summaryrefslogtreecommitdiffstats
path: root/docs/v2.2.0-ReleaseNotes
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 17:44:12 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 17:44:12 +0000
commit1be69c2c660b70ac2f4de2a5326e27e3e60eb82d (patch)
treebb299ab6f411f4fccd735907035de710e4ec6abc /docs/v2.2.0-ReleaseNotes
parentInitial commit. (diff)
downloadcryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.tar.xz
cryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.zip
Adding upstream version 2:2.3.7.upstream/2%2.3.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/v2.2.0-ReleaseNotes')
-rw-r--r--docs/v2.2.0-ReleaseNotes279
1 files changed, 279 insertions, 0 deletions
diff --git a/docs/v2.2.0-ReleaseNotes b/docs/v2.2.0-ReleaseNotes
new file mode 100644
index 0000000..b1fd363
--- /dev/null
+++ b/docs/v2.2.0-ReleaseNotes
@@ -0,0 +1,279 @@
+Cryptsetup 2.2.0 Release Notes
+==============================
+Stable release with new experimental features and bug fixes.
+
+Cryptsetup 2.2 version introduces a new LUKS2 online reencryption
+extension that allows reencryption of mounted LUKS2 devices
+(device in use) in the background.
+
+Online reencryption is a complex feature. Please be sure you
+have a full data backup before using this feature.
+
+Changes since version 2.1.0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+LUKS2 online reencryption
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The reencryption is intended to provide a reliable way to change
+volume key or an algorithm change while the encrypted device is still
+in use.
+
+It is based on userspace-only approach (no kernel changes needed)
+that uses the device-mapper subsystem to remap active devices on-the-fly
+dynamically. The device is split into several segments (encrypted by old
+key, new key and so-called hotzone, where reencryption is actively running).
+
+The flexible LUKS2 metadata format is used to store intermediate states
+(segment mappings) and both version of keyslots (old and new keys).
+Also, it provides a binary area (in the unused keyslot area space)
+to provide recovery metadata in the case of unexpected failure during
+reencryption. LUKS2 header is during the reencryption marked with
+"online-reencryption" keyword. After the reencryption is finished,
+this keyword is removed, and the device is backward compatible with all
+older cryptsetup tools (that support LUKS2).
+
+The recovery supports three resilience modes:
+
+ - checksum: default mode, where individual checksums of ciphertext hotzone
+ sectors are stored, so the recovery process can detect which sectors were
+ already reencrypted. It requires that the device sector write is atomic.
+
+ - journal: the hotzone is journaled in the binary area
+ (so the data are written twice)
+
+ - none: performance mode; there is no protection
+ (similar to old offline reencryption)
+
+These resilience modes are not available if reencryption uses data shift.
+
+Note: until we have full documentation (both of the process and metadata),
+please refer to Ondrej's slides (some slight details are no longer relevant)
+https://okozina.fedorapeople.org/online-disk-reencryption-with-luks2-compact.pdf
+
+The offline reencryption tool (cryptsetup-reencrypt) is still supported
+for both LUKS1 and LUKS2 format.
+
+Cryptsetup examples for reencryption
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The reencryption feature is integrated directly into cryptsetup utility
+as the new "reencrypt" action (command).
+
+There are three basic modes - to perform reencryption (change of already
+existing LUKS2 device), to add encryption to plaintext device and to remove
+encryption from a device (decryption).
+
+In all cases, if existing LUKS2 metadata contains information about
+the ongoing reencryption process, following reencrypt command continues
+with the ongoing reencryption process until it is finished.
+
+You can activate a device with ongoing reencryption as the standard LUKS2
+device, but the reencryption process will not continue until the cryptsetup
+reencrypt command is issued.
+
+
+1) Reencryption
+~~~~~~~~~~~~~~~
+This mode is intended to change any attribute of the data encryption
+(change of the volume key, algorithm or sector size).
+Note that authenticated encryption is not yet supported.
+
+You can start the reencryption process by specifying a LUKS2 device or with
+a detached LUKS2 header.
