created and destroyed. libfuse3 fixes this problem, but we cannot upgrade yet for macFUSE compatibility.
• The binary releases are built with link time optimization. It is difficult to get this to compile, so it is not listed in README. If you want to try, you can refer to release.yml.

Misc

• securefs now reports stable inode numbers on most cases.

0.14.3

Minor update.

The build system is tweaked to be more friendly to certain package managers.

0.14.2

Add mount option --plain-text-names to disable file name encryption/decryption.

0.14.1

Dependencies are no longer bundled with the source tree. This allows easier upgrade.

0.13.1

Critical bug fixes: all users should immediately upgrade.

0.13.0

Changelog

New features

• Argon2id is now the default password hashing algorithm. This provides stronger resistance against GPU and ASIC attacking. To apply to existing repositories, run chpass.
• Keyfile is now protected by password hashing too. To apply to existing repositories, run chpass.
• It is now possible to obfuscate file sizes (at the cost of performance). Only new repo can opt-in this behavior. Run create --max-padding=XXX for this.

Improvements

• Format 1, 2, 3 are now mounted multi-threaded. (Format 4 has always been multi-threaded).
• --trace are reworked to have complete information in logs.
• securefs is now built with link time optimization for better performance.
• Other misc performance improvements.

Upgrades

• Crypto++ is upgarded to 8.6.
• utf8proc is upgraded to 2.7.0.

Releases

Source release

To build from source, you need to clone the repo by git with git clone --recursive --depth 1. Alternatively, you can download the file with "full-source" in it. Do not download autogenerated archive on this page as they are missing submodules.

0.12.0

• Update to Crypto++ to 8.5
• Now support Apple M1
• Minor bug fixes

Binary release are for Windows x64 only. 32 bit support is dropped. To run the binary, one needs to install extra packages:

• WinFsp 2021
• VC++ 2015~2019 redistributable

Note:

• WinFsp requirements have updated from the last release.
• The signing GPG keys have changed to new ones with TTLs for better security. See
  https://github.com/netheril96.gpg

0.11.1

• Key file support.
• Unicode 13 support (for filename normalization).
• Speed on network filesystem is improved.
• File locking can now be disabled for improved performance, at the risk of data corruption.
• New command line options --fsname and --fssubtype.
• New command line option --normalization replaces the old --insensitive and --nfc.
• The default number of rounds of scrypt are increased for better security.
• Testing are improved. Not directly related to end users.

Binary release are for Windows x64 only. 32 bit support is dropped. To run the binary, one needs to install extra packages:

• WinFsp 2020
• VC++ 2015~2019 redistributable

0.9.0

Changelog

• Enables hardware acceleration dynamically based on CPU capabilities. No more need to compile specially for each platform.
• Normalizes filenames on macOS to NFC for compatibility with native applications. The behavior can be tuned by option --nfc. Fixes #74.
• Signs commits and binary releases with GPG.
• Supports Finder tags on macOS.
• Supports Linux kernel version >= 5.4. Fixes #87.
• Supports full mode encryption on Windows.
• Fixes logging with Unicode characters on Windows.
• Fixes (harmless) symlink errors on Windows.

Binary release

The precompiled binary is for Windows only. Requires WinFsp 2019.2 and VC++ Redist to be installed.

Warning: the 32-bit binary may not work with larger than 4GiB files.

Source release

To build from source, you need to clone the repo by git with git clone --recursive. Do not download the zip or tar.gz archive on this page as they are missing submodules.

0.9.0-beta1

This is a beta release.

• Updates Crypto++ to 8.2.
• Supports Finder tags on macOS.
• Fixes (harmless) symlink errors on Windows.
• Fixes support of full mode encryption on Windows.
• Fixes logging with Unicode characters on Windows.

The binary files are for Windows, and require the following dependencies to be installed on the system:

• WinFsp 2019.1.
• VC++ 2017 redistributable.