summaryrefslogtreecommitdiffstats
path: root/docs/v2.0.3-ReleaseNotes
diff options
context:
space:
mode:
Diffstat (limited to 'docs/v2.0.3-ReleaseNotes')
-rw-r--r--docs/v2.0.3-ReleaseNotes121
1 files changed, 121 insertions, 0 deletions
diff --git a/docs/v2.0.3-ReleaseNotes b/docs/v2.0.3-ReleaseNotes
new file mode 100644
index 0000000..030a1b4
--- /dev/null
+++ b/docs/v2.0.3-ReleaseNotes
@@ -0,0 +1,121 @@
+Cryptsetup 2.0.3 Release Notes
+==============================
+Stable bug-fix release with new features.
+
+Cryptsetup 2.x version introduces a new on-disk LUKS2 format.
+
+The legacy LUKS (referenced as LUKS1) will be fully supported
+forever as well as a traditional and fully backward compatible format.
+
+Please note that authenticated disk encryption, non-cryptographic
+data integrity protection (dm-integrity), use of Argon2 Password-Based
+Key Derivation Function and the LUKS2 on-disk format itself are new
+features and can contain some bugs.
+
+To provide all security features of authenticated encryption, we need
+a better nonce-reuse resistant algorithm in the kernel (see note below).
+For now, please use authenticated encryption as an experimental feature.
+
+Please do not use LUKS2 without properly configured backup or in
+production systems that need to be compatible with older systems.
+
+Changes since version 2.0.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Expose interface to unbound LUKS2 keyslots.
+ Unbound LUKS2 keyslot allows storing a key material that is independent
+ of master volume key (it is not bound to encrypted data segment).
+
+* New API extensions for unbound keyslots (LUKS2 only)
+ crypt_keyslot_get_key_size() and crypt_volume_key_get()
+ These functions allow to get key and key size for unbound keyslots.
+
+* New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).
+
+* Add --unbound keyslot option to the cryptsetup luksAddKey command.
+
+* Add crypt_get_active_integrity_failures() call to get integrity
+ failure count for dm-integrity devices.
+
+* Add crypt_get_pbkdf_default() function to get per-type PBKDF default
+ setting.
+
+* Add new flag to crypt_keyslot_add_by_key() to force update device
+ volume key. This call is mainly intended for a wrapped key change.
+
+* Allow volume key store in a file with cryptsetup.
+ The --dump-master-key together with --master-key-file allows cryptsetup
+ to store the binary volume key to a file instead of standard output.
+
+* Add support detached header for cryptsetup-reencrypt command.
+
+* Fix VeraCrypt PIM handling - use proper iterations count formula
+ for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes.
+
+* Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim).
+
+* Add --with-default-luks-format configure time option.
+ (Option to override default LUKS format version.)
+
+* Fix LUKS version conversion for detached (and trimmed) LUKS headers.
+
+* Add luksConvertKey cryptsetup command that converts specific keyslot
+ from one PBKDF to another.
+
+* Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata)
+ header is detected.
+
+* More cleanup and hardening of LUKS2 keyslot specific validation options.
+ Add more checks for cipher validity before writing metadata on-disk.
+
+* Do not allow LUKS1 version downconversion if the header contains tokens.
+
+* Add "paes" family ciphers (AES wrapped key scheme for mainframes)
+ to allowed ciphers.
+ Specific wrapped ley configuration logic must be done by 3rd party tool,
+ LUKS2 stores only keyslot material and allow activation of the device.
+
+* Add support for --check-at-most-once option (kernel 4.17) to veritysetup.
+ This flag can be dangerous; if you can control underlying device
+ (you can change its content after it was verified) it will no longer
+ prevent reading tampered data and also it does not prevent silent
+ data corruptions that appear after the block was once read.
+
+* Fix return code (EPERM instead of EINVAL) and retry count for bad
+ passphrase on non-tty input.
+
+* Enable support for FEC decoding in veritysetup to check dm-verity devices
+ with additional Reed-Solomon code in userspace (verify command).
+
+Unfinished things & TODO for next releases
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+* There will be better documentation and examples (planned for 2.0.4).
+
+* There will be some more formal definition of the threat model for integrity
+ protection. (And a link to some papers discussing integrity protection,
+ once it is, hopefully, accepted and published.)
+
+* Authenticated encryption will use new algorithms from CAESAR competition
+ https://competitions.cr.yp.to/caesar-submissions.html.
+ We plan to use AEGIS and MORUS, as CAESAR finalists.
+
+ NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305)
+ in the kernel have too small 96-bit nonces that are problematic with
+ randomly generated IVs (the collision probability is not negligible).
+
+* Authenticated encryption do not set encryption for a dm-integrity journal.
+
+ While it does not influence data confidentiality or integrity protection,
+ an attacker can get some more information from data journal or cause that
+ system will corrupt sectors after journal replay. (That corruption will be
+ detected though.)
+
+* There are examples of user-defined tokens inside misc/luks2_keyslot_example
+ directory (like a simple external program that uses libssh to unlock LUKS2
+ using remote keyfile).
+
+* The python binding (pycryptsetup) contains only basic functionality for LUKS1
+ (it is not updated for new features) and will be REMOVED in version 2.1
+ in favor of python bindings to the libblockdev library.
+ See https://github.com/storaged-project/libblockdev/releases/tag/2.17-1 that
+ already supports LUKS2 and VeraCrypt devices handling through libcryptsetup.