diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:35:41 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:35:41 +0000 |
commit | f7458043ae6a2d2d54b911fac52e50341646bef2 (patch) | |
tree | 6c58e084cd8728490fd5bb8eead07db0be0038f4 | |
parent | Adding upstream version 2:2.6.1. (diff) | |
download | cryptsetup-f7458043ae6a2d2d54b911fac52e50341646bef2.tar.xz cryptsetup-f7458043ae6a2d2d54b911fac52e50341646bef2.zip |
Adding upstream version 2:2.7.0.upstream/2%2.7.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
239 files changed, 27246 insertions, 11197 deletions
diff --git a/.codeql-config.yml b/.codeql-config.yml new file mode 100644 index 0000000..1311657 --- /dev/null +++ b/.codeql-config.yml @@ -0,0 +1,31 @@ +name: "Cryptsetup CodeQL config" + +query-filters: +- exclude: + id: cpp/fixme-comment +- exclude: + id: cpp/empty-block +- exclude: + id: cpp/poorly-documented-function +- exclude: + id: cpp/loop-variable-changed +- exclude: + id: cpp/empty-if +- exclude: + id: cpp/long-switch +- exclude: + id: cpp/complex-condition +- exclude: + id: cpp/commented-out-code + +# These produce many false positives +- exclude: + id: cpp/uninitialized-local +- exclude: + id: cpp/path-injection +- exclude: + id: cpp/missing-check-scanf + +# CodeQL should understand coverity [toctou] comments +- exclude: + id: cpp/toctou-race-condition diff --git a/.github/workflows/cibuild-setup-ubuntu.sh b/.github/workflows/cibuild-setup-ubuntu.sh index 2c0adb2..e689084 100755 --- a/.github/workflows/cibuild-setup-ubuntu.sh +++ b/.github/workflows/cibuild-setup-ubuntu.sh @@ -7,7 +7,7 @@ PACKAGES=( gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass - asciidoctor + asciidoctor meson ninja-build ) COMPILER="${COMPILER:?}" diff --git a/.github/workflows/cibuild.yml b/.github/workflows/cibuild.yml index 2698389..b97bae1 100644 --- a/.github/workflows/cibuild.yml +++ b/.github/workflows/cibuild.yml @@ -17,7 +17,7 @@ jobs: fail-fast: false matrix: env: - - { COMPILER: "gcc", COMPILER_VERSION: "11", RUN_SSH_PLUGIN_TEST: "1" } + - { COMPILER: "gcc", COMPILER_VERSION: "13", RUN_SSH_PLUGIN_TEST: "1" } env: ${{ matrix.env }} steps: - name: Repository checkout diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..f1e22ce --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,50 @@ +name: "CodeQL" + +on: + push: + branches: + - 'main' + - 'wip-luks2' + - 'v2.3.x' + - 'v2.4.x' + +permissions: + contents: read + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + if: github.repository == 'mbroz/cryptsetup' + concurrency: + group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }} + cancel-in-progress: true + permissions: + actions: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'cpp' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: +security-extended,security-and-quality + config-file: .codeql-config.yml + + - name: Install dependencies + run: sudo -E .github/workflows/cibuild-setup-ubuntu.sh + env: { COMPILER: "gcc", COMPILER_VERSION: "13", RUN_SSH_PLUGIN_TEST: "1" } + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index edc88e8..eace134 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -17,7 +17,7 @@ jobs: run: sudo -E .github/workflows/cibuild-setup-ubuntu.sh env: COMPILER: "gcc" - COMPILER_VERSION: "11" + COMPILER_VERSION: "13" - name: Install Coverity run: | wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=mbroz/cryptsetup" -O cov-analysis-linux64.tar.gz diff --git a/.gitlab/ci/annocheck.yml b/.gitlab/ci/annocheck.yml index 5b3a715..7501180 100644 --- a/.gitlab/ci/annocheck.yml +++ b/.gitlab/ci/annocheck.yml @@ -14,6 +14,4 @@ test-main-commit-job-annocheck: when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - - /opt/build-rpm-script.sh > /dev/null 2>&1 - - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el9 - - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el8 + - sudo /opt/run-annocheck.sh diff --git a/.gitlab/ci/cibuild-setup-ubuntu.sh b/.gitlab/ci/cibuild-setup-ubuntu.sh index 07b0990..00e37eb 100755 --- a/.gitlab/ci/cibuild-setup-ubuntu.sh +++ b/.gitlab/ci/cibuild-setup-ubuntu.sh @@ -6,8 +6,8 @@ PACKAGES=( git make autoconf automake autopoint pkg-config libtool libtool-bin gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev - sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass - asciidoctor + sharutils dmsetup jq xxd expect keyutils netcat-openbsd passwd openssh-client + sshpass asciidoctor ) COMPILER="${COMPILER:?}" diff --git a/.gitlab/ci/clang-Wall b/.gitlab/ci/clang-Wall index d09e154..52c2dad 100755 --- a/.gitlab/ci/clang-Wall +++ b/.gitlab/ci/clang-Wall @@ -25,10 +25,9 @@ EXTRA="\ -Wswitch \ -Wmissing-format-attribute \ -Winit-self \ - -Wdeclaration-after-statement \ -Wold-style-definition \ -Wno-missing-field-initializers \ - -Wno-unused-parameter \ + -Wunused-parameter \ -Wno-long-long" exec $CLANG $PEDANTIC $CONVERSION \ diff --git a/.gitlab/ci/compilation-clang.gitlab-ci.yml b/.gitlab/ci/compilation-clang.gitlab-ci.yml index 6f5cd42..cf54b8b 100644 --- a/.gitlab/ci/compilation-clang.gitlab-ci.yml +++ b/.gitlab/ci/compilation-clang.gitlab-ci.yml @@ -3,6 +3,7 @@ test-clang-compilation: - .gitlab-shared-clang script: - export CFLAGS="-Wall -Werror" + - ./autogen.sh - ./configure - make -j - make -j check-programs @@ -13,6 +14,7 @@ test-clang-Wall-script: script: - export CFLAGS="-g -O0" - export CC="$CI_PROJECT_DIR/.gitlab/ci/clang-Wall" + - ./autogen.sh - ./configure - make -j CFLAGS="-g -O0 -Werror" - make -j CFLAGS="-g -O0 -Werror" check-programs @@ -21,6 +23,7 @@ test-scan-build: extends: - .gitlab-shared-clang script: + - ./autogen.sh - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} -V ./configure CFLAGS="-g -O0" - make clean - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j diff --git a/.gitlab/ci/compilation-gcc.gitlab-ci.yml b/.gitlab/ci/compilation-gcc.gitlab-ci.yml index 00fae36..c4a10c3 100644 --- a/.gitlab/ci/compilation-gcc.gitlab-ci.yml +++ b/.gitlab/ci/compilation-gcc.gitlab-ci.yml @@ -3,6 +3,7 @@ test-gcc-compilation: - .gitlab-shared-gcc script: - export CFLAGS="-Wall -Werror" + - ./autogen.sh - ./configure - make -j - make -j check-programs @@ -13,6 +14,7 @@ test-gcc-Wall-script: script: - export CFLAGS="-g -O0" - export CC="$CI_PROJECT_DIR/.gitlab/ci/gcc-Wall" + - ./autogen.sh - ./configure - make -j CFLAGS="-g -O0 -Werror" - make -j CFLAGS="-g -O0 -Werror" check-programs @@ -22,6 +24,7 @@ test-gcc-fanalyzer: - .gitlab-shared-gcc script: - export CFLAGS="-Wall -Werror -g -O0 -fanalyzer -fdiagnostics-path-format=separate-events" + - ./autogen.sh - ./configure - make -j - make -j check-programs diff --git a/.gitlab/ci/compilation-various-disables.yml b/.gitlab/ci/compilation-various-disables.yml index 1414f9e..1c9fb3d 100644 --- a/.gitlab/ci/compilation-various-disables.yml +++ b/.gitlab/ci/compilation-various-disables.yml @@ -4,18 +4,29 @@ test-gcc-disable-compiles: parallel: matrix: - DISABLE_FLAGS: [ - "--disable-keyring", - "--disable-external-tokens --disable-ssh-token", - "--disable-luks2-reencryption", - "--disable-cryptsetup --disable-veritysetup --disable-integritysetup", - "--disable-kernel_crypto", - "--disable-selinux", - "--disable-udev", - "--disable-internal-argon2", - "--disable-blkid" + "keyring", + "external-tokens ssh-token", + "luks2-reencryption", + "cryptsetup veritysetup integritysetup", + "kernel_crypto", + "udev", + "internal-argon2", + "blkid" ] + artifacts: + name: "meson-build-logs-$CI_COMMIT_REF_NAME" + paths: + - meson_builddir/meson-logs script: + - DEBIAN_FRONTEND=noninteractive apt-get -yq install meson ninja-build - export CFLAGS="-Wall -Werror" - - ./configure $DISABLE_FLAGS + - ./autogen.sh + - echo "Configuring with --disable-$DISABLE_FLAGS" + - ./configure $(for i in $DISABLE_FLAGS; do echo "--disable-$i"; done) - make -j - make -j check-programs + - git checkout -f && git clean -xdf + - meson -v + - echo "Configuring with -D$DISABLE_FLAGS=false" + - meson setup meson_builddir $(for i in $DISABLE_FLAGS; do [ "$i" == "internal-argon2" ] && echo "-Dargon-implementation=internal" || echo "-D$i=false"; done) + - ninja -C meson_builddir diff --git a/.gitlab/ci/csmock.yml b/.gitlab/ci/csmock.yml index 72b53ed..a1cd985 100644 --- a/.gitlab/ci/csmock.yml +++ b/.gitlab/ci/csmock.yml @@ -3,7 +3,7 @@ test-commit-job-csmock: - .dump_kernel_log tags: - libvirt - - rhel7-csmock + - rhel9-csmock stage: test interruptible: true allow_failure: true @@ -14,4 +14,10 @@ test-commit-job-csmock: when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ || $CI_PIPELINE_SOURCE == "merge_request_event" script: - - /opt/csmock-run-script.sh + - sudo /opt/run-csmock.sh + artifacts: + # Upload artifacts when a crash makes the job fail. + when: always + paths: + - cryptsetup-csmock-results.tar.xz + - cryptsetup-csmock-results diff --git a/.gitlab/ci/debian.yml b/.gitlab/ci/debian.yml index fad9d97..6a17533 100644 --- a/.gitlab/ci/debian.yml +++ b/.gitlab/ci/debian.yml @@ -2,16 +2,17 @@ extends: - .dump_kernel_log before_script: + - sudo apt-get -y update - > [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] || sudo apt-get -y install -y -qq swtpm meson ninja-build python3-jinja2 - gperf libcap-dev tpm2-tss-engine-dev libmount-dev swtpm-tools + gperf libcap-dev libtss2-dev libmount-dev swtpm-tools - > sudo apt-get -y install -y -qq git gcc make autoconf automake autopoint pkgconf libtool libtool-bin gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev sharutils dmsetup jq xxd expect - keyutils netcat passwd openssh-client sshpass asciidoctor + keyutils netcat-openbsd passwd openssh-client sshpass asciidoctor - sudo apt-get -y build-dep cryptsetup - sudo -E git clean -xdf - ./autogen.sh @@ -22,7 +23,7 @@ test-mergerq-job-debian: - .debian-prep tags: - libvirt - - debian11 + - debian12 stage: test interruptible: true variables: @@ -41,7 +42,7 @@ test-main-commit-job-debian: - .debian-prep tags: - libvirt - - debian11 + - debian12 stage: test interruptible: true variables: @@ -54,3 +55,44 @@ test-main-commit-job-debian: - make -j - make -j -C tests check-programs - sudo -E make check + +# meson tests +test-mergerq-job-debian-meson: + extends: + - .debian-prep + tags: + - libvirt + - debian12 + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + script: + - sudo apt-get -y install -y -qq meson ninja-build + - meson setup build + - ninja -C build + - cd build && sudo -E meson test --verbose --print-errorlogs + +test-main-commit-job-debian-meson: + extends: + - .debian-prep + tags: + - libvirt + - debian12 + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - sudo apt-get -y install -y -qq meson ninja-build + - meson setup build + - ninja -C build + - cd build && sudo -E meson test --verbose --print-errorlogs diff --git a/.gitlab/ci/gcc-Wall b/.gitlab/ci/gcc-Wall index 6669504..860a8fb 100755 --- a/.gitlab/ci/gcc-Wall +++ b/.gitlab/ci/gcc-Wall @@ -31,7 +31,7 @@ EXTRA="-Wextra \ -Wunsafe-loop-optimizations \ -Wold-style-definition \ -Wno-missing-field-initializers \ - -Wno-unused-parameter \ + -Wunused-parameter \ -Wno-long-long \ -Wmaybe-uninitialized \ -Wvla \ diff --git a/.gitlab/ci/gitlab-shared-docker.yml b/.gitlab/ci/gitlab-shared-docker.yml index 1edacc8..b625ee0 100644 --- a/.gitlab/ci/gitlab-shared-docker.yml +++ b/.gitlab/ci/gitlab-shared-docker.yml @@ -1,5 +1,5 @@ .gitlab-shared-docker: - image: ubuntu:focal + image: ubuntu:lunar tags: - gitlab-org-docker stage: test @@ -12,7 +12,6 @@ - .gitlab/ci/cibuild-setup-ubuntu.sh - export CC="${COMPILER}${COMPILER_VERSION:+-$COMPILER_VERSION}" - export CXX="${COMPILER}++${COMPILER_VERSION:+-$COMPILER_VERSION}" - - ./autogen.sh .gitlab-shared-gcc: extends: @@ -27,5 +26,5 @@ - .gitlab-shared-docker variables: COMPILER: "clang" - COMPILER_VERSION: "13" + COMPILER_VERSION: "17" RUN_SSH_PLUGIN_TEST: "1" diff --git a/.lgtm.yml b/.lgtm.yml deleted file mode 100644 index 64d9cc8..0000000 --- a/.lgtm.yml +++ /dev/null @@ -1,11 +0,0 @@ -queries: - - exclude: cpp/fixme-comment - - exclude: cpp/empty-block -# symver attribute detection cannot be used, disable it for lgtm -extraction: - cpp: - configure: - command: - - "./autogen.sh" - - "./configure --enable-external-tokens --enable-ssh-token" - - "echo \"#undef HAVE_ATTRIBUTE_SYMVER\" >> config.h" diff --git a/Makefile.am b/Makefile.am index fb7cb18..f7f6d16 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,4 +1,17 @@ -EXTRA_DIST = README.md COPYING.LGPL FAQ.md docs misc autogen.sh +EXTRA_DIST = README.md SECURITY.md COPYING.LGPL FAQ.md docs misc autogen.sh +EXTRA_DIST += meson_options.txt \ + meson.build \ + lib/crypto_backend/argon2/meson.build \ + lib/crypto_backend/meson.build \ + lib/meson.build \ + man/meson.build \ + po/meson.build \ + scripts/meson.build \ + src/meson.build \ + tests/meson.build \ + tokens/meson.build \ + tokens/ssh/meson.build + SUBDIRS = po tests tests/fuzz CLEANFILES = DISTCLEAN_TARGETS = @@ -21,13 +21,12 @@ block integrity kernel module. LUKS Design ----------- -**LUKS** is the standard for Linux disk encryption. By providing a standard on-disk format, -it does not only facilitate compatibility among distributions, but also provides secure management +**LUKS** is the standard for Linux disk encryption. By providing a standardized on-disk format, +it not only facilitate compatibility among distributions, but also enables secure management of multiple user passwords. LUKS stores all necessary setup information in the partition header, -enabling to transport or migrate data seamlessly. +which enables users to transport or migrate data seamlessly. ### Specification and documentation - * The latest version of the [LUKS2 format specification](https://gitlab.com/cryptsetup/LUKS2-docs). * The latest version of the @@ -37,18 +36,18 @@ enabling to transport or migrate data seamlessly. Download -------- -All release tarballs and release notes are hosted on +Release notes and tarballs are available at [kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/). -**The latest stable cryptsetup release version is 2.6.1** - * [cryptsetup-2.6.1.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.xz) - * Signature [cryptsetup-2.6.1.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.sign) +**The latest stable cryptsetup release version is 2.7.0** + * [cryptsetup-2.7.0.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.0.tar.xz) + * Signature [cryptsetup-2.7.0.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.0.tar.sign) _(You need to decompress file first to check signature.)_ - * [Cryptsetup 2.6.1 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/v2.6.1-ReleaseNotes). + * [Cryptsetup 2.7.0 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes). Previous versions - * [Version 2.5.0](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.xz) - - [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.sign) - + * [Version 2.6.1](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.xz) - + [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.sign) - [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/v2.5.0-ReleaseNotes). * [Version 1.7.5](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.xz) - [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.sign) - @@ -56,27 +55,24 @@ Previous versions Source and API documentation ---------------------------- -For development version code, please refer to -[source](https://gitlab.com/cryptsetup/cryptsetup/tree/master) page, -mirror on [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.git/) or +For development version code, please refer to the +[source](https://gitlab.com/cryptsetup/cryptsetup/tree/master) page, with mirrors +at [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.git/) and [GitHub](https://github.com/mbroz/cryptsetup). For libcryptsetup documentation see [libcryptsetup API](https://mbroz.fedorapeople.org/libcryptsetup_API/) page. -The libcryptsetup API/ABI changes are tracked in -[compatibility report](https://abi-laboratory.pro/tracker/timeline/cryptsetup/). - NLS PO files are maintained by [TranslationProject](https://translationproject.org/domain/cryptsetup.html). Required packages ----------------- -All distributions provide cryptsetup as distro package. If you need to compile cryptsetup yourself, -some packages are required for compilation. -Please always prefer distro specific build tools to manually configuring cryptsetup. +All major Linux distributions provide cryptsetup as a bundled package. If you need +to compile cryptsetup yourself, various additional packages are required. +Any distribution-specific build tools are preferred when manually configuring cryptsetup. -Here is the list of packages needed for the compilation of project for particular distributions: +Below are the packages needed to build for certain Linux distributions: **For Fedora**: ``` @@ -102,47 +98,48 @@ To run the internal testsuite (make check) you also need to install sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass ``` -Note that the list could change as the distributions evolve. +Note that the list may change as Linux distributions evolve. Compilation ----------- -The cryptsetup project uses **automake** and **autoconf** system to generate all needed files -for compilation. If you check it from the git snapshot, use **./autogen.sh && ./configure && make** -to compile the project. If you use downloaded released **tar.xz** archive, the configure script -is already pre-generated (no need to run **autoconf.sh**). -See **./configure --help** and use **--disable-[feature]** and **--enable-[feature]** options. +The cryptsetup project uses **automake** and **autoconf** system to generate all files needed to build. +When building from a git snapshot,, use **./autogen.sh && ./configure && make** +to compile the project. When building from a release **tar.xz** tarball, the configure script +is pre-generated (no need to run **autoconf.sh**). +See **./configure --help** and use the **--disable-[feature]** and **--enable-[feature]** options. -For running the test suite that come with the project, type **make check**. -Note that most tests will need root user privileges and run many dangerous storage fail simulations. -Do **not** run tests with root privilege on production systems! Some tests will need scsi_debug -kernel module to be available. +To run the test suite that come with the project, type **make check**. +Note that most tests will need root user privileges and will run dangerous storage failure simulations. +Do **not** run tests with root privilege on production systems! Some tests will need the **scsi_debug** +kernel module to be installed. -For more details, please refer to [automake](https://www.gnu.org/software/automake/manual/automake.html) -and [autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf.html) manuals. +For more details, please refer to the +[automake](https://www.gnu.org/software/automake/manual/automake.html) and +[autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf.html) documentation. Help! ----- ### Documentation -Please read the following documentation before posting questions in the mailing list... -You will be able to ask better questions and better understand the answers. +Please read the following before posting questions to the mailing list so that +you can ask better questions and better understand answers. * [Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions), * [LUKS Specifications](#specification-and-documentation), and * manuals (aka man page, man pages, man-page) -The FAQ is online and in the source code for the project. The Specifications are referenced above -in this document. The man pages are in source and should be available after installation using -standard man commands, e.g. **man cryptsetup**. +The FAQ is available online and in the source code for the project. The specifications are +referenced above in this document. The man pages live within the source tree and should be +available after installation using standard man commands, e.g. **man cryptsetup**. ### Mailing List - For cryptsetup and LUKS related questions, please use the cryptsetup mailing list [cryptsetup@lists.linux.dev](mailto:cryptsetup@lists.linux.dev), hosted at [kernel.org subspace](https://subspace.kernel.org/lists.linux.dev.html). -To subscribe send an empty mail to +To subscribe send an empty email message to [cryptsetup+subscribe@lists.linux.dev](mailto:cryptsetup+subscribe@lists.linux.dev). You can also browse and/or search the mailing [list archive](https://lore.kernel.org/cryptsetup/). -News (NNTP), Atom feed and git access to public inbox is available through [lore.kernel.org](https://lore.kernel.org) service. +USEnet News (NNTP), Atom feed and git access to the public inbox is available through +[lore.kernel.org](https://lore.kernel.org) service. -The former dm-crypt [list archive](https://lore.kernel.org/dm-crypt/) is also available. +The former **dm-crypt** [list archive](https://lore.kernel.org/dm-crypt/) is also available. diff --git a/configure.ac b/configure.ac index ccf2112..84cef4b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,9 +1,9 @@ AC_PREREQ([2.67]) -AC_INIT([cryptsetup],[2.6.1]) +AC_INIT([cryptsetup],[2.7.0]) dnl library version from <major>.<minor>.<release>[-<suffix>] LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-) -LIBCRYPTSETUP_VERSION_INFO=21:0:9 +LIBCRYPTSETUP_VERSION_INFO=22:0:10 AM_SILENT_RULES([yes]) AC_CONFIG_SRCDIR(src/cryptsetup.c) @@ -128,7 +128,6 @@ if test "x$enable_largefile" = "xno"; then AC_MSG_ERROR([Building with --disable-largefile is not supported, it can cause data corruption.]) fi -AC_C_CONST AC_C_BIGENDIAN AC_TYPE_OFF_T AC_SYS_LARGEFILE @@ -267,6 +266,9 @@ AC_DEFUN([CONFIGURE_GCRYPT], [ GCRYPT_REQ_VERSION=1.1.42 fi + use_internal_pbkdf2=0 + use_internal_argon2=1 + dnl libgcrypt rejects to use pkgconfig, use AM_PATH_LIBGCRYPT from gcrypt-devel here. dnl Do not require gcrypt-devel if other crypto backend is used. m4_ifdef([AM_PATH_LIBGCRYPT],[ @@ -290,7 +292,24 @@ AC_DEFUN([CONFIGURE_GCRYPT], [ NO_FIPS([]) fi + m4_ifdef([AM_PATH_LIBGCRYPT],[ + AC_ARG_ENABLE([gcrypt-argon2], + dnl Check if we can use gcrypt Argon2 (1.11.0 supports empty password) + AS_HELP_STRING([--disable-gcrypt-argon2], [force disable internal gcrypt Argon2]), + [], + [AM_PATH_LIBGCRYPT([1.11.0], [use_internal_argon2=0], [use_internal_argon2=1])]) + AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])], + AC_MSG_ERROR([Missing support for gcrypt: install gcrypt and regenerate configure.])) + + AC_MSG_CHECKING([if internal cryptsetup Argon2 is compiled-in]) + if test $use_internal_argon2 = 0; then + AC_MSG_RESULT([no]) + else + AC_MSG_RESULT([yes]) + fi + AC_CHECK_DECLS([GCRY_CIPHER_MODE_XTS], [], [], [#include <gcrypt.h>]) + AC_CHECK_DECLS([GCRY_KDF_ARGON2], [], [], [#include <gcrypt.h>]) if test "x$enable_static_cryptsetup" = "xyes"; then saved_LIBS=$LIBS @@ -310,19 +329,25 @@ AC_DEFUN([CONFIGURE_GCRYPT], [ ]) AC_DEFUN([CONFIGURE_OPENSSL], [ - PKG_CHECK_MODULES([OPENSSL], [openssl >= 0.9.8],, + PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 0.9.8],, AC_MSG_ERROR([You need openssl library.])) - CRYPTO_CFLAGS=$OPENSSL_CFLAGS - CRYPTO_LIBS=$OPENSSL_LIBS + CRYPTO_CFLAGS=$LIBCRYPTO_CFLAGS + CRYPTO_LIBS=$LIBCRYPTO_LIBS use_internal_pbkdf2=0 + use_internal_argon2=1 if test "x$enable_static_cryptsetup" = "xyes"; then saved_PKG_CONFIG=$PKG_CONFIG PKG_CONFIG="$PKG_CONFIG --static" - PKG_CHECK_MODULES([OPENSSL_STATIC], [openssl]) - CRYPTO_STATIC_LIBS=$OPENSSL_STATIC_LIBS + PKG_CHECK_MODULES([LIBCRYPTO_STATIC], [libcrypto]) + CRYPTO_STATIC_LIBS=$LIBCRYPTO_STATIC_LIBS PKG_CONFIG=$saved_PKG_CONFIG fi + + saved_LIBS=$LIBS + AC_CHECK_DECLS([OSSL_get_max_threads], [], [], [#include <openssl/thread.h>]) + AC_CHECK_DECLS([OSSL_KDF_PARAM_ARGON2_VERSION], [], [], [#include <openssl/core_names.h>]) + LIBS=$saved_LIBS ]) AC_DEFUN([CONFIGURE_NSS], [ @@ -343,6 +368,7 @@ AC_DEFUN([CONFIGURE_NSS], [ CRYPTO_CFLAGS=$NSS_CFLAGS CRYPTO_LIBS=$NSS_LIBS use_internal_pbkdf2=1 + use_internal_argon2=1 NO_FIPS([]) ]) @@ -353,6 +379,7 @@ AC_DEFUN([CONFIGURE_KERNEL], [ # [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])], # [#include <sys/socket.h>]) use_internal_pbkdf2=1 + use_internal_argon2=1 NO_FIPS([]) ]) @@ -369,6 +396,7 @@ AC_DEFUN([CONFIGURE_NETTLE], [ CRYPTO_STATIC_LIBS=$CRYPTO_LIBS use_internal_pbkdf2=0 + use_internal_argon2=1 NO_FIPS([]) ]) @@ -493,7 +521,15 @@ AC_ARG_ENABLE([internal-argon2], AC_ARG_ENABLE([libargon2], AS_HELP_STRING([--enable-libargon2], [enable external libargon2 (PHC) library (disables internal bundled version)])) -if test "x$enable_libargon2" = "xyes" ; then +if test $use_internal_argon2 = 0 -o "x$enable_internal_argon2" = "xno" ; then + if test "x$enable_internal_argon2" = "xyes" -o "x$enable_libargon" = "xyes"; then + AC_MSG_WARN([Argon2 in $with_crypto_backend lib is used; internal Argon2 options are ignored.]) + fi + enable_internal_argon2=no + enable_internal_sse_argon2=no + enable_libargon2=no + use_internal_argon2=0 +elif test "x$enable_libargon2" = "xyes" ; then AC_CHECK_HEADERS(argon2.h,, [AC_MSG_ERROR([You need libargon2 development library installed.])]) AC_CHECK_DECL(Argon2_id,,[AC_MSG_ERROR([You need more recent Argon2 library with support for Argon2id.])], [#include <argon2.h>]) @@ -517,11 +553,10 @@ else fi fi -if test "x$enable_internal_argon2" = "xyes"; then - AC_DEFINE(USE_INTERNAL_ARGON2, 1, [Use internal Argon2]) -fi AM_CONDITIONAL(CRYPTO_INTERNAL_ARGON2, test "x$enable_internal_argon2" = "xyes") AM_CONDITIONAL(CRYPTO_INTERNAL_SSE_ARGON2, test "x$enable_internal_sse_argon2" = "xyes") +dnl If libargon is in use, we have defined HAVE_ARGON2_H +AC_DEFINE_UNQUOTED(USE_INTERNAL_ARGON2, [$use_internal_argon2], [Use internal Argon2]) dnl Link with blkid to check for other device types AC_ARG_ENABLE([blkid], @@ -556,6 +591,27 @@ AM_CONDITIONAL(HAVE_BLKID, test "x$enable_blkid" = "xyes") AM_CONDITIONAL(HAVE_BLKID_WIPE, test "x$enable_blkid_wipe" = "xyes") AM_CONDITIONAL(HAVE_BLKID_STEP_BACK, test "x$enable_blkid_step_back" = "xyes") +AC_ARG_ENABLE([hw-opal], + AS_HELP_STRING([--disable-hw-opal], [disable use of hardware-backed OPAL for device encryption]), + [], + [enable_hw_opal=yes]) + +if test "x$enable_hw_opal" = "xyes"; then + have_opal=yes + AC_CHECK_DECLS([ OPAL_FL_SUM_SUPPORTED, + IOC_OPAL_GET_LR_STATUS, + IOC_OPAL_GET_GEOMETRY + ], + [], + [have_opal=no], + [#include <linux/sed-opal.h>]) + if test "x$have_opal" = "xyes"; then + AC_DEFINE([HAVE_HW_OPAL], 1, [Define to 1 to enable OPAL support.]) + else + AC_MSG_WARN([Can not compile with OPAL support, kernel headers are too old, requires v6.4.]) + fi +fi + dnl Magic for cryptsetup.static build. if test "x$enable_static_cryptsetup" = "xyes"; then saved_PKG_CONFIG=$PKG_CONFIG @@ -634,16 +690,16 @@ dnl Set Requires.private for libcryptsetup.pc dnl pwquality is used only by tools PKGMODULES="uuid devmapper json-c" case $with_crypto_backend in - gcrypt) PKGMODULES+=" libgcrypt" ;; - openssl) PKGMODULES+=" openssl" ;; - nss) PKGMODULES+=" nss" ;; - nettle) PKGMODULES+=" nettle" ;; + gcrypt) PKGMODULES="$PKGMODULES libgcrypt" ;; + openssl) PKGMODULES="$PKGMODULES openssl" ;; + nss) PKGMODULES="$PKGMODULES nss" ;; + nettle) PKGMODULES="$PKGMODULES nettle" ;; esac if test "x$enable_libargon2" = "xyes"; then - PKGMODULES+=" libargon2" + PKGMODULES="$PKGMODULES libargon2" fi if test "x$enable_blkid" = "xyes"; then - PKGMODULES+=" blkid" + PKGMODULES="$PKGMODULES blkid" fi AC_SUBST([PKGMODULES]) dnl ========================================================================== @@ -681,9 +737,9 @@ AC_DEFUN([CS_ABSPATH], [ ]) dnl ========================================================================== -CS_STR_WITH([plain-hash], [password hashing function for plain mode], [ripemd160]) +CS_STR_WITH([plain-hash], [password hashing function for plain mode], [sha256]) CS_STR_WITH([plain-cipher], [cipher for plain mode], [aes]) -CS_STR_WITH([plain-mode], [cipher mode for plain mode], [cbc-essiv:sha256]) +CS_STR_WITH([plain-mode], [cipher mode for plain mode], [xts-plain64]) CS_NUM_WITH([plain-keybits],[key length in bits for plain mode], [256]) CS_STR_WITH([luks1-hash], [hash function for LUKS1 header], [sha256]) diff --git a/docs/Keyring.txt b/docs/Keyring.txt index bdcc838..afe071a 100644 --- a/docs/Keyring.txt +++ b/docs/Keyring.txt @@ -12,30 +12,53 @@ no longer stored directly in dm-crypt target. Starting with cryptsetup 2.0 we load VK in kernel keyring by default for LUKSv2 devices (when dm-crypt with the feature is available). -Currently cryptsetup loads VK in 'logon' type kernel key so that VK is passed in -the kernel and can't be read from userspace afterward. Also cryptsetup loads VK in -thread keyring (before passing the reference to dm-crypt target) so that the key +Currently, cryptsetup loads VK in 'logon' type kernel key so that VK is passed in +the kernel and can't be read from userspace afterwards. Also, cryptsetup loads VK in +the thread keyring (before passing the reference to dm-crypt target) so that the key lifetime is directly bound to the process that performs the dm-crypt setup. When -cryptsetup process exits (for whatever reason) the key gets unlinked in kernel +cryptsetup process exits (for whatever reason) the key gets unlinked in the kernel automatically. In summary, the key description visible in dm-crypt table line is a reference to VK that usually no longer exists in kernel keyring service if you -used cryptsetup to for device activation. +used cryptsetup for device activation. Using this feature dm-crypt no longer maintains a direct key copy (but there's -always at least one copy in kernel crypto layer). +always at least one copy in the kernel crypto layer). + +Additionally, libcryptsetup supports the linking of volume keys to +user-specified kernel keyring with