Filesystem in Userspace (FUSE) allows non-privileged users to create file systems without modifying kernel code by running file system operations in user space.
Fortanix-Data-Security-Manager (DSM) Filesystem Encryption (FSE) utilizes the FUSE framework with a dedicated agent that manages filesystem mounting, encryption, decryption, and policy enforcement. This agent operates seamlessly, requiring no changes to customer applications.
When a filesystem is mounted with the Fortanix DSM FSE Agent, it handles all input and output operations, routing requests through the Virtual File System (VFS) to the agent, which then processes and responds based on the defined policies.
To discover the architecture and key hierarchy of Linux Filesystem Encryption on Linux, refer to Filesystem Encryption for Linux - Concepts guide.