236 lines
8.5 KiB
Text
236 lines
8.5 KiB
Text
Cryptsetup 2.6.0 Release Notes
|
|
==============================
|
|
Stable release with new features and bug fixes.
|
|
|
|
Changes since version 2.5.0
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
* Introduce support for handling macOS FileVault2 devices (FVAULT2).
|
|
|
|
Cryptsetup now supports the mapping of FileVault2 full-disk encryption
|
|
by Apple for the macOS operating system using a native Linux kernel.
|
|
You can open an existing USB FileVault portable device and (with
|
|
the hfsplus filesystem driver) access the native data read/write.
|
|
|
|
Cryptsetup supports only (legacy) FileVault2 based on Core Storage
|
|
and HFS+ filesystem (introduced in MacOS X 10.7 Lion).
|
|
It does NOT support the new version of FileVault based on the APFS
|
|
filesystem used in recent macOS versions.
|
|
|
|
Header formatting and changes are not supported; cryptsetup never
|
|
changes the metadata on the device.
|
|
|
|
FVAULT2 extension requires kernel userspace crypto API and kernel
|
|
driver for HFS+ (hfsplus) filesystem (available on most systems today).
|
|
|
|
Example of using FileVault2 formatted USB device:
|
|
|
|
A typical encrypted device contains three partitions; the FileVault
|
|
encrypted partition is here sda2:
|
|
|
|
$ lsblk -o NAME,FSTYPE,LABEL /dev/sda
|
|
NAME FSTYPE LABEL
|
|
sda
|
|
|-sda1 vfat EFI
|
|
|-sda2
|
|
`-sda3 hfsplus Boot OS X
|
|
|
|
Note: blkid does not recognize FileVault2 format yet.
|
|
|
|
To dump metadata information about the device, you can use
|
|
the fvault2Dump command:
|
|
|
|
$ cryptsetup fvault2Dump /dev/sda2
|
|
Header information for FVAULT2 device /dev/sda2.
|
|
Physical volume UUID: 6f353c05-daae-4e76-a0ee-6a9569a22d81
|
|
Family UUID: f82cceb0-a788-4815-945a-53d57fcd55a8
|
|
Logical volume offset: 67108864 [bytes]
|
|
Logical volume size: 3288334336 [bytes]
|
|
Cipher: aes
|
|
Cipher mode: xts-plain64
|
|
PBKDF2 iterations: 97962
|
|
PBKDF2 salt: 173a4ec7447662ec79ca7a47df6c2a01
|
|
|
|
To activate the device, use open --type fvault2 option:
|
|
|
|
$ cryptsetup open --type fvault2 /dev/sda2 test
|
|
Enter passphrase for /dev/sda2: ...
|
|
|
|
And check the status of the active device:
|
|
|
|
$ cryptsetup status test
|
|
/dev/mapper/test is active.
|
|
type: FVAULT2
|
|
cipher: aes-xts-plain64
|
|
keysize: 256 bits
|
|
key location: dm-crypt
|
|
device: /dev/sda2
|
|
sector size: 512
|
|
offset: 131072 sectors
|
|
size: 6422528 sectors
|
|
mode: read/write
|
|
|
|
Now, if the kernel contains hfsplus filesystem driver, you can mount
|
|
decrypted content:
|
|
|
|
$ mount /dev/mapper/test /mnt/test
|
|
|
|
For more info about implementation, please refer to the master thesis
|
|
by Pavel Tobias, which was the source for this extension.
|
|
https://is.muni.cz/th/p0aok/?lang=en
|
|
|
|
* libcryptsetup: no longer use global memory locking through mlockall()
|
|
|
|
For many years, libcryptsetup locked all memory (including dependent
|
|
library address space) to prevent swapping sensitive content outside
|
|
of RAM.
|
|
|
|
This strategy no longer works as the locking of basic libraries exceeds
|
|
the memory locking limit if running as a non-root user.
|
|
|
|
Libcryptsetup now locks only memory ranges containing sensitive
|
|
material (keys) through crypt_safe_alloc() calls.
|
|
|
|
This change solves many reported mysterious problems of unexpected
|
|
failures. If the initial lock was still under the limit and succeeded,
|
|
some following memory allocation could fail later as it exceeded
|
|
the locking limit. If the initial locking fails, memory locking
|
|
was quietly ignored completely.
|
|
|
|
The whole crypt_memory_lock() API call is deprecated; it no longer
|
|
calls memlockall().
|
|
|
|
* libcryptsetup: process priority is increased only for key derivation
|
|
(PBKDF) calls.
|
|
|
|
Increasing priority was tight to memory locking and works only if
|
|
running under superuser.
|
|
Only PBKDF calls and benchmarking now increase the process priority.
|
|
|
|
* Add new LUKS keyslot context handling functions and API.
|
|
|
|
In practice, the luksAddKey action does two operations.
|
|
It unlocks the existing device volume key and stores the unlocked
|
|
volume key in a new keyslot.
|
|
Previously the options were limited to key files and passphrases.
|
|
|
|
Newly available methods (keyslot contexts) are passphrase, keyfile,
|
|
key (binary representation), and LUKS2 token.
