FESF successfully works with WSL 2 on released, supported, versions of Windows. While FESF may work with other versions of WSL, these configurations are not supported by OSR. We also only currently test/support WSL 2 installations using the Microsoft-provided Ubuntu distro.
Understanding how FESF supports WSL requires an understanding of how WSL 2 stores and accesses files, so we'll briefly describe this first. Then we'll move on to a more specific description of FESF support for transparent file encryption and decryption in WSL 2.
Linux and WSL utilities and support files are stored with a Virtual Hard Disk (VHDX) image formatted with the EXT4 file system. This file system (mounted at the root of the WSL file system namespace) is accessed strictly within Linux. The hosting Windows system does not directly "see" these file system operations, as they all take place internally within the VHDX file.
WSL 2 also allows access to files that are stored on the hosting Windows system. These are accessed from WSL 2 via the P9 file system (see here for a brief description of this protocol). Windows volumes are made accessible to WSL via mount points using their classic Windows drive letters, such as /mnt/c for the Windows C: volume.
FESF supports transparently encrypting and decrypting files stored on (supported) Windows volumes. FESF policy is always expressed strictly in Windows terms. This means that callbacks from the kernel-mode FESF components to the user-mode FESF components will always describe files in Windows syntax and using Windows conventions.
FESF supports transparent encryption and decryption of files stored on Windows volumes that are created by applications running under WSL 2. This means that if you create a policy that causes new files created in the C:\SecretStuff directory to be encrypted, files created by applications running under WSL 2 that create files in /mnt/c/SecretStuff will be encrypted. The path that the FESF Solution Policy DLL will receive in its GetPolicyNewFile callback will be the Windows path to the file being accessed.
FESF also supports transparent encryption and decryption of the entire EXT4 VHDX file that contains the root WSL 2 file system.
FESF does not support transparent encryption and decryption of files that exist within the EXT4 VHDX in WSL. This is because these file operations take place entirely within the Linux system run by WSL and are not directly visible to Windows. That means, for example, that files in the WSL 2 /etc directory (or its subdirectories) cannot be put into policy using FESF for Windows.