+The code should automatically recognize if the device is in use (and if it
+should use online mode of reencryption).
+
+If you do not specify parameters, only volume key is changed
+(a new random key is generated).
+
+# cryptsetup reencrypt <device> [--header <hdr>]
+
+You can also start reencryption using active mapped device name:
+ # cryptsetup reencrypt --active-name <name>
+
+You can also specify the resilience mode (none, checksum, journal) with
+--resilience=<mode> option, for checksum mode also the hash algorithm with
+--resilience-hash=<alg> (only hash algorithms supported by cryptographic
+backend are available).
+
+The maximal size of reencryption hotzone can be limited by
+--hotzone-size=<size> option and applies to all reencryption modes.
+Note that for checksum and journal mode hotzone size is also limited
+by available space in binary keyslot area.
+
+2) Encryption
+~~~~~~~~~~~~~
+This mode provides a way to encrypt a plaintext device to LUKS2 format.
+This option requires reduction of device size (for LUKS2 header) or new
+detached header.
+
+ # cryptsetup reencrypt <device> --encrypt --reduce-device-size <size>
+
+Or with detached header:
+ # cryptsetup reencrypt <device> --encrypt --header <hdr>
+
+3) Decryption
+~~~~~~~~~~~~~
+This mode provides the removal of existing LUKS2 encryption and replacing
+a device with plaintext content only.
+For now, we support only decryption with a detached header.
+
+ # cryptsetup reencrypt <device> --decrypt --header <hdr>
+
+For all three modes, you can split the process to metadata initialization
+(prepare keyslots and segments but do not run reencryption yet) and the data
+reencryption step by using --init-only option.
+
+Prepares metadata:
+ # cryptsetup reencrypt --init-only <parameters>
+
+Starts the data processing:
+ # cryptsetup reencrypt <device>
+
+Please note, that due to the Linux kernel limitation, the encryption or
+decryption process cannot be run entirely online - there must be at least
+short offline window where operation adds/removes device-mapper crypt (LUKS2) layer.
+This step should also include modification of /etc/crypttab and fstab UUIDs,
+but it is out of the scope of cryptsetup tools.
+
+Limitations
+~~~~~~~~~~~
+Most of these limitations will be (hopefully) fixed in next versions.
+
+* Only one active keyslot is supported (all old keyslots will be removed
+ after reencryption).
+
+* Only block devices are now supported as parameters. As a workaround
+ for images in a file, please explicitly map a loop device over the image
+ and use the loop device as the parameter.
+
+* Devices with authenticated encryption are not supported. (Later it will
+ be limited by the fixed per-sector metadata, per-sector metadata size
+ cannot be changed without a new device format operation.)
+
+* The reencryption uses userspace crypto library, with fallback to
+ the kernel (if available). There can be some specific configurations
+ where the fallback does not provide optimal performance.
+
+* There are no translations of error messages until the final release
+ (some messages can be rephrased as well).
+
+* The repair command is not finished; the recovery of interrupted
+ reencryption is made automatically on the first device activation.
+
+* Reencryption triggers too many udev scans on metadata updates (on closing
+ write enabled file descriptors). This has a negative performance impact on the whole
+ reencryption and generates excessive I/O load on the system.
+
+New libcryptsetup reencryption API
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+The libcryptsetup contains new API calls that are used to setup and
+run the reencryption.
+
+Note that there can be some changes in API implementation of these functions
+and/or some new function can be introduced in final cryptsetup 2.2 release.
+
+New API symbols (see documentation in libcryptsetup.h)
+* struct crypt_params_reencrypt - reencryption parameters
+
+* crypt_reencrypt_init_by_passphrase
+* crypt_reencrypt_init_by_keyring
+ - function to configure LUKS2 metadata for reencryption;
+ if metadata already exists, it configures the context from this metadata
+
+* crypt_reencrypt
+ - run the reencryption process (processing the data)
+ - the optional callback function can be used to interrupt the reencryption
+ or report the progress.
