/badge.svg){kind=icon}
A native Linux kernel filesystem driver for mounting BFC (Binary File Container) images directly without FUSE.
- π Native Performance: Direct kernel integration, no FUSE overhead
- π Full Directory Support: Complete directory tree navigation and listing
- π File Reading: Accurate and complete file content access
- π Memory Safe: Proper VFS integration with clean resource management
- β‘ Direct I/O: Efficient file reading bypassing page cache complications
- π‘οΈ Crash-Free: Stable mount/unmount operations without kernel crashes
- π§ Standard Tools: Works with all standard Linux file utilities (
ls,cat,cp, etc.)
The BFCFS kernel module is now fully functional for basic BFC container operations:
- β Module Loading/Unloading: Clean insertion and removal from kernel
- β Mount/Unmount Operations: Proper VFS integration without crashes
- β Directory Operations: Full directory listing and navigation
- β File Reading: Complete and accurate file content access
- β Uncompressed Files: Full support for plain (uncompressed, unencrypted) files
- β VFS Integration: Proper inode allocation and memory management
- π§ Compression: Zstd support planned (Phase 0.2)
- π§ Encryption: AEAD encryption planned (Phase 0.3)
Important: This filesystem driver requires Linux kernel 6.8.x or newer due to VFS API changes.
# For Ubuntu 22.04, install kernel 6.8.x
sudo apt update
sudo apt install linux-image-6.8.0-49-generic linux-headers-6.8.0-49-generic
sudo reboot
# After reboot, ensure kernel headers are installed
sudo apt install linux-headers-$(uname -r)
# Verify kernel version
uname -r # Should show 6.8.x# Build the module
make
# Clean build artifacts
make clean
# Load module (for testing)
sudo make load
# Unload module
sudo make unload
# Install to system modules directory
sudo make install# Load the module
sudo insmod bfcfs.ko
# Mount a BFC container
sudo mount -t bfcfs -o source=/path/to/container.bfc none /mnt/bfc
# Browse contents
ls -la /mnt/bfc/
cat /mnt/bfc/some-file.txt
# Unmount cleanly
sudo umount /mnt/bfc
# Unload module
sudo rmmod bfcfs# Load the module
sudo modprobe bfcfs
# Mount a BFC container
sudo mount -t bfcfs -o source=/path/to/container.bfc /mnt/bfc
# Browse contents
ls -la /mnt/bfc/
# Unmount
sudo umount /mnt/bfcsource=PATH- Path to .bfc container file (required)verify=MODE- Verification mode:none,shallow,deep(default:shallow)noreadahead- Disable readahead optimization
sudo mount -t bfcfs -o source=/tmp/app.bfc,verify=deep /mnt/appBy default, loading the BFC module will show a "module verification failed" warning and taint the kernel. This is normal for out-of-tree modules but can be avoided by signing the module.
# Generate signing certificate and private key
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der \
-nodes -days 36500 -subj "/CN=BFC Module/"
# Sign the compiled module
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha512 MOK.priv MOK.der bfcfs.ko
# Import certificate to Machine Owner Key (MOK) list
sudo mokutil --import MOK.der
# Enter a password when prompted (e.g., "bfcmodule")
# Reboot and enroll the key
sudo rebootDuring boot:
- UEFI will prompt for MOK enrollment
- Select "Enroll MOK" β "Continue"
- Enter the password you set above
- Reboot to complete enrollment
After enrollment:
# Load the signed module (no more tainted kernel warnings)
sudo insmod bfcfs.ko
# Verify signing status
modinfo bfcfs.ko | grep sigAlternative approach - add kernel parameter to disable module signature checking:
# Edit GRUB configuration
sudo nano /etc/default/grub
# Add to GRUB_CMDLINE_LINUX_DEFAULT:
GRUB_CMDLINE_LINUX_DEFAULT="... module.sig_enforce=0"
# Update GRUB and reboot
sudo update-grub
sudo rebootCheck if module is properly signed:
modinfo bfcfs.ko | grep sig
# Should show: sig_id, signer, sig_key, sig_hashalgo, signaturebfcfs/
βββ include/bfcfs.h # Core data structures and definitions
βββ fs/
β βββ super.c # Superblock and module management
β βββ opts.c # Mount option parsing
β βββ index.c # BFC container index parsing
β βββ inode.c # VFS inode operations
β βββ data.c # File reading and page cache
β βββ crypto.c # Encryption support (stub)
β βββ verify.c # Data verification
βββ Makefile # Kernel module build
βββ Kconfig # Kernel configuration
βββ README.md # This file
# Check if module loaded
lsmod | grep bfcfs
# Check filesystem registration
cat /proc/filesystems | grep bfcfs
# View kernel messages
sudo dmesg | grep bfcfsUse the BFC CLI tool to create test containers:
# Create uncompressed container
bfc create test.bfc /path/to/source/
# Create with compression (not yet supported by this driver)
bfc create -c zstd test.bfc /path/to/source/- Module infrastructure and VFS registration
- Mount option parsing and validation
- BFC container format parsing and index loading
- Proper VFS inode allocation and memory management
- Directory operations (listing, lookup, navigation)
- File reading operations with direct I/O
- Clean mount/unmount without kernel crashes
- Support for uncompressed, unencrypted files
- Synthetic root directory handling
- Zstd decompression integration
- Chunked file reading with compression
- Performance optimization for compressed files
- Kernel keyring integration
- ChaCha20-Poly1305 AEAD decryption
- Per-chunk encryption/decryption
- Symlink support
- Extended attributes
- Performance optimizations
- Advanced verification modes
- Follow Linux kernel coding style
- Use
scripts/checkpatch.plto validate patches - Keep functions focused and well-documented
Note: Only kernel 6.8.x and newer are supported.
# Build for specific kernel version (6.8.x+ only)
make KERNELDIR=/lib/modules/6.8.0-49/build
# Cross-compile (if toolchain available, 6.8.x+ only)
make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu-GPL v2 - Compatible with Linux kernel licensing