The BSD version

An operating system based on 4.4BSD[10] provides to the kernel a generic interface to several kinds of file systems: the virtual-node (vnode) layer. The vnode layer features an object-oriented interface which abstracts the invocation to filesystem-specific operations, implemented at an underlying level. This makes possible to mount and access different kind of file system in the same way. 4.4BSD file system switch has been provided of a mechanism for stacking filesystems on top of one other (proposed by Rosenthal[12], and refined by Heidemann and Popek[5]). The bottom of a filesystem stack is usually a storage filesystem (which directly interacts with the device driver). The layers above, can implement on their own any functions and/or redirect them downstairs (with or without argument transformations).

TCFS for BSD has been implemented as a file system layer. This approach presents an important advantage: since the cryptographic layer can be mounted upon any filesystem by mean of vnode interface, encryption of local filesystems (improving TCFS performances on these ones) does not need the NFS to introduce the cryptographic file-operators. Furthermore, TCFS for BSD has been developed by writing only those operators which required the introduction of cryptographic services whereas other calls have been redirected to undelying filesystems.

Users send their directives to TCFS by updating the mount-point parameters. The TCFS layer adds to the usual arguments of the mount system call two new sets of data that cointain directives and their arguments:

1. The data concerning the user's directive: the command, the key, the key's owner, etc.
2. A set of data which represents the status of the filesystem: number of active keys, error codes, information about the cipher.

TCFS flags and optional attributes management is performed by means of some ioctl calls.