Sweet Tea Dorminy
I (Sweet Tea) have worked on kernel storage since graduating from MIT in 2013. I've been a fan of open source, particularly storage technology, since I started using Gentoo in '05, and was fortunate to get a job out of college working on Linux kernel storage. I began at a startup called Permabit working on a then-proprietary software-defined storage device providing dedupe and compression, which was acquired by Red Hat in 2017. dm-vdo has now been open sourced and is working on going upstream soon. In 2022, I joined the btrfs team at Meta, and have been working on adding filesystem encryption to btrfs since.
Session
At Meta, we've been working to add encryption support to btrfs, with exciting implications for per-container security. Traditionally encryption has either dealt with whole disks, with LUKS, or with a few filesystems: ext4, f2fs, ubifs, and ceph, lacking in advanced volume management. Btrfs has several features these filesystems don't: deduplicating/reflinking identical data, subvolume/snapshot management, and integrated checksumming. These features allow giving containers their own encrypted subvolume with a key only loaded when the container is running, preventing container storage from being read while turned off, and making deletion of expired containers' storage secure.