crypt_set_keyring_to_link(). The user may +specify keyring name, key type ('user' or 'logon') and key description where +libcryptsetup should link the verified volume key upon subsequent device +activation (or key verification alone). + +The volume key(s) (provided the key type is 'user') linked in the user keyring +can be later used to activate the device via crypt_activate_by_keyslot_context() +with CRYPT_KC_TYPE_VK_KEYRING type keyslot context +(acquired by crypt_keyslot_context_init_by_vk_in_keyring()). + +Example of how to use volume key linked in custom user keyring from cryptsetup +utility: + +1) Open the device and store the volume key to the session keyring: +# cryptsetup open <device> --link-vk-to-keyring "@s::%user:testkey" tst + +2) Add a keyslot using the stored volume key in a keyring: +# cryptsetup luksAddKey <device> --volume-key-keyring "%user:testkey" + +3) Activate the device using the volume key cached in a keyring ('user' type key) +# cryptsetup open <device> <active_name> --volume-key-keyring "testkey" II) Keyslot passphrase The second use case for kernel keyring is to allow cryptsetup reading the keyslot -passphrase stored in kernel keyring instead. The user may load passphrase in kernel +passphrase stored in kernel keyring instead. The user may load the passphrase in the kernel keyring and notify cryptsetup to read it from there later. Currently, cryptsetup cli supports kernel keyring for passphrase only via LUKS2 internal token -(luks2-keyring). Library also provides a general method for device activation by -reading passphrase from keyring: crypt_activate_by_keyring(). The key type +(luks2-keyring). The library also provides a general method for device activation by +reading the passphrase from the keyring: crypt_activate_by_keyring(). The key type for use case II) must always be 'user' since we need to read the actual key -data from userspace unlike with VK in I). Ability to read keyslot passphrase -from kernel keyring also allows easily auto-activate LUKS2 devices. +data from userspace unlike with VK in I). The ability to read keyslot passphrases +from kernel keyring also allows easy auto-activate LUKS2 devices. -Simple example how to use kernel keyring for keyslot passphrase: +Simple example of how to use kernel keyring for keyslot passphrase: 1) create LUKS2 keyring token for keyslot 0 (in LUKS2 device/image) cryptsetup token add --key-description my:key -S 0 /dev/device @@ -43,7 +66,7 @@ cryptsetup token add --key-description my:key -S 0 /dev/device 2) Load keyslot passphrase in user keyring read -s -p "Keyslot passphrase: "; echo -n $REPLY | keyctl padd user my:key @u -3) Activate device using passphrase stored in kernel keyring +3) Activate the device using the passphrase stored in the kernel keyring cryptsetup open /dev/device my_unlocked_device 4a) unlink the key when no longer needed by @@ -52,5 +75,5 @@ keyctl unlink %user:my:key @u 4b) or revoke it immediately by keyctl revoke %user:my:key -If cryptsetup asks for passphrase in step 3) something went wrong with keyring +If cryptsetup asks for a passphrase in step 3) something went wrong with keyring activation. See --debug output then. diff --git a/docs/LUKS2-locking.txt b/docs/LUKS2-locking.txt index e401b61..ccc80d8 100644 --- a/docs/LUKS2-locking.txt +++ b/docs/LUKS2-locking.txt @@ -5,7 +5,7 @@ Why ~~~ LUKS2 format keeps two identical copies of metadata stored consecutively -at the head of metadata device (file or bdev). The metadata +at the head of the metadata device (file or bdev). The metadata area (both copies) must be updated in a single atomic operation to avoid header corruption during concurrent write. @@ -15,17 +15,17 @@ locking with legacy format was not so obvious as it is with the LUKSv2 format. With LUKS2 the boundary between read-only and read-write is blurry and what used to be the exclusively read-only operation (i.e., cryptsetup open command) may -easily become read-update operation silently without user's knowledge. -Major feature of LUKS2 format is resilience against accidental +easily become read-update operation silently without the user's knowledge. +A major feature of the LUKS2 format is resilience against accidental corruption of metadata (i.e., partial header overwrite by parted or cfdisk -while creating partition on mistaken block device). -Such header corruption is detected early on header read and auto-recovery +while creating a partition on a mistaken block device). +Such header corruption is detected early on the header read and the auto-recovery procedure takes place (the corrupted header with checksum mismatch is being replaced by the secondary one if that one is intact). -On current Linux systems header load operation may be triggered without user -direct intervention for example by udev rule or from systemd service. -Such clash of header read and auto-recovery procedure could have severe -consequences with the worst case of having LUKS2 device unaccessible or being +On current Linux systems header load operation may be triggered without the user +direct intervention for example by an udev rule or from a systemd service. +Such a clash of header read and auto-recovery procedure could have severe +consequences with the worst case of having a LUKS2 device inaccessible or being broken beyond repair. The whole locking of LUKSv2 device headers split into two categories depending @@ -36,17 +36,17 @@ I) block device We perform flock() on file descriptors of files stored in a private directory (by default /run/lock/cryptsetup). The file name is derived -from major:minor couple of affected block device. Note we recommend -that access to private locking directory is supposed to be limited -to superuser only. For this method to work the distribution needs +from major:minor couple of the affected block device. Note we recommend +that access to the private locking directory is supposed to be limited +to the superuser only. For this method to work the distribution needs to install the locking directory with appropriate access rights. II) regular files ~~~~~~~~~~~~~~~~~ -First notable difference between headers stored in a file +A first notable difference between headers stored in a file vs. headers stored in a block device is that headers in a file may be -manipulated by the regular user unlike headers on block devices. Therefore +manipulated by the regular user, unlike headers on block devices. Therefore we perform flock() protection on file with the luks2 header directly. Limitations @@ -58,4 +58,40 @@ while locking is enabled. We do not suppress any other negative effect that two or more concurrent writers of the same header may cause. -b) The locking is not cluster aware in any way. +b) The locking is not cluster-aware in any way. + +Additional LUKS2 locks +====================== + +LUKS2 reencryption device lock +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Device in LUKS2 reencryption is protected by an exclusive lock placed in the default +locking directory. The lock's purpose is to exclude multiple processes from +performing reencryption on the same device (identified by LUKS uuid). The lock +is taken no matter the LUKS2 reencryption mode (online or offline). + +LUKS2 memory hard global lock +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +An optional global lock that makes libcryptsetup serialize memory hard +pbkdf function when deriving a key encryption key from passphrase on unlocking +LUKS2 keyslot. The lock has to be enabled via the CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF +flag. The lock is placed in the default locking directory. + +LUKS2 OPAL lock +~~~~~~~~~~~~~~~ + +Exclusive per device lock taken when manipulating LUKS2 device configured for use with +SED OPAL2 locking range. + +Lock ordering +============= + +To avoid a deadlock following rules must apply: + +- LUKS2 reencrytpion lock must be taken before LUKS2 OPAL lock. + +- LUKS2 OPAL lock must be taken before LUKS2 metadata lock. + +- LUKS2 memory hard global lock can not be used with other locks. diff --git a/docs/doxyfile b/docs/doxyfile index 0943772..86cbdb0 100644 --- a/docs/doxyfile +++ b/docs/doxyfile @@ -1,4 +1,4 @@ -# Doxyfile 1.9.1 +# Doxyfile 1.9.8 #--------------------------------------------------------------------------- # Project related configuration options @@ -10,9 +10,9 @@ PROJECT_BRIEF = "Public cryptsetup API" PROJECT_LOGO = OUTPUT_DIRECTORY = doxygen_api_docs CREATE_SUBDIRS = NO +CREATE_SUBDIRS_LEVEL = 8 ALLOW_UNICODE_NAMES = NO OUTPUT_LANGUAGE = English -OUTPUT_TEXT_DIRECTION = None BRIEF_MEMBER_DESC = YES REPEAT_BRIEF = YES ABBREVIATE_BRIEF = @@ -39,6 +39,7 @@ OPTIMIZE_OUTPUT_SLICE = NO EXTENSION_MAPPING = MARKDOWN_SUPPORT = YES TOC_INCLUDE_HEADINGS = 5 +MARKDOWN_ID_STYLE = DOXYGEN AUTOLINK_SUPPORT = YES BUILTIN_STL_SUPPORT = NO CPP_CLI_SUPPORT = NO @@ -52,6 +53,7 @@ INLINE_SIMPLE_STRUCTS = NO TYPEDEF_HIDES_STRUCT = YES LOOKUP_CACHE_SIZE = 0 NUM_PROC_THREADS = 1 +TIMESTAMP = NO #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- @@ -72,6 +74,7 @@ INTERNAL_DOCS = NO CASE_SENSE_NAMES = YES HIDE_SCOPE_NAMES = NO HIDE_COMPOUND_REFERENCE= NO +SHOW_HEADERFILE = YES SHOW_INCLUDE_FILES = YES SHOW_GROUPED_MEMB_INC = NO FORCE_LOCAL_INCLUDES = NO @@ -101,9 +104,12 @@ QUIET = NO WARNINGS = YES WARN_IF_UNDOCUMENTED = YES WARN_IF_DOC_ERROR = YES +WARN_IF_INCOMPLETE_DOC = YES WARN_NO_PARAMDOC = NO +WARN_IF_UNDOC_ENUM_VAL = NO WARN_AS_ERROR = NO WARN_FORMAT = "$file:$line: $text" +WARN_LINE_FORMAT = "at line $line of file $file" WARN_LOGFILE = #--------------------------------------------------------------------------- # Configuration options related to the input files @@ -111,6 +117,7 @@ WARN_LOGFILE = INPUT = doxygen_index.h \ ../lib/libcryptsetup.h INPUT_ENCODING = UTF-8 +INPUT_FILE_ENCODING = FILE_PATTERNS = RECURSIVE = NO EXCLUDE = @@ -126,6 +133,7 @@ FILTER_PATTERNS = FILTER_SOURCE_FILES = NO FILTER_SOURCE_PATTERNS = USE_MDFILE_AS_MAINPAGE = +FORTRAN_COMMENT_AFTER = 72 #--------------------------------------------------------------------------- # Configuration options related to source browsing #--------------------------------------------------------------------------- @@ -158,15 +166,17 @@ HTML_FOOTER = HTML_STYLESHEET = HTML_EXTRA_STYLESHEET = HTML_EXTRA_FILES = +HTML_COLORSTYLE = AUTO_LIGHT HTML_COLORSTYLE_HUE = 220 HTML_COLORSTYLE_SAT = 100 HTML_COLORSTYLE_GAMMA = 80 -HTML_TIMESTAMP = YES HTML_DYNAMIC_MENUS = YES HTML_DYNAMIC_SECTIONS = NO +HTML_CODE_FOLDING = YES HTML_INDEX_NUM_ENTRIES = 100 GENERATE_DOCSET = NO DOCSET_FEEDNAME = "Doxygen generated docs" +DOCSET_FEEDURL = DOCSET_BUNDLE_ID = org.doxygen.Project DOCSET_PUBLISHER_ID = org.doxygen.Publisher DOCSET_PUBLISHER_NAME = Publisher @@ -177,6 +187,7 @@ GENERATE_CHI = NO CHM_INDEX_ENCODING = BINARY_TOC = NO TOC_EXPAND = NO +SITEMAP_URL = GENERATE_QHP = NO QCH_FILE = QHP_NAMESPACE = org.doxygen.Project @@ -189,14 +200,16 @@ GENERATE_ECLIPSEHELP = NO ECLIPSE_DOC_ID = org.doxygen.Project DISABLE_INDEX = NO GENERATE_TREEVIEW = NO +FULL_SIDEBAR = NO ENUM_VALUES_PER_LINE = 4 TREEVIEW_WIDTH = 250 EXT_LINKS_IN_WINDOW = NO +OBFUSCATE_EMAILS = YES HTML_FORMULA_FORMAT = png FORMULA_FONTSIZE = 10 -FORMULA_TRANSPARENT = YES FORMULA_MACROFILE = USE_MATHJAX = NO +MATHJAX_VERSION = MathJax_2 MATHJAX_FORMAT = HTML-CSS MATHJAX_RELPATH = http://www.mathjax.org/mathjax MATHJAX_EXTENSIONS = @@ -227,9 +240,7 @@ PDF_HYPERLINKS = YES USE_PDFLATEX = YES LATEX_BATCHMODE = NO LATEX_HIDE_INDICES = NO -LATEX_SOURCE_CODE = NO LATEX_BIB_STYLE = plain -LATEX_TIMESTAMP = NO LATEX_EMOJI_DIRECTORY = #--------------------------------------------------------------------------- # Configuration options related to the RTF output @@ -240,7 +251,6 @@ COMPACT_RTF = NO RTF_HYPERLINKS = NO RTF_STYLESHEET_FILE = RTF_EXTENSIONS_FILE = -RTF_SOURCE_CODE = NO #--------------------------------------------------------------------------- # Configuration options related to the man page output #--------------------------------------------------------------------------- @@ -261,12 +271,17 @@ XML_NS_MEMB_FILE_SCOPE = NO #--------------------------------------------------------------------------- GENERATE_DOCBOOK = NO DOCBOOK_OUTPUT = docbook -DOCBOOK_PROGRAMLISTING = NO #--------------------------------------------------------------------------- # Configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- +# Configuration options related to Sqlite3 output +#--------------------------------------------------------------------------- +GENERATE_SQLITE3 = NO +SQLITE3_OUTPUT = sqlite3 +SQLITE3_RECREATE_DB = YES +#--------------------------------------------------------------------------- # Configuration options related to the Perl module output #--------------------------------------------------------------------------- GENERATE_PERLMOD = NO @@ -294,15 +309,14 @@ ALLEXTERNALS = NO EXTERNAL_GROUPS = YES EXTERNAL_PAGES = YES #--------------------------------------------------------------------------- -# Configuration options related to the dot tool +# Configuration options related to diagram generator tools #--------------------------------------------------------------------------- -CLASS_DIAGRAMS = YES -DIA_PATH = HIDE_UNDOC_RELATIONS = YES HAVE_DOT = NO DOT_NUM_THREADS = 0 -DOT_FONTNAME = Helvetica -DOT_FONTSIZE = 10 +DOT_COMMON_ATTR = "fontname=Helvetica,fontsize=10" +DOT_EDGE_ATTR = "labelfontname=Helvetica,labelfontsize=10" +DOT_NODE_ATTR = "shape=box,height=0.2,width=0.4" DOT_FONTPATH = CLASS_GRAPH = YES COLLABORATION_GRAPH = YES @@ -318,18 +332,20 @@ CALL_GRAPH = NO CALLER_GRAPH = NO GRAPHICAL_HIERARCHY = YES DIRECTORY_GRAPH = YES +DIR_GRAPH_MAX_DEPTH = 1 DOT_IMAGE_FORMAT = png INTERACTIVE_SVG = NO DOT_PATH = DOTFILE_DIRS = -MSCFILE_DIRS = +DIA_PATH = DIAFILE_DIRS = PLANTUML_JAR_PATH = PLANTUML_CFG_FILE = PLANTUML_INCLUDE_PATH = DOT_GRAPH_MAX_NODES = 50 MAX_DOT_GRAPH_DEPTH = 0 -DOT_TRANSPARENT = NO DOT_MULTI_TARGETS = NO GENERATE_LEGEND = YES DOT_CLEANUP = YES +MSCGEN_TOOL = +MSCFILE_DIRS = diff --git a/docs/examples/crypt_log_usage.c b/docs/examples/crypt_log_usage.c index 3d08c34..4d4cb92 100644 --- a/docs/examples/crypt_log_usage.c +++ b/docs/examples/crypt_log_usage.c @@ -1,7 +1,7 @@ /* * libcryptsetup API log example * - * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/docs/examples/crypt_luks_usage.c b/docs/examples/crypt_luks_usage.c index d7779bd..b690378 100644 --- a/docs/examples/crypt_luks_usage.c +++ b/docs/examples/crypt_luks_usage.c @@ -1,7 +1,7 @@ /* * libcryptsetup API - using LUKS device example * - * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/docs/on-disk-format-luks2.pdf b/docs/on-disk-format-luks2.pdf Binary files differindex d89bcef..e5a8f05 100644 --- a/docs/on-disk-format-luks2.pdf +++ b/docs/on-disk-format-luks2.pdf diff --git a/docs/v2.7.0-ReleaseNotes b/docs/v2.7.0-ReleaseNotes new file mode 100644 index 0000000..6af199b --- /dev/null +++ b/docs/v2.7.0-ReleaseNotes @@ -0,0 +1,437 @@ +Cryptsetup 2.7.0 Release Notes +============================== +Stable release with new features and bug fixes. + +Changes since version 2.6.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Introduce support for hardware OPAL disk encryption. + + Some SATA and NVMe devices support hardware encryption through OPAL2 + TCG interface (SEDs - self-encrypting drives). Using hardware disk + encryption is controversial as you must trust proprietary hardware. + + On the other side, using both software and hardware encryption + layers increases the security margin by adding an additional layer + of protection. There is usually no performance drop if OPAL encryption + is used (the drive always operates with full throughput), and it does + not add any utilization to the main CPU. + + LUKS2 now supports hardware encryption through the Linux kernel + SED OPAL interface (CONFIG_BLK_SED_OPAL Linux kernel option must be + enabled). Cryptsetup OPAL is never enabled by default; you have to use + luksFormat parameters to use it. OPAL support can be disabled during + the build phase with --disable-hw-opal configure option. + + LUKS2 OPAL encryption is configured the same way as software encryption + - it stores metadata in the LUKS2 header and activates encryption for + the data area on the disk (configured OPAL locking range). + LUKS2 header metadata must always be visible (thus not encrypted). + The key stored in LUKS2 keyslots contains two parts - volume key + for software (dm-crypt) encryption and unlocking key for OPAL. + OPAL unlocking key is independent of the dm-crypt volume key and is + always 256 bits long. Cryptsetup does not support full drive OPAL + encryption; only a specific locking range is always used. + + If the OPAL device is in its initial factory state (after factory + reset), cryptsetup needs to configure the OPAL admin user and password. + If the OPAL admin user is already set, the OPAL password must be + provided during luksFormat. + The provided password is needed only to configure or reset the OPAL + locking range; LUKS device activation requires LUKS passphrase only. + LUKS passphrase should be different from OPAL password (OPAL admin user + is configured inside OPAL hardware while LUKS unlocking passphrase + unlocks LUKS keyslot). + + OPAL encryption can be used in combination with software (dm-crypt) + encryption (--hw-opal option) or without the software layer + (--hw-opal-only option). + You can see the configured segment parameters in the luksDump command. + LUKS2 devices with OPAL segments set a new requirement flag in + the LUKS2 header to prevent older cryptsetup metadata manipulation. + Do not use hardware-only encryption if you do not fully trust your + hardware vendor. + + Compatibility notes: + - Linux kernel SED interface does NOT work through USB external + adapters due to the missing compatibility layer in Linux USB storage + drivers (even if USB hardware itself can support OPAL commands). + - other TCG security subsystems like Ruby or Pyrite are not + supported. Note that many drives support only Pyrite subsystem that + does NOT encrypt data (it provides only authentication). + - compatibility among OPAL-enabled drives is often very problematic, + specifically for older drives. Many drives have bugs in the firmware + that make the Linux kernel interface unusable. + - if you forget the OPAL admin password, the only way to recover is + the full drive factory reset through the PSID key (usually printed + on the drive itself) that wipes all data on the drive (not only the + LUKS area). + - cryptsetup reencryption is not supported for LUKS2 OPAL-enabled + devices + - most OPAL drives use AES-XTS cipher mode (older drives can use + AES-CBC). This information is not available through kernel SED API. + - locked OPAL locking ranges return IO errors while reading; this + can produce a lot of scary messages in the log if some tools (like + blkid) try to read the locked area. + + Examples: + + * Formatting the drive + Use --hw-opal with luksFormat (or --hw-opal-only for hardware only + encryption): + + # cryptsetup luksFormat --hw-opal <device> + Enter passphrase for <device>: *** + Enter OPAL Admin password: *** + + * Check configuration with luksDump. + Note "hw-opal-crypt" segment that uses both dm-crypt and OPAL + encryption - keyslot stores 768 bits key (512 sw + 256 bits OPAL key). + + # cryptsetup luksDump <device> + LUKS header information + Version: 2 + ... + Data segments: + 0: hw-opal-crypt + offset: 16777216 [bytes] + length: ... [bytes] + cipher: aes-xts-plain64 + sector: 512 [bytes] + HW OPAL encryption: + OPAL segment number: 1 + OPAL key: 256 bits + OPAL segment length: ... [bytes] + Keyslots: + 0: luks2 + Key: 768 bits + ... + + For devices with OPAL encryption ONLY (only 256 bits OPAL unlocking + key is stored): + LUKS header information + Version: 2 + ... + + Data segments: + 0: hw-opal + offset: 16777216 [bytes] + length: ... [bytes] + cipher: (no SW encryption) + HW OPAL encryption: + OPAL segment number: 1 + OPAL key: 256 bits + OPAL segment length: ... [bytes] + Keyslots: + 0: luks2 + Key: 256 bits + ... + + * Activation and deactivation (open, close, luksSuspend, luksResume) + with OPAL works the same as for the LUKS2 device. + + * Erase LUKS metadata (keyslots) and remove OPAL locking range: + # cryptsetup luksErase <device> + Enter OPAL Admin password: *** + + The LUKS header is destroyed (unlike in normal LUKS luksErase) as + data are no longer accessible even with previous volume key knowledge. + + * Factory reset OPAL drive (if you do not know the Admin password). + You need the PSID (physical presence security ID), which is usually + printed on the device label. Note this will reset the device to + factory state, erasing all data on it (not only LUKS). + + # cryptsetup luksErase --hw-opal-factory-reset <device> + Enter OPAL PSID: *** + +* plain mode: Set default cipher to aes-xts-plain64 and password hashing + to sha256. + + NOTE: this is a backward incompatible change for plain mode (if you + rely on defaults). It is not relevant for LUKS devices. + + The default plain encryption mode was CBC for a long time, with many + performance problems. Using XTS mode aligns it with LUKS defaults. + + The hash algorithm for plain mode was ripemd160, which is considered + deprecated, so the new default is sha256. + + The default key size remains 256 bits (it means using AES-128 as XTS + requires two keys). + + Always specify cipher, hash, and key size for plain mode (or even + better, use LUKS as it stores all options in its metadata on disk). + As we need to upgrade algorithms from time to time because of security + reasons, cryptsetup now warns users to specify these options explicitly + in the open cryptsetup command if plain mode is used. + Cryptsetup does not block using any legacy encryption type; just it + must be specified explicitly on the cryptsetup command line. + + You can configure these defaults during build time if you need to + enforce backward compatibility. + To get the backward-compatible setting, use: + --with-plain-hash=ripemd160 --with-plain-cipher=aes + --with-plain-mode=cbc-essiv:sha256 + + Compiled-in defaults are visible in cryptsetup --help output. + +* Allow activation (open), luksResume, and luksAddKey to use the volume + key stored in a keyring. +* Allow to store volume key to a user-specified keyring in open and + luksResume commands. + + These options are intended to be used for integration with other + systems for automation. + + Users can now use the volume key (not passphrase) stored in arbitrary + kernel keyring and directly use it in particular cryptsetup commands + with --volume-key-keyring option. The keyring can use various policies + (set outside of the cryptsetup scope, for example, by keyctl). + + The --volume-key-keyring option takes a key description in + keyctl-compatible syntax and can either be a numeric key ID or + a string name in the format [%<key type>:]<key name>. + The default key type is "user". + + To store the volume key in a keyring, you can use cryptsetup with + --link-vk-to-keyring option that is available for open and luksResume + cryptsetup command. The option argument has a more complex format: + <keyring_description>::<key_description>. + The <keyring_description> contains the existing kernel keyring + description (numeric id or keyctl format). The <keyring_description> + may be optionally prefixed with "%:" or "%keyring:". The string "::" is + a delimiter that separates keyring and key descriptions. + The <key_description> has the same syntax as used in the + --volume-key-keyring option. + + Example: + + Open the device and store the volume key to the keyring: + # cryptsetup open <device> --link-vk-to-keyring "@s::%user:testkey" tst + + Add keyslot using the stored key in a keyring: + # cryptsetup luksAddKey <device> --volume-key-keyring "%user:testkey" + +* Do not flush IO operations if resize grows the device. + This can help performance in specific cases where the encrypted device + is extended automatically while running many IO operations. + +* Use only half of detected free memory for Argon2 PBKDF on systems + without swap (for LUKS2 new keyslot or format operations). + + This should avoid out-of-memory crashes on low-memory systems without + swap. The benchmark for memory-hard KDF during format is tricky, and + it seems that relying on the maximum half of physical memory is not + enough; relying on free memory should bring the needed security margin + while still using Argon2. + There is no change for systems with active swap. + Note, for very-low memory-constrained systems, a user should avoid + memory-hard PBKDF completely (manually select legacy PBKDF2 instead + of Argon2); cryptsetup does not change PBKDF automatically. + +* Add the possibility to specify a directory for external LUKS2 token + handlers (plugins). + + Use --external-tokens-path parameter in cryptsetup or + crypt_token_set_external_path API call. The parameter is required to be + an absolute path, and it is set per process context. This parameter is + intended mainly for testing and developing new tokens. + +* Do not allow reencryption/decryption on LUKS2 devices with + authenticated encryption or hardware (OPAL) encryption. + + The operation fails later anyway; cryptsetup now detects incompatible + parameters early. + +* Do not fail LUKS format if the operation was interrupted on subsequent + device wipe. + + Device wipe (used with authenticated encryption) is an optional + operation and can be interrupted; not yet wiped part of the device will + only report integrity errors (until overwritten with new data). + +* Fix the LUKS2 keyslot option to be used while activating the device + by a token. + + It can also be used to check if a specific token (--token-id) can + unlock a specific keyslot (--key-slot option) when --test-passphrase + option is specified. + +* Properly report if the dm-verity device cannot be activated due to + the inability to verify the signed root hash (ENOKEY). + +* Fix to check passphrase for selected keyslot only when adding + new keyslot. + + If the user specifies the exact keyslot to unlock, cryptsetup no longer + checks other keyslots. + +* Fix to not wipe the keyslot area before in-place overwrite. + + If the LUKS2 keyslot area has to be overwritten (due to lack of free + space for keyslot swap), cryptsetup does not wipe the affected area as + the first step (it will be overwritten later anyway). + Previously, there was an unnecessary risk of losing the keyslot data + if the code crashed before adding the new keyslot. + + If there is enough space in the keyslot area, cryptsetup never + overwrites the older keyslot before the new one is written correctly + (even if the keyslot number remains the same). + +* bitlk: Fix segfaults when attempting to verify the volume key. + + Also, clarify that verifying the volume key is impossible without + providing a passphrase or recovery key. + +* Add --disable-blkid command line option to avoid blkid device check. + +* Add support for the meson build system. + + All basic operations are supported (compile, test, and dist) with some + minor exceptions; please see the meson manual for more info. + + The Meson build system will completely replace autotools in some future + major release. Both autotools and meson build systems are supported, + and the release archive is built with autotools. + +* Fix wipe operation that overwrites the whole device if used for LUKS2 + header with no keyslot area. + + Formatting a LUKS2 device with no defined keyslots area is a very + specific operation, and the code now properly recognizes such + configuration. + +* Fix luksErase to work with detached LUKS header. + +* Disallow the use of internal kernel crypto driver names in "capi" + specification. + + The common way to specify cipher mode in cryptsetup is to use + cipher-mode-iv notation (like aes-xts-plain64). + With the introduction of authenticated ciphers, we also allow + "capi:<spec>" notation that is directly used by dm-crypt + (e.g., capi:xts(aes)-plain64). + + CAPI specification was never intended to be used directly in the LUKS + header; unfortunately, the code allowed it until now. + Devices with CAPI specification in metadata can no longer be activated; + header repair is required. + + CAPI specification could allow attackers to change the cipher + specification to enforce loading some specific kernel crypto driver + (for example, load driver with known side-channel issues). + This can be problematic, specifically in a cloud environment + (modifying LUKS2 metadata in container image). + + Thanks to Jan Wichelmann, Luca Wilke, and Thomas Eisenbarth from + University of Luebeck for noticing the problems with this code. + +* Fix reencryption to fail early for unknown cipher. + +* tcrypt: Support new Blake2 hash for VeraCrypt. + + VeraCrypt introduces support for Blake2 PRF for PBKDF2; also support it + in cryptsetup compatible tcrypt format. + +* tcrypt: use hash values as substring for limiting KDF check. + + This allows the user to specify --hash sha or --hash blake2 to limit + the KDF scan without the need to specify the full algorithm name + (similar to cipher where we already use substring match). + +* Add Aria cipher support and block size info. + + Aria cipher is similar to AES and is supported in Linux kernel crypto + API in recent releases. + It can be now used also for LUKS keyslot encryption. + +* Do not decrease PBKDF parameters if the user forces them. + + If a user explicitly specifies PBKDF parameters (like iterations, + used memory, or threads), do not limit them, even if it can cause + resource exhaustion. + The force options were mostly used for decreasing parameters, but it + should work even