On Mon, Nov 29, 2021 at 08:37:31AM +0100, Antonin Houska wrote: > The changes to buffile.c are not trivial, but we haven't really changed the > API, as long as you mean BufFileCreateTemp(), BufFileWrite(), BufFileRead(). > > What our patch affects on the caller side is that BufFileOpenTransient(), > BufFileCloseTransient(), BufFileWriteTransient() and BufFileReadTransient() > replace OpenTransientFile(), CloseTransientFile(), write()/fwrite() and > read()/fread() respectively in reorderbuffer.c and in pgstat.c. These changes > become a little bit less invasive in TDE 1.1 than they were in 1.0, see [1], > see the diffs attached.
With pg_upgrade modified to preserve the relfilenode, tablespace oid, and database oid, we are now closer to implementing cluster file encryption using XTS. I think we have a few steps left: 1. modify temporary file I/O to use a more centralized API 2. modify the existing cluster file encryption patch to use XTS with a IV that uses more than the LSN 3. add XTS regression test code like CTR 4. create WAL encryption code using CTR If we can do #1 in PG 15 I think I can have #2 ready for PG 16 in July. The feature wiki page is: https://wiki.postgresql.org/wiki/Transparent_Data_Encryption Do people want to advance this feature forward? -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com If only the physical world exists, free will is an illusion.