diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:31:19 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:31:19 +0000 |
commit | 6e33fee6f4a7e2041dd276995b402ca036fcab14 (patch) | |
tree | 85be5c41f2715d7d4d24cfa220197f1e2c778259 /docs/v1.6.7-ReleaseNotes | |
parent | Initial commit. (diff) | |
download | cryptsetup-6e33fee6f4a7e2041dd276995b402ca036fcab14.tar.xz cryptsetup-6e33fee6f4a7e2041dd276995b402ca036fcab14.zip |
Adding upstream version 2:2.1.0.upstream/2%2.1.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/v1.6.7-ReleaseNotes')
-rw-r--r-- | docs/v1.6.7-ReleaseNotes | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/docs/v1.6.7-ReleaseNotes b/docs/v1.6.7-ReleaseNotes new file mode 100644 index 0000000..edb73e5 --- /dev/null +++ b/docs/v1.6.7-ReleaseNotes @@ -0,0 +1,84 @@ +Cryptsetup 1.6.7 Release Notes +============================== + +Changes since version 1.6.6 + +* Cryptsetup git and wiki are now hosted on GitLab. + https://gitlab.com/cryptsetup/cryptsetup + + Repository of stable releases remains on kernel.org site + https://www.kernel.org/pub/linux/utils/cryptsetup/ + + For more info please see README file. + +* Cryptsetup TCRYPT mode now supports VeraCrypt devices (TrueCrypt extension). + + The VeraCrypt extension only increases iteration count for the key + derivation function (on-disk format is the same as TrueCrypt format). + + Note that unlocking of a VeraCrypt device can take very long time if used + on slow machines. + + To use this extension, add --veracrypt option, for example + cryptsetup open --type tcrypt --veracrypt <container> <name> + + For use through libcryptsetup, just add CRYPT_TCRYPT_VERA_MODES flag. + +* Support keyfile-offset and keyfile-size options even for plain volumes. + +* Support keyfile option for luksAddKey if the master key is specified. + +* For historic reasons, hashing in the plain mode is not used + if keyfile is specified (with exception of --key-file=-). + Print a warning if these parameters are ignored. + +* Support permanent device decryption for cryptsetup-reencrypt. + To remove LUKS encryption from a device, you can now use --decrypt option. + +* Allow to use --header option in all LUKS commands. + The --header always takes precedence over positional device argument. + +* Allow luksSuspend without need to specify a detached header. + +* Detect if O_DIRECT is usable on a device allocation. + There are some strange storage stack configurations which wrongly allows + to open devices with direct-io but fails on all IO operations later. + + Cryptsetup now tries to read the device first sector to ensure it can use + direct-io. + +* Add low-level performance options tuning for dmcrypt (for Linux 4.0 and later). + + Linux kernel 4.0 contains rewritten dmcrypt code which tries to better utilize + encryption on parallel CPU cores. + + While tests show that this change increases performance on most configurations, + dmcrypt now provides some switches to change its new behavior. + + You can use them (per-device) with these cryptsetup switches: + --perf-same_cpu_crypt + --perf-submit_from_crypt_cpus + + Please use these only in the case of serious performance problems. + Refer to the cryptsetup man page and dm-crypt documentation + (for same_cpu_crypt and submit_from_crypt_cpus options). + https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt + +* Get rid of libfipscheck library. + (Note that this option was used only for Red Hat and derived distributions.) + With recent FIPS changes we do not need to link to this FIPS monster anymore. + Also drop some no longer needed FIPS mode checks. + +* Many fixes and clarifications to man pages. + +* Prevent compiler to optimize-out zeroing of buffers for on-stack variables. + +* Fix a crash if non-GNU strerror_r is used. + +Cryptsetup API NOTE: +The direct terminal handling for passphrase entry will be removed from +libcryptsetup in next major version (application should handle it itself). + +It means that you have to always either provide password in buffer or set +your own password callback function through crypt_set_password_callback(). +See API documentation (or libcryptsetup.h) for more info. |