|
|
|
|
To unlock a keyslot user may:
|
|
- provide existing passphrase via interactive prompt (default method)
|
|
- use --key-file option to provide a file with a valid passphrase
|
|
- provide volume key directly via --volume-key-file
|
|
- unlock keyslot via all available LUKS2 tokens by --token-only
|
|
- unlock keyslot via specific token with --token-id
|
|
- unlock keyslot via specific token type by --token-type
|
|
|
|
To provide the passphrase for a new keyslot, a user may:
|
|
- provide existing passphrase via interactive prompt (default method)
|
|
- use --new-keyfile to read the passphrase from the file
|
|
- use --new-token-id to select LUKS2 token to get passphrase
|
|
for new keyslot. The new keyslot is assigned to the selected token
|
|
id if the operation is successful.
|
|
|
|
* The volume key may now be extracted using a passphrase, keyfile, or
|
|
token. For LUKS devices, it also returns the volume key after
|
|
a successful crypt_format call.
|
|
|
|
* Fix --disable-luks2-reencryption configuration option.
|
|
|
|
* cryptsetup: Print a better error message and warning if the format
|
|
produces an image without space available for data.
|
|
|
|
Activation now fails early with a more descriptive message.
|
|
|
|
* Print error if anti-forensic LUKS2 hash setting is not available.
|
|
If the specified hash was not available, activation quietly failed.
|
|
|
|
* Fix internal crypt segment compare routine if the user
|
|
specified cipher in kernel format (capi: prefix).
|
|
|
|
* cryptsetup: Add token unassign action.
|
|
|
|
This action allows removing token binding on specific keyslot.
|
|
|
|
* veritysetup: add support for --use-tasklets option.
|
|
|
|
This option sets try_verify_in_tasklet kernel dm-verity option
|
|
(available since Linux kernel 6.0) to allow some performance
|
|
improvement on specific systems.
|
|
|
|
* Provide pkgconfig Require.private settings.
|
|
|
|
While we do not completely provide static build on udev systems,
|
|
it helps produce statically linked binaries in certain situations.
|
|
|
|
* Always update automake library files if autogen.sh is run.
|
|
|
|
For several releases, we distributed older automake scripts by mistake.
|
|
|
|
* reencryption: Fix user defined moved segment size in LUKS2 decryption.
|
|
|
|
The --hotzone-size argument was ignored in cases where the actual data
|
|
size was less than the original LUKS2 data offset.
|
|
|
|
* Delegate FIPS mode detection to configured crypto backend.
|
|
System FIPS mode check no longer depends on /etc/system-fips file.
|
|
|
|
* tests: externally provided systemd plugin is now optionally compiled
|
|
from systemd git and tested with cryptsetup
|
|
|
|
* tests: initial integration to OSS-fuzz project with basic crypt_load()
|
|
test for LUKS2 and JSON mutated fuzzing.
|
|
|
|
For more info, see README in tests/fuzz directory.
|
|
|
|
* Update documentation, including FAQ and man pages.
|
|
|
|
Libcryptsetup API extensions
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
The libcryptsetup API is backward compatible with existing symbols.
|
|
|
|
New symbols:
|
|
crypt_keyslot_context_init_by_passphrase
|
|
crypt_keyslot_context_init_by_keyfile
|
|
crypt_keyslot_context_init_by_token
|
|
crypt_keyslot_context_init_by_volume_key
|
|
crypt_keyslot_context_get_error
|
|
crypt_keyslot_context_set_pin
|
|
crypt_keyslot_context_get_type
|
|
crypt_keyslot_context_free
|
|
crypt_keyslot_add_by_keyslot_context
|
|
crypt_volume_key_get_by_keyslot_context
|
|
|
|
New defines:
|
|
CRYPT_FVAULT2 "FVAULT2" (FileVault2 compatible mode)
|
|
|
|
Keyslot context types:
|
|
CRYPT_KC_TYPE_PASSPHRASE
|
|
CRYPT_KC_TYPE_KEYFILE
|
|
CRYPT_KC_TYPE_TOKEN
|
|
CRYPT_KC_TYPE_KEY
|
|
|
|
CRYPT_ACTIVATE_TASKLETS (dm-verity: use tasklets activation flag)
|
|
|
|
WARNING!
|
|
~~~~~~~~
|
|
The next version of cryptsetup will change the encryption mode and key
|
|
derivation option for the PLAIN format.
|
|
|
|
This change will cause backward incompatibility.
|
|
For this reason, the user will have to specify the exact parameters
|
|
for cipher, key size, and key derivation parameters for plain format.
|
|
|
|
The default encryption mode will be AES-XTS with 512bit key (AES-256).
|
|
The CBC mode is no longer considered the best default, as it allows easy
|
|
bit-flipped ciphertext modification attacks and performance problems.
|
|
|
|
For the passphrase hashing in plain mode, the encryption key is directly
|
|
derived through iterative hashing from a user-provided passphrase
|
|
(except a keyfile that is not hashed).
|
|
|
|
The default hash is RIPEMD160, which is no longer the best default
|
|
option. The exact change will be yet discussed but should include
|
|
the possibility of using a password-based key derivation function
|
|
instead of iterative hashing.
|