50 lines
1.8 KiB
Text
50 lines
1.8 KiB
Text
Cryptsetup 1.6.3 Release Notes
|
|
==============================
|
|
|
|
Changes since version 1.6.2
|
|
|
|
* Fix cryptsetup reencryption tool to work properly
|
|
with devices using 4kB sectors.
|
|
|
|
* Always use page size if running through loop device,
|
|
this fixes failures for external LUKS header and
|
|
filesystem requiring 4kB block size.
|
|
|
|
* Fix TCRYPT system encryption mapping for multiple partitions.
|
|
Since this commit, one can use partition directly as device parameter.
|
|
If you need to activate such partition from image in file,
|
|
please first use map partitioned loop device (losetup -P)
|
|
on image.
|
|
(Cryptsetup require partition offsets visible in kernel sysfs
|
|
in this mode.)
|
|
|
|
* Support activation of old TrueCrypt containers using CBC mode
|
|
and whitening (created in TrueCrypt version < 4.1).
|
|
This requires Linux kernel 3.13 or later.
|
|
(Containers with cascade CBC ciphers are not supported.)
|
|
|
|
* Properly display keys in dump --dump-master-key command
|
|
for TrueCrypt CBC containers.
|
|
|
|
* Rewrite cipher benchmark loop which was unreliable
|
|
on very fast machines.
|
|
|
|
* Add warning if LUKS device was activated using non-cryptsetup
|
|
library which did not set UUID properly (e.g. cryptmount).
|
|
(Some commands, like luksSuspend, are not available then.)
|
|
|
|
* Support length limitation also for plain (no hash) length.
|
|
This can be used for mapping problematic cryptosystems which
|
|
wipes some key (losetup sometimes set last 32 byte to zero,
|
|
which can be now configured as --hash plain:31 parameter).
|
|
|
|
* Fix hash limit if parameter is not a number.
|
|
(The whole key was set to zero instead of command failure.)
|
|
|
|
* Unify --key-slot behavior in cryptsetup_reencrypt tool.
|
|
|
|
* Update dracut example scripts for system reencryption on first boot.
|
|
|
|
* Add command line option --tcrypt-backup to access TCRYPT backup header.
|
|
|
|
* Fix static compilation with OpenSSL.
|