opposite - despite the fact it can mean an + out-of-memory crash. + + The only limits are hard limits per the PBKDF algorithm. + +* Support OpenSSL 3.2 Argon2 implementation. + + Argon2 is now available directly in OpenSSL, so the code no longer + needs to use libargon implementation. + Configure script should detect this automatically. + +* Add support for Argon2 from libgcrypt + (requires yet unreleased gcrypt 1.11). + + Argon2 has been available since version 1.10, but we need version 1.11, + which will allow empty passwords. + +* Used Argon2 PBKDF implementation is now reported in debug mode + in the cryptographic backend version. For native support in + OpenSSL 3.2 or libgcrypt 1.11, "argon2" is displayed. + If libargon2 is used, "cryptsetup libargon2" (for embedded + library) or "external libargon2" is displayed. + +* Link only libcrypto from OpenSSL. + + This reduces dependencies as other OpenSSL libraries are not needed. + +* Disable reencryption for Direct-Access (DAX) devices. + + Linux kernel device-mapper cannot stack DAX/non-DAX devices in + the mapping table, so online reencryption cannot work. Detect DAX + devices and warn users during LUKS format. Also, DAX or persistent + memory devices do not provide atomic sector updates; any single + modification can corrupt the whole encryption block. + +* Print a warning message if the device is not aligned to sector size. + + If a partition is resized after format, activation could fail when + the device is not multiple of a sector size. Print at least a warning + here, as the activation error message is visible only in kernel syslog. + +* Fix sector size and integrity fields display for non-LUKS2 crypt + devices for the status command. + +* Fix suspend for LUKS2 with authenticated encryption (also suspend + dm-integrity device underneath). + + This should stop the dm-integrity device from issuing journal updates + and possibly corrupt data if the user also tries to modify the + underlying device. + +* Update keyring and locking documentation and LUKS2 specification + for OPAL2 support. + +Libcryptsetup API extensions +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +The libcryptsetup API is backward compatible for all existing symbols. + +New symbols: + crypt_activate_by_keyslot_context + crypt_format_luks2_opal + crypt_get_hw_encryption_type + crypt_get_hw_encryption_key_size + crypt_keyslot_context_init_by_keyring + crypt_keyslot_context_init_by_vk_in_keyring + crypt_keyslot_context_init_by_signed_key + crypt_resume_by_keyslot_context + crypt_token_set_external_path + crypt_set_keyring_to_link + crypt_wipe_hw_opal + +New defines (hw encryption status): + CRYPT_SW_ONLY + CRYPT_OPAL_HW_ONLY + CRYPT_SW_AND_OPAL_HW + +New keyslot context types: + CRYPT_KC_TYPE_KEYRING + CRYPT_KC_TYPE_VK_KEYRING + CRYPT_KC_TYPE_SIGNED_KEY + +New requirement flag: + CRYPT_REQUIREMENT_OPAL diff --git a/lib/Makemodule.am b/lib/Makemodule.am index 2e60a90..ae5fab9 100644 --- a/lib/Makemodule.am +++ b/lib/Makemodule.am @@ -103,6 +103,8 @@ libcryptsetup_la_SOURCES = \ lib/luks2/luks2_token.c \ lib/luks2/luks2_internal.h \ lib/luks2/luks2.h \ + lib/luks2/hw_opal/hw_opal.c \ + lib/luks2/hw_opal/hw_opal.h \ lib/utils_blkid.c \ lib/utils_blkid.h \ lib/bitlk/bitlk.h \ diff --git a/lib/bitlk/bitlk.c b/lib/bitlk/bitlk.c index de7bcea..ae533e5 100644 --- a/lib/bitlk/bitlk.c +++ b/lib/bitlk/bitlk.c @@ -1,9 +1,9 @@ /* * BITLK (BitLocker-compatible) volume handling * - * Copyright (C) 2019-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2019-2023 Milan Broz - * Copyright (C) 2019-2023 Vojtech Trefny + * Copyright (C) 2019-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2019-2024 Milan Broz + * Copyright (C) 2019-2024 Vojtech Trefny * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -735,6 +735,7 @@ int BITLK_dump(struct crypt_device *cd, struct device *device, struct bitlk_meta { struct volume_key *vk_p; struct bitlk_vmk *vmk_p; + char time[32]; int next_id = 0; int i = 0; @@ -743,7 +744,8 @@ int BITLK_dump(struct crypt_device *cd, struct device *device, struct bitlk_meta log_std(cd, "GUID: \t%s\n", params->guid); log_std(cd, "Sector size: \t%u [bytes]\n", params->sector_size); log_std(cd, "Volume size: \t%" PRIu64 " [bytes]\n", params->volume_size); - log_std(cd, "Created: \t%s", ctime((time_t *)&(params->creation_time))); + if (ctime_r((time_t *)¶ms->creation_time, time)) + log_std(cd, "Created: \t%s", time); log_std(cd, "Description: \t%s\n", params->description); log_std(cd, "Cipher name: \t%s\n", params->cipher); log_std(cd, "Cipher mode: \t%s\n", params->cipher_mode); @@ -982,8 +984,7 @@ static int get_startup_key(struct crypt_device *cd, } } -static int bitlk_kdf(struct crypt_device *cd, - const char *password, +static int bitlk_kdf(const char *password, size_t passwordLen, bool recovery, const uint8_t *salt, @@ -1120,7 +1121,7 @@ int BITLK_get_volume_key(struct crypt_device *cd, next_vmk = params->vmks; while (next_vmk) { if (next_vmk->protection == BITLK_PROTECTION_PASSPHRASE) { - r = bitlk_kdf(cd, password, passwordLen, false, next_vmk->salt, &vmk_dec_key); + r = bitlk_kdf(password, passwordLen, false, next_vmk->salt, &vmk_dec_key); if (r) { /* something wrong happened, but we still want to check other key slots */ next_vmk = next_vmk->next; @@ -1140,7 +1141,7 @@ int BITLK_get_volume_key(struct crypt_device *cd, continue; } log_dbg(cd, "Trying to use given password as a recovery key."); - r = bitlk_kdf(cd, recovery_key->key, recovery_key->keylength, + r = bitlk_kdf(recovery_key->key, recovery_key->keylength, true, next_vmk->salt, &vmk_dec_key); crypt_free_volume_key(recovery_key); if (r) diff --git a/lib/bitlk/bitlk.h b/lib/bitlk/bitlk.h index 54d3dc7..7eb7321 100644 --- a/lib/bitlk/bitlk.h +++ b/lib/bitlk/bitlk.h @@ -1,9 +1,9 @@ /* * BITLK (BitLocker-compatible) header definition * - * Copyright (C) 2019-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2019-2023 Milan Broz - * Copyright (C) 2019-2023 Vojtech Trefny + * Copyright (C) 2019-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2019-2024 Milan Broz + * Copyright (C) 2019-2024 Vojtech Trefny * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/crypt_plain.c b/lib/crypt_plain.c index c839b09..99155e8 100644 --- a/lib/crypt_plain.c +++ b/lib/crypt_plain.c @@ -2,8 +2,8 @@ * cryptsetup plain device helper functions * * Copyright (C) 2004 Jana Saout <jana@saout.de> - * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2023 Milan Broz + * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/crypto_backend/argon2/meson.build b/lib/crypto_backend/argon2/meson.build new file mode 100644 index 0000000..bb68516 --- /dev/null +++ b/lib/crypto_backend/argon2/meson.build @@ -0,0 +1,28 @@ +libargon2_sources = files( + 'blake2/blake2b.c', + 'argon2.c', + 'core.c', + 'encoding.c', + 'thread.c', +) + +if use_internal_sse_argon2 + libargon2_sources += files( + 'opt.c', + ) +else + libargon2_sources += files( + 'ref.c', + ) +endif + +libargon2 = static_library('argon2', + libargon2_sources, + override_options : ['c_std=c89', 'optimization=3'], + build_by_default : false, + include_directories: include_directories( + 'blake2', + ), + dependencies : [ + threads, + ]) diff --git a/lib/crypto_backend/argon2_generic.c b/lib/crypto_backend/argon2_generic.c index 0ce67da..eca575b 100644 --- a/lib/crypto_backend/argon2_generic.c +++ b/lib/crypto_backend/argon2_generic.c @@ -1,8 +1,8 @@ /* * Argon2 PBKDF2 library wrapper * - * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2023 Milan Broz + * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -29,14 +29,12 @@ #define CONST_CAST(x) (x)(uintptr_t) +#if USE_INTERNAL_ARGON2 || HAVE_ARGON2_H int argon2(const char *type, const char *password, size_t password_length, const char *salt, size_t salt_length, char *key, size_t key_length, uint32_t iterations, uint32_t memory, uint32_t parallel) { -#if !USE_INTERNAL_ARGON2 && !HAVE_ARGON2_H - return -EINVAL; -#else argon2_type atype; argon2_context context = { .flags = ARGON2_DEFAULT_FLAGS, @@ -54,6 +52,9 @@ int argon2(const char *type, const char *password, size_t password_length, }; int r; + /* This code must not be run if crypt backend library natively supports Argon2 */ + assert(!(crypt_backend_flags() & CRYPT_BACKEND_ARGON2)); + if (!strcmp(type, "argon2i")) atype = Argon2_i; else if(!strcmp(type, "argon2id")) @@ -75,5 +76,33 @@ int argon2(const char *type, const char *password, size_t password_length, } return r; +} + +#else /* USE_INTERNAL_ARGON2 || HAVE_ARGON2_H */ +#pragma GCC diagnostic ignored "-Wunused-parameter" + +int argon2(const char *type, const char *password, size_t password_length, + const char *salt, size_t salt_length, + char *key, size_t key_length, + uint32_t iterations, uint32_t memory, uint32_t parallel) +{ + return -EINVAL; +} + +#endif + +/* Additional string for crypt backend version */ +const char *crypt_argon2_version(void) +{ + const char *version = ""; + + if (crypt_backend_flags() & CRYPT_BACKEND_ARGON2) + return version; + +#if HAVE_ARGON2_H /* this has priority over internal argon2 */ + version = " [external libargon2]"; +#elif USE_INTERNAL_ARGON2 + version = " [cryptsetup libargon2]"; #endif + return version; } diff --git a/lib/crypto_backend/base64.c b/lib/crypto_backend/base64.c index 42f70cb..92e558a 100644 --- a/lib/crypto_backend/base64.c +++ b/lib/crypto_backend/base64.c @@ -4,7 +4,7 @@ * Copyright (C) 2010 Lennart Poettering * * cryptsetup related changes - * Copyright (C) 2021-2023 Milan Broz + * Copyright (C) 2021-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/crypto_backend/cipher_check.c b/lib/crypto_backend/cipher_check.c index 98ec1a5..25200a4 100644 --- a/lib/crypto_backend/cipher_check.c +++ b/lib/crypto_backend/cipher_check.c @@ -1,8 +1,8 @@ /* * Cipher performance check * - * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2023 Milan Broz + * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/crypto_backend/cipher_generic.c b/lib/crypto_backend/cipher_generic.c index b3a4407..746cfcf 100644 --- a/lib/crypto_backend/cipher_generic.c +++ b/lib/crypto_backend/cipher_generic.c @@ -1,8 +1,8 @@ /* * Linux kernel cipher generic utilities * - * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2023 Milan Broz + * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -51,6 +51,7 @@ static const struct cipher_alg cipher_algs[] = { { "xchacha12,aes", "adiantum", 32, false }, { "xchacha20,aes", "adiantum", 32, false }, { "sm4", NULL, 16, false }, + { "aria", NULL, 16, false }, { NULL, NULL, 0, false } }; diff --git a/lib/crypto_backend/crc32.c b/lib/crypto_backend/crc32.c index 9009b02..7a12a8e 100644 --- a/lib/crypto_backend/crc32.c +++ b/lib/crypto_backend/crc32.c @@ -158,7 +158,7 @@ static const uint32_t crc32c_tab[] = { * whatever they need. */ static uint32_t compute_crc32( - const uint32_t *crc32_tab, + const uint32_t *crc32_table, uint32_t seed, const unsigned char *buf, size_t len) @@ -167,7 +167,7 @@ static uint32_t compute_crc32( const unsigned char *p = buf; while(len-- > 0) - crc = crc32_tab[(crc ^ *p++) & 0xff] ^ (crc >> 8); + crc = crc32_table[(crc ^ *p++) & 0xff] ^ (crc >> 8); return crc; } diff --git a/lib/crypto_backend/crypto_backend.h b/lib/crypto_backend/crypto_backend.h index 88562e9..15ed745 100644 --- a/lib/crypto_backend/crypto_backend.h +++ b/lib/crypto_backend/crypto_backend.h @@ -1,8 +1,8 @@ /* * crypto backend implementation * - * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2023 Milan Broz + * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -43,9 +43,11 @@ void crypt_backend_destroy(void); #define CRYPT_BACKEND_KERNEL (1 << 0) /* Crypto uses kernel part, for benchmark */ #define CRYPT_BACKEND_PBKDF2_INT (1 << 1) /* Iteration in PBKDF2 is signed int and can overflow */ +#define CRYPT_BACKEND_ARGON2 (1 << 2) /* Backend provides native Argon2 implementation */ uint32_t crypt_backend_flags(void); const char *crypt_backend_version(void); +const char *crypt_argon2_version(void); /* HASH */ int crypt_hash_size(const char *name); diff --git a/lib/crypto_backend/crypto_backend_internal.h b/lib/crypto_backend/crypto_backend_internal.h index 9b1cc69..539f11a 100644 --- a/lib/crypto_backend/crypto_backend_internal.h +++ b/lib/crypto_backend/crypto_backend_internal.h @@ -1,8 +1,8 @@ /* * crypto backend implementation * - * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2023 Milan Broz + * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/crypto_backend/crypto_cipher_kernel.c b/lib/crypto_backend/crypto_cipher_kernel.c index 3460717..77b3643 100644 --- a/lib/crypto_backend/crypto_cipher_kernel.c +++ b/lib/crypto_backend/crypto_cipher_kernel.c @@ -1,8 +1,8 @@ /* * Linux kernel userspace API crypto backend implementation (skcipher) * - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2023 Milan Broz + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -109,6 +109,7 @@ int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name, } /* The in/out should be aligned to page boundary */ +/* coverity[ -taint_source : arg-3 ] */ static int _crypt_cipher_crypt(struct crypt_cipher_kernel *ctx, const char *in, size_t in_length, char *out, size_t out_length, @@ -312,6 +313,8 @@ int crypt_bitlk_decrypt_key_kernel(const void *key, size_t key_length, } #else /* ENABLE_AF_ALG */ +#pragma GCC diagnostic ignored "-Wunused-parameter" + int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name, const char *mode, const void *key, size_t key_length) { diff --git a/lib/crypto_backend/crypto_gcrypt.c b/lib/crypto_backend/crypto_gcrypt.c index e974aa8..8e3f14e 100644 --- a/lib/crypto_backend/crypto_gcrypt.c +++ b/lib/crypto_backend/crypto_gcrypt.c @@ -1,8 +1,8 @@ /* * GCRYPT crypto backend implementation * - * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2023 Milan Broz + * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -23,6 +23,7 @@ #include <stdio.h> #include <errno.h> #include <gcrypt.h> +#include <pthread.h> #include "crypto_backend_internal.h" static int crypto_backend_initialised = 0; @@ -126,10 +127,11 @@ int crypt_backend_init(bool fips __attribute__((unused))) crypto_backend_initialised = 1; crypt_hash_test_whirlpool_bug(); - r = snprintf(version, sizeof(version), "gcrypt %s%s%s", + r = snprintf(version, sizeof(version), "gcrypt %s%s%s%s", gcry_check_version(NULL), crypto_backend_secmem ? "" : ", secmem disabled", - crypto_backend_whirlpool_bug > 0 ? ", flawed whirlpool" : ""); + crypto_backend_whirlpool_bug > 0 ? ", flawed whirlpool" : "", + crypt_backend_flags() & CRYPT_BACKEND_ARGON2 ? ", argon2" : ""); if (r < 0 || (size_t)r >= sizeof(version)) return -EINVAL; @@ -151,7 +153,11 @@ const char *crypt_backend_version(void) uint32_t crypt_backend_flags(void) { - return 0; + uint32_t flags = 0; +#if HAVE_DECL_GCRY_KDF_ARGON2 && !USE_INTERNAL_ARGON2 + flags |= CRYPT_BACKEND_ARGON2; +#endif + return flags; } static const char *crypt_hash_compat_name(const char *name, unsigned int *flags) @@ -266,7 +272,6 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) void crypt_hash_destroy(struct crypt_hash *ctx) { gcry_md_close(ctx->hd); - memset(ctx, 0, sizeof(*ctx)); free(ctx); } @@ -341,7 +346,6 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) void crypt_hmac_destroy(struct crypt_hmac *ctx) { gcry_md_close(ctx->hd); - memset(ctx, 0, sizeof(*ctx)); free(ctx); } @@ -386,6 +390,130 @@ static int pbkdf2(const char *hash, #endif /* USE_INTERNAL_PBKDF2 */ } +#if HAVE_DECL_GCRY_KDF_ARGON2 && !USE_INTERNAL_ARGON2 +struct gcrypt_thread_job +{ + pthread_t thread; + struct job_thread_param { + gcry_kdf_job_fn_t job; + void *p; + } work; +}; + +struct gcrypt_threads +{ + pthread_attr_t attr; + unsigned int num_threads; + unsigned int max_threads; + struct gcrypt_thread_job *jobs_ctx; +}; + +static void *gcrypt_job_thread(void *p) +{ + struct job_thread_param *param = p; + param->job(param->p); + pthread_exit(NULL); +} + +static int gcrypt_wait_all_jobs(void *ctx) +{ + unsigned int i; + struct gcrypt_threads *threads = ctx; + + for (i = 0; i < threads->num_threads; i++) { + pthread_join(threads->jobs_ctx[i].thread, NULL); + threads->jobs_ctx[i].thread = 0; + } + + threads->num_threads = 0; + return 0; +} + +static int gcrypt_dispatch_job(void *ctx, gcry_kdf_job_fn_t job, void *p) +{ + struct gcrypt_threads *threads = ctx; + + if (threads->num_threads >= threads->max_threads) + return -1; + + threads->jobs_ctx[threads->num_threads].work.job = job; + threads->jobs_ctx[threads->num_threads].work.p = p; + + if (pthread_create(&threads->jobs_ctx[threads->num_threads].thread, &threads->attr, + gcrypt_job_thread, &threads->jobs_ctx[threads->num_threads].work)) + return -1; + + threads->num_threads++; + return 0; +} + +static int gcrypt_argon2(const char *type, + const char *password, size_t password_length, + const char *salt, size_t salt_length, + char *key, size_t key_length, + uint32_t iterations, uint32_t memory, uint32_t parallel) +{ + gcry_kdf_hd_t hd; + int atype, r = -EINVAL; + unsigned long param[4]; + struct gcrypt_threads threads = { + .max_threads = parallel, + .num_threads = 0 + }; + const gcry_kdf_thread_ops_t ops = { + .jobs_context = &threads, + .dispatch_job = gcrypt_dispatch_job, + .wait_all_jobs = gcrypt_wait_all_jobs + }; + + if (!strcmp(type, "argon2i")) + atype = GCRY_KDF_ARGON2I; + else if (!strcmp(type, "argon2id")) + atype = GCRY_KDF_ARGON2ID; + else + return -EINVAL; + + param[0] = key_length; + param[1] = iterations; + param[2] = memory; + param[3] = parallel; + + if (gcry_kdf_open(&hd, GCRY_KDF_ARGON2, atype, param, 4, + password, password_length, salt, salt_length, + NULL, 0, NULL, 0)) { + free(threads.jobs_ctx); + return -EINVAL; + } + + if (parallel == 1) { + /* Do not use threads here */ + if (gcry_kdf_compute(hd, NULL)) + goto out; + } else { + threads.jobs_ctx = calloc(threads.max_threads, + sizeof(struct gcrypt_thread_job)); + if (!threads.jobs_ctx) + goto out; + + if (pthread_attr_init(&threads.attr)) + goto out; + + if (gcry_kdf_compute(hd, &ops)) + goto out; + } + + if (gcry_kdf_final(hd, key_length, key)) + goto out; + r = 0; +out: + gcry_kdf_close(hd); + pthread_attr_destroy(&threads.attr); + free(threads.jobs_ctx); + + return r; +} +#endif + /* PBKDF */ int crypt_pbkdf(const char *kdf, const char *hash, const char *password, size_t password_length, @@ -400,8 +528,13 @@ int crypt_pbkdf(const char *kdf, const char *hash, return pbkdf2(hash, password, password_length, salt, salt_length, key, key_length, iterations); else if (!strncmp(kdf, "argon2", 6)) +#if HAVE_DECL_GCRY_KDF_ARGON2 && !USE_INTERNAL_ARGON2 + return gcrypt_argon2(kdf, password, password_length, salt, salt_length, + key, key_length, iterations, memory, parallel); +#else return argon2(kdf, password, password_length, salt, salt_length, key, key_length, iterations, memory, parallel); +#endif return -EINVAL; } @@ -565,6 +698,9 @@ bool crypt_fips_mode(void) if (fips_checked) return fips_mode; + if (crypt_backend_init(false /* ignored */)) + return false; + fips_mode = gcry_fips_mode_active(); fips_checked = true; diff --git a/lib/crypto_backend/crypto_kernel.c b/lib/crypto_backend/crypto_kernel.c index 8493c0a..be6051a 100644 --- a/lib/crypto_backend/crypto_kernel.c +++ b/lib/crypto_backend/crypto_kernel.c @@ -1,8 +1,8 @@ /* * Linux kernel userspace API crypto backend implementation * - * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2023 Milan Broz + * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -245,7 +245,6 @@ void crypt_hash_destroy(struct crypt_hash *ctx) close(ctx->tfmfd); if (ctx->opfd >= 0) close(ctx->opfd); - memset(ctx, 0, sizeof(*ctx)); free(ctx); } @@ -324,7 +323,6 @@ void crypt_hmac_destroy(struct crypt_hmac *ctx) close(ctx->tfmfd); if (ctx->opfd >= 0) close(ctx->opfd); - memset(ctx, 0, sizeof(*ctx)); free(ctx); } diff --git a/lib/crypto_backend/crypto_nettle.c b/lib/crypto_backend/crypto_nettle.c index 086e4fc..f08db74 100644 --- a/lib/crypto_backend/crypto_nettle.c +++ b/lib/crypto_backend/crypto_nettle.c @@ -1,8 +1,8 @@ /* * Nettle crypto backend implementation * - * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2011-2023 Milan Broz + * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/crypto_backend/crypto_nss.c b/lib/crypto_backend/crypto_nss.c index c154812..6b390a4 100644 --- a/lib/crypto_backend/crypto_nss.c +++ b/lib/crypto_backend/crypto_nss.c @@ -1,8 +1,8 @@ /* * NSS crypto backend implementation * - * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2023 Milan Broz + * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c index 607ec38..4e85384 100644 --- a/lib/crypto_backend/crypto_openssl.c +++ b/lib/crypto_backend/crypto_openssl.c @@ -1,8 +1,8 @@ /* * OPENSSL crypto backend implementation * - * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2023 Milan Broz + * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -44,9 +44,20 @@ static OSSL_PROVIDER *ossl_legacy = NULL; static OSSL_PROVIDER *ossl_default = NULL; static OSSL_LIB_CTX *ossl_ctx = NULL; static char backend_version[256] = "OpenSSL"; + +#define MAX_THREADS 8 +#if !HAVE_DECL_OSSL_GET_MAX_THREADS +static int OSSL_set_max_threads(OSSL_LIB_CTX *ctx __attribute__((unused)), + uint64_t max_threads __attribute__((unused))) { return 0; } +static uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx __attribute__((unused))) { return 0; } +#else +#include <openssl/thread.h> +#endif + #endif #define CONST_CAST(x) (x)(uintptr_t) +#define UNUSED(x) (void)(x) static int crypto_backend_initialised = 0; @@ -162,6 +173,7 @@ static int openssl_backend_init(bool fips) */ #if OPENSSL_VERSION_MAJOR >= 3 int r; + bool ossl_threads = false; /* * In FIPS mode we keep default OpenSSL context & global config @@ -181,16 +193,24 @@ static int openssl_backend_init(bool fips) ossl_legacy = OSSL_PROVIDER_try_load(ossl_ctx, "legacy", 0); } - r = snprintf(backend_version, sizeof(backend_version), "%s %s%s%s", + if (OSSL_set_max_threads(ossl_ctx, MAX_THREADS) == 1 && + OSSL_get_max_threads(ossl_ctx) == MAX_THREADS) + ossl_threads = true; + + r = snprintf(backend_version, sizeof(backend_version), "%s %s%s%s%s%s", OpenSSL_version(OPENSSL_VERSION), ossl_default ? "[default]" : "", ossl_legacy ? "[legacy]" : "", - fips ? "[fips]" : ""); + fips ? "[fips]" : "", + ossl_threads ? "[threads]" : "", + crypt_backend_flags() & CRYPT_BACKEND_ARGON2 ? "[argon2]" : ""); if (r < 0 || (size_t)r >= sizeof(backend_version)) { openssl_backend_exit(); return -EINVAL; } +#else + UNUSED(fips); #endif return 0; } @@ -232,11 +252,14 @@ void crypt_backend_destroy(void) uint32_t crypt_backend_flags(void) { -#if OPENSSL_VERSION_MAJOR >= 3 - return 0; -#else - return CRYPT_BACKEND_PBKDF2_INT; + uint32_t flags = 0; +#if OPENSSL_VERSION_MAJOR < 3 + flags |= CRYPT_BACKEND_PBKDF2_INT; +#endif +#if HAVE_DECL_OSSL_KDF_PARAM_ARGON2_VERSION + flags |= CRYPT_BACKEND_ARGON2; #endif + return flags; } const char *crypt_backend_version(void) @@ -281,6 +304,8 @@ static void hash_id_free(const EVP_MD *hash_id) { #if OPENSSL_VERSION_MAJOR >= 3 EVP_MD_free(CONST_CAST(EVP_MD*)hash_id); +#else + UNUSED(hash_id); #endif } @@ -297,6 +322,8 @@ static void cipher_type_free(const EVP_CIPHER *cipher_type) { #if OPENSSL_VERSION_MAJOR >= 3 EVP_CIPHER_free(CONST_CAST(EVP_CIPHER*)cipher_type); +#else + UNUSED(cipher_type); #endif } @@ -391,7 +418,6 @@ void crypt_hash_destroy(struct crypt_hash *ctx) { hash_id_free(ctx->hash_id); EVP_MD_CTX_free(ctx->md); - memset(ctx, 0, sizeof(*ctx)); free(ctx); } @@ -527,7 +553,6 @@ void crypt_hmac_destroy(struct crypt_hmac *ctx) hash_id_free(ctx->hash_id); HMAC_CTX_free(ctx->md); #endif - memset(ctx, 0, sizeof(*ctx)); free(ctx); } @@ -593,8 +618,53 @@ static int openssl_argon2(const char *type, const char *password, size_t passwor const char *salt, size_t salt_length, char *key, size_t key_length, uint32_t iterations, uint32_t memory, uint32_t parallel) { +#if HAVE_DECL_OSSL_KDF_PARAM_ARGON2_VERSION + EVP_KDF_CTX *ctx; + EVP_KDF *argon2; + unsigned int threads = parallel; + int r; + OSSL_PARAM params[] = { + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PASSWORD, + CONST_CAST(void*)password, password_length), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, + CONST_CAST(void*)salt, salt_length), + OSSL_PARAM_uint32(OSSL_KDF_PARAM_ITER, &iterations), + OSSL_PARAM_uint(OSSL_KDF_PARAM_THREADS, &threads), + OSSL_PARAM_uint32(OSSL_KDF_PARAM_ARGON2_LANES, ¶llel), + OSSL_PARAM_uint32(OSSL_KDF_PARAM_ARGON2_MEMCOST, &memory), + OSSL_PARAM_END + }; + + if (OSSL_get_max_threads(ossl_ctx) == 0) + threads = 1; + + argon2 = EVP_KDF_fetch(ossl_ctx, type, NULL); + if (!argon2) + return -EINVAL; + + ctx = EVP_KDF_CTX_new(argon2); + if (!ctx) { + EVP_KDF_free(argon2); + return -EINVAL;; + } + + if (EVP_KDF_CTX_set_params(ctx, params) != 1) { + EVP_KDF_CTX_free(ctx); + EVP_KDF_free(argon2); + return -EINVAL; + } + + r = EVP_KDF_derive(ctx, (unsigned char*)key, key_length, NULL /*params*/); + + EVP_KDF_CTX_free(ctx); + EVP_KDF_free(argon2); + + /* _derive() returns 0 or negative value on error, 1 on success */ + return r == 1 ? 0 : -EINVAL; +#else return argon2(type, password, password_length, salt, salt_length, key, key_length, iterations, memory, parallel); +#endif } /* PBKDF */ diff --git a/lib/crypto_backend/crypto_storage.c b/lib/crypto_backend/crypto_storage.c index 13479dd..6c8f991 100644 --- a/lib/crypto_backend/crypto_storage.c +++ b/lib/crypto_backend/crypto_storage.c @@ -2,7 +2,7 @@ * Generic wrapper for storage encryption modes and Initial Vectors * (reimplementation of some functions from Linux dm-crypt kernel) * - * Copyright (C) 2014-2023 Milan Broz + * Copyright (C) 2014-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/crypto_backend/meson.build b/lib/crypto_backend/meson.build new file mode 100644 index 0000000..d6c31fd --- /dev/null +++ b/lib/crypto_backend/meson.build @@ -0,0 +1,40 @@ +if use_internal_argon2 + subdir('argon2') +endif + +libcrypto_backend_dependencies = [ + crypto_backend_library, + clock_gettime, +] +libcrypto_backend_link_with = [] + +libcrypto_backend_sources = files( + 'argon2_generic.c', + 'base64.c', + 'cipher_check.c', + 'cipher_generic.c', + 'crc32.c', + 'crypto_cipher_kernel.c', + 'crypto_storage.c', + 'pbkdf_check.c', + 'utf8.c', +) + +crypto_backend = get_option('crypto-backend') +libcrypto_backend_sources += files('crypto_@0@.c'.format(crypto_backend)) + +if use_internal_pbkdf2 + libcrypto_backend_sources += files('pbkdf2_generic.c') +endif + +if use_internal_argon2 and get_option('argon-implementation') == 'internal' + libcrypto_backend_link_with += libargon2 +elif get_option('argon-implementation') == 'libargon2' + libcrypto_backend_dependencies += libargon2_external +endif + +libcrypto_backend = static_library('crypto_backend', + libcrypto_backend_sources, + include_directories: includes_lib, + dependencies: libcrypto_backend_dependencies, + link_with: libcrypto_backend_link_with) diff --git a/lib/crypto_backend/pbkdf2_generic.c b/lib/crypto_backend/pbkdf2_generic.c index 9e87e19..f7fe5bc 100644 --- a/lib/crypto_backend/pbkdf2_generic.c +++ b/lib/crypto_backend/pbkdf2_generic.c @@ -4,8 +4,8 @@ * Copyright (C) 2004 Free Software Foundation * * cryptsetup related changes - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2023 Milan Broz + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/crypto_backend/pbkdf_check.c b/lib/crypto_backend/pbkdf_check.c index 53a2da9..54d6a34 100644 --- a/lib/crypto_backend/pbkdf_check.c +++ b/lib/crypto_backend/pbkdf_check.c @@ -1,7 +1,7 @@ /* * PBKDF performance check - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2023 Milan Broz + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Milan Broz * Copyright (C) 2016-2020 Ondrej Mosnacek * * This file is free software; you can redistribute it and/or diff --git a/lib/crypto_backend/utf8.c b/lib/crypto_backend/utf8.c index 24e0d8d..c13e953 100644 --- a/lib/crypto_backend/utf8.c +++ b/lib/crypto_backend/utf8.c @@ -4,7 +4,7 @@ * Copyright (C) 2010 Lennart Poettering * * cryptsetup related changes - * Copyright (C) 2021-2023 Vojtech Trefny + * Copyright (C) 2021-2024 Vojtech Trefny * Parts of the original systemd implementation are based on the GLIB utf8 * validation functions. diff --git a/lib/integrity/integrity.c b/lib/integrity/integrity.c index aeadc82..ac2f0d0 100644 --- a/lib/integrity/integrity.c +++ b/lib/integrity/integrity.c @@ -1,7 +1,7 @@ /* * Integrity volume handling * - * Copyright (C) 2016-2023 Milan Broz + * Copyright (C) 2016-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -335,13 +335,62 @@ int INTEGRITY_activate(struct crypt_device *cd, return r; } +static int _create_reduced_device(struct crypt_device *cd, + const char *name, + uint64_t device_size_sectors, + struct device **ret_device) +{ + int r; + char path[PATH_MAX]; + struct device *dev; + + struct crypt_dm_active_device dmd = { + .size = device_size_sectors, + .flags = CRYPT_ACTIVATE_PRIVATE, + }; + + assert(cd); + assert(name); + assert(device_size_sectors); + assert(ret_device); + + r = snprintf(path, sizeof(path), "%s/%s", dm_get_dir(), name); + if (r < 0 || (size_t)r >= sizeof(path)) + return -EINVAL; + + r = device_block_adjust(cd, crypt_data_device(cd), DEV_OK, + crypt_get_data_offset(cd), &device_size_sectors, &dmd.flags); + if (r) + return r; + + log_dbg(cd, "Activating reduced helper device %s.", name); + + r = dm_linear_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), crypt_get_data_offset(cd)); + if (!r) + r = dm_create_device(cd, name, CRYPT_SUBDEV, &dmd); + dm_targets_free(cd, &dmd); + if (r < 0) + return r; + + r = device_alloc(cd, &dev, path); + if (!r) { + *ret_device = dev; + return 0; + } + + dm_remove_device(cd, name, CRYPT_DEACTIVATE_FORCE); + + return r; +} + int INTEGRITY_format(struct crypt_device *cd, const struct crypt_params_integrity *params, struct volume_key *journal_crypt_key, - struct volume_key *journal_mac_key) + struct volume_key *journal_mac_key, + uint64_t backing_device_sectors) { uint32_t dmi_flags; - char tmp_name[64], tmp_uuid[40]; + char reduced_device_name[70], tmp_name[64], tmp_uuid[40]; struct crypt_dm_active_device dmdi = { .size = 8, .flags = CRYPT_ACTIVATE_PRIVATE, /* We always create journal but it can be unused later */ @@ -349,6 +398,8 @@ int INTEGRITY_format(struct crypt_device *cd, struct dm_target *tgt = &dmdi.segment; int r; uuid_t tmp_uuid_bin; + uint64_t data_offset_sectors; + struct device *p_metadata_device, *p_data_device, *reduced_device = NULL; struct volume_key *vk = NULL; uuid_generate(tmp_uuid_bin); @@ -358,18 +409,42 @@ int INTEGRITY_format(struct crypt_device *cd, if (r < 0 || (size_t)r >= sizeof(tmp_name)) return -EINVAL; + p_metadata_device = INTEGRITY_metadata_device(cd); + + if (backing_device_sectors) { + r = snprintf(reduced_device_name, sizeof(reduced_device_name), + "temporary-cryptsetup-reduced-%s", tmp_uuid); + if (r < 0 || (size_t)r >= sizeof(reduced_device_name)) + return -EINVAL; + + /* + * Creates reduced dm-linear mapping over data device starting at + * crypt_data_offset(cd) and backing_device_sectors in size. + */ + r = _create_reduced_device(cd, reduced_device_name, + backing_device_sectors, &reduced_device); + if (r < 0) + return r; + + data_offset_sectors = 0; + p_data_device = reduced_device; + if (p_metadata_device == crypt_data_device(cd)) + p_metadata_device = reduced_device; + } else { + data_offset_sectors = crypt_get_data_offset(cd); + p_data_device = crypt_data_device(cd); + } + /* There is no data area, we can actually use fake zeroed key */ if (params && params->integrity_key_size) vk = crypt_alloc_volume_key(params->integrity_key_size, NULL); - r = dm_integrity_target_set(cd, tgt, 0, dmdi.size, INTEGRITY_metadata_device(cd), - crypt_data_device(cd), crypt_get_integrity_tag_size(cd), - crypt_get_data_offset(cd), crypt_get_sector_size(cd), vk, + r = dm_integrity_target_set(cd, tgt, 0, dmdi.size, p_metadata_device, + p_data_device, crypt_get_integrity_tag_size(cd), + data_offset_sectors, crypt_get_sector_size(cd), vk, journal_crypt_key, journal_mac_key, params); - if (r < 0) { - crypt_free_volume_key(vk); - return r; - } + if (r < 0) + goto err; log_dbg(cd, "Trying to format INTEGRITY device on top of %s, tmp name %s, tag size %d.", device_path(tgt->data_device), tmp_name, tgt->u.integrity.tag_size); @@ -379,24 +454,26 @@ int INTEGRITY_format(struct crypt_device *cd, log_err(cd, _("Kernel does not support dm-integrity mapping.")); r = -ENOTSUP; } - if (r) { - dm_targets_free(cd, &dmdi); - return r; - } + if (r) + goto err; if (tgt->u.integrity.meta_device) { r = device_block_adjust(cd, tgt->u.integrity.meta_device, DEV_EXCL, 0, NULL, NULL); - if (r) { - dm_targets_free(cd, &dmdi); - return r; - } + if (r) + goto err; } r = dm_create_device(cd, tmp_name, CRYPT_INTEGRITY, &dmdi); - crypt_free_volume_key(vk); - dm_targets_free(cd, &dmdi); if (r) - return r; + goto err; - return dm_remove_device(cd, tmp_name, CRYPT_DEACTIVATE_FORCE); + r = dm_remove_device(cd, tmp_name, CRYPT_DEACTIVATE_FORCE); +err: + dm_targets_free(cd, &dmdi); + crypt_free_volume_key(vk); + if (reduced_device) { + dm_remove_device(cd, reduced_device_name, CRYPT_DEACTIVATE_FORCE); + device_free(cd, reduced_device); + } + return r; } diff --git a/lib/integrity/integrity.h b/lib/integrity/integrity.h index 2883ef8..55c7148 100644 --- a/lib/integrity/integrity.h +++ b/lib/integrity/integrity.h @@ -1,7 +1,7 @@ /* * Integrity header definition * - * Copyright (C) 2016-2023 Milan Broz + * Copyright (C) 2016-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -75,7 +75,8 @@ int INTEGRITY_hash_tag_size(const char *integrity); int INTEGRITY_format(struct crypt_device *cd, const struct crypt_params_integrity *params, struct volume_key *journal_crypt_key, - struct volume_key *journal_mac_key); + struct volume_key *journal_mac_key, + uint64_t backing_device_sectors); int INTEGRITY_activate(struct crypt_device *cd, const char *name, diff --git a/lib/internal.h b/lib/internal.h index b5cb4e3..3a0d6e6 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -53,6 +53,7 @@ #define MAX_DM_DEPS 32 #define CRYPT_SUBDEV "SUBDEV" /* prefix for sublayered devices underneath public crypt types */ +#define CRYPT_LUKS2_HW_OPAL "LUKS2-OPAL" /* dm uuid prefix used for any HW OPAL enabled LUKS2 device */ #ifndef O_CLOEXEC #define O_CLOEXEC 0 @@ -89,6 +90,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd, struct crypt_pbkdf_type *pbkdf, size_t volume_key_size); const char *crypt_get_cipher_spec(struct crypt_device *cd); +uint32_t pbkdf_adjusted_phys_memory_kb(void); /* Device backend */ struct device; @@ -113,6 +115,7 @@ void device_release_excl(struct crypt_device *cd, struct device *device); void device_disable_direct_io(struct device *device); int device_is_identical(struct device *device1, struct device *device2); int device_is_rotational(struct device *device); +int device_is_dax(struct device *device); size_t device_alignment(struct device *device); int device_direct_io(const struct device *device); int device_fallocate(struct device *device, uint64_t size); @@ -153,21 +156,31 @@ int create_or_reload_device_with_integrity(struct crypt_device *cd, const char * struct device *crypt_metadata_device(struct crypt_device *cd); struct device *crypt_data_device(struct crypt_device *cd); +uint64_t crypt_get_metadata_size_bytes(struct crypt_device *cd); +uint64_t crypt_get_keyslots_size_bytes(struct crypt_device *cd); +uint64_t crypt_get_data_offset_sectors(struct crypt_device *cd); +int crypt_opal_supported(struct crypt_device *cd, struct device *opal_device); + int crypt_confirm(struct crypt_device *cd, const char *msg); char *crypt_lookup_dev(const char *dev_id); int crypt_dev_is_rotational(int major, int minor); +int crypt_dev_is_dax(int major, int minor); int crypt_dev_is_partition(const char *dev_path); char *crypt_get_partition_device(const char *dev_path, uint64_t offset, uint64_t size); +int crypt_dev_get_partition_number(const char *dev_path); char *crypt_get_base_device(const char *dev_path); uint64_t crypt_dev_partition_offset(const char *dev_path); int lookup_by_disk_id(const char *dm_uuid); int lookup_by_sysfs_uuid_field(const char *dm_uuid); int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid); +int crypt_uuid_type_cmp(const char *dm_uuid, const char *type); size_t crypt_getpagesize(void); unsigned crypt_cpusonline(void); uint64_t crypt_getphysmemory_kb(void); +uint64_t crypt_getphysmemoryfree_kb(void); +bool crypt_swapavailable(void); int init_crypto(struct crypt_device *ctx); @@ -202,7 +215,7 @@ void crypt_set_luks2_reencrypt(struct crypt_device *cd, struct luks2_reencrypt * struct luks2_reencrypt *crypt_get_luks2_reencrypt(struct crypt_device *cd); int onlyLUKS2(struct crypt_device *cd); -int onlyLUKS2mask(struct crypt_device *cd, uint32_t mask); +int onlyLUKS2reencrypt(struct crypt_device *cd); int crypt_wipe_device(struct crypt_device *cd, struct device *device, @@ -221,6 +234,14 @@ int crypt_get_integrity_tag_size(struct crypt_device *cd); int crypt_key_in_keyring(struct crypt_device *cd); void crypt_set_key_in_keyring(struct crypt_device *cd, unsigned key_in_keyring); int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key *vk); +int crypt_keyring_get_user_key(struct crypt_device *cd, + const char *key_description, + char **key, + size_t *key_size); +int crypt_keyring_get_key_by_name(struct crypt_device *cd, + const char *key_description, + char **key, + size_t *key_size); int crypt_use_keyring_for_vk(struct crypt_device *cd); void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *key_description, key_type_t ktype); void crypt_drop_keyring_key(struct crypt_device *cd, struct volume_key *vks); @@ -250,4 +271,8 @@ static inline bool uint64_mult_overflow(uint64_t *u, uint64_t b, size_t size) return false; } +#define KEY_NOT_VERIFIED -2 +#define KEY_EXTERNAL_VERIFICATION -1 +#define KEY_VERIFIED 0 + #endif /* INTERNAL_H */ diff --git a/lib/keyslot_context.c b/lib/keyslot_context.c index 89bd433..5860247 100644 --- a/lib/keyslot_context.c +++ b/lib/keyslot_context.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup, keyslot unlock helpers * - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2022-2023 Ondrej Kozina + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -173,7 +173,7 @@ static int get_luks1_volume_key_by_keyfile(struct crypt_device *cd, return r; } -static int get_key_by_key(struct crypt_device *cd, +static int get_key_by_key(struct crypt_device *cd __attribute__((unused)), struct crypt_keyslot_context *kc, int keyslot __attribute__((unused)), int segment __attribute__((unused)), @@ -204,19 +204,73 @@ static int get_volume_key_by_key(struct crypt_device *cd, return get_key_by_key(cd, kc, -2 /* unused */, -2 /* unused */, r_vk); } +static int get_generic_volume_key_by_key(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + struct volume_key **r_vk) +{ + return get_key_by_key(cd, kc, -2 /* unused */, -2 /* unused */, r_vk); +} + +static int get_generic_signed_key_by_key(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + struct volume_key **r_vk, + struct volume_key **r_signature) +{ + struct volume_key *vk, *vk_sig; + + assert(kc && ((kc->type == CRYPT_KC_TYPE_KEY) || + (kc->type == CRYPT_KC_TYPE_SIGNED_KEY))); + assert(r_vk); + assert(r_signature); + + /* return key with no signature */ + if (kc->type == CRYPT_KC_TYPE_KEY) { + *r_signature = NULL; + return get_key_by_key(cd, kc, -2 /* unused */, -2 /* unused */, r_vk); + } + + if (!kc->u.ks.volume_key || !kc->u.ks.signature) { + kc->error = -EINVAL; + return kc->error; + } + + vk = crypt_alloc_volume_key(kc->u.ks.volume_key_size, kc->u.ks.volume_key); + if (!vk) { + kc->error = -ENOMEM; + return kc->error; + } + + vk_sig = crypt_alloc_volume_key(kc->u.ks.signature_size, kc->u.ks.signature); + if (!vk_sig) { + crypt_free_volume_key(vk); + kc->error = -ENOMEM; + return kc->error; + } + + *r_vk = vk; + *r_signature = vk_sig; + + return 0; +} + static int get_luks2_key_by_token(struct crypt_device *cd, struct crypt_keyslot_context *kc, - int keyslot __attribute__((unused)), + int keyslot, int segment, struct volume_key **r_vk) { int r; + struct luks2_hdr *hdr; assert(cd); assert(kc && kc->type == CRYPT_KC_TYPE_TOKEN); assert(r_vk); - r = LUKS2_token_unlock_key(cd, crypt_get_hdr(cd, CRYPT_LUKS2), kc->u.t.id, kc->u.t.type, + hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + if (!hdr) + return -EINVAL; + + r = LUKS2_token_unlock_key(cd, hdr, keyslot, kc->u.t.id, kc->u.t.type, kc->u.t.pin, kc->u.t.pin_size, segment, kc->u.t.usrptr, r_vk); if (r < 0) kc->error = r; @@ -226,10 +280,10 @@ static int get_luks2_key_by_token(struct crypt_device *cd, static int get_luks2_volume_key_by_token(struct crypt_device *cd, struct crypt_keyslot_context *kc, - int keyslot __attribute__((unused)), + int keyslot, struct volume_key **r_vk) { - return get_luks2_key_by_token(cd, kc, -2 /* unused */, CRYPT_DEFAULT_SEGMENT, r_vk); + return get_luks2_key_by_token(cd, kc, keyslot, CRYPT_DEFAULT_SEGMENT, r_vk); } static int get_passphrase_by_token(struct crypt_device *cd, @@ -261,6 +315,136 @@ static int get_passphrase_by_token(struct crypt_device *cd, return kc->u.t.id; } +static int get_passphrase_by_keyring(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + const char **r_passphrase, + size_t *r_passphrase_size) +{ + int r; + + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_KEYRING); + assert(r_passphrase); + assert(r_passphrase_size); + + if (!kc->i_passphrase) { + r = crypt_keyring_get_user_key(cd, kc->u.kr.key_description, + &kc->i_passphrase, &kc->i_passphrase_size); + if (r < 0) { + log_err(cd, _("Failed to read passphrase from keyring.")); + kc->error = -EINVAL; + return -EINVAL; + } + } + + *r_passphrase = kc->i_passphrase; + *r_passphrase_size = kc->i_passphrase_size; + + return 0; +} + +static int get_luks2_key_by_keyring(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot, + int segment, + struct volume_key **r_vk) +{ + int r; + + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_KEYRING); + assert(r_vk); + + r = get_passphrase_by_keyring(cd, kc, CONST_CAST(const char **) &kc->i_passphrase, + &kc->i_passphrase_size); + if (r < 0) { + log_err(cd, _("Failed to read passphrase from keyring.")); + kc->error = -EINVAL; + return -EINVAL; + } + + r = LUKS2_keyslot_open(cd, keyslot, segment, kc->i_passphrase, kc->i_passphrase_size, r_vk); + if (r < 0) + kc->error = r; + + return 0; +} + +static int get_luks2_volume_key_by_keyring(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot, + struct volume_key **r_vk) +{ + return get_luks2_key_by_keyring(cd, kc, keyslot, CRYPT_DEFAULT_SEGMENT, r_vk); +} + +static int get_luks1_volume_key_by_keyring(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot, + struct volume_key **r_vk) +{ + int r; + + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_PASSPHRASE); + assert(r_vk); + + r = get_passphrase_by_keyring(cd, kc, CONST_CAST(const char **) &kc->i_passphrase, + &kc->i_passphrase_size); + if (r < 0) { + log_err(cd, _("Failed to read passphrase from keyring.")); + kc->error = -EINVAL; + return -EINVAL; + } + + r = LUKS_open_key_with_hdr(keyslot, kc->i_passphrase, kc->i_passphrase_size, + crypt_get_hdr(cd, CRYPT_LUKS1), r_vk, cd); + if (r < 0) + kc->error = r; + + return r; +} + +static int get_key_by_vk_in_keyring(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot __attribute__((unused)), + int segment __attribute__((unused)), + struct volume_key **r_vk) +{ + char *key; + size_t key_size; + int r; + + assert(cd); + assert(kc && kc->type == CRYPT_KC_TYPE_VK_KEYRING); + assert(r_vk); + + r = crypt_keyring_get_key_by_name(cd, kc->u.vk_kr.key_description, + &key, &key_size); + if (r < 0) { + log_err(cd, _("Failed to read volume key candidate from keyring.")); + kc->error = -EINVAL; + return -EINVAL; + } + + *r_vk = crypt_alloc_volume_key(key_size, key); + crypt_safe_free(key); + if (!*r_vk) { + kc->error = -ENOMEM; + return kc->error; + } + + return 0; +} + +static int get_volume_key_by_vk_in_keyring(struct crypt_device *cd, + struct crypt_keyslot_context *kc, + int keyslot __attribute__((unused)), + struct volume_key **r_vk) +{ + return get_key_by_vk_in_keyring(cd, kc, -2 /* unused */, -2 /* unused */, r_vk); +} + static void unlock_method_init_internal(struct crypt_keyslot_context *kc) { assert(kc); @@ -270,6 +454,26 @@ static void unlock_method_init_internal(struct crypt_keyslot_context *kc) kc->i_passphrase_size = 0; } +void crypt_keyslot_unlock_by_keyring_internal(struct crypt_keyslot_context *kc, + const char *key_description) +{ + assert(kc); + + kc->type = CRYPT_KC_TYPE_KEYRING; + kc->u.kr.key_description = key_description; + + kc->get_luks2_key = get_luks2_key_by_keyring; + kc->get_luks2_volume_key = get_luks2_volume_key_by_keyring; + kc->get_luks1_volume_key = get_luks1_volume_key_by_keyring; + kc->get_passphrase = get_passphrase_by_keyring; + kc->get_plain_volume_key = NULL; + kc->get_bitlk_volume_key = NULL; + kc->get_fvault2_volume_key = NULL; + kc->get_verity_volume_key = NULL; + kc->get_integrity_volume_key = NULL; + unlock_method_init_internal(kc); +} + void crypt_keyslot_unlock_by_key_init_internal(struct crypt_keyslot_context *kc, const char *volume_key, size_t volume_key_size) @@ -283,6 +487,36 @@ void crypt_keyslot_unlock_by_key_init_internal(struct crypt_keyslot_context *kc, kc->get_luks2_volume_key = get_volume_key_by_key; kc->get_luks1_volume_key = get_volume_key_by_key; kc->get_passphrase = NULL; /* keyslot key context does not provide passphrase */ + kc->get_plain_volume_key = get_generic_volume_key_by_key; + kc->get_bitlk_volume_key = get_generic_volume_key_by_key; + kc->get_fvault2_volume_key = get_generic_volume_key_by_key; + kc->get_verity_volume_key = get_generic_signed_key_by_key; + kc->get_integrity_volume_key = get_generic_volume_key_by_key; + unlock_method_init_internal(kc); +} + +void crypt_keyslot_unlock_by_signed_key_init_internal(struct crypt_keyslot_context *kc, + const char *volume_key, + size_t volume_key_size, + const char *signature, + size_t signature_size) +{ + assert(kc); + + kc->type = CRYPT_KC_TYPE_SIGNED_KEY; + kc->u.ks.volume_key = volume_key; + kc->u.ks.volume_key_size = volume_key_size; + kc->u.ks.signature = signature; + kc->u.ks.signature_size = signature_size; + kc->get_luks2_key = NULL; + kc->get_luks2_volume_key = NULL; + kc->get_luks1_volume_key = NULL; + kc->get_passphrase = NULL; + kc->get_plain_volume_key = NULL; + kc->get_bitlk_volume_key = NULL; + kc->get_fvault2_volume_key = NULL; + kc->get_verity_volume_key = get_generic_signed_key_by_key; + kc->get_integrity_volume_key = NULL; unlock_method_init_internal(kc); } @@ -299,6 +533,11 @@ void crypt_keyslot_unlock_by_passphrase_init_internal(struct crypt_keyslot_conte kc->get_luks2_volume_key = get_luks2_volume_key_by_passphrase; kc->get_luks1_volume_key = get_luks1_volume_key_by_passphrase; kc->get_passphrase = get_passphrase_by_passphrase; + kc->get_plain_volume_key = NULL; + kc->get_bitlk_volume_key = NULL; + kc->get_fvault2_volume_key = NULL; + kc->get_verity_volume_key = NULL; + kc->get_integrity_volume_key = NULL; unlock_method_init_internal(kc); } @@ -317,6 +556,11 @@ void crypt_keyslot_unlock_by_keyfile_init_internal(struct crypt_keyslot_context kc->get_luks2_volume_key = get_luks2_volume_key_by_keyfile; kc->get_luks1_volume_key = get_luks1_volume_key_by_keyfile; kc->get_passphrase = get_passphrase_by_keyfile; + kc->get_plain_volume_key = NULL; + kc->get_bitlk_volume_key = NULL; + kc->get_fvault2_volume_key = NULL; + kc->get_verity_volume_key = NULL; + kc->get_integrity_volume_key = NULL; unlock_method_init_internal(kc); } @@ -339,9 +583,35 @@ void crypt_keyslot_unlock_by_token_init_internal(struct crypt_keyslot_context *k kc->get_luks2_volume_key = get_luks2_volume_key_by_token; kc->get_luks1_volume_key = NULL; /* LUKS1 is not supported */ kc->get_passphrase = get_passphrase_by_token; + kc->get_plain_volume_key = NULL; + kc->get_bitlk_volume_key = NULL; + kc->get_fvault2_volume_key = NULL; + kc->get_verity_volume_key = NULL; + kc->get_integrity_volume_key = NULL; unlock_method_init_internal(kc); } +void crypt_keyslot_unlock_by_vk_in_keyring_internal(struct crypt_keyslot_context *kc, + const char *key_description) +{ + assert(kc); + + kc->type = CRYPT_KC_TYPE_VK_KEYRING; + kc->u.vk_kr.key_description = key_description; + + kc->get_luks2_key = get_key_by_vk_in_keyring; + kc->get_luks2_volume_key = get_volume_key_by_vk_in_keyring; + kc->get_luks1_volume_key = NULL; + kc->get_passphrase = NULL; /* keyslot key context does not provide passphrase */ + kc->get_plain_volume_key = NULL; + kc->get_bitlk_volume_key = NULL; + kc->get_fvault2_volume_key = NULL; + kc->get_verity_volume_key = NULL; + kc->get_integrity_volume_key = NULL; + unlock_method_init_internal(kc); +} + + void crypt_keyslot_context_destroy_internal(struct crypt_keyslot_context *kc) { if (!kc) @@ -358,7 +628,7 @@ void crypt_keyslot_context_free(struct crypt_keyslot_context *kc) free(kc); } -int crypt_keyslot_context_init_by_passphrase(struct crypt_device *cd, +int crypt_keyslot_context_init_by_passphrase(struct crypt_device *cd __attribute__((unused)), const char *passphrase, size_t passphrase_size, struct crypt_keyslot_context **kc) @@ -379,7 +649,7 @@ int crypt_keyslot_context_init_by_passphrase(struct crypt_device *cd, return 0; } -int crypt_keyslot_context_init_by_keyfile(struct crypt_device *cd, +int crypt_keyslot_context_init_by_keyfile(struct crypt_device *cd __attribute__((unused)), const char *keyfile, size_t keyfile_size, uint64_t keyfile_offset, @@ -401,7 +671,7 @@ int crypt_keyslot_context_init_by_keyfile(struct crypt_device *cd, return 0; } -int crypt_keyslot_context_init_by_token(struct crypt_device *cd, +int crypt_keyslot_context_init_by_token(struct crypt_device *cd __attribute__((unused)), int token, const char *type, const char *pin, size_t pin_size, @@ -424,7 +694,7 @@ int crypt_keyslot_context_init_by_token(struct crypt_device *cd, return 0; } -int crypt_keyslot_context_init_by_volume_key(struct crypt_device *cd, +int crypt_keyslot_context_init_by_volume_key(struct crypt_device *cd __attribute__((unused)), const char *volume_key, size_t volume_key_size, struct crypt_keyslot_context **kc) @@ -445,12 +715,76 @@ int crypt_keyslot_context_init_by_volume_key(struct crypt_device *cd, return 0; } +int crypt_keyslot_context_init_by_signed_key(struct crypt_device *cd __attribute__((unused)), + const char *volume_key, + size_t volume_key_size, + const char *signature, + size_t signature_size, + struct crypt_keyslot_context **kc) +{ + struct crypt_keyslot_context *tmp; + + if (!kc) + return -EINVAL; + + tmp = malloc(sizeof(*tmp)); + if (!tmp) + return -ENOMEM; + + crypt_keyslot_unlock_by_signed_key_init_internal(tmp, volume_key, volume_key_size, + signature, signature_size); + + *kc = tmp; + + return 0; +} + +int crypt_keyslot_context_init_by_keyring(struct crypt_device *cd __attribute__((unused)), + const char *key_description, + struct crypt_keyslot_context **kc) +{ + struct crypt_keyslot_context *tmp; + + if (!kc) + return -EINVAL; + + tmp = malloc(sizeof(*tmp)); + if (!tmp) + return -ENOMEM; + + crypt_keyslot_unlock_by_keyring_internal(tmp, key_description); + + *kc = tmp; + + return 0; +} + +int crypt_keyslot_context_init_by_vk_in_keyring(struct crypt_device *cd __attribute__((unused)), + const char *key_description, + struct crypt_keyslot_context **kc) +{ + struct crypt_keyslot_context *tmp; + + if (!kc) + return -EINVAL; + + tmp = malloc(sizeof(*tmp)); + if (!tmp) + return -ENOMEM; + + crypt_keyslot_unlock_by_vk_in_keyring_internal(tmp, key_description); + + *kc = tmp; + + return 0; +} + int crypt_keyslot_context_get_error(struct crypt_keyslot_context *kc) { return kc ? kc->error : -EINVAL; } -int crypt_keyslot_context_set_pin(struct crypt_device *cd, +int crypt_keyslot_context_set_pin(struct crypt_device *cd __attribute__((unused)), const char *pin, size_t pin_size, struct crypt_keyslot_context *kc) { @@ -482,6 +816,12 @@ const char *keyslot_context_type_string(const struct crypt_keyslot_context *kc) return "token"; case CRYPT_KC_TYPE_KEY: return "key"; + case CRYPT_KC_TYPE_KEYRING: + return "keyring"; + case CRYPT_KC_TYPE_VK_KEYRING: + return "volume key in keyring"; + case CRYPT_KC_TYPE_SIGNED_KEY: + return "signed key"; default: return "<unknown>"; } diff --git a/lib/keyslot_context.h b/lib/keyslot_context.h index 7ca7428..fd15159 100644 --- a/lib/keyslot_context.h +++ b/lib/keyslot_context.h @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup, keyslot unlock helpers * - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2022-2023 Ondrej Kozina + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -40,6 +40,17 @@ typedef int (*keyslot_context_get_volume_key) ( int keyslot, struct volume_key **r_vk); +typedef int (*keyslot_context_get_generic_volume_key) ( + struct crypt_device *cd, + struct crypt_keyslot_context *kc, + struct volume_key **r_vk); + +typedef int (*keyslot_context_get_generic_signed_key) ( + struct crypt_device *cd, + struct crypt_keyslot_context *kc, + struct volume_key **r_vk, + struct volume_key **r_signature); + typedef int (*keyslot_context_get_passphrase) ( struct crypt_device *cd, struct crypt_keyslot_context *kc, @@ -71,6 +82,18 @@ struct crypt_keyslot_context { const char *volume_key; size_t volume_key_size; } k; + struct { + const char *volume_key; + size_t volume_key_size; + const char *signature; + size_t signature_size; + } ks; + struct { + const char *key_description; + } kr; + struct { + const char *key_description; + } vk_kr; } u; int error; @@ -78,10 +101,15 @@ struct crypt_keyslot_context { char *i_passphrase; size_t i_passphrase_size; - keyslot_context_get_key get_luks2_key; - keyslot_context_get_volume_key get_luks1_volume_key; - keyslot_context_get_volume_key get_luks2_volume_key; - keyslot_context_get_passphrase get_passphrase; + keyslot_context_get_key get_luks2_key; + keyslot_context_get_volume_key get_luks1_volume_key; + keyslot_context_get_volume_key get_luks2_volume_key; + keyslot_context_get_generic_volume_key get_plain_volume_key; + keyslot_context_get_generic_volume_key get_bitlk_volume_key; + keyslot_context_get_generic_volume_key get_fvault2_volume_key; + keyslot_context_get_generic_signed_key get_verity_volume_key; + keyslot_context_get_generic_volume_key get_integrity_volume_key; + keyslot_context_get_passphrase get_passphrase; }; void crypt_keyslot_context_destroy_internal(struct crypt_keyslot_context *method); @@ -90,6 +118,12 @@ void crypt_keyslot_unlock_by_key_init_internal(struct crypt_keyslot_context *kc, const char *volume_key, size_t volume_key_size); +void crypt_keyslot_unlock_by_signed_key_init_internal(struct crypt_keyslot_context *kc, + const char *volume_key, + size_t volume_key_size, + const char *signature, + size_t signature_size); + void crypt_keyslot_unlock_by_passphrase_init_internal(struct crypt_keyslot_context *kc, const char *passphrase, size_t passphrase_size); @@ -106,6 +140,12 @@ void crypt_keyslot_unlock_by_token_init_internal(struct crypt_keyslot_context *k size_t pin_size, void *usrptr); +void crypt_keyslot_unlock_by_keyring_internal(struct crypt_keyslot_context *kc, + const char *key_description); + +void crypt_keyslot_unlock_by_vk_in_keyring_internal(struct crypt_keyslot_context *kc, + const char *key_description); + const char *keyslot_context_type_string(const struct crypt_keyslot_context *kc); #endif /* KEYSLOT_CONTEXT_H */ diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index e899829..82d042f 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -273,7 +273,7 @@ struct crypt_pbkdf_type { /** Iteration time set by crypt_set_iteration_time(), for compatibility only. */ #define CRYPT_PBKDF_ITER_TIME_SET (UINT32_C(1) << 0) -/** Never run benchmarks, use pre-set value or defaults. */ +/** Never run benchmarks or limit by system resources, use pre-set values or defaults. */ #define CRYPT_PBKDF_NO_BENCHMARK (UINT32_C(1) << 1) /** PBKDF2 according to RFC2898, LUKS1 legacy */ @@ -451,6 +451,34 @@ const char *crypt_get_type(struct crypt_device *cd); const char *crypt_get_default_type(void); /** + * @defgroup crypt-hw-encryption-types HW encryption type + * @addtogroup crypt-hw-encryption-types + * @{ + */ +/** SW encryption, no OPAL encryption in place (default) */ +#define CRYPT_SW_ONLY INT16_C(0) +/** OPAL HW encryption only (no SW encryption!) */ +#define CRYPT_OPAL_HW_ONLY INT16_C(1) +/** SW encryption stacked over OPAL HW encryption */ +#define CRYPT_SW_AND_OPAL_HW INT16_C(2) +/** @} */ + +/** + * Get HW encryption type + * + * @return HW encryption type (see @link crypt-hw-encryption-types @endlink) + * or negative errno otherwise. + */ +int crypt_get_hw_encryption_type(struct crypt_device *cd); + +/** + * Get HW encryption (like OPAL) key size (in bytes) + * + * @return key size or 0 if no HW encryption is used. + */ +int crypt_get_hw_encryption_key_size(struct crypt_device *cd); + +/** * * Structure used as parameter for PLAIN device type. * @@ -609,6 +637,18 @@ struct crypt_params_luks2 { const char *label; /**< header label or @e NULL*/ const char *subsystem; /**< header subsystem label or @e NULL*/ }; + +/** + * Structure used as parameter for OPAL (HW encrypted) device type. + * + * @see crypt_format_luks2_opal + * + */ +struct crypt_params_hw_opal { + const char *admin_key; /**< admin key */ + size_t admin_key_size; /**< admin key size in bytes */ + size_t user_key_size; /**< user authority key size part in bytes */ +}; /** @} */ /** @@ -649,6 +689,34 @@ int crypt_format(struct crypt_device *cd, void *params); /** + * Create (format) new LUKS2 crypt device over HW OPAL device but do not activate it. + * + * @pre @e cd contains initialized and not formatted device context (device type must @b not be set) + * + * @param cd crypt device handle + * @param cipher for SW encryption (e.g. "aes") or NULL for HW encryption only + * @param cipher_mode including IV specification (e.g. "xts-plain") or NULL for HW encryption only + * @param uuid requested UUID or @e NULL if it should be generated + * @param volume_keys pre-generated volume keys or @e NULL if it should be generated (only for LUKS2 SW encryption) + * @param volume_keys_size size of volume keys in bytes (only for SW encryption). + * @param params LUKS2 crypt type specific parameters (see @link crypt-type @endlink) + * @param opal_params OPAL specific parameters + * + * @returns @e 0 on success or negative errno value otherwise. + * + * @note Note that crypt_format_luks2_opal does not create LUKS keyslot. + * To create keyslot call any crypt_keyslot_add_* function. + */ +int crypt_format_luks2_opal(struct crypt_device *cd, + const char *cipher, + const char *cipher_mode, + const char *uuid, + const char *volume_keys, + size_t volume_keys_size, + struct crypt_params_luks2 *params, + struct crypt_params_hw_opal *opal_params); + +/** * Set format compatibility flags. * * @param cd crypt device handle @@ -941,6 +1009,23 @@ int crypt_resume_by_token_pin(struct crypt_device *cd, const char *pin, size_t pin_size, void *usrptr); + +/** + * Resume crypt device using keyslot context. + * + * @param cd crypt device handle + * @param name name of device to resume + * @param keyslot requested keyslot to check or @e CRYPT_ANY_SLOT, keyslot is + * ignored for unlock methods not based on passphrase + * @param kc keyslot context providing volume key or passphrase. + * + * @return unlocked key slot number for passphrase-based unlock, zero for other + * unlock methods (e.g. volume key context) or negative errno on error. + */ +int