+
+* crypt_reencrypt_status
+ - function to query LUKS2 metadata about the reencryption state
+
+Other changes and fixes
+~~~~~~~~~~~~~~~~~~~~~~~
+* Add optional global serialization lock for memory hard PBKDF.
+ (The --serialize-memory-hard-pbkdf option in cryptsetup and
+ CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF in activation flag.)
+
+ This is an "ugly" optional workaround for a situation when multiple devices
+ are being activated in parallel (like systemd crypttab activation).
+ The system instead of returning ENOMEM (no memory available) starts
+ out-of-memory (OOM) killer to kill processes randomly.
+
+ Until we find a reliable way how to work with memory-hard function
+ in these situations, cryptsetup provide a way how to serialize memory-hard
+ unlocking among parallel cryptsetup instances to workaround this problem.
+ This flag is intended to be used only in very specific situations,
+ never use it directly :-)
+
+* Abort conversion to LUKS1 with incompatible sector size that is
+ not supported in LUKS1.
+
+* Report error (-ENOENT) if no LUKS keyslots are available. User can now
+ distinguish between a wrong passphrase and no keyslot available.
+
+* Fix a possible segfault in detached header handling (double free).
+
+* Add integritysetup support for bitmap mode introduced in Linux kernel 5.2.
+ Integritysetup now supports --integrity-bitmap-mode option and
+ --bitmap-sector-per-bit and --bitmap-flush-time commandline options.
+
+ In the bitmap operation mode, if a bit in the bitmap is 1, the corresponding
+ region's data and integrity tags are not synchronized - if the machine
+ crashes, the unsynchronized regions will be recalculated.
+ The bitmap mode is faster than the journal mode because we don't have
+ to write the data twice, but it is also less reliable, because if data
+ corruption happens when the machine crashes, it may not be detected.
+ This can be used only for standalone devices, not with dm-crypt.
+
+* The libcryptsetup now keeps all file descriptors to underlying device
+ open during the whole lifetime of crypt device context to avoid excessive
+ scanning in udev (udev run scan on every descriptor close).
+
+* The luksDump command now prints more info for reencryption keyslot
+ (when a device is in-reencryption).
+
+* New --device-size parameter is supported for LUKS2 reencryption.
+ It may be used to encrypt/reencrypt only the initial part of the data
+ device if the user is aware that the rest of the device is empty.
+
+ Note: This change causes API break since the last rc0 release
+ (crypt_params_reencrypt structure contains additional field).
+
+* New --resume-only parameter is supported for LUKS2 reencryption.
+ This flag resumes reencryption process if it exists (not starting
+ new reencryption).
+
+* The repair command now tries LUKS2 reencryption recovery if needed.
+
+* If reencryption device is a file image, an interactive dialog now
+ asks if reencryption should be run safely in offline mode
+ (if autodetection of active devices failed).
+
+* Fix activation through a token where dm-crypt volume key was not
+ set through keyring (but using old device-mapper table parameter mode).
+
+* Online reencryption can now retain all keyslots (if all passphrases
+ are provided). Note that keyslot numbers will change in this case.
+
+* Allow volume key file to be used if no LUKS2 keyslots are present.
+ If all keyslots are removed, LUKS2 has no longer information about
+ the volume key size (there is only key digest present).
+ Please use --key-size option to open the device or add a new keyslot
+ in these cases.
+
+* Print a warning if online reencrypt is called over LUKS1 (not supported).
+
+* Fix TCRYPT KDF failure in FIPS mode.
+ Some crypto backends support plain hash in FIPS mode but not for PBKDF2.
+
+* Remove FIPS mode restriction for crypt_volume_key_get.
+ It is an application responsibility to use this API in the proper context.
+
+* Reduce keyslots area size in luksFormat when the header device is too small.
+ Unless user explicitly asks for keyslots areas size (either via
+ --luks2-keyslots-size or --offset) reduce keyslots size so that it fits
+ in metadata device.
+
+* Make resize action accept --device-size parameter (supports units suffix).