File

The tdx Volt has comprehensive built-in file support.

Files can be uploaded from the local file system to a tdx Volt running anywhere in the world. The CLI and fusebox also support recursive uploading of entire sub-trees of folders and files.

Policy and file modes

The tdx Volt supports 3 modes of file storage:

  • standard - in this mode a tdx Volt resource is created for each file and folder that is uploaded. The file contents are then encrypted and stored locally in the Volt.
  • mirrored - the mirrored mode is similar to standard mode in that a tdx Volt resource is created for each file and folder, however the contents of the file are not uploaded to the Volt. Instead the resource stores a path to the original file on the local disk.
  • linked - linked mode is a continuation of mirrored mode. A single resource is created on the tdx Volt that reflects the ‘root’ folder that was uploaded, and the entire sub-tree is still exposed as descendants of the root folder but implementation wise they are loaded at runtime rather than being cached as resources in the Volt.

Standard mode exactly reflects the local file system as a snapshot at the time of uploading. The resource hierarchy will match that of the local file system, and policy rules can be applied at any level of the hierarchy, e.g. sharing a sub-folder several levels deep in the file tree. If a file is added or deleted or modified on the local file system this will not be reflected in the tdx Volt until a sync is run.

Mirrored mode also reflects the local file system as a snapshot in time, however when a file is read or downloaded it will fetch the data from the local disk rather than from the Volt. Policy rules can still be applied at any level in the hierarchy. As a result of this the file contents will always appear in sync with the local disk, but file additions and deletions will not be reflected in the tdx Volt resource tree until a sync is run.

Linked mode on the other hand totally reflects the local file system at all times. Additions, deletions and updates will immediately be reflected in the Volt. However it is only possible to apply policy rules at the level of the root folder, i.e. a subject can either see the entire sub-tree or not. It’s a trade-off between performance, flexibility of sharing and staleness of data.

Note that 'mirrored' and 'linked' modes are only applicable to the file system local to the Volt, i.e. Alice can upload a folder tree to Bob's tdx Volt using standard mode, but she cannot do so using mirrored or linked mode because the files would be unavailable when Alice is offline or unreachable. In this scenario, Alice would mirror or link the folder to her own tdx Volt and add a share for Bob.

Encryption

Files uploaded to the tdx Volt are encrypted at rest using a key derived from the tdx Volt root key.

Sync

The tdx Volt file upload and download commands can run in an optimised mode such that they will not upload or download a file if it has not changed since the last operation, and the upload command implements a ‘watch’ function that can upload files as they change on the local disk.