crypt_resume_by_keyslot_context(struct crypt_device *cd, + const char *name, + int keyslot, + struct crypt_keyslot_context *kc); /** @} */ /** @@ -1099,7 +1184,7 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd, * @warning CRYPT_VOLUME_KEY_SET flag force updates volume key. It is @b not @b reencryption! * By doing so you will most probably destroy your ciphertext data device. It's supposed * to be used only in wrapped keys scheme for key refresh process where real (inner) volume - * key stays untouched. It may be involed on active @e keyslot which makes the (previously + * key stays untouched. It may be involved on active @e keyslot which makes the (previously * unbound) keyslot new regular keyslot. */ int crypt_keyslot_add_by_key(struct crypt_device *cd, @@ -1195,6 +1280,59 @@ int crypt_keyslot_context_init_by_volume_key(struct crypt_device *cd, struct crypt_keyslot_context **kc); /** + * Initialize keyslot context via signed key. + * + * @param cd crypt device handle initialized to device context + * + * @param volume_key provided volume key + * @param volume_key_size size of volume_key + * @param signature buffer with signature for the key + * @param signature_size bsize of signature buffer + * @param kc returns crypt keyslot context handle type CRYPT_KC_TYPE_SIGNED_KEY + * + * @return zero on success or negative errno otherwise. + * + * @note currently supported only with VERITY devices. + */ +int crypt_keyslot_context_init_by_signed_key(struct crypt_device *cd, + const char *volume_key, + size_t volume_key_size, + const char *signature, + size_t signature_size, + struct crypt_keyslot_context **kc); + +/** + * Initialize keyslot context via passphrase stored in a keyring. + * + * @param cd crypt device handle initialized to LUKS device context + * + * @param key_description kernel keyring key description library should look + * for passphrase in + * @param kc returns crypt keyslot context handle type CRYPT_KC_TYPE_KEYRING + * + * @return zero on success or negative errno otherwise. + */ +int crypt_keyslot_context_init_by_keyring(struct crypt_device *cd, + const char *key_description, + struct crypt_keyslot_context **kc); + +/** + * Initialize keyslot context via volume key stored in a keyring. + * + * @param cd crypt device handle initialized to LUKS device context + * + * @param key_description kernel keyring key description library should look + * for passphrase in. The key can be passed either as number in ASCII, + * or a text representation in the form "%<key_type>:<key_name>" + * @param kc returns crypt keyslot context handle type CRYPT_KC_TYPE_KEYRING + * + * @return zero on success or negative errno otherwise. + */ +int crypt_keyslot_context_init_by_vk_in_keyring(struct crypt_device *cd, + const char *key_description, + struct crypt_keyslot_context **kc); + +/** * Get error code per keyslot context from last failed call. * * @note If @link crypt_keyslot_add_by_keyslot_context @endlink passed with @@ -1225,7 +1363,7 @@ int crypt_keyslot_context_set_pin(struct crypt_device *cd, struct crypt_keyslot_context *kc); /** - * @defgroup crypt-keyslot-context-types Crypt keyslot context + * @defgroup crypt-keyslot-context-types Crypt keyslot context types * @addtogroup crypt-keyslot-context-types * @{ */ @@ -1237,6 +1375,16 @@ int crypt_keyslot_context_set_pin(struct crypt_device *cd, #define CRYPT_KC_TYPE_TOKEN INT16_C(3) /** keyslot context initialized by volume key or unbound key (@link crypt_keyslot_context_init_by_volume_key @endlink) */ #define CRYPT_KC_TYPE_KEY INT16_C(4) +/** keyslot context initialized by description of a keyring key + * (@link crypt_keyslot_context_init_by_keyring @endlink) + */ +#define CRYPT_KC_TYPE_KEYRING INT16_C(5) +/** keyslot context initialized by description of a keyring key containing the volume key + * (@link crypt_keyslot_context_init_by_vk_in_keyring @endlink) + */ +#define CRYPT_KC_TYPE_VK_KEYRING INT16_C(6) +/** keyslot context initialized by signed key (@link crypt_keyslot_context_init_by_signed_key @endlink) */ +#define CRYPT_KC_TYPE_SIGNED_KEY INT16_C(7) /** @} */ /** @@ -1281,7 +1429,7 @@ int crypt_keyslot_context_get_type(const struct crypt_keyslot_context *kc); * @warning CRYPT_VOLUME_KEY_SET flag force updates volume key. It is @b not @b reencryption! * By doing so you will most probably destroy your ciphertext data device. It's supposed * to be used only in wrapped keys scheme for key refresh process where real (inner) volume - * key stays untouched. It may be involed on active @e keyslot which makes the (previously + * key stays untouched. It may be involved on active @e keyslot which makes the (previously * unbound) keyslot new regular keyslot. */ int crypt_keyslot_add_by_keyslot_context(struct crypt_device *cd, @@ -1420,6 +1568,8 @@ uint64_t crypt_get_active_integrity_failures(struct crypt_device *cd, #define CRYPT_REQUIREMENT_OFFLINE_REENCRYPT (UINT32_C(1) << 0) /** Online reencryption in-progress */ #define CRYPT_REQUIREMENT_ONLINE_REENCRYPT (UINT32_C(1) << 1) +/** Device configured with OPAL support */ +#define CRYPT_REQUIREMENT_OPAL (UINT32_C(1) << 2) /** unknown requirement in header (output only) */ #define CRYPT_REQUIREMENT_UNKNOWN (UINT32_C(1) << 31) @@ -1474,6 +1624,39 @@ int crypt_persistent_flags_get(struct crypt_device *cd, */ /** + * Activate device or check using keyslot context. In some cases (device under + * reencryption), more than one keyslot context is required (e.g. one for the old + * volume key and one for the new volume key). The order of the keyslot + * contexts does not matter. When less keyslot contexts are supplied than + * required to unlock the device an -ESRCH error code is returned and you + * should call the function again with an additional keyslot context specified. + * + * NOTE: the API at the moment fully works for single keyslot context only, + * the additional keyslot context currently works only with + * @e CRYPT_KC_TYPE_VK_KEYRING or @e CRYPT_KC_TYPE_KEY contexts. + * + * @param cd crypt device handle + * @param name name of device to create, if @e NULL only check passphrase + * @param keyslot requested keyslot to check or @e CRYPT_ANY_SLOT, keyslot is + * ignored for unlock methods not based on passphrase + * @param kc keyslot context providing volume key or passphrase. + * @param additional_keyslot requested additional keyslot to check or @e CRYPT_ANY_SLOT + * @param additional_kc keyslot context providing additional volume key or + * passphrase (e.g. old volume key for device under reencryption). + * @param flags activation flags + * + * @return unlocked key slot number for passphrase-based unlock, zero for other + * unlock methods (e.g. volume key context) or negative errno on error. + */ +int crypt_activate_by_keyslot_context(struct crypt_device *cd, + const char *name, + int keyslot, + struct crypt_keyslot_context *kc, + int additional_keyslot, + struct crypt_keyslot_context *additional_kc, + uint32_t flags); + +/** * Activate device or check passphrase. * * @param cd crypt device handle @@ -1553,6 +1736,9 @@ int crypt_activate_by_keyfile(struct crypt_device *cd, * CRYPT_ACTIVATE_READONLY flag always. * @note For TCRYPT the volume key should be always NULL * the key from decrypted header is used instead. + * @note For BITLK the name cannot be @e NULL checking volume key is not + * supported for BITLK, the device will be activated even if the + * provided key is not correct. */ int crypt_activate_by_volume_key(struct crypt_device *cd, const char *name, @@ -2259,6 +2445,36 @@ int crypt_wipe(struct crypt_device *cd, /** Use direct-io */ #define CRYPT_WIPE_NO_DIRECT_IO (UINT32_C(1) << 0) + +enum { + CRYPT_LUKS2_SEGMENT = -2, + CRYPT_NO_SEGMENT = -1, +}; + +/** + * Safe erase of a partition or an entire OPAL device. WARNING: ALL DATA ON + * PARTITION/DISK WILL BE LOST. If the CRYPT_NO_SEGMENT is passed as the segment + * parameter, the entire device will be wiped, not just what is included in the + * LUKS2 device/partition. + * + * @param cd crypt device handle + * @param segment the segment number to wipe (0..8), or CRYPT_LUKS2_SEGMENT + * to wipe the segment configured in the LUKS2 header, or CRYPT_NO_SEGMENT + * to wipe the entire device via a factory reset. + * @param password admin password/PSID (for factory reset) to wipe the + * partition/device + * @param password_size length of password/PSID + * @param flags (currently unused) + * + * @return @e 0 on success or negative errno value otherwise. + */ +int crypt_wipe_hw_opal(struct crypt_device *cd, + int segment, /* 0..8, CRYPT_LUKS2_SEGMENT -2, CRYPT_NO_SEGMENT -1 */ + const char *password, /* Admin1 PIN or PSID */ + size_t password_size, + uint32_t flags /* currently unused */ +); + /** @} */ /** @@ -2567,6 +2783,17 @@ int crypt_token_register(const crypt_token_handler *handler); const char *crypt_token_external_path(void); /** + * Override configured external token handlers path for the library. + * + * @param path Absolute path (starts with '/') to new external token handlers directory or @e NULL. + * + * @note if @e path is @e NULL the external token path is reset to default path. + * + * @return @e 0 on success or negative errno value otherwise. + */ +int crypt_token_set_external_path(const char *path); + +/** * Disable external token handlers (plugins) support * If disabled, it cannot be enabled again. */ @@ -2875,6 +3102,55 @@ void crypt_safe_memzero(void *data, size_t size); /** @} */ +/** + * @defgroup crypt-keyring Kernel keyring manipulation + * @addtogroup crypt-keyring + * @{ + */ + +/** + * Link the volume key to the specified kernel keyring. + * + * The volume can have one or two keys. Normally, the device has one key. + * However if reencryption was started and not finished yet, the volume will + * have two volume keys (the new VK for the already reencrypted segment and old + * VK for the not yet reencrypted segment). + * + * The @e old_key_description argument is required only for + * devices that are in re-encryption and have two volume keys at the same time + * (old and new). You can set the @e old_key_description to NULL, + * but if you supply number of keys less than required, the function will + * return -ESRCH. In that case you need to call the function again and set + * the missing key description. When supplying just one key description, make + * sure to supply it in the @e key_description. + * + * @param cd crypt device handle + * @param key_description the key description of the volume key linked in desired keyring. + * @param old_key_description the key description of the old volume key linked in desired keyring + * (for devices in re-encryption). + * @param key_type_desc the key type used for the volume key. Currently only "user" and "logon" types are + * supported. if @e NULL is specified the default "user" type is applied. + * @param keyring_to_link_vk the keyring description of the keyring in which volume key should + * be linked, if @e NULL is specified, linking will be disabled. + * + * @note keyring_to_link_vk may be passed in various string formats: + * It can be kernel key numeric id of existing keyring written as a string, + * keyring name prefixed optionally be either "%:" or "%keyring:" substrings or keyctl + * special values for keyrings "@t", "@p", "@s" and so on. See keyctl(1) man page, + * section KEY IDENTIFIERS for more information. All other prefixes starting "%<type>:" + * are ignored. + * + * @note key_description "%<type>:" prefixes are ignored. Type is applied based on key_type parameter + * value. + */ +int crypt_set_keyring_to_link(struct crypt_device* cd, + const char* key_description, + const char* old_key_description, + const char* key_type_desc, + const char* keyring_to_link_vk); + +/** @} */ + #ifdef __cplusplus } #endif diff --git a/lib/libcryptsetup.sym b/lib/libcryptsetup.sym index d0f0d98..89d6468 100644 --- a/lib/libcryptsetup.sym +++ b/lib/libcryptsetup.sym @@ -165,3 +165,18 @@ CRYPTSETUP_2.6 { crypt_keyslot_add_by_keyslot_context; crypt_volume_key_get_by_keyslot_context; } CRYPTSETUP_2.5; + +CRYPTSETUP_2.7 { + global: + crypt_activate_by_keyslot_context; + crypt_format_luks2_opal; + crypt_get_hw_encryption_type; + crypt_get_hw_encryption_key_size; + crypt_keyslot_context_init_by_keyring; + crypt_keyslot_context_init_by_vk_in_keyring; + crypt_keyslot_context_init_by_signed_key; + crypt_resume_by_keyslot_context; + crypt_token_set_external_path; + crypt_set_keyring_to_link; + crypt_wipe_hw_opal; +} CRYPTSETUP_2.6; diff --git a/lib/libcryptsetup_macros.h b/lib/libcryptsetup_macros.h index 55187ab..89c1e10 100644 --- a/lib/libcryptsetup_macros.h +++ b/lib/libcryptsetup_macros.h @@ -1,8 +1,8 @@ /* * Definitions of common constant and generic macros of libcryptsetup * - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/libcryptsetup_symver.h b/lib/libcryptsetup_symver.h index a5aa8f9..3ea31bf 100644 --- a/lib/libcryptsetup_symver.h +++ b/lib/libcryptsetup_symver.h @@ -1,7 +1,7 @@ /* * Helpers for defining versioned symbols * - * Copyright (C) 2021-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2021-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c index 9c5fc0c..ebee542 100644 --- a/lib/libdevmapper.c +++ b/lib/libdevmapper.c @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -602,7 +602,8 @@ static char *get_dm_crypt_params(const struct dm_target *tgt, uint32_t flags) hexkey = crypt_safe_alloc(keystr_len); if (!hexkey) goto out; - r = snprintf(hexkey, keystr_len, ":%zu:logon:%s", tgt->u.crypt.vk->keylength, tgt->u.crypt.vk->key_description); + r = snprintf(hexkey, keystr_len, ":%zu:logon:%s", tgt->u.crypt.vk->keylength, + tgt->u.crypt.vk->key_description); if (r < 0 || r >= keystr_len) goto out; } else @@ -1330,7 +1331,15 @@ static int _dm_create_device(struct crypt_device *cd, const char *name, const ch goto out; if (!dm_task_run(dmt)) { - r = dm_status_device(cd, name);; + + r = -dm_task_get_errno(dmt); + if (r == -ENOKEY || r == -EKEYREVOKED || r == -EKEYEXPIRED) { + /* propagate DM errors around key management as such */ + r = -ENOKEY; + goto out; + } + + r = dm_status_device(cd, name); if (r >= 0) r = -EEXIST; if (r != -EEXIST && r != -ENODEV) @@ -1663,6 +1672,11 @@ int dm_create_device(struct crypt_device *cd, const char *name, log_err(cd, _("Requested sector_size option is not supported.")); r = -EINVAL; } + if (dmd->segment.u.crypt.sector_size > SECTOR_SIZE && + dmd->size % dmd->segment.u.crypt.sector_size) { + log_err(cd, _("The device size is not multiple of the requested sector size.")); + r = -EINVAL; + } } if (dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_RECALCULATE) && @@ -2829,7 +2843,7 @@ static int _process_deps(struct crypt_device *cd, const char *prefix, struct dm_ int dm_device_deps(struct crypt_device *cd, const char *name, const char *prefix, char **names, size_t names_length) { - struct dm_task *dmt; + struct dm_task *dmt = NULL; struct dm_info dmi; struct dm_deps *deps; int r = -EINVAL; @@ -2989,7 +3003,8 @@ int dm_resume_and_reinstate_key(struct crypt_device *cd, const char *name, } if (vk->key_description) { - r = snprintf(msg, msg_size, "key set :%zu:logon:%s", vk->keylength, vk->key_description); + r = snprintf(msg, msg_size, "key set :%zu:logon:%s", vk->keylength, + vk->key_description); } else { key = crypt_bytes_to_hex(vk->keylength, vk->key); if (!key) { @@ -3026,6 +3041,18 @@ const char *dm_get_dir(void) return dm_dir(); } +int dm_get_iname(const char *name, char **iname, bool with_path) +{ + int r; + + if (with_path) + r = asprintf(iname, "%s/%s_dif", dm_get_dir(), name); + else + r = asprintf(iname, "%s_dif", name); + + return r < 0 ? -ENOMEM : 0; +} + int dm_is_dm_device(int major) { return dm_is_dm_major((uint32_t)major); diff --git a/lib/loopaes/loopaes.c b/lib/loopaes/loopaes.c index 224d3d0..4ff4fc9 100644 --- a/lib/loopaes/loopaes.c +++ b/lib/loopaes/loopaes.c @@ -1,8 +1,8 @@ /* * loop-AES compatible volume handling * - * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2011-2023 Milan Broz + * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/loopaes/loopaes.h b/lib/loopaes/loopaes.h index a921694..fe9e71c 100644 --- a/lib/loopaes/loopaes.h +++ b/lib/loopaes/loopaes.h @@ -1,8 +1,8 @@ /* * loop-AES compatible volume handling * - * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2011-2023 Milan Broz + * Copyright (C) 2011-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/luks1/af.c b/lib/luks1/af.c index 76afeac..cafa468 100644 --- a/lib/luks1/af.c +++ b/lib/luks1/af.c @@ -2,7 +2,7 @@ * AFsplitter - Anti forensic information splitter * * Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. * * AFsplitter diffuses information over a large stripe of data, * therefore supporting secure data destruction. diff --git a/lib/luks1/af.h b/lib/luks1/af.h index 8a2bceb..efc1133 100644 --- a/lib/luks1/af.h +++ b/lib/luks1/af.h @@ -2,7 +2,7 @@ * AFsplitter - Anti forensic information splitter * * Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. * * AFsplitter diffuses information over a large stripe of data, * therefore supporting secure data destruction. diff --git a/lib/luks1/keyencryption.c b/lib/luks1/keyencryption.c index c1c8201..64fdf2d 100644 --- a/lib/luks1/keyencryption.c +++ b/lib/luks1/keyencryption.c @@ -2,8 +2,8 @@ * LUKS - Linux Unified Key Setup * * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c index fe49a00..24ab160 100644 --- a/lib/luks1/keymanage.c +++ b/lib/luks1/keymanage.c @@ -2,8 +2,8 @@ * LUKS - Linux Unified Key Setup * * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2013-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2013-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/luks1/luks.h b/lib/luks1/luks.h index 9c3f386..74cb7a7 100644 --- a/lib/luks1/luks.h +++ b/lib/luks1/luks.h @@ -2,7 +2,7 @@ * LUKS - Linux Unified Key Setup * * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/luks2/hw_opal/hw_opal.c b/lib/luks2/hw_opal/hw_opal.c new file mode 100644 index 0000000..31ef87e --- /dev/null +++ b/lib/luks2/hw_opal/hw_opal.c @@ -0,0 +1,1089 @@ +/* + * OPAL utilities + * + * Copyright (C) 2022-2023 Luca Boccassi <bluca@debian.org> + * 2023 Ondrej Kozina <okozina@redhat.com> + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <stdint.h> +#include <string.h> +#include <unistd.h> +#include <errno.h> +#include <assert.h> +#include <sys/ioctl.h> +#include <sys/types.h> +#include <sys/stat.h> +#ifdef HAVE_SYS_SYSMACROS_H +# include <sys/sysmacros.h> /* for major, minor */ +#endif + +#include "internal.h" +#include "libcryptsetup.h" +#include "luks2/hw_opal/hw_opal.h" +#include "utils_device_locking.h" + +#if HAVE_HW_OPAL + +#include <linux/sed-opal.h> + +/* Error codes are defined in the specification: + * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00 + * Section 5.1.5: Method Status Codes + * Names and values from table 166 */ +typedef enum OpalStatus { + OPAL_STATUS_SUCCESS, + OPAL_STATUS_NOT_AUTHORIZED, + OPAL_STATUS_OBSOLETE0, /* Undefined but possible return values are called 'obsolete' */ + OPAL_STATUS_SP_BUSY, + OPAL_STATUS_SP_FAILED, + OPAL_STATUS_SP_DISABLED, + OPAL_STATUS_SP_FROZEN, + OPAL_STATUS_NO_SESSIONS_AVAILABLE, + OPAL_STATUS_UNIQUENESS_CONFLICT, + OPAL_STATUS_INSUFFICIENT_SPACE, + OPAL_STATUS_INSUFFICIENT_ROWS, + OPAL_STATUS_INVALID_PARAMETER, + OPAL_STATUS_OBSOLETE1, + OPAL_STATUS_OBSOLETE2, + OPAL_STATUS_TPER_MALFUNCTION, + OPAL_STATUS_TRANSACTION_FAILURE, + OPAL_STATUS_RESPONSE_OVERFLOW, + OPAL_STATUS_AUTHORITY_LOCKED_OUT, + OPAL_STATUS_FAIL = 0x3F, /* As defined by specification */ + _OPAL_STATUS_MAX, + _OPAL_STATUS_INVALID = -EINVAL, +} OpalStatus; + +static const char* const opal_status_table[_OPAL_STATUS_MAX] = { + [OPAL_STATUS_SUCCESS] = "success", + [OPAL_STATUS_NOT_AUTHORIZED] = "not authorized", + [OPAL_STATUS_OBSOLETE0] = "obsolete", + [OPAL_STATUS_SP_BUSY] = "SP busy", + [OPAL_STATUS_SP_FAILED] = "SP failed", + [OPAL_STATUS_SP_DISABLED] = "SP disabled", + [OPAL_STATUS_SP_FROZEN] = "SP frozen", + [OPAL_STATUS_NO_SESSIONS_AVAILABLE] = "no sessions available", + [OPAL_STATUS_UNIQUENESS_CONFLICT] = "uniqueness conflict", + [OPAL_STATUS_INSUFFICIENT_SPACE] = "insufficient space", + [OPAL_STATUS_INSUFFICIENT_ROWS] = "insufficient rows", + [OPAL_STATUS_INVALID_PARAMETER] = "invalid parameter", + [OPAL_STATUS_OBSOLETE1] = "obsolete", + [OPAL_STATUS_OBSOLETE2] = "obsolete", + [OPAL_STATUS_TPER_MALFUNCTION] = "TPer malfunction", + [OPAL_STATUS_TRANSACTION_FAILURE] = "transaction failure", + [OPAL_STATUS_RESPONSE_OVERFLOW] = "response overflow", + [OPAL_STATUS_AUTHORITY_LOCKED_OUT] = "authority locked out", + [OPAL_STATUS_FAIL] = "unknown failure", +}; + +static const char *opal_status_to_string(int t) +{ + if (t < 0) + return strerror(-t); + + if (t >= _OPAL_STATUS_MAX) + return "unknown error"; + + return opal_status_table[t]; +} + +static const char *opal_ioctl_to_string(unsigned long rq) +{ + switch(rq) { + case IOC_OPAL_GET_STATUS: return "GET_STATUS"; + case IOC_OPAL_GET_GEOMETRY: return "GET_GEOMETRY"; + case IOC_OPAL_GET_LR_STATUS: return "GET_LR_STATUS"; + case IOC_OPAL_TAKE_OWNERSHIP: return "TAKE_OWNERSHIP"; + case IOC_OPAL_ACTIVATE_USR: return "ACTIVATE_USR"; + case IOC_OPAL_ACTIVATE_LSP: return "ACTIVATE_LSP"; + case IOC_OPAL_ERASE_LR: return "ERASE_LR"; + case IOC_OPAL_SECURE_ERASE_LR: return "SECURE_ERASE_LR"; + case IOC_OPAL_ADD_USR_TO_LR: return "ADD_USR_TO_LR"; + case IOC_OPAL_SET_PW: return "SET_PW"; + case IOC_OPAL_LR_SETUP: return "LR_SETUP"; + case IOC_OPAL_LOCK_UNLOCK: return "LOCK_UNLOCK"; + case IOC_OPAL_SAVE: return "SAVE"; + case IOC_OPAL_PSID_REVERT_TPR: return "PSID_REVERT_TPR"; + } + + assert(false && "unknown OPAL ioctl"); + return NULL; +} + +static void opal_ioctl_debug(struct crypt_device *cd, + unsigned long rq, + void *args, + bool post, + int ret) +{ + const char *cmd = opal_ioctl_to_string(rq); + + if (ret) { + log_dbg(cd, "OPAL %s failed: %s", cmd, opal_status_to_string(ret)); + return; + } + + if (post) switch(rq) { + case IOC_OPAL_GET_STATUS: { /* OUT */ + struct opal_status *st = args; + log_dbg(cd, "OPAL %s: flags:%" PRIu32, cmd, st->flags); + }; + break; + case IOC_OPAL_GET_GEOMETRY: { /* OUT */ + struct opal_geometry *geo = args; + log_dbg(cd, "OPAL %s: align:%" PRIu8 ", lb_size:%" PRIu32 ", gran:%" PRIu64 ", lowest_lba:%" PRIu64, + cmd, geo->align, geo->logical_block_size, geo->alignment_granularity, geo->lowest_aligned_lba); + }; + break; + case IOC_OPAL_GET_LR_STATUS: { /* OUT */ + struct opal_lr_status *lrs = args; + log_dbg(cd, "OPAL %s: sum:%" PRIu32 ", who:%" PRIu32 ", lr:%" PRIu8 + ", start:%" PRIu64 ", length:%" PRIu64 ", rle:%" PRIu32 ", rwe:%" PRIu32 ", state:%" PRIu32, + cmd, lrs->session.sum, lrs->session.who, lrs->session.opal_key.lr, + lrs->range_start, lrs->range_length, lrs->RLE, lrs->WLE, lrs->l_state); + }; + break; + } else switch (rq) { + case IOC_OPAL_TAKE_OWNERSHIP: { /* IN */ + log_dbg(cd, "OPAL %s", cmd); + }; + break; + case IOC_OPAL_ACTIVATE_USR: { /* IN */ + struct opal_session_info *ui = args; + log_dbg(cd, "OPAL %s: sum:%" PRIu32 ", who:%" PRIu32 ", lr:%" PRIu8, + cmd, ui->sum, ui->who, ui->opal_key.lr); + }; + break; + case IOC_OPAL_ACTIVATE_LSP: { /* IN */ + struct opal_lr_act *act = args; + log_dbg(cd, "OPAL %s: k.lr:%" PRIu8 ", sum:%" PRIu32 ", num_lrs:%" PRIu8 ", lr:" + "%"PRIu8"|%"PRIu8"|%"PRIu8"|%"PRIu8"|%"PRIu8"|%"PRIu8"|%"PRIu8"|%"PRIu8"|%"PRIu8, + cmd, act->key.lr, act->sum, act->num_lrs, + act->lr[0], act->lr[1], act->lr[2], act->lr[3], act->lr[4], + act->lr[5], act->lr[6], act->lr[7], act->lr[8]); + }; + break; + case IOC_OPAL_ERASE_LR: { /* IN */ + struct opal_session_info *ui = args; + log_dbg(cd, "OPAL %s: sum:%" PRIu32 ", who:%" PRIu32 ", lr:%" PRIu8, + cmd, ui->sum, ui->who, ui->opal_key.lr); + }; + break; + case IOC_OPAL_SECURE_ERASE_LR: { /* IN */ + struct opal_session_info *ui = args; + log_dbg(cd, "OPAL %s: sum:%" PRIu32 ", who:%" PRIu32 ", lr:%" PRIu8, + cmd, ui->sum, ui->who, ui->opal_key.lr); + }; + break; + case IOC_OPAL_ADD_USR_TO_LR: { /* IN */ + struct opal_lock_unlock *lu = args; + log_dbg(cd, "OPAL %s: sum:%" PRIu32 ", who:%" PRIu32 ", lr:%" PRIu8 + ", l_state:%" PRIu32 ", flags:%" PRIu16, + cmd, lu->session.sum, lu->session.who, lu->session.opal_key.lr, + lu->l_state, lu->flags); + }; + break; + case IOC_OPAL_SET_PW: { /* IN */ + struct opal_new_pw *pw = args; + log_dbg(cd, "OPAL %s: sum:%" PRIu32 ", who:%" PRIu32 ", lr:%" PRIu8, + cmd, pw->session.sum, pw->session.who, pw->session.opal_key.lr); + }; + break; + case IOC_OPAL_LR_SETUP: { /* IN */ + struct opal_user_lr_setup *lrs = args; + log_dbg(cd, "OPAL %s: sum:%" PRIu32 ", who:%" PRIu32 ", lr:%" PRIu8 + ", start:%" PRIu64 ", length:%" PRIu64 ", rle:%" PRIu32 ", rwe:%" PRIu32, + cmd, lrs->session.sum, lrs->session.who, lrs->session.opal_key.lr, + lrs->range_start, lrs->range_length, lrs->RLE, lrs->WLE); + }; + break; + case IOC_OPAL_LOCK_UNLOCK: { /* IN */ + struct opal_lock_unlock *lu = args; + log_dbg(cd, "OPAL %s: sum:%" PRIu32 ", who:%" PRIu32 ", lr:%" PRIu8 + ", l_state:%" PRIu32 ", flags:%" PRIu16, + cmd, lu->session.sum, lu->session.who, lu->session.opal_key.lr, + lu->l_state, lu->flags); + }; + break; + case IOC_OPAL_SAVE: { /* IN */ + struct opal_lock_unlock *lu = args; + log_dbg(cd, "OPAL %s: sum:%" PRIu32 ", who:%" PRIu32 ", lr:%" PRIu8 + ", l_state:%" PRIu32 ", flags:%" PRIu16, + cmd, lu->session.sum, lu->session.who, lu->session.opal_key.lr, + lu->l_state, lu->flags); + }; + break; + case IOC_OPAL_PSID_REVERT_TPR: { /* IN */ + struct opal_key *key = args; + log_dbg(cd, "OPAL %s: lr:%" PRIu8, + cmd, key->lr); + }; + break; + } +} + +static int opal_ioctl(struct crypt_device *cd, int fd, unsigned long rq, void *args) +{ + int r; + + opal_ioctl_debug(cd, rq, args, false, 0); + r = ioctl(fd, rq, args); + opal_ioctl_debug(cd, rq, args, true, r); + + return r; +} + +static int opal_geometry_fd(struct crypt_device *cd, + int fd, + bool *ret_align, + uint32_t *ret_block_size, + uint64_t *ret_alignment_granularity_blocks, + uint64_t *ret_lowest_lba_blocks) +{ + int r; + struct opal_geometry geo; + + assert(fd >= 0); + + r = opal_ioctl(cd, fd, IOC_OPAL_GET_GEOMETRY, &geo); + if (r != OPAL_STATUS_SUCCESS) + return r; + + if (ret_align) + *ret_align = (geo.align == 1); + if (ret_block_size) + *ret_block_size = geo.logical_block_size; + if (ret_alignment_granularity_blocks) + *ret_alignment_granularity_blocks = geo.alignment_granularity; + if (ret_lowest_lba_blocks) + *ret_lowest_lba_blocks = geo.lowest_aligned_lba; + + return r; +} + +static int opal_range_check_attributes_fd(struct crypt_device *cd, + int fd, + uint32_t segment_number, + const struct volume_key *vk, + const uint64_t *check_offset_sectors, + const uint64_t *check_length_sectors, + bool *check_read_locked, + bool *check_write_locked, + bool *ret_read_locked, + bool *ret_write_locked) +{ + int r; + struct opal_lr_status *lrs; + uint32_t opal_block_bytes = 0; + uint64_t offset, length; + bool read_locked, write_locked; + + assert(fd >= 0); + assert(cd); + assert(vk); + + if (check_offset_sectors || check_length_sectors) { + r = opal_geometry_fd(cd, fd, NULL, &opal_block_bytes, NULL, NULL); + if (r != OPAL_STATUS_SUCCESS) + return -EINVAL; + } + + lrs = crypt_safe_alloc(sizeof(*lrs)); + if (!lrs) + return -ENOMEM; + + *lrs = (struct opal_lr_status) { + .session = { + .who = segment_number + 1, + .opal_key = { + .key_len = vk->keylength, + .lr = segment_number + } + } + }; + memcpy(lrs->session.opal_key.key, vk->key, vk->keylength); + + r = opal_ioctl(cd, fd, IOC_OPAL_GET_LR_STATUS, lrs); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to get locking range status on device '%s'.", + crypt_get_device_name(cd)); + r = -EINVAL; + goto out; + } + + r = 0; + + if (check_offset_sectors) { + offset = lrs->range_start * opal_block_bytes / SECTOR_SIZE; + if (offset != *check_offset_sectors) { + log_err(cd, _("OPAL range %d offset %" PRIu64 " does not match expected values %" PRIu64 "."), + segment_number, offset, *check_offset_sectors); + r = -EINVAL; + } + } + + if (check_length_sectors) { + length = lrs->range_length * opal_block_bytes / SECTOR_SIZE; + if (length != *check_length_sectors) { + log_err(cd, _("OPAL range %d length %" PRIu64" does not match device length %" PRIu64 "."), + segment_number, length, *check_length_sectors); + r = -EINVAL; + } + } + + if (!lrs->RLE || !lrs->WLE) { + log_err(cd, _("OPAL range %d locking is disabled."), segment_number); + r = -EINVAL; + } + + read_locked = (lrs->l_state == OPAL_LK); + write_locked = !!(lrs->l_state & (OPAL_RO | OPAL_LK)); + + if (check_read_locked && (read_locked != *check_read_locked)) { + log_dbg(cd, "OPAL range %d read lock is %slocked.", + segment_number, *check_read_locked ? "" : "not "); + log_err(cd, _("Unexpected OPAL range %d lock state."), segment_number); + r = -EINVAL; + } + + if (check_write_locked && (write_locked != *check_write_locked)) { + log_dbg(cd, "OPAL range %d write lock is %slocked.", + segment_number, *check_write_locked ? "" : "not "); + log_err(cd, _("Unexpected OPAL range %d lock state."), segment_number); + r = -EINVAL; + } + + if (ret_read_locked) + *ret_read_locked = read_locked; + if (ret_write_locked) + *ret_write_locked = write_locked; +out: + crypt_safe_free(lrs); + + return r; +} + +static int opal_query_status(struct crypt_device *cd, struct device *dev, unsigned expected) +{ + struct opal_status st = { }; + int fd, r; + + assert(cd); + assert(dev); + + fd = device_open(cd, dev, O_RDONLY); + if (fd < 0) + return -EIO; + + r = opal_ioctl(cd, fd, IOC_OPAL_GET_STATUS, &st); + + return r < 0 ? -EINVAL : (st.flags & expected) ? 