diff options
Diffstat (limited to '')
-rw-r--r-- | docs/v2.0.5-ReleaseNotes | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/docs/v2.0.5-ReleaseNotes b/docs/v2.0.5-ReleaseNotes new file mode 100644 index 0000000..907d5aa --- /dev/null +++ b/docs/v2.0.5-ReleaseNotes @@ -0,0 +1,102 @@ +Cryptsetup 2.0.5 Release Notes +============================== +Stable bug-fix release with new features. + +Cryptsetup 2.x version introduces a new on-disk LUKS2 format. + +The legacy LUKS (referenced as LUKS1) will be fully supported +forever as well as a traditional and fully backward compatible format. + +Please note that authenticated disk encryption, non-cryptographic +data integrity protection (dm-integrity), use of Argon2 Password-Based +Key Derivation Function and the LUKS2 on-disk format itself are new +features and can contain some bugs. + +Please do not use LUKS2 without properly configured backup or in +production systems that need to be compatible with older systems. + +Changes since version 2.0.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Wipe full header areas (including unused) during LUKS format. + + Since this version, the whole area up to the data offset is zeroed, + and subsequently, all keyslots areas are wiped with random data. + This ensures that no remaining old data remains in the LUKS header + areas, but it could slow down format operation on some devices. + Previously only first 4k (or 32k for LUKS2) and the used keyslot + was overwritten in the format operation. + +* Several fixes to error messages that were unintentionally replaced + in previous versions with a silent exit code. + More descriptive error messages were added, including error + messages if + - a device is unusable (not a block device, no access, etc.), + - a LUKS device is not detected, + - LUKS header load code detects unsupported version, + - a keyslot decryption fails (also happens in the cipher check), + - converting an inactive keyslot. + +* Device activation fails if data area overlaps with LUKS header. + +* Code now uses explicit_bzero to wipe memory if available + (instead of own implementation). + +* Additional VeraCrypt modes are now supported, including Camellia + and Kuznyechik symmetric ciphers (and cipher chains) and Streebog + hash function. These were introduced in a recent VeraCrypt upstream. + + Note that Kuznyechik requires out-of-tree kernel module and + Streebog hash function is available only with the gcrypt cryptographic + backend for now. + +* Fixes static build for integritysetup if the pwquality library is used. + +* Allows passphrase change for unbound keyslots. + +* Fixes removed keyslot number in verbose message for luksKillSlot, + luksRemoveKey and erase command. + +* Adds blkid scan when attempting to open a plain device and warn the user + about existing device signatures in a ciphertext device. + +* Remove LUKS header signature if luksFormat fails to add the first keyslot. + +* Remove O_SYNC from device open and use fsync() to speed up + wipe operation considerably. + +* Create --master-key-file in luksDump and fail if the file already exists. + +* Fixes a bug when LUKS2 authenticated encryption with a detached header + wiped the header device instead of dm-integrity data device area (causing + unnecessary LUKS2 header auto recovery). + +Unfinished things & TODO for next releases +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* Authenticated encryption should use new algorithms from CAESAR competition + https://competitions.cr.yp.to/caesar-submissions.html. + AEGIS and MORUS are already available in kernel 4.18. + + For more info about LUKS2 authenticated encryption, please see our paper + https://arxiv.org/abs/1807.00309 + + Please note that authenticated encryption is still an experimental feature + and can have performance problems for hish-speed devices and device + with larger IO blocks (like RAID). + +* Authenticated encryption do not set encryption for a dm-integrity journal. + + While it does not influence data confidentiality or integrity protection, + an attacker can get some more information from data journal or cause that + system will corrupt sectors after journal replay. (That corruption will be + detected though.) + +* There are examples of user-defined tokens inside misc/luks2_keyslot_example + directory (like a simple external program that uses libssh to unlock LUKS2 + using remote keyfile). + +* The python binding (pycryptsetup) contains only basic functionality for LUKS1 + (it is not updated for new features) and will be REMOVED in version 2.1 + in favor of python bindings to the libblockdev library. + See https://github.com/storaged-project/libblockdev/releases that + already supports LUKS2 and VeraCrypt devices handling through libcryptsetup. |