Bcachefs is not very stable right now, and BTRFS is not a good choice from a verified boot perspective. f2fs is what is used in Android and ext4 is used in Chromebooks, so they at least have the backing of Google's security team when it comes to vulnerabilities involving maliciously crafted filesystem images. BTRFS doesn't. The reason this matters for Spectrum is that verified boot aims to prevent system compromise from persisting across reboots, and an attacker who has compromised a Spectrum system can craft whatever image they want on the writable volume. Would it make sense to use f2fs or ext4? That means no reflinks and no snapshots, which would be annoying at least. Another option might be to use FUSE for the writable volume, with kernel filesystems only used for the (signed and dm-verity protected) root volume. This is the only option supported by Linux's upstream maintainers, who (with the notable exception of Kent Overstreet) appear to have no interest in hardening filesystems against maliciously crafted images. -- Sincerely, Demi Marie Obenour (she/her/hers)