1 : 0; +} + +static int opal_enabled(struct crypt_device *cd, struct device *dev) +{ + return opal_query_status(cd, dev, OPAL_FL_LOCKING_ENABLED); +} + +/* requires opal lock */ +int opal_setup_ranges(struct crypt_device *cd, + struct device *dev, + const struct volume_key *vk, + uint64_t range_start, + uint64_t range_length, + uint32_t segment_number, + const void *admin_key, + size_t admin_key_len) +{ + struct opal_lr_act *activate = NULL; + struct opal_session_info *user_session = NULL; + struct opal_lock_unlock *user_add_to_lr = NULL, *lock = NULL; + struct opal_new_pw *new_pw = NULL; + struct opal_user_lr_setup *setup = NULL; + int r, fd; + + assert(cd); + assert(dev); + assert(vk); + assert(admin_key); + assert(vk->keylength <= OPAL_KEY_MAX); + + if (admin_key_len > OPAL_KEY_MAX) + return -EINVAL; + + fd = device_open(cd, dev, O_RDONLY); + if (fd < 0) + return -EIO; + + r = opal_enabled(cd, dev); + if (r < 0) + return r; + + /* If OPAL has never been enabled, we need to take ownership and do basic setup first */ + if (r == 0) { + activate = crypt_safe_alloc(sizeof(struct opal_lr_act)); + if (!activate) { + r = -ENOMEM; + goto out; + } + *activate = (struct opal_lr_act) { + .key = { + .key_len = admin_key_len, + }, + .num_lrs = 8, + /* A max of 9 segments are supported, enable them all as there's no reason not to + * (0 is whole-volume) + */ + .lr = { 1, 2, 3, 4, 5, 6, 7, 8 }, + }; + memcpy(activate->key.key, admin_key, admin_key_len); + + r = opal_ioctl(cd, fd, IOC_OPAL_TAKE_OWNERSHIP, &activate->key); + if (r < 0) { + r = -ENOTSUP; + log_dbg(cd, "OPAL not supported on this kernel version, refusing."); + goto out; + } + if (r == OPAL_STATUS_NOT_AUTHORIZED) /* We'll try again with a different key. */ { + r = -EPERM; + log_dbg(cd, "Failed to take ownership of OPAL device '%s': permission denied", + crypt_get_device_name(cd)); + goto out; + } + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to take ownership of OPAL device '%s': %s", + crypt_get_device_name(cd), opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + + r = opal_ioctl(cd, fd, IOC_OPAL_ACTIVATE_LSP, activate); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to activate OPAL device '%s': %s", + crypt_get_device_name(cd), opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + } else { + /* If it is already enabled, wipe the locking range first */ + user_session = crypt_safe_alloc(sizeof(struct opal_session_info)); + if (!user_session) { + r = -ENOMEM; + goto out; + } + *user_session = (struct opal_session_info) { + .who = OPAL_ADMIN1, + .opal_key = { + .lr = segment_number, + .key_len = admin_key_len, + }, + }; + memcpy(user_session->opal_key.key, admin_key, admin_key_len); + + r = opal_ioctl(cd, fd, IOC_OPAL_ERASE_LR, user_session); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to reset (erase) OPAL locking range %u on device '%s': %s", + segment_number, crypt_get_device_name(cd), opal_status_to_string(r)); + r = opal_ioctl(cd, fd, IOC_OPAL_SECURE_ERASE_LR, user_session); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to reset (secure erase) OPAL locking range %u on device '%s': %s", + segment_number, crypt_get_device_name(cd), opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + } + } + + crypt_safe_free(user_session); + + user_session = crypt_safe_alloc(sizeof(struct opal_session_info)); + if (!user_session) { + r = -ENOMEM; + goto out; + } + *user_session = (struct opal_session_info) { + .who = segment_number + 1, + .opal_key = { + .key_len = admin_key_len, + }, + }; + memcpy(user_session->opal_key.key, admin_key, admin_key_len); + + r = opal_ioctl(cd, fd, IOC_OPAL_ACTIVATE_USR, user_session); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to activate OPAL user on device '%s': %s", + crypt_get_device_name(cd), opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + + user_add_to_lr = crypt_safe_alloc(sizeof(struct opal_lock_unlock)); + if (!user_add_to_lr) { + r = -ENOMEM; + goto out; + } + *user_add_to_lr = (struct opal_lock_unlock) { + .session = { + .who = segment_number + 1, + .opal_key = { + .lr = segment_number, + .key_len = admin_key_len, + }, + }, + .l_state = OPAL_RO, + }; + memcpy(user_add_to_lr->session.opal_key.key, admin_key, admin_key_len); + + r = opal_ioctl(cd, fd, IOC_OPAL_ADD_USR_TO_LR, user_add_to_lr); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to add OPAL user to locking range %u (RO) on device '%s': %s", + segment_number, crypt_get_device_name(cd), opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + user_add_to_lr->l_state = OPAL_RW; + r = opal_ioctl(cd, fd, IOC_OPAL_ADD_USR_TO_LR, user_add_to_lr); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to add OPAL user to locking range %u (RW) on device '%s': %s", + segment_number, crypt_get_device_name(cd), opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + + new_pw = crypt_safe_alloc(sizeof(struct opal_new_pw)); + if (!new_pw) { + r = -ENOMEM; + goto out; + } + *new_pw = (struct opal_new_pw) { + .session = { + .who = OPAL_ADMIN1, + .opal_key = { + .lr = segment_number, + .key_len = admin_key_len, + }, + }, + .new_user_pw = { + .who = segment_number + 1, + .opal_key = { + .key_len = vk->keylength, + .lr = segment_number, + }, + }, + }; + memcpy(new_pw->new_user_pw.opal_key.key, vk->key, vk->keylength); + memcpy(new_pw->session.opal_key.key, admin_key, admin_key_len); + + r = opal_ioctl(cd, fd, IOC_OPAL_SET_PW, new_pw); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to set OPAL user password on device '%s': (%d) %s", + crypt_get_device_name(cd), r, opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + + setup = crypt_safe_alloc(sizeof(struct opal_user_lr_setup)); + if (!setup) { + r = -ENOMEM; + goto out; + } + *setup = (struct opal_user_lr_setup) { + .range_start = range_start, + .range_length = range_length, + /* Some drives do not enable Locking Ranges on setup. This have some + * interesting consequences: Lock command called later below will pass, + * but locking range will _not_ be locked at all. + */ + .RLE = 1, + .WLE = 1, + .session = { + .who = OPAL_ADMIN1, + .opal_key = { + .key_len = admin_key_len, + .lr = segment_number, + }, + }, + }; + memcpy(setup->session.opal_key.key, admin_key, admin_key_len); + + r = opal_ioctl(cd, fd, IOC_OPAL_LR_SETUP, setup); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to setup locking range of length %llu at offset %llu on OPAL device '%s': %s", + setup->range_length, setup->range_start, crypt_get_device_name(cd), opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + + /* After setup an OPAL device is unlocked, but the expectation with cryptsetup is that it needs + * to be activated separately, so lock it immediately. */ + lock = crypt_safe_alloc(sizeof(struct opal_lock_unlock)); + if (!lock) { + r = -ENOMEM; + goto out; + } + *lock = (struct opal_lock_unlock) { + .l_state = OPAL_LK, + .session = { + .who = segment_number + 1, + .opal_key = { + .key_len = vk->keylength, + .lr = segment_number, + }, + } + }; + memcpy(lock->session.opal_key.key, vk->key, vk->keylength); + + r = opal_ioctl(cd, fd, IOC_OPAL_LOCK_UNLOCK, lock); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to lock OPAL device '%s': %s", + crypt_get_device_name(cd), opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + + /* Double check the locking range is locked and the ranges are set up as configured */ + r = opal_range_check_attributes_fd(cd, fd, segment_number, vk, &range_start, + &range_length, &(bool) {true}, &(bool){true}, + NULL, NULL); +out: + crypt_safe_free(activate); + crypt_safe_free(user_session); + crypt_safe_free(user_add_to_lr); + crypt_safe_free(new_pw); + crypt_safe_free(setup); + crypt_safe_free(lock); + + return r; +} + +static int opal_lock_unlock(struct crypt_device *cd, + struct device *dev, + uint32_t segment_number, + const struct volume_key *vk, + bool lock) +{ + struct opal_lock_unlock unlock = { + .l_state = lock ? OPAL_LK : OPAL_RW, + .session = { + .who = segment_number + 1, + .opal_key = { + .lr = segment_number, + }, + }, + }; + int r, fd; + + if (opal_supported(cd, dev) <= 0) + return -ENOTSUP; + if (!lock && !vk) + return -EINVAL; + + fd = device_open(cd, dev, O_RDONLY); + if (fd < 0) + return -EIO; + + if (!lock) { + assert(vk->keylength <= OPAL_KEY_MAX); + + unlock.session.opal_key.key_len = vk->keylength; + memcpy(unlock.session.opal_key.key, vk->key, vk->keylength); + } + + r = opal_ioctl(cd, fd, IOC_OPAL_LOCK_UNLOCK, &unlock); + if (r < 0) { + r = -ENOTSUP; + log_dbg(cd, "OPAL not supported on this kernel version, refusing."); + goto out; + } + if (r == OPAL_STATUS_NOT_AUTHORIZED) /* We'll try again with a different key. */ { + r = -EPERM; + log_dbg(cd, "Failed to %slock OPAL device '%s': permission denied", + lock ? "" : "un", crypt_get_device_name(cd)); + goto out; + } + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to %slock OPAL device '%s': %s", + lock ? "" : "un", crypt_get_device_name(cd), opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + + /* If we are unlocking, also tell the kernel to automatically unlock when resuming + * from suspend, otherwise the drive will be locked and everything will go up in flames. + * Also set the flag to allow locking without having to pass the key again. + * But do not error out if this fails, as the device will already be unlocked. + * + * On a lock path we have to overwrite the cached key from kernel otherwise the locking range + * gets unlocked automatically after system resume even when cryptsetup previously locked it + * on purpose (crypt_deactivate* or crypt_suspend) + */ + if (!lock) + unlock.flags = OPAL_SAVE_FOR_LOCK; + + r = opal_ioctl(cd, fd, IOC_OPAL_SAVE, &unlock); + if (r != OPAL_STATUS_SUCCESS) { + if (!lock) + log_std(cd, "Failed to prepare OPAL device '%s' for sleep resume, be aware before suspending: %s", + crypt_get_device_name(cd), opal_status_to_string(r)); + else + log_std(cd, "Failed to erase OPAL key for device '%s' from kernel: %s", + crypt_get_device_name(cd), opal_status_to_string(r)); + r = 0; + } +out: + if (!lock) + crypt_safe_memzero(unlock.session.opal_key.key, unlock.session.opal_key.key_len); + + return r; +} + +/* requires opal lock */ +int opal_lock(struct crypt_device *cd, struct device *dev, uint32_t segment_number) +{ + return opal_lock_unlock(cd, dev, segment_number, NULL, /* lock= */ true); +} + +/* requires opal lock */ +int opal_unlock(struct crypt_device *cd, + struct device *dev, + uint32_t segment_number, + const struct volume_key *vk) +{ + return opal_lock_unlock(cd, dev, segment_number, vk, /* lock= */ false); +} + +/* + * It does not require opal lock. This completely destroys + * data on whole OPAL block device. Serialization does not + * make sense here. + */ +int opal_factory_reset(struct crypt_device *cd, + struct device *dev, + const char *password, + size_t password_len) +{ + struct opal_key reset = { + .key_len = password_len, + }; + int r, fd; + + assert(cd); + assert(dev); + assert(password); + + if (password_len > OPAL_KEY_MAX) + return -EINVAL; + + fd = device_open(cd, dev, O_RDONLY); + if (fd < 0) + return -EIO; + + memcpy(reset.key, password, password_len); + + r = opal_ioctl(cd, fd, IOC_OPAL_PSID_REVERT_TPR, &reset); + if (r < 0) { + r = -ENOTSUP; + log_dbg(cd, "OPAL not supported on this kernel version, refusing."); + goto out; + } + if (r == OPAL_STATUS_NOT_AUTHORIZED) /* We'll try again with a different key. */ { + r = -EPERM; + log_dbg(cd, "Failed to reset OPAL device '%s', incorrect PSID?", + crypt_get_device_name(cd)); + goto out; + } + if (r != OPAL_STATUS_SUCCESS) { + r = -EINVAL; + log_dbg(cd, "Failed to reset OPAL device '%s' with PSID: %s", + crypt_get_device_name(cd), opal_status_to_string(r)); + goto out; + } +out: + crypt_safe_memzero(reset.key, reset.key_len); + + return r; +} + +/* requires opal lock */ +int opal_reset_segment(struct crypt_device *cd, + struct device *dev, + uint32_t segment_number, + const char *password, + size_t password_len) +{ + struct opal_session_info *user_session = NULL; + struct opal_user_lr_setup *setup = NULL; + int r, fd; + + assert(cd); + assert(dev); + assert(password); + + if (password_len > OPAL_KEY_MAX) + return -EINVAL; + + if (opal_enabled(cd, dev) <= 0) + return -EINVAL; + + user_session = crypt_safe_alloc(sizeof(struct opal_session_info)); + if (!user_session) + return -ENOMEM; + *user_session = (struct opal_session_info) { + .who = OPAL_ADMIN1, + .opal_key = { + .lr = segment_number, + .key_len = password_len, + }, + }; + memcpy(user_session->opal_key.key, password, password_len); + + fd = device_open(cd, dev, O_RDONLY); + if (fd < 0) { + r = -EIO; + goto out; + } + + r = opal_ioctl(cd, fd, IOC_OPAL_ERASE_LR, user_session); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to reset (erase) OPAL locking range %u on device '%s': %s", + segment_number, crypt_get_device_name(cd), opal_status_to_string(r)); + r = opal_ioctl(cd, fd, IOC_OPAL_SECURE_ERASE_LR, user_session); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to reset (secure erase) OPAL locking range %u on device '%s': %s", + segment_number, crypt_get_device_name(cd), opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + + /* Unlike IOC_OPAL_ERASE_LR, IOC_OPAL_SECURE_ERASE_LR does not disable the locking range, + * we have to do that by hand. + */ + setup = crypt_safe_alloc(sizeof(struct opal_user_lr_setup)); + if (!setup) { + r = -ENOMEM; + goto out; + } + *setup = (struct opal_user_lr_setup) { + .range_start = 0, + .range_length = 0, + .session = { + .who = OPAL_ADMIN1, + .opal_key = user_session->opal_key, + }, + }; + + r = opal_ioctl(cd, fd, IOC_OPAL_LR_SETUP, setup); + if (r != OPAL_STATUS_SUCCESS) { + log_dbg(cd, "Failed to disable locking range on OPAL device '%s': %s", + crypt_get_device_name(cd), opal_status_to_string(r)); + r = -EINVAL; + goto out; + } + } +out: + crypt_safe_free(user_session); + crypt_safe_free(setup); + + return r; +} + +/* + * Does not require opal lock (immutable). + */ +int opal_supported(struct crypt_device *cd, struct device *dev) +{ + return opal_query_status(cd, dev, OPAL_FL_SUPPORTED|OPAL_FL_LOCKING_SUPPORTED); +} + +/* + * Does not require opal lock (immutable). + */ +int opal_geometry(struct crypt_device *cd, + struct device *dev, + bool *ret_align, + uint32_t *ret_block_size, + uint64_t *ret_alignment_granularity_blocks, + uint64_t *ret_lowest_lba_blocks) +{ + int fd; + + assert(cd); + assert(dev); + + fd = device_open(cd, dev, O_RDONLY); + if (fd < 0) + return -EIO; + + return opal_geometry_fd(cd, fd, ret_align, ret_block_size, + ret_alignment_granularity_blocks, ret_lowest_lba_blocks); +} + +/* requires opal lock */ +int opal_range_check_attributes_and_get_lock_state(struct crypt_device *cd, + struct device *dev, + uint32_t segment_number, + const struct volume_key *vk, + const uint64_t *check_offset_sectors, + const uint64_t *check_length_sectors, + bool *ret_read_locked, + bool *ret_write_locked) +{ + int fd; + + assert(cd); + assert(dev); + assert(vk); + + fd = device_open(cd, dev, O_RDONLY); + if (fd < 0) + return -EIO; + + return opal_range_check_attributes_fd(cd, fd, segment_number, vk, + check_offset_sectors, check_length_sectors, NULL, + NULL, ret_read_locked, ret_write_locked); +} + +static int opal_lock_internal(struct crypt_device *cd, struct device *opal_device, struct crypt_lock_handle **opal_lock) +{ + char *lock_resource; + int devfd, r; + struct stat st; + + if (!crypt_metadata_locking_enabled()) { + *opal_lock = NULL; + return 0; + } + + /* + * This also asserts we do not hold any metadata lock on the same device to + * avoid deadlock (OPAL lock must be taken first) + */ + devfd = device_open(cd, opal_device, O_RDONLY); + if (devfd < 0) + return -EINVAL; + + if (fstat(devfd, &st) || !S_ISBLK(st.st_mode)) + return -EINVAL; + + r = asprintf(&lock_resource, "OPAL_%d:%d", major(st.st_rdev), minor(st.st_rdev)); + if (r < 0) + return -ENOMEM; + + r = crypt_write_lock(cd, lock_resource, true, opal_lock); + + free(lock_resource); + + return r; +} + +int opal_exclusive_lock(struct crypt_device *cd, struct device *opal_device, struct crypt_lock_handle **opal_lock) +{ + if (!cd || !opal_device || (crypt_get_type(cd) && strcmp(crypt_get_type(cd), CRYPT_LUKS2))) + return -EINVAL; + + return opal_lock_internal(cd, opal_device, opal_lock); +} + +void opal_exclusive_unlock(struct crypt_device *cd, struct crypt_lock_handle *opal_lock) +{ + crypt_unlock_internal(cd, opal_lock); +} + +#else +#pragma GCC diagnostic ignored "-Wunused-parameter" + +int opal_setup_ranges(struct crypt_device *cd, + struct device *dev, + const struct volume_key *vk, + uint64_t range_start, + uint64_t range_length, + uint32_t segment_number, + const void *admin_key, + size_t admin_key_len) +{ + return -ENOTSUP; +} + +int opal_lock(struct crypt_device *cd, struct device *dev, uint32_t segment_number) +{ + return -ENOTSUP; +} + +int opal_unlock(struct crypt_device *cd, + struct device *dev, + uint32_t segment_number, + const struct volume_key *vk) +{ + return -ENOTSUP; +} + +int opal_supported(struct crypt_device *cd, struct device *dev) +{ + return -ENOTSUP; +} + +int opal_factory_reset(struct crypt_device *cd, + struct device *dev, + const char *password, + size_t password_len) +{ + return -ENOTSUP; +} + +int opal_reset_segment(struct crypt_device *cd, + struct device *dev, + uint32_t segment_number, + const char *password, + size_t password_len) +{ + return -ENOTSUP; +} + +int opal_geometry(struct crypt_device *cd, + struct device *dev, + bool *ret_align, + uint32_t *ret_block_size, + uint64_t *ret_alignment_granularity_blocks, + uint64_t *ret_lowest_lba_blocks) +{ + return -ENOTSUP; +} + +int opal_range_check_attributes_and_get_lock_state(struct crypt_device *cd, + struct device *dev, + uint32_t segment_number, + const struct volume_key *vk, + const uint64_t *check_offset_sectors, + const uint64_t *check_length_sectors, + bool *ret_read_locked, + bool *ret_write_locked) +{ + return -ENOTSUP; +} + +int opal_exclusive_lock(struct crypt_device *cd, struct device *opal_device, struct crypt_lock_handle **opal_lock) +{ + return -ENOTSUP; +} + +void opal_exclusive_unlock(struct crypt_device *cd, struct crypt_lock_handle *opal_lock) +{ +} + +#endif diff --git a/lib/luks2/hw_opal/hw_opal.h b/lib/luks2/hw_opal/hw_opal.h new file mode 100644 index 0000000..f1823bf --- /dev/null +++ b/lib/luks2/hw_opal/hw_opal.h @@ -0,0 +1,71 @@ +/* + * OPAL utilities + * + * Copyright (C) 2022-2023 Luca Boccassi <bluca@debian.org> + * 2023 Ondrej Kozina <okozina@redhat.com> + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _UTILS_OPAL +#define _UTILS_OPAL + +#include "internal.h" + +struct crypt_lock_handle; + +int opal_setup_ranges(struct crypt_device *cd, + struct device *dev, + const struct volume_key *vk, + uint64_t range_start, + uint64_t range_length, + uint32_t segment_number, + const void *admin_key, + size_t admin_key_len); +int opal_lock(struct crypt_device *cd, struct device *dev, uint32_t segment_number); +int opal_unlock(struct crypt_device *cd, + struct device *dev, + uint32_t segment_number, + const struct volume_key *vk); +int opal_supported(struct crypt_device *cd, struct device *dev); +int opal_factory_reset(struct crypt_device *cd, + struct device *dev, + const char *password, + size_t password_len); +int opal_reset_segment(struct crypt_device *cd, + struct device *dev, + uint32_t segment_number, + const char *password, + size_t password_len); +int opal_geometry(struct crypt_device *cd, + struct device *dev, + bool *ret_align, + uint32_t *ret_block_size, + uint64_t *ret_alignment_granularity_blocks, + uint64_t *ret_lowest_lba_blocks); +int opal_range_check_attributes_and_get_lock_state(struct crypt_device *cd, + struct device *dev, + uint32_t segment_number, + const struct volume_key *vk, + const uint64_t *check_offset_sectors, + const uint64_t *check_length_sectors, + bool *ret_read_locked, + bool *ret_write_locked); +int opal_exclusive_lock(struct crypt_device *cd, + struct device *opal_device, + struct crypt_lock_handle **opal_lock); +void opal_exclusive_unlock(struct crypt_device *cd, struct crypt_lock_handle *opal_lock); + +#endif diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h index dfccf02..25ae1dd 100644 --- a/lib/luks2/luks2.h +++ b/lib/luks2/luks2.h @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2 * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Milan Broz + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -224,8 +224,7 @@ int LUKS2_keyslot_store(struct crypt_device *cd, int LUKS2_keyslot_wipe(struct crypt_device *cd, struct luks2_hdr *hdr, - int keyslot, - int wipe_area_only); + int keyslot); crypt_keyslot_priority LUKS2_keyslot_priority_get(struct luks2_hdr *hdr, int keyslot); @@ -277,6 +276,7 @@ crypt_token_info LUKS2_token_status(struct crypt_device *cd, int LUKS2_token_open_and_activate(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, int token, const char *name, const char *type, @@ -287,6 +287,7 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd, int LUKS2_token_unlock_key(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, int token, const char *type, const char *pin, @@ -359,7 +360,8 @@ int LUKS2_digest_create(struct crypt_device *cd, */ int LUKS2_activate(struct crypt_device *cd, const char *name, - struct volume_key *vk, + struct volume_key *crypt_key, + struct volume_key *opal_key, uint32_t flags); int LUKS2_activate_multi(struct crypt_device *cd, @@ -378,16 +380,23 @@ int LUKS2_generate_hdr( struct crypt_device *cd, struct luks2_hdr *hdr, const struct volume_key *vk, - const char *cipherName, - const char *cipherMode, + const char *cipher_spec, const char *integrity, const char *uuid, unsigned int sector_size, uint64_t data_offset, - uint64_t align_offset, - uint64_t required_alignment, - uint64_t metadata_size, - uint64_t keyslots_size); + uint64_t metadata_size_bytes, + uint64_t keyslots_size_bytes, + uint64_t device_size_bytes, + uint32_t opal_segment_number, + uint32_t opal_key_size); + +int LUKS2_hdr_get_storage_params(struct crypt_device *cd, + uint64_t alignment_offset_bytes, + uint64_t alignment_bytes, + uint64_t *ret_metadata_size_bytes, + uint64_t *ret_keyslots_size_bytes, + uint64_t *ret_data_offset_bytes); int LUKS2_check_metadata_area_size(uint64_t metadata_size); int LUKS2_check_keyslots_area_size(uint64_t keyslots_size); @@ -414,6 +423,12 @@ int LUKS2_keyslot_area(struct luks2_hdr *hdr, uint64_t *length); int LUKS2_keyslot_pbkdf(struct luks2_hdr *hdr, int keyslot, struct crypt_pbkdf_type *pbkdf); +int LUKS2_split_crypt_and_opal_keys(struct crypt_device *cd, + struct luks2_hdr *hdr, + const struct volume_key *vk, + struct volume_key **ret_crypt_key, + struct volume_key **ret_opal_key); + /* * Permanent activation flags stored in header */ @@ -457,6 +472,9 @@ int LUKS2_reencrypt_locked_recovery_by_passphrase(struct crypt_device *cd, size_t passphrase_size, struct volume_key **vks); +int LUKS2_reencrypt_locked_recovery_by_vks(struct crypt_device *cd, + struct volume_key *vks); + void LUKS2_reencrypt_free(struct crypt_device *cd, struct luks2_reencrypt *rh); @@ -479,9 +497,13 @@ int LUKS2_reencrypt_check_device_size(struct crypt_device *cd, struct luks2_hdr *hdr, uint64_t check_size, uint64_t *dev_size, - bool activation, + bool device_exclusive_check, bool dynamic); +void LUKS2_reencrypt_lookup_key_ids(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct volume_key *vk); + int LUKS2_reencrypt_digest_verify(struct crypt_device *cd, struct luks2_hdr *hdr, struct volume_key *vks); diff --git a/lib/luks2/luks2_digest.c b/lib/luks2/luks2_digest.c index 933b059..293df3e 100644 --- a/lib/luks2/luks2_digest.c +++ b/lib/luks2/luks2_digest.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, digest handling * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Milan Broz + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -157,7 +157,7 @@ int LUKS2_digest_dump(struct crypt_device *cd, int digest) } int LUKS2_digest_any_matching(struct crypt_device *cd, - struct luks2_hdr *hdr, + struct luks2_hdr *hdr __attribute__((unused)), const struct volume_key *vk) { int digest; @@ -174,6 +174,18 @@ int LUKS2_digest_verify_by_segment(struct crypt_device *cd, int segment, const struct volume_key *vk) { + int r = -EINVAL; + unsigned s; + + if (segment == CRYPT_ANY_SEGMENT) { + for (s = 0; s < json_segments_count(LUKS2_get_segments_jobj(hdr)); s++) { + if ((r = LUKS2_digest_verify_by_digest(cd, LUKS2_digest_by_segment(hdr, s), vk)) >= 0) + return r; + } + + return -EPERM; + } + return LUKS2_digest_verify_by_digest(cd, LUKS2_digest_by_segment(hdr, segment), vk); } diff --git a/lib/luks2/luks2_digest_pbkdf2.c b/lib/luks2/luks2_digest_pbkdf2.c index 1009cfb..e8fd00d 100644 --- a/lib/luks2/luks2_digest_pbkdf2.c +++ b/lib/luks2/luks2_digest_pbkdf2.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, PBKDF2 digest handler (LUKS1 compatible) * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Milan Broz + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -147,6 +147,9 @@ static int PBKDF2_digest_store(struct crypt_device *cd, json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests); } + if (!jobj_digest) + return -ENOMEM; + json_object_object_add(jobj_digest, "type", json_object_new_string("pbkdf2")); json_object_object_add(jobj_digest, "keyslots", json_object_new_array()); json_object_object_add(jobj_digest, "segments", json_object_new_array()); @@ -169,8 +172,13 @@ static int PBKDF2_digest_store(struct crypt_device *cd, json_object_object_add(jobj_digest, "digest", json_object_new_string(base64_str)); free(base64_str); - if (jobj_digests) - json_object_object_add_by_uint(jobj_digests, digest, jobj_digest); + if (jobj_digests) { + r = json_object_object_add_by_uint(jobj_digests, digest, jobj_digest); + if (r < 0) { + json_object_put(jobj_digest); + return r; + } + } JSON_DBG(cd, jobj_digest, "Digest JSON:"); return 0; diff --git a/lib/luks2/luks2_disk_metadata.c b/lib/luks2/luks2_disk_metadata.c index e995959..d7f360c 100644 --- a/lib/luks2/luks2_disk_metadata.c +++ b/lib/luks2/luks2_disk_metadata.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2 * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Milan Broz + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -256,6 +256,7 @@ static int hdr_read_disk(struct crypt_device *cd, if (read_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device), hdr_disk, LUKS2_HDR_BIN_LEN, offset) != LUKS2_HDR_BIN_LEN) { + memset(hdr_disk, 0, LUKS2_HDR_BIN_LEN); return -EIO; } @@ -537,11 +538,20 @@ static int validate_luks2_json_object(struct crypt_device *cd, json_object *jobj } static json_object *parse_and_validate_json(struct crypt_device *cd, - const char *json_area, uint64_t max_length) + const char *json_area, uint64_t hdr_size) { int json_len, r; - json_object *jobj = parse_json_len(cd, json_area, max_length, &json_len); + json_object *jobj; + uint64_t max_length; + + if (hdr_size <= LUKS2_HDR_BIN_LEN || hdr_size > LUKS2_HDR_OFFSET_MAX) { + log_dbg(cd, "LUKS2 header JSON has bogus size 0x%04" PRIx64 ".", hdr_size); + return NULL; + } + + max_length = hdr_size - LUKS2_HDR_BIN_LEN; + jobj = parse_json_len(cd, json_area, max_length, &json_len); if (!jobj) return NULL; @@ -635,7 +645,7 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, state_hdr1 = HDR_FAIL; r = hdr_read_disk(cd, device, &hdr_disk1, &json_area1, 0, 0); if (r == 0) { - jobj_hdr1 = parse_and_validate_json(cd, json_area1, be64_to_cpu(hdr_disk1.hdr_size) - LUKS2_HDR_BIN_LEN); + jobj_hdr1 = parse_and_validate_json(cd, json_area1, be64_to_cpu(hdr_disk1.hdr_size)); state_hdr1 = jobj_hdr1 ? HDR_OK : HDR_OBSOLETE; } else if (r == -EIO) state_hdr1 = HDR_FAIL_IO; @@ -647,7 +657,7 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, if (state_hdr1 != HDR_FAIL && state_hdr1 != HDR_FAIL_IO) { r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, be64_to_cpu(hdr_disk1.hdr_size), 1); if (r == 0) { - jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN); + jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size)); state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE; } else if (r == -EIO) state_hdr2 = HDR_FAIL_IO; @@ -655,11 +665,12 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, /* * No header size, check all known offsets. */ + hdr_disk2.hdr_size = 0; for (r = -EINVAL,i = 0; r < 0 && i < ARRAY_SIZE(hdr2_offsets); i++) r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, hdr2_offsets[i], 1); if (r == 0) { - jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN); + jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size)); state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE; } else if (r == -EIO) state_hdr2 = HDR_FAIL_IO; diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h index b564a48..aacc75e 100644 --- a/lib/luks2/luks2_internal.h +++ b/lib/luks2/luks2_internal.h @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2 * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Milan Broz + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -62,6 +62,7 @@ uint32_t crypt_jobj_get_uint32(json_object *jobj); json_object *crypt_jobj_new_uint64(uint64_t value); int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val); +int json_object_object_add_by_uint_by_ref(json_object *jobj, unsigned key, json_object **jobj_val_ref); void json_object_object_del_by_uint(json_object *jobj, unsigned key); int json_object_copy(json_object *jobj_src, json_object **jobj_dst); @@ -295,13 +296,24 @@ uint64_t json_segment_get_iv_offset(json_object *jobj_segment); uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise); const char *json_segment_get_cipher(json_object *jobj_segment); uint32_t json_segment_get_sector_size(json_object *jobj_segment); +int json_segment_get_opal_segment_id(json_object *jobj_segment, uint32_t *ret_opal_segment_id); +int json_segment_get_opal_key_size(json_object *jobj_segment, size_t *ret_key_size); bool json_segment_is_backup(json_object *jobj_segment); json_object *json_segments_get_segment(json_object *jobj_segments, int segment); unsigned json_segments_count(json_object *jobj_segments); void json_segment_remove_flag(json_object *jobj_segment, const char *flag); uint64_t json_segments_get_minimal_offset(json_object *jobj_segments, unsigned blockwise); json_object *json_segment_create_linear(uint64_t offset, const uint64_t *length, unsigned reencryption); -json_object *json_segment_create_crypt(uint64_t offset, uint64_t iv_offset, const uint64_t *length, const char *cipher, uint32_t sector_size, unsigned reencryption); +json_object *json_segment_create_crypt(uint64_t offset, uint64_t iv_offset, const uint64_t *length, + const char *cipher, const char *integrity, + uint32_t sector_size, unsigned reencryption); +json_object *json_segment_create_opal(uint64_t offset, const uint64_t *length, + uint32_t segment_number, uint32_t key_size); +json_object *json_segment_create_opal_crypt(uint64_t offset, const uint64_t *length, + uint32_t segment_number, uint32_t key_size, + uint64_t iv_offset, const char *cipher, + const char *integrity, uint32_t sector_size, + unsigned reencryption); int json_segments_segment_in_reencrypt(json_object *jobj_segments); bool json_segment_cmp(json_object *jobj_segment_1, json_object *jobj_segment_2); bool json_segment_contains_flag(json_object *jobj_segment, const char *flag_str, size_t len); @@ -338,10 +350,26 @@ uint64_t LUKS2_segment_size(struct luks2_hdr *hdr, int segment, unsigned blockwise); +bool LUKS2_segment_set_size(struct luks2_hdr *hdr, + int segment, + const uint64_t *segment_size_bytes); + +uint64_t LUKS2_opal_segment_size(struct luks2_hdr *hdr, + int segment, + unsigned blockwise); + int LUKS2_segment_is_type(struct luks2_hdr *hdr, int segment, const char *type); +bool LUKS2_segment_is_hw_opal(struct luks2_hdr *hdr, int segment); +bool LUKS2_segment_is_hw_opal_crypt(struct luks2_hdr *hdr, int segment); +bool LUKS2_segment_is_hw_opal_only(struct luks2_hdr *hdr, int segment); + +int LUKS2_get_opal_segment_number(struct luks2_hdr *hdr, int segment, + uint32_t *ret_opal_segment_number); +int LUKS2_get_opal_key_size(struct luks2_hdr *hdr, int segment); + int LUKS2_segment_by_type(struct luks2_hdr *hdr, const char *type); @@ -350,8 +378,11 @@ int LUKS2_last_segment_by_type(struct luks2_hdr *hdr, int LUKS2_get_default_segment(struct luks2_hdr *hdr); +bool LUKS2_segments_dynamic_size(struct luks2_hdr *hdr); + int LUKS2_reencrypt_digest_new(struct luks2_hdr *hdr); int LUKS2_reencrypt_digest_old(struct luks2_hdr *hdr); +unsigned LUKS2_reencrypt_vks_count(struct luks2_hdr *hdr); int LUKS2_reencrypt_data_offset(struct luks2_hdr *hdr, bool blockwise); /* diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c index 4456358..100e026 100644 --- a/lib/luks2/luks2_json_format.c +++ b/lib/luks2/luks2_json_format.