36 lines
1.3 KiB
Text
36 lines
1.3 KiB
Text
Cryptsetup 1.7.1 Release Notes
|
|
==============================
|
|
|
|
Changes since version 1.7.0
|
|
|
|
* Code now uses kernel crypto API backend according to new
|
|
changes introduced in mainline kernel
|
|
|
|
While mainline kernel should contain backward compatible
|
|
changes, some stable series kernels do not contain fully
|
|
backported compatibility patches.
|
|
Without these patches most of cryptsetup operations
|
|
(like unlocking device) fail.
|
|
|
|
This change in cryptsetup ensures that all operations using
|
|
kernel crypto API works even on these kernels.
|
|
|
|
* The cryptsetup-reencrypt utility now properly detects removal
|
|
of underlying link to block device and does not remove
|
|
ongoing re-encryption log.
|
|
This allows proper recovery (resume) of reencrypt operation later.
|
|
|
|
NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility,
|
|
this link disappears once the device metadata is temporarily
|
|
removed from device.
|
|
|
|
* Cryptsetup now allows special "-" (standard input) keyfile handling
|
|
even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices.
|
|
|
|
* Cryptsetup now fails if there are more keyfiles specified
|
|
for non-TCRYPT device.
|
|
|
|
* The luksKillSlot command now does not suppress provided password
|
|
in batch mode (if password is wrong slot is not destroyed).
|
|
Note that not providing password in batch mode means that keyslot
|
|
is destroyed unconditionally.
|