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, LUKS2 header format code * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Milan Broz + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -204,76 +204,33 @@ int LUKS2_generate_hdr( struct crypt_device *cd, struct luks2_hdr *hdr, const struct volume_key *vk, - const char *cipherName, - const char *cipherMode, + const char *cipher_spec, const char *integrity, const char *uuid, unsigned int sector_size, /* in bytes */ uint64_t data_offset, /* in bytes */ - uint64_t align_offset, /* in bytes */ - uint64_t required_alignment, - uint64_t metadata_size, - uint64_t keyslots_size) + uint64_t metadata_size_bytes, + uint64_t keyslots_size_bytes, + uint64_t device_size_bytes, + uint32_t opal_segment_number, + uint32_t opal_key_size) { - struct json_object *jobj_segment, *jobj_integrity, *jobj_keyslots, *jobj_segments, *jobj_config; - char cipher[128]; + struct json_object *jobj_segment, *jobj_keyslots, *jobj_segments, *jobj_config; uuid_t partitionUuid; int r, digest; - uint64_t mdev_size; - if (!metadata_size) - metadata_size = LUKS2_HDR_16K_LEN; - hdr->hdr_size = metadata_size; + assert(cipher_spec || (opal_key_size > 0 && device_size_bytes)); - if (data_offset && data_offset < get_min_offset(hdr)) { - log_err(cd, _("Requested data offset is too small.")); - return -EINVAL; - } - - /* Increase keyslot size according to data offset */ - if (!keyslots_size && data_offset) - keyslots_size = data_offset - get_min_offset(hdr); - - /* keyslots size has to be 4 KiB aligned */ - keyslots_size -= (keyslots_size % 4096); - - if (keyslots_size > LUKS2_MAX_KEYSLOTS_SIZE) - keyslots_size = LUKS2_MAX_KEYSLOTS_SIZE; - - if (!keyslots_size) { - assert(LUKS2_DEFAULT_HDR_SIZE > 2 * LUKS2_HDR_OFFSET_MAX); - keyslots_size = LUKS2_DEFAULT_HDR_SIZE - get_min_offset(hdr); - /* Decrease keyslots_size due to metadata device being too small */ - if (!device_size(crypt_metadata_device(cd), &mdev_size) && - ((keyslots_size + get_min_offset(hdr)) > mdev_size) && - device_fallocate(crypt_metadata_device(cd), keyslots_size + get_min_offset(hdr)) && - (get_min_offset(hdr) <= mdev_size)) - keyslots_size = mdev_size - get_min_offset(hdr); - } - - /* Decrease keyslots_size if we have smaller data_offset */ - if (data_offset && (keyslots_size + get_min_offset(hdr)) > data_offset) { - keyslots_size = data_offset - get_min_offset(hdr); - log_dbg(cd, "Decreasing keyslot area size to %" PRIu64 - " bytes due to the requested data offset %" - PRIu64 " bytes.", keyslots_size, data_offset); - } - - /* Data offset has priority */ - if (!data_offset && required_alignment) { - data_offset = size_round_up(get_min_offset(hdr) + keyslots_size, - (size_t)required_alignment); - data_offset += align_offset; - } + hdr->hdr_size = metadata_size_bytes; log_dbg(cd, "Formatting LUKS2 with JSON metadata area %" PRIu64 " bytes and keyslots area %" PRIu64 " bytes.", - metadata_size - LUKS2_HDR_BIN_LEN, keyslots_size); + metadata_size_bytes - LUKS2_HDR_BIN_LEN, keyslots_size_bytes); - if (keyslots_size < (LUKS2_HDR_OFFSET_MAX - 2*LUKS2_HDR_16K_LEN)) + if (keyslots_size_bytes < (LUKS2_HDR_OFFSET_MAX - 2*LUKS2_HDR_16K_LEN)) log_std(cd, _("WARNING: keyslots area (%" PRIu64 " bytes) is very small," " available LUKS2 keyslot count is very limited.\n"), - keyslots_size); + keyslots_size_bytes); hdr->seqid = 1; hdr->version = 2; @@ -291,54 +248,81 @@ int LUKS2_generate_hdr( uuid_unparse(partitionUuid, hdr->uuid); - if (*cipherMode != '\0') - r = snprintf(cipher, sizeof(cipher), "%s-%s", cipherName, cipherMode); - else - r = snprintf(cipher, sizeof(cipher), "%s", cipherName); - if (r < 0 || (size_t)r >= sizeof(cipher)) - return -EINVAL; - hdr->jobj = json_object_new_object(); + if (!hdr->jobj) { + r = -ENOMEM; + goto err; + } jobj_keyslots = json_object_new_object(); + if (!jobj_keyslots) { + r = -ENOMEM; + goto err; + } + json_object_object_add(hdr->jobj, "keyslots", jobj_keyslots); json_object_object_add(hdr->jobj, "tokens", json_object_new_object()); jobj_segments = json_object_new_object(); + if (!jobj_segments) { + r = -ENOMEM; + goto err; + } + json_object_object_add(hdr->jobj, "segments", jobj_segments); json_object_object_add(hdr->jobj, "digests", json_object_new_object()); jobj_config = json_object_new_object(); + if (!jobj_config) { + r = -ENOMEM; + goto err; + } + json_object_object_add(hdr->jobj, "config", jobj_config); digest = LUKS2_digest_create(cd, "pbkdf2", hdr, vk); - if (digest < 0) + if (digest < 0) { + r = -EINVAL; goto err; + } - if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0) + if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0) { + r = -EINVAL; goto err; + } - jobj_segment = json_segment_create_crypt(data_offset, 0, NULL, cipher, sector_size, 0); - if (!jobj_segment) - goto err; + if (!opal_key_size) + jobj_segment = json_segment_create_crypt(data_offset, 0, + NULL, cipher_spec, + integrity, sector_size, + 0); + else if (opal_key_size && cipher_spec) + jobj_segment = json_segment_create_opal_crypt(data_offset, &device_size_bytes, + opal_segment_number, opal_key_size, 0, + cipher_spec, integrity, + sector_size, 0); + else + jobj_segment = json_segment_create_opal(data_offset, &device_size_bytes, + opal_segment_number, opal_key_size); - if (integrity) { - jobj_integrity = json_object_new_object(); - json_object_object_add(jobj_integrity, "type", json_object_new_string(integrity)); - json_object_object_add(jobj_integrity, "journal_encryption", json_object_new_string("none")); - json_object_object_add(jobj_integrity, "journal_integrity", json_object_new_string("none")); - json_object_object_add(jobj_segment, "integrity", jobj_integrity); + if (!jobj_segment) { + r = -EINVAL; + goto err; } - json_object_object_add_by_uint(jobj_segments, 0, jobj_segment); + if (json_object_object_add_by_uint(jobj_segments, 0, jobj_segment)) { + json_object_put(jobj_segment); + r = -ENOMEM; + goto err; + } - json_object_object_add(jobj_config, "json_size", crypt_jobj_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN)); - json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size)); + json_object_object_add(jobj_config, "json_size", crypt_jobj_new_uint64(metadata_size_bytes - LUKS2_HDR_BIN_LEN)); + json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size_bytes)); JSON_DBG(cd, hdr->jobj, "Header JSON:"); return 0; err: json_object_put(hdr->jobj); hdr->jobj = NULL; - return -EINVAL; + return r; } int LUKS2_wipe_header_areas(struct crypt_device *cd, @@ -379,6 +363,14 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd, offset = get_min_offset(hdr); length = LUKS2_keyslots_size(hdr); + /* + * Skip keyslots area wipe in case it is not defined. + * Otherwise we would wipe whole data device (length == 0) + * starting at offset get_min_offset(hdr). + */ + if (!length) + return 0; + log_dbg(cd, "Wiping keyslots area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.", offset, length + offset); @@ -409,3 +401,80 @@ int LUKS2_set_keyslots_size(struct luks2_hdr *hdr, uint64_t data_offset) json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size)); return 0; } + +int LUKS2_hdr_get_storage_params(struct crypt_device *cd, + uint64_t alignment_offset_bytes, + uint64_t alignment_bytes, + uint64_t *ret_metadata_size_bytes, + uint64_t *ret_keyslots_size_bytes, + uint64_t *ret_data_offset_bytes) +{ + uint64_t data_offset_bytes, keyslots_size_bytes, metadata_size_bytes, mdev_size_bytes; + + assert(cd); + assert(ret_metadata_size_bytes); + assert(ret_keyslots_size_bytes); + assert(ret_data_offset_bytes); + + metadata_size_bytes = crypt_get_metadata_size_bytes(cd); + keyslots_size_bytes = crypt_get_keyslots_size_bytes(cd); + data_offset_bytes = crypt_get_data_offset_sectors(cd) * SECTOR_SIZE; + + if (!metadata_size_bytes) + metadata_size_bytes = LUKS2_HDR_16K_LEN; + + if (data_offset_bytes && data_offset_bytes < 2 * metadata_size_bytes) { + log_err(cd, _("Requested data offset is too small.")); + return -EINVAL; + } + + /* Increase keyslot size according to data offset */ + if (!keyslots_size_bytes && data_offset_bytes) + keyslots_size_bytes = data_offset_bytes - 2 * metadata_size_bytes; + + /* keyslots size has to be 4 KiB aligned */ + keyslots_size_bytes -= (keyslots_size_bytes % 4096); + + if (keyslots_size_bytes > LUKS2_MAX_KEYSLOTS_SIZE) + keyslots_size_bytes = LUKS2_MAX_KEYSLOTS_SIZE; + + if (!keyslots_size_bytes) { + assert(LUKS2_DEFAULT_HDR_SIZE > 2 * LUKS2_HDR_OFFSET_MAX); + keyslots_size_bytes = LUKS2_DEFAULT_HDR_SIZE - 2 * metadata_size_bytes; + /* Decrease keyslots_size due to metadata device being too small */ + if (!device_size(crypt_metadata_device(cd), &mdev_size_bytes) && + ((keyslots_size_bytes + 2 * metadata_size_bytes) > mdev_size_bytes) && + device_fallocate(crypt_metadata_device(cd), keyslots_size_bytes + 2 * metadata_size_bytes) && + ((2 * metadata_size_bytes) <= mdev_size_bytes)) + keyslots_size_bytes = mdev_size_bytes - 2 * metadata_size_bytes; + } + + /* Decrease keyslots_size if we have smaller data_offset */ + if (data_offset_bytes && (keyslots_size_bytes + 2 * metadata_size_bytes) > data_offset_bytes) { + keyslots_size_bytes = data_offset_bytes - 2 * metadata_size_bytes; + log_dbg(cd, "Decreasing keyslot area size to %" PRIu64 + " bytes due to the requested data offset %" + PRIu64 " bytes.", keyslots_size_bytes, data_offset_bytes); + } + + /* Data offset has priority */ + if (!data_offset_bytes && alignment_bytes) { + data_offset_bytes = size_round_up(2 * metadata_size_bytes + keyslots_size_bytes, + (size_t)alignment_bytes); + data_offset_bytes += alignment_offset_bytes; + } + + if (crypt_get_metadata_size_bytes(cd) && (crypt_get_metadata_size_bytes(cd) != metadata_size_bytes)) + log_std(cd, _("WARNING: LUKS2 metadata size changed to %" PRIu64 " bytes.\n"), + metadata_size_bytes); + + if (crypt_get_keyslots_size_bytes(cd) && (crypt_get_keyslots_size_bytes(cd) != keyslots_size_bytes)) + log_std(cd, _("WARNING: LUKS2 keyslots area size changed to %" PRIu64 " bytes.\n"), + keyslots_size_bytes); + + *ret_metadata_size_bytes = metadata_size_bytes; + *ret_keyslots_size_bytes = keyslots_size_bytes; + *ret_data_offset_bytes = data_offset_bytes; + + return 0; +} diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c index 4771f04..22f3e3d 100644 --- a/lib/luks2/luks2_json_metadata.c +++ b/lib/luks2/luks2_json_metadata.c @@ -1,9 +1,9 @@ /* * LUKS - Linux Unified Key Setup v2 * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Milan Broz - * Copyright (C) 2015-2023 Ondrej Kozina + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Milan Broz + * Copyright (C) 2015-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,6 +21,7 @@ */ #include "luks2_internal.h" +#include "luks2/hw_opal/hw_opal.h" #include "../integrity/integrity.h" #include <ctype.h> #include <uuid/uuid.h> @@ -88,6 +89,9 @@ struct json_object *LUKS2_array_remove(struct json_object *array, const char *nu /* Create new array without jobj_removing. */ array_new = json_object_new_array(); + if (!array_new) + return NULL; + for (i = 0; i < (int) json_object_array_length(array); i++) { jobj1 = json_object_array_get_idx(array, i); if (jobj1 != jobj_removing) @@ -478,6 +482,9 @@ static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj json = json_object_to_json_string_ext(hdr_jobj, JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE); + if (!json) + return 1; + json_area_size = crypt_jobj_get_uint64(jobj1); json_size = (uint64_t)strlen(json); @@ -637,6 +644,11 @@ static int reqs_reencrypt_online(uint32_t reqs) return reqs & CRYPT_REQUIREMENT_ONLINE_REENCRYPT; } +static int reqs_opal(uint32_t reqs) +{ + return reqs & CRYPT_REQUIREMENT_OPAL; +} + /* * Config section requirements object must be valid. * Also general segments section must be validated first. @@ -697,7 +709,7 @@ static int validate_reencrypt_segments(struct crypt_device *cd, json_object *hdr static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) { json_object *jobj_segments, *jobj_digests, *jobj_offset, *jobj_size, *jobj_type, *jobj_flags, *jobj; - uint64_t offset, size; + uint64_t offset, size, opal_segment_size; int i, r, count, first_backup = -1; struct interval *intervals = NULL; @@ -777,6 +789,32 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) if (!strcmp(json_object_get_string(jobj_type), "crypt") && hdr_validate_crypt_segment(cd, val, key, jobj_digests, size)) return 1; + + /* opal */ + if (!strncmp(json_object_get_string(jobj_type), "hw-opal", 7)) { + if (!size) { + log_dbg(cd, "segment type %s does not support dynamic size.", + json_object_get_string(jobj_type)); + return 1; + } + if (!json_contains(cd, val, key, "Segment", "opal_segment_number", json_type_int) || + !json_contains(cd, val, key, "Segment", "opal_key_size", json_type_int) || + !(jobj_size = json_contains_string(cd, val, key, "Segment", "opal_segment_size"))) + return 1; + if (!numbered(cd, "opal_segment_size", json_object_get_string(jobj_size))) + return 1; + if (!json_str_to_uint64(jobj_size, &opal_segment_size) || !opal_segment_size) { + log_dbg(cd, "Illegal OPAL segment size value."); + return 1; + } + if (size > opal_segment_size) { + log_dbg(cd, "segment size overflows OPAL locking range size."); + return 1; + } + if (!strcmp(json_object_get_string(jobj_type), "hw-opal-crypt") && + hdr_validate_crypt_segment(cd, val, key, jobj_digests, size)) + return 1; + } } if (first_backup == 0) { @@ -1575,6 +1613,8 @@ int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint3 return 0; jobj_flags = json_object_new_array(); + if (!jobj_flags) + return -ENOMEM; for (i = 0; persistent_flags[i].description; i++) { if (flags & persistent_flags[i].flag) { @@ -1615,6 +1655,7 @@ static const struct requirement_flag requirements_flags[] = { { CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 2, "online-reencrypt-v2" }, { CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 3, "online-reencrypt-v3" }, { CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 1, "online-reencrypt" }, + { CRYPT_REQUIREMENT_OPAL, 1, "opal" }, { 0, 0, NULL } }; @@ -1707,7 +1748,7 @@ int LUKS2_config_get_reencrypt_version(struct luks2_hdr *hdr, uint8_t *version) return -ENOENT; } -static const struct requirement_flag *stored_requirement_name_by_id(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t req_id) +static const struct requirement_flag *stored_requirement_name_by_id(struct luks2_hdr *hdr, uint32_t req_id) { json_object *jobj_mandatory, *jobj; int i, len; @@ -1786,7 +1827,7 @@ int LUKS2_config_set_requirements(struct crypt_device *cd, struct luks2_hdr *hdr req_id = reqs & requirements_flags[i].flag; if (req_id) { /* retain already stored version of requirement flag */ - req = stored_requirement_name_by_id(cd, hdr, req_id); + req = stored_requirement_name_by_id(hdr, req_id); if (req) jobj = json_object_new_string(req->description); else @@ -2090,6 +2131,8 @@ static void hdr_dump_segments(struct crypt_device *cd, json_object *hdr_jobj) if (json_object_object_get_ex(jobj_segment, "encryption", &jobj1)) log_std(cd, "\tcipher: %s\n", json_object_get_string(jobj1)); + else + log_std(cd, "\tcipher: (no SW encryption)\n"); if (json_object_object_get_ex(jobj_segment, "sector_size", &jobj1)) log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", crypt_jobj_get_uint32(jobj1)); @@ -2109,6 +2152,18 @@ static void hdr_dump_segments(struct crypt_device *cd, json_object *hdr_jobj) log_std(cd, "\n"); } + json_object_object_get_ex(jobj_segment, "type", &jobj1); + if (!strncmp(json_object_get_string(jobj1), "hw-opal", 7)) { + log_std(cd, "\tHW OPAL encryption:\n"); + json_object_object_get_ex(jobj_segment, "opal_segment_number", &jobj1); + log_std(cd, "\t\tOPAL segment number: %" PRIu32 "\n", crypt_jobj_get_uint32(jobj1)); + json_object_object_get_ex(jobj_segment, "opal_key_size", &jobj1); + log_std(cd, "\t\tOPAL key: %" PRIu32 " bits\n", crypt_jobj_get_uint32(jobj1) * 8); + json_object_object_get_ex(jobj_segment, "opal_segment_size", &jobj1); + json_str_to_uint64(jobj1, &value); + log_std(cd, "\t\tOPAL segment length: %" PRIu64 " [bytes]\n", value); + } + log_std(cd, "\n"); } } @@ -2584,26 +2639,104 @@ int LUKS2_activate_multi(struct crypt_device *cd, int LUKS2_activate(struct crypt_device *cd, const char *name, - struct volume_key *vk, + struct volume_key *crypt_key, + struct volume_key *opal_key, uint32_t flags) { int r; + bool dynamic, read_lock, write_lock, opal_lock_on_error = false; + uint32_t opal_segment_number; + uint64_t range_offset_sectors, range_length_sectors, device_length_bytes; struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); struct crypt_dm_active_device dmdi = {}, dmd = { .uuid = crypt_get_uuid(cd) }; + struct crypt_lock_handle *opal_lh = NULL; /* do not allow activation when particular requirements detected */ - if ((r = LUKS2_unmet_requirements(cd, hdr, 0, 0))) + if ((r = LUKS2_unmet_requirements(cd, hdr, CRYPT_REQUIREMENT_OPAL, 0))) return r; - r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), - vk, crypt_get_cipher_spec(cd), crypt_get_iv_offset(cd), - crypt_get_data_offset(cd), crypt_get_integrity(cd) ?: "none", - crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd)); - if (r < 0) + /* Check that cipher is in compatible format */ + if (!crypt_get_cipher(cd)) { + log_err(cd, _("No known cipher specification pattern detected in LUKS2 header.")); + return -EINVAL; + } + + if ((r = LUKS2_get_data_size(hdr, &device_length_bytes, &dynamic))) return r; + if (dynamic && opal_key) { + log_err(cd, _("OPAL device must have static device size.")); + return -EINVAL; + } + + if (!dynamic) + dmd.size = device_length_bytes / SECTOR_SIZE; + + if (opal_key) { + r = crypt_opal_supported(cd, crypt_data_device(cd)); + if (r < 0) + return r; + + r = LUKS2_get_opal_segment_number(hdr, CRYPT_DEFAULT_SEGMENT, &opal_segment_number); + if (r < 0) + return -EINVAL; + + range_length_sectors = LUKS2_opal_segment_size(hdr, CRYPT_DEFAULT_SEGMENT, 1); + + if (crypt_get_integrity_tag_size(cd)) { + if (dmd.size >= range_length_sectors) { + log_err(cd, _("Encrypted OPAL device with integrity must be smaller than locking range.")); + return -EINVAL; + } + } else { + if (range_length_sectors != dmd.size) { + log_err(cd, _("OPAL device must have same size as locking range.")); + return -EINVAL; + } + } + + range_offset_sectors = crypt_get_data_offset(cd) + crypt_dev_partition_offset(device_path(crypt_data_device(cd))); + r = opal_exclusive_lock(cd, crypt_data_device(cd), &opal_lh); + if (r < 0) { + log_err(cd, _("Failed to acquire OPAL lock on device %s."), device_path(crypt_data_device(cd))); + return -EINVAL; + } + + r = opal_range_check_attributes_and_get_lock_state(cd, crypt_data_device(cd), opal_segment_number, + opal_key, &range_offset_sectors, &range_length_sectors, + &read_lock, &write_lock); + if (r < 0) + goto out; + + opal_lock_on_error = read_lock && write_lock; + if (!opal_lock_on_error && !(flags & CRYPT_ACTIVATE_REFRESH)) + log_std(cd, _("OPAL device is %s already unlocked.\n"), + device_path(crypt_data_device(cd))); + + r = opal_unlock(cd, crypt_data_device(cd), opal_segment_number, opal_key); + if (r < 0) + goto out; + } + + if (LUKS2_segment_is_type(hdr, CRYPT_DEFAULT_SEGMENT, "crypt") || + LUKS2_segment_is_type(hdr, CRYPT_DEFAULT_SEGMENT, "hw-opal-crypt")) { + r = dm_crypt_target_set(&dmd.segment, 0, + dmd.size, crypt_data_device(cd), + crypt_key, crypt_get_cipher_spec(cd), + crypt_get_iv_offset(cd), crypt_get_data_offset(cd), + crypt_get_integrity(cd) ?: "none", + crypt_get_integrity_tag_size(cd), + crypt_get_sector_size(cd)); + } else + r = dm_linear_target_set(&dmd.segment, 0, + dmd.size, crypt_data_device(cd), + crypt_get_data_offset(cd)); + + if (r < 0) + goto out; + /* Add persistent activation flags */ if (!(flags & CRYPT_ACTIVATE_IGNORE_PERSISTENT)) LUKS2_config_get_flags(cd, hdr, &dmd.flags); @@ -2613,29 +2746,47 @@ int LUKS2_activate(struct crypt_device *cd, if (crypt_get_integrity_tag_size(cd)) { if (!LUKS2_integrity_compatible(hdr)) { log_err(cd, _("Unsupported device integrity configuration.")); - return -EINVAL; + r = -EINVAL; + goto out; } if (dmd.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) { log_err(cd, _("Discard/TRIM is not supported.")); - return -EINVAL; + r = -EINVAL; + goto out; } r = INTEGRITY_create_dmd_device(cd, NULL, NULL, NULL, NULL, &dmdi, dmd.flags, 0); if (r) - return r; + goto out; + + if (!dynamic && dmdi.size != dmd.size) { + log_err(cd, _("Underlying dm-integrity device with unexpected provided data sectors.")); + r = -EINVAL; + goto out; + } dmdi.flags |= CRYPT_ACTIVATE_PRIVATE; dmdi.uuid = dmd.uuid; dmd.segment.u.crypt.offset = 0; - dmd.segment.size = dmdi.segment.size; + if (dynamic) + dmd.segment.size = dmdi.segment.size; - r = create_or_reload_device_with_integrity(cd, name, CRYPT_LUKS2, &dmd, &dmdi); + r = create_or_reload_device_with_integrity(cd, name, + opal_key ? CRYPT_LUKS2_HW_OPAL : CRYPT_LUKS2, + &dmd, &dmdi); } else - r = create_or_reload_device(cd, name, CRYPT_LUKS2, &dmd); + r = create_or_reload_device(cd, name, + opal_key ? CRYPT_LUKS2_HW_OPAL : CRYPT_LUKS2, + &dmd); dm_targets_free(cd, &dmd); dm_targets_free(cd, &dmdi); +out: + if (r < 0 && opal_lock_on_error) + opal_lock(cd, crypt_data_device(cd), opal_segment_number); + + opal_exclusive_unlock(cd, opal_lh); return r; } @@ -2665,13 +2816,15 @@ static bool contains_reencryption_helper(char **names) int LUKS2_deactivate(struct crypt_device *cd, const char *name, struct luks2_hdr *hdr, struct crypt_dm_active_device *dmd, uint32_t flags) { + bool dm_opal_uuid; int r, ret; struct dm_target *tgt; crypt_status_info ci; struct crypt_dm_active_device dmdc; + uint32_t opal_segment_number; char **dep, deps_uuid_prefix[40], *deps[MAX_DM_DEPS+1] = { 0 }; const char *namei = NULL; - struct crypt_lock_handle *reencrypt_lock = NULL; + struct crypt_lock_handle *reencrypt_lock = NULL, *opal_lh = NULL; if (!dmd || !dmd->uuid || strncmp(CRYPT_LUKS2, dmd->uuid, sizeof(CRYPT_LUKS2)-1)) return -EINVAL; @@ -2684,6 +2837,11 @@ int LUKS2_deactivate(struct crypt_device *cd, const char *name, struct luks2_hdr if (r < 0 || (size_t)r != (sizeof(deps_uuid_prefix) - 1)) return -EINVAL; + /* check if active device has LUKS2-OPAL dm uuid prefix */ + dm_opal_uuid = !crypt_uuid_type_cmp(dmd->uuid, CRYPT_LUKS2_HW_OPAL); + if (dm_opal_uuid && hdr && !LUKS2_segment_is_hw_opal(hdr, CRYPT_DEFAULT_SEGMENT)) + return -EINVAL; + tgt = &dmd->segment; /* TODO: We have LUKS2 dependencies now */ @@ -2726,7 +2884,8 @@ int LUKS2_deactivate(struct crypt_device *cd, const char *name, struct luks2_hdr tgt = &dmdc.segment; while (tgt) { if (tgt->type == DM_CRYPT) - crypt_drop_keyring_key_by_description(cd, tgt->u.crypt.vk->key_description, LOGON_KEY); + crypt_drop_keyring_key_by_description(cd, tgt->u.crypt.vk->key_description, + LOGON_KEY); tgt = tgt->next; } } @@ -2761,7 +2920,8 @@ int LUKS2_deactivate(struct crypt_device *cd, const char *name, struct luks2_hdr tgt = &dmdc.segment; while (tgt) { if (tgt->type == DM_CRYPT) - crypt_drop_keyring_key_by_description(cd, tgt->u.crypt.vk->key_description, LOGON_KEY); + crypt_drop_keyring_key_by_description(cd, tgt->u.crypt.vk->key_description, + LOGON_KEY); tgt = tgt->next; } } @@ -2773,7 +2933,35 @@ int LUKS2_deactivate(struct crypt_device *cd, const char *name, struct luks2_hdr r = ret; } + if (!r && dm_opal_uuid) { + if (hdr) { + if (LUKS2_get_opal_segment_number(hdr, CRYPT_DEFAULT_SEGMENT, &opal_segment_number)) { + log_err(cd, _("Device %s was deactivated but hardware OPAL device cannot be locked."), + name); + r = -EINVAL; + goto out; + } + } else { + /* Guess OPAL range number for LUKS2-OPAL device with missing header */ + opal_segment_number = 1; + ret = crypt_dev_get_partition_number(device_path(crypt_data_device(cd))); + if (ret > 0) + opal_segment_number = ret; + } + + if (crypt_data_device(cd)) { + r = opal_exclusive_lock(cd, crypt_data_device(cd), &opal_lh); + if (r < 0) { + log_err(cd, _("Failed to acquire OPAL lock on device %s."), device_path(crypt_data_device(cd))); + goto out; + } + } + + if (!crypt_data_device(cd) || opal_lock(cd, crypt_data_device(cd), opal_segment_number)) + log_err(cd, _("Device %s was deactivated but hardware OPAL device cannot be locked."), name); + } out: + opal_exclusive_unlock(cd, opal_lh); LUKS2_reencrypt_unlock(cd, reencrypt_lock); dep = deps; while (*dep) @@ -2807,6 +2995,8 @@ int LUKS2_unmet_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uin log_err(cd, _("Operation incompatible with device marked for legacy reencryption. Aborting.")); if (reqs_reencrypt_online(reqs) && !quiet) log_err(cd, _("Operation incompatible with device marked for LUKS2 reencryption. Aborting.")); + if (reqs_opal(reqs) && !quiet) + log_err(cd, _("Operation incompatible with device using OPAL. Aborting.")); /* any remaining unmasked requirement fails the check */ return reqs ? -EINVAL : 0; @@ -2859,6 +3049,20 @@ int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object #endif } +int json_object_object_add_by_uint_by_ref(json_object *jobj, unsigned key, json_object **jobj_val_ref) +{ + int r; + + assert(jobj); + assert(jobj_val_ref); + + r = json_object_object_add_by_uint(jobj, key, *jobj_val_ref); + if (!r) + *jobj_val_ref = NULL; + + return r; +} + /* jobj_dst must contain pointer initialized to NULL (see json-c json_object_deep_copy API) */ int json_object_copy(json_object *jobj_src, json_object **jobj_dst) { @@ -2872,3 +3076,58 @@ int json_object_copy(json_object *jobj_src, json_object **jobj_dst) return *jobj_dst ? 0 : -1; #endif } + +int LUKS2_split_crypt_and_opal_keys(struct crypt_device *cd __attribute__((unused)), + struct luks2_hdr *hdr, + const struct volume_key *vk, + struct volume_key **ret_crypt_key, + struct volume_key **ret_opal_key) +{ + int r; + uint32_t opal_segment_number; + size_t opal_user_key_size; + json_object *jobj_segment; + struct volume_key *opal_key, *crypt_key; + + assert(vk); + assert(ret_crypt_key); + assert(ret_opal_key); + + jobj_segment = LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT); + if (!jobj_segment) + return -EINVAL; + + r = json_segment_get_opal_segment_id(jobj_segment, &opal_segment_number); + if (r < 0) + return -EINVAL; + + r = json_segment_get_opal_key_size(jobj_segment, &opal_user_key_size); + if (r < 0) + return -EINVAL; + + if (vk->keylength < opal_user_key_size) + return -EINVAL; + + /* OPAL SEGMENT only */ + if (vk->keylength == opal_user_key_size) { + *ret_crypt_key = NULL; + *ret_opal_key = NULL; + return 0; + } + + opal_key = crypt_alloc_volume_key(opal_user_key_size, vk->key); + if (!opal_key) + return -ENOMEM; + + crypt_key = crypt_alloc_volume_key(vk->keylength - opal_user_key_size, + vk->key + opal_user_key_size); + if (!crypt_key) { + crypt_free_volume_key(opal_key); + return -ENOMEM; + } + + *ret_opal_key = opal_key; + *ret_crypt_key = crypt_key; + + return 0; +} diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c index 5cf4b83..40816eb 100644 --- a/lib/luks2/luks2_keyslot.c +++ b/lib/luks2/luks2_keyslot.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, keyslot handling * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Milan Broz + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -578,6 +578,8 @@ int LUKS2_keyslot_open(struct crypt_device *cd, int r_prio, r = -EINVAL; hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + if (!hdr) + return -EINVAL; if (keyslot == CRYPT_ANY_SLOT) { r_prio = LUKS2_keyslot_open_priority(cd, hdr, CRYPT_SLOT_PRIORITY_PREFER, @@ -676,8 +678,7 @@ int LUKS2_keyslot_store(struct crypt_device *cd, int LUKS2_keyslot_wipe(struct crypt_device *cd, struct luks2_hdr *hdr, - int keyslot, - int wipe_area_only) + int keyslot) { struct device *device = crypt_metadata_device(cd); uint64_t area_offset, area_length; @@ -694,9 +695,6 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd, if (!jobj_keyslot) return -ENOENT; - if (wipe_area_only) - log_dbg(cd, "Wiping keyslot %d area only.", keyslot); - r = LUKS2_device_write_lock(cd, hdr, device); if (r) return r; @@ -720,9 +718,6 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd, } } - if (wipe_area_only) - goto out; - /* Slot specific wipe */ if (h) { r = h->wipe(cd, keyslot); @@ -803,6 +798,9 @@ int placeholder_keyslot_alloc(struct crypt_device *cd, return -EINVAL; jobj_keyslot = json_object_new_object(); + if (!jobj_keyslot) + return -ENOMEM; + json_object_object_add(jobj_keyslot, "type", json_object_new_string("placeholder")); /* * key_size = -1 makes placeholder keyslot impossible to pass validation. @@ -813,11 +811,19 @@ int placeholder_keyslot_alloc(struct crypt_device *cd, /* Area object */ jobj_area = json_object_new_object(); + if (!jobj_area) { + json_object_put(jobj_keyslot); + return -ENOMEM; + } + json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset)); json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length)); json_object_object_add(jobj_keyslot, "area", jobj_area); - json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot); + if (json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot)) { + json_object_put(jobj_keyslot); + return -EINVAL; + } return 0; } @@ -899,7 +905,7 @@ int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj) return 0; } -void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_keyslots) +void LUKS2_keyslots_repair(struct crypt_device *cd __attribute__((unused)), json_object *jobj_keyslots) { const keyslot_handler *h; json_object *jobj_type; @@ -964,14 +970,17 @@ int LUKS2_keyslot_swap(struct crypt_device *cd, struct luks2_hdr *hdr, json_object_object_del_by_uint(jobj_keyslots, keyslot); r = json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot2); if (r < 0) { + json_object_put(jobj_keyslot2); log_dbg(cd, "Failed to swap keyslot %d.", keyslot); return r; } json_object_object_del_by_uint(jobj_keyslots, keyslot2); r = json_object_object_add_by_uint(jobj_keyslots, keyslot2, jobj_keyslot); - if (r < 0) + if (r < 0) { + json_object_put(jobj_keyslot); log_dbg(cd, "Failed to swap keyslot2 %d.", keyslot2); + } return r; } diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c index 491dcad..2c1f400 100644 --- a/lib/luks2/luks2_keyslot_luks2.c +++ b/lib/luks2/luks2_keyslot_luks2.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, LUKS2 type keyslot handler * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Milan Broz + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -307,7 +307,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd, char *volume_key, size_t volume_key_len) { struct volume_key *derived_key = NULL; - struct crypt_pbkdf_type pbkdf; + struct crypt_pbkdf_type pbkdf, *cd_pbkdf; char *AfKey = NULL; size_t AFEKSize; const char *af_hash = NULL; @@ -361,6 +361,16 @@ static int luks2_keyslot_get_key(struct crypt_device *cd, } /* + * Print warning when keyslot requires more memory than available + * (if maximum memory was adjusted - no swap, not enough memory), + * but be silent if user set keyslot memory cost above default limit intentionally. + */ + cd_pbkdf = crypt_get_pbkdf(cd); + if (cd_pbkdf->max_memory_kb && pbkdf.max_memory_kb > cd_pbkdf->max_memory_kb && + pbkdf.max_memory_kb <= DEFAULT_LUKS2_MEMORY_KB) + log_std(cd, _("Warning: keyslot operation could fail as it requires more than available memory.\n")); + + /* * If requested, serialize unlocking for memory-hard KDF. Usually NOOP. */ if (pbkdf.max_memory_kb > MIN_MEMORY_FOR_SERIALIZE_LOCK_KB) @@ -512,23 +522,42 @@ static int luks2_keyslot_alloc(struct crypt_device *cd, } jobj_keyslot = json_object_new_object(); + if (!jobj_keyslot) { + r = -ENOMEM; + goto err; + } + json_object_object_add(jobj_keyslot, "type", json_object_new_string("luks2")); json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(volume_key_len)); /* AF object */ jobj_af = json_object_new_object(); + if (!jobj_af) { + r = -ENOMEM; + goto err; + } + json_object_object_add(jobj_af, "type", json_object_new_string("luks1")); json_object_object_add(jobj_af, "stripes", json_object_new_int(params->af.luks1.stripes)); json_object_object_add(jobj_keyslot, "af", jobj_af); /* Area object */ jobj_area = json_object_new_object(); + if (!jobj_area) { + r = -ENOMEM; + goto err; + } + json_object_object_add(jobj_area, "type", json_object_new_string("raw")); json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset)); json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length)); json_object_object_add(jobj_keyslot, "area", jobj_area); - json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot); + r = json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot); + if (r) { + json_object_put(jobj_keyslot); + return r; + } r = luks2_keyslot_update_json(cd, jobj_keyslot, params); @@ -541,6 +570,9 @@ static int luks2_keyslot_alloc(struct crypt_device *cd, json_object_object_del_by_uint(jobj_keyslots, keyslot); return r; +err: + json_object_put(jobj_keyslot); + return r; } static int luks2_keyslot_open(struct crypt_device *cd, diff --git a/lib/luks2/luks2_keyslot_reenc.c b/lib/luks2/luks2_keyslot_reenc.c index 4291d0c..e847673 100644 --- a/lib/luks2/luks2_keyslot_reenc.c +++ b/lib/luks2/luks2_keyslot_reenc.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, reencryption keyslot handler * - * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2023 Ondrej Kozina + * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -145,7 +145,12 @@ static int reenc_keyslot_alloc(struct crypt_device *cd, else json_object_object_add(jobj_keyslot, "direction", json_object_new_string("backward")); - json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot); + r = json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot); + if (r) { + json_object_put(jobj_keyslot); + return r; + } + if (LUKS2_check_json_size(cd, hdr)) { log_dbg(cd, "New keyslot too large to fit in free metadata space."); json_object_object_del_by_uint(jobj_keyslots, keyslot); @@ -371,8 +376,7 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key return 0; } -static int reenc_keyslot_update_needed(struct crypt_device *cd, - json_object *jobj_keyslot, +static int reenc_keyslot_update_needed(json_object *jobj_keyslot, const struct crypt_params_reencrypt *params, size_t alignment) { @@ -537,8 +541,7 @@ static int reenc_keyslot_load_resilience(struct crypt_device *cd, return reenc_keyslot_load_resilience_secondary(cd, type, jobj_area, area_length, rp); } -static bool reenc_keyslot_update_is_valid(struct crypt_device *cd, - json_object *jobj_area, +static bool reenc_keyslot_update_is_valid(json_object *jobj_area, const struct crypt_params_reencrypt *params) { const char *type; @@ -589,7 +592,7 @@ static int reenc_keyslot_update(struct crypt_device *cd, if (!params || !params->resilience) jobj_area_new = reencrypt_keyslot_area_jobj_update_block_size(cd, jobj_area, alignment); else { - if (!reenc_keyslot_update_is_valid(cd, jobj_area, params)) { + if (!reenc_keyslot_update_is_valid(jobj_area, params)) { log_err(cd, _("Invalid reencryption resilience mode change requested.")); return -EINVAL; } @@ -661,7 +664,7 @@ int LUKS2_keyslot_reencrypt_update_needed(struct crypt_device *cd, strcmp(json_object_get_string(jobj_type), "reencrypt")) return -EINVAL; - r = reenc_keyslot_update_needed(cd, jobj_keyslot, params, alignment); + r = reenc_keyslot_update_needed(jobj_keyslot, params, alignment); if (!r) log_dbg(cd, "No update of reencrypt keyslot needed."); diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c index 6d3fa1e..9513217 100644 --- a/lib/luks2/luks2_luks1_convert.c +++ b/lib/luks2/luks2_luks1_convert.c @@ -1,9 +1,9 @@ /* * LUKS - Linux Unified Key Setup v2, LUKS1 conversion code * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Ondrej Kozina - * Copyright (C) 2015-2023 Milan Broz + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Ondrej Kozina + * Copyright (C) 2015-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -67,11 +67,21 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc int r; keyslot_obj = json_object_new_object(); + if (!keyslot_obj) { + r = -ENOMEM; + goto err; + } + json_object_object_add(keyslot_obj, "type", json_object_new_string("luks2")); json_object_object_add(keyslot_obj, "key_size", json_object_new_int64(hdr_v1->keyBytes)); /* KDF */ jobj_kdf = json_object_new_object(); + if (!jobj_kdf) { + r = -ENOMEM; + goto err; + } + json_object_object_add(jobj_kdf, "type", json_object_new_string(CRYPT_KDF_PBKDF2)); json_object_object_add(jobj_kdf, "hash", json_object_new_string(hdr_v1->hashSpec)); json_object_object_add(jobj_kdf, "iterations", json_object_new_int64(hdr_v1->keyblock[keyslot].passwordIterations)); @@ -89,6 +99,11 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc /* AF */ jobj_af = json_object_new_object(); + if (!jobj_af) { + r = -ENOMEM; + goto err; + } + json_object_object_add(jobj_af, "type", json_object_new_string("luks1")); json_object_object_add(jobj_af, "hash", json_object_new_string(hdr_v1->hashSpec)); /* stripes field ignored, fixed to LUKS_STRIPES (4000) */ @@ -97,6 +112,11 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc /* Area */ jobj_area = json_object_new_object(); + if (!jobj_area) { + r = -ENOMEM; + goto err; + } + json_object_object_add(jobj_area, "type", json_object_new_string("raw")); /* encryption algorithm field */ @@ -124,6 +144,9 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc *keyslot_object = keyslot_obj; return 0; +err: + json_object_put(keyslot_obj); + return r; } static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_object **keyslots_object) @@ -143,7 +166,12 @@ static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_objec json_object_put(keyslot_obj); return r; } - json_object_object_add_by_uint(keyslot_obj, keyslot, field); + r = json_object_object_add_by_uint(keyslot_obj, keyslot, field); + if (r) { + json_object_put(field); + json_object_put(keyslot_obj); + return r; + } } *keyslots_object = keyslot_obj; @@ -238,7 +266,12 @@ static int json_luks1_segments(const struct luks_phdr *hdr_v1, struct json_objec json_object_put(segments_obj); return r; } - json_object_object_add_by_uint(segments_obj, 0, field); + r = json_object_object_add_by_uint(segments_obj, 0, field); + if (r) { + json_object_put(field); + json_object_put(segments_obj); + return r; + } *segments_object = segments_obj; return 0; diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c index b0dcd6d..b7af206 100644 --- a/lib/luks2/luks2_reencrypt.c +++ b/lib/luks2/luks2_reencrypt.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, reencryption helpers * - * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2015-2023 Ondrej Kozina + * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -162,6 +162,7 @@ static uint64_t reencrypt_get_data_offset_old(struct luks2_hdr *hdr) return reencrypt_data_offset(hdr, 0); } #endif + static int reencrypt_digest(struct luks2_hdr *hdr, unsigned new) { int segment = LUKS2_get_segment_id_by_flag(hdr, new ? "backup-final" : "backup-previous"); @@ -182,6 +183,21 @@ int LUKS2_reencrypt_digest_old(struct luks2_hdr *hdr) return reencrypt_digest(hdr, 0); } +unsigned LUKS2_reencrypt_vks_count(struct luks2_hdr *hdr) +{ + int digest_old, digest_new; + unsigned vks_count = 0; + + if ((digest_new = LUKS2_reencrypt_digest_new(hdr)) >= 0) + vks_count++; + if ((digest_old = LUKS2_reencrypt_digest_old(hdr)) >= 0) { + if (digest_old != digest_new) + vks_count++; + } + + return vks_count; +} + /* none, checksums, journal or shift */ static const char *reencrypt_resilience_type(struct luks2_hdr *hdr) { @@ -224,7 +240,7 @@ static const char *reencrypt_resilience_hash(struct luks2_hdr *hdr) static json_object *_enc_create_segments_shift_after(struct luks2_reencrypt *rh, uint64_t data_offset) { int reenc_seg, i = 0; - json_object *jobj_copy, *jobj_seg_new = NULL, *jobj_segs_post = json_object_new_object(); + json_object *jobj, *jobj_copy = NULL, *jobj_seg_new = NULL, *jobj_segs_post = json_object_new_object(); uint64_t tmp; if (!rh->jobj_segs_hot || !jobj_segs_post) @@ -239,17 +255,21 @@ static json_object *_enc_create_segments_shift_after(struct luks2_reencrypt *rh, while (i < reenc_seg) { jobj_copy = json_segments_get_segment(rh->jobj_segs_hot, i); - if (!jobj_copy) + if (!jobj_copy || json_object_object_add_by_uint(jobj_segs_post, i++, json_object_get(jobj_copy))) goto err; - json_object_object_add_by_uint(jobj_segs_post, i++, json_object_get(jobj_copy)); } + jobj_copy = NULL; - if (json_object_copy(json_segments_get_segment(rh->jobj_segs_hot, reenc_seg + 1), &jobj_seg_new)) { - if (json_object_copy(json_segments_get_segment(rh->jobj_segs_hot, reenc_seg), &jobj_seg_new)) + jobj = json_segments_get_segment(rh->jobj_segs_hot, reenc_seg + 1); + if (!jobj) { + jobj = json_segments_get_segment(rh->jobj_segs_hot, reenc_seg); + if (!jobj || json_object_copy(jobj, &jobj_seg_new)) goto err; json_segment_remove_flag(jobj_seg_new, "in-reencryption"); tmp = rh->length; } else { + if (json_object_copy(jobj, &jobj_seg_new)) + goto err; json_object_object_add(jobj_seg_new, "offset", crypt_jobj_new_uint64(rh->offset + data_offset)); json_object_object_add(jobj_seg_new, "iv_tweak", crypt_jobj_new_uint64(rh->offset >> SECTOR_SHIFT)); tmp = json_segment_get_size(jobj_seg_new, 0) + rh->length; @@ -257,10 +277,12 @@ static json_object *_enc_create_segments_shift_after(struct luks2_reencrypt *rh, /* alter size of new segment, reenc_seg == 0 we're finished */ json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? crypt_jobj_new_uint64(tmp) : json_object_new_string("dynamic")); - json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_seg_new); + if (!json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_seg_new)) + return jobj_segs_post; - return jobj_segs_post; err: + json_object_put(jobj_seg_new); + json_object_put(jobj_copy); json_object_put(jobj_segs_post); return NULL; } @@ -271,7 +293,7 @@ static json_object *reencrypt_make_hot_segments_encrypt_shift(struct luks2_hdr * { int sg, crypt_seg, i = 0; uint64_t segment_size; - json_object *jobj_seg_shrunk, *jobj_seg_new, *jobj_copy, *jobj_enc_seg = NULL, + json_object *jobj_seg_shrunk = NULL, *jobj_seg_new = NULL, *jobj_copy = NULL, *jobj_enc_seg = NULL, *jobj_segs_hot = json_object_new_object(); if (!jobj_segs_hot) @@ -290,38 +312,41 @@ static json_object *reencrypt_make_hot_segments_encrypt_shift(struct luks2_hdr * rh->offset >> SECTOR_SHIFT, &rh->length, reencrypt_segment_cipher_new(hdr), + NULL, /* integrity */ reencrypt_get_sector_size_new(hdr), 1); while (i < sg) { jobj_copy = LUKS2_get_segment_jobj(hdr, i); - if (!jobj_copy) + if (!jobj_copy || json_object_object_add_by_uint(jobj_segs_hot, i++, json_object_get(jobj_copy))) goto err; - json_object_object_add_by_uint(jobj_segs_hot, i++, json_object_get(jobj_copy)); } + jobj_copy = NULL; segment_size = LUKS2_segment_size(hdr, sg, 0); if (segment_size > rh->length) { - jobj_seg_shrunk = NULL; if (json_object_copy(LUKS2_get_segment_jobj(hdr, sg), &jobj_seg_shrunk)) goto err; json_object_object_add(jobj_seg_shrunk, "size", crypt_jobj_new_uint64(segment_size - rh->length)); - json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_seg_shrunk); + if (json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg++, &jobj_seg_shrunk)) + goto err; } - json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_enc_seg); - jobj_enc_seg = NULL; /* see err: label */ + if (json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg++, &jobj_enc_seg)) + goto err; /* first crypt segment after encryption ? */ if (crypt_seg >= 0) { jobj_seg_new = LUKS2_get_segment_jobj(hdr, crypt_seg); - if (!jobj_seg_new) + if (!jobj_seg_new || json_object_object_add_by_uint(jobj_segs_hot, sg, json_object_get(jobj_seg_new))) goto err; - json_object_object_add_by_uint(jobj_segs_hot, sg, json_object_get(jobj_seg_new)); } return jobj_segs_hot; err: + json_object_put(jobj_copy); + json_object_put(jobj_seg_new); + json_object_put(jobj_seg_shrunk); json_object_put(jobj_enc_seg); json_object_put(jobj_segs_hot); @@ -343,6 +368,7 @@ static json_object *reencrypt_make_segment_new(struct crypt_device *cd, crypt_get_iv_offset(cd) + (iv_offset >> SECTOR_SHIFT), segment_length, reencrypt_segment_cipher_new(hdr), + NULL, /* integrity */ reencrypt_get_sector_size_new(hdr), 0); case CRYPT_REENCRYPT_DECRYPT: return json_segment_create_linear(data_offset + segment_offset, segment_length, 0); @@ -357,7 +383,7 @@ static json_object *reencrypt_make_post_segments_forward(struct crypt_device *cd uint64_t data_offset) { int reenc_seg; - json_object *jobj_new_seg_after, *jobj_old_seg, *jobj_old_seg_copy = NULL, + json_object *jobj_old_seg, *jobj_new_seg_after = NULL, *jobj_old_seg_copy = NULL, *jobj_segs_post = json_object_new_object(); uint64_t fixed_length = rh->offset + rh->length; @@ -366,7 +392,7 @@ static json_object *reencrypt_make_post_segments_forward(struct crypt_device *cd reenc_seg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot); if (reenc_seg < 0) - return NULL; + goto err; jobj_old_seg = json_segments_get_segment(rh->jobj_segs_hot, reenc_seg + 1); @@ -375,24 +401,26 @@ static json_object *reencrypt_make_post_segments_forward(struct crypt_device *cd * Set size to 'dynamic' again. */ jobj_new_seg_after = reencrypt_make_segment_new(cd, hdr, rh, data_offset, 0, 0, jobj_old_seg ? &fixed_length : NULL); - if (!jobj_new_seg_after) + if (!jobj_new_seg_after || json_object_object_add_by_uint_by_ref(jobj_segs_post, 0, &jobj_new_seg_after)) goto err; - json_object_object_add_by_uint(jobj_segs_post, 0, jobj_new_seg_after); if (jobj_old_seg) { if (rh->fixed_length) { if (json_object_copy(jobj_old_seg, &jobj_old_seg_copy)) goto err; - jobj_old_seg = jobj_old_seg_copy; fixed_length = rh->device_size - fixed_length; - json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(fixed_length)); + json_object_object_add(jobj_old_seg_copy, "size", crypt_jobj_new_uint64(fixed_length)); } else - json_object_get(jobj_old_seg); - json_object_object_add_by_uint(jobj_segs_post, 1, jobj_old_seg); + jobj_old_seg_copy = json_object_get(jobj_old_seg); + + if (json_object_object_add_by_uint_by_ref(jobj_segs_post, 1, &jobj_old_seg_copy)) + goto err; } return jobj_segs_post; err: + json_object_put(jobj_new_seg_after); + json_object_put(jobj_old_seg_copy); json_object_put(jobj_segs_post); return NULL; } @@ -405,7 +433,7 @@ static json_object *reencrypt_make_post_segments_backward(struct crypt_device *c int reenc_seg; uint64_t fixed_length; - json_object *jobj_new_seg_after, *jobj_old_seg, + json_object *jobj_new_seg_after = NULL, *jobj_old_seg = NULL, *jobj_segs_post = json_object_new_object(); if (!rh->jobj_segs_hot || !jobj_segs_post) @@ -413,22 +441,26 @@ static json_object *reencrypt_make_post_segments_backward(struct crypt_device *c reenc_seg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot); if (reenc_seg < 0) - return NULL; + goto err; jobj_old_seg = json_segments_get_segment(rh->jobj_segs_hot, reenc_seg - 1); - if (jobj_old_seg) - json_object_object_add_by_uint(jobj_segs_post, reenc_seg - 1, json_object_get(jobj_old_seg)); + if (jobj_old_seg) { + json_object_get(jobj_old_seg); + if (json_object_object_add_by_uint_by_ref(jobj_segs_post, reenc_seg - 1, &jobj_old_seg)) + goto err; + } + if (rh->fixed_length && rh->offset) { fixed_length = rh->device_size - rh->offset; jobj_new_seg_after = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset, rh->offset, &fixed_length); } else jobj_new_seg_after = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset, rh->offset, NULL); - if (!jobj_new_seg_after) - goto err; - json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_new_seg_after); - return jobj_segs_post; + if (jobj_new_seg_after && !json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_new_seg_after)) + return jobj_segs_post; err: + json_object_put(jobj_new_seg_after); + json_object_put(jobj_old_seg); json_object_put(jobj_segs_post); return NULL; } @@ -448,6 +480,7 @@ static json_object *reencrypt_make_segment_reencrypt(struct crypt_device *cd, crypt_get_iv_offset(cd) + (iv_offset >> SECTOR_SHIFT), segment_length, reencrypt_segment_cipher_new(hdr), + NULL, /* integrity */ reencrypt_get_sector_size_new(hdr), 1); case CRYPT_REENCRYPT_DECRYPT: return json_segment_create_linear(data_offset + segment_offset, segment_length, 1); @@ -472,6 +505,7 @@ static json_object *reencrypt_make_segment_old(struct crypt_device *cd, crypt_get_iv_offset(cd) + (segment_offset >> SECTOR_SHIFT), segment_length, reencrypt_segment_cipher_old(hdr), + NULL, /* integrity */ reencrypt_get_sector_size_old(hdr), 0); break; @@ -488,38 +522,40 @@ static json_object *reencrypt_make_hot_segments_forward(struct crypt_device *cd, uint64_t device_size, uint64_t data_offset) { - json_object *jobj_segs_hot, *jobj_reenc_seg, *jobj_old_seg, *jobj_new_seg; uint64_t fixed_length, tmp = rh->offset + rh->length; + json_object *jobj_segs_hot = json_object_new_object(), *jobj_reenc_seg = NULL, + *jobj_old_seg = NULL, *jobj_new_seg = NULL; unsigned int sg = 0; - jobj_segs_hot = json_object_new_object(); if (!jobj_segs_hot) return NULL; if (rh->offset) { jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh, data_offset, 0, 0, &rh->offset); - if (!jobj_new_seg) + if (!jobj_new_seg || json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg++, &jobj_new_seg)) goto err; - json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_new_seg); } jobj_reenc_seg = reencrypt_make_segment_reencrypt(cd, hdr, rh, data_offset, rh->offset, rh->offset, &rh->length); if (!jobj_reenc_seg) goto err; - json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_reenc_seg); + if (json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg++, &jobj_reenc_seg)) + goto err; if (tmp < device_size) { fixed_length = device_size - tmp; jobj_old_seg = reencrypt_make_segment_old(cd, hdr, rh, data_offset + data_shift_value(&rh->rp), rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL); - if (!jobj_old_seg) + if (!jobj_old_seg || json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg, &jobj_old_seg)) goto err; - json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_old_seg); } return jobj_segs_hot; err: + json_object_put(jobj_reenc_seg); + json_object_put(jobj_old_seg); + json_object_put(jobj_new_seg); json_object_put(jobj_segs_hot); return NULL; } @@ -528,29 +564,31 @@ static json_object *reencrypt_make_hot_segments_decrypt_shift(struct crypt_devic struct luks2_hdr *hdr, struct luks2_reencrypt *rh, uint64_t device_size, uint64_t data_offset) { - json_object *jobj_segs_hot, *jobj_reenc_seg, *jobj_old_seg, *jobj_new_seg; uint64_t fixed_length, tmp = rh->offset + rh->length, linear_length = rh->progress; + json_object *jobj, *jobj_segs_hot = json_object_new_object(), *jobj_reenc_seg = NULL, + *jobj_old_seg = NULL, *jobj_new_seg = NULL; unsigned int sg = 0; - jobj_segs_hot = json_object_new_object(); if (!jobj_segs_hot) return NULL; if (rh->offset) { - jobj_new_seg = LUKS2_get_segment_jobj(hdr, 0); - if (!jobj_new_seg) + jobj = LUKS2_get_segment_jobj(hdr, 0); + if (!jobj) + goto err; + + jobj_new_seg = json_object_get(jobj); + if (json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg++, &jobj_new_seg)) goto err; - json_object_object_add_by_uint(jobj_segs_hot, sg++, json_object_get(jobj_new_seg)); if (linear_length) { jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh, data_offset, - json_segment_get_size(jobj_new_seg, 0), + json_segment_get_size(jobj, 0), 0, &linear_length); - if (!jobj_new_seg) + if (!jobj_new_seg || json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg++, &jobj_new_seg)) goto err; - json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_new_seg); } } @@ -558,27 +596,29 @@ static json_object *reencrypt_make_hot_segments_decrypt_shift(struct crypt_devic rh->offset, rh->offset, &rh->length); - if (!jobj_reenc_seg) + if (!jobj_reenc_seg || json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg++, &jobj_reenc_seg)) goto err; - json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_reenc_seg); - - if (!rh->offset && (jobj_new_seg = LUKS2_get_segment_jobj(hdr, 1)) && - !json_segment_is_backup(jobj_new_seg)) - json_object_object_add_by_uint(jobj_segs_hot, sg++, json_object_get(jobj_new_seg)); - else if (tmp < device_size) { + if (!rh->offset && (jobj = LUKS2_get_segment_jobj(hdr, 1)) && + !json_segment_is_backup(jobj)) { + jobj_new_seg = json_object_get(jobj); + if (json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg++, &jobj_new_seg)) + goto err; + } else if (tmp < device_size) { fixed_length = device_size - tmp; jobj_old_seg = reencrypt_make_segment_old(cd, hdr, rh, data_offset + data_shift_value(&rh->rp), rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL); - if (!jobj_old_seg) + if (!jobj_old_seg || json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg, &jobj_old_seg)) goto err; - json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_old_seg); } return jobj_segs_hot; err: + json_object_put(jobj_reenc_seg); + json_object_put(jobj_old_seg); + json_object_put(jobj_new_seg); json_object_put(jobj_segs_hot); return NULL; } @@ -589,7 +629,7 @@ static json_object *_dec_create_segments_shift_after(struct crypt_device *cd, uint64_t data_offset) { int reenc_seg, i = 0; - json_object *jobj_copy, *jobj_seg_old, *jobj_seg_new, + json_object *jobj_seg_old, *jobj_copy = NULL, *jobj_seg_old_copy = NULL, *jobj_seg_new = NULL, *jobj_segs_post = json_object_new_object(); unsigned segs; uint64_t tmp; @@ -607,9 +647,8 @@ static json_object *_dec_create_segments_shift_after(struct crypt_device *cd, if (reenc_seg == 0) { jobj_seg_new = reencrypt_make_segment_new(cd, hdr, rh, data_offset, 0, 0, NULL); - if (!jobj_seg_new) + if (!jobj_seg_new || json_object_object_add_by_uint(jobj_segs_post, 0, jobj_seg_new)) goto err; - json_object_object_add_by_uint(jobj_segs_post, 0, jobj_seg_new); return jobj_segs_post; } @@ -617,22 +656,29 @@ static json_object *_dec_create_segments_shift_after(struct crypt_device *cd, jobj_copy = json_segments_get_segment(rh->jobj_segs_hot, 0); if (!jobj_copy) goto err; - json_object_object_add_by_uint(jobj_segs_post, i++, json_object_get(jobj_copy)); + json_object_get(jobj_copy); + if (json_object_object_add_by_uint_by_ref(jobj_segs_post, i++, &jobj_copy)) + goto err; - jobj_seg_old = json_segments_get_segment(rh->jobj_segs_hot, reenc_seg + 1); + if ((jobj_seg_old = json_segments_get_segment(rh->jobj_segs_hot, reenc_seg + 1))) + jobj_seg_old_copy = json_object_get(jobj_seg_old); tmp = rh->length + rh->progress; jobj_seg_new = reencrypt_make_segment_new(cd, hdr, rh, data_offset, json_segment_get_size(rh->jobj_segment_moved, 0), data_shift_value(&rh->rp), jobj_seg_old ? &tmp : NULL); - json_object_object_add_by_uint(jobj_segs_post, i++, jobj_seg_new); + if (!jobj_seg_new || json_object_object_add_by_uint_by_ref(jobj_segs_post, i++, &jobj_seg_new)) + goto err; - if (jobj_seg_old) - json_object_object_add_by_uint(jobj_segs_post, i, json_object_get(jobj_seg_old)); + if (jobj_seg_old_copy && json_object_object_add_by_uint(jobj_segs_post, i, jobj_seg_old_copy)) + goto err; return jobj_segs_post; err: + json_object_put(jobj_copy); + json_object_put(jobj_seg_old_copy); + json_object_put(jobj_seg_new); json_object_put(jobj_segs_post); return NULL; } @@ -643,10 +689,10 @@ static json_object *reencrypt_make_hot_segments_backward(struct crypt_device *cd uint64_t device_size, uint64_t data_offset) { - json_object *jobj_reenc_seg, *jobj_new_seg, *jobj_old_seg = NULL, + uint64_t fixed_length, tmp = rh->offset + rh->length; + json_object *jobj_reenc_seg = NULL, *jobj_new_seg = NULL, *jobj_old_seg = NULL, *jobj_segs_hot = json_object_new_object(); int sg = 0; - uint64_t fixed_length, tmp = rh->offset + rh->length; if (!jobj_segs_hot) return NULL; @@ -656,26 +702,27 @@ static json_object *reencrypt_make_hot_segments_backward(struct crypt_device *cd goto err; json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(rh->offset)); - json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_old_seg); + if (json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg++, &jobj_old_seg)) + goto err; } jobj_reenc_seg = reencrypt_make_segment_reencrypt(cd, hdr, rh, data_offset, rh->offset, rh->offset, &rh->length); - if (!jobj_reenc_seg) + if (!jobj_reenc_seg || json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg++, &jobj_reenc_seg)) goto err; - json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_reenc_seg); - if (tmp < device_size) { fixed_length = device_size - tmp; jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset + rh->length, rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL); - if (!jobj_new_seg) + if (!jobj_new_seg || json_object_object_add_by_uint_by_ref(jobj_segs_hot, sg, &jobj_new_seg)) goto err; - json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_new_seg); } return jobj_segs_hot; err: + json_object_put(jobj_reenc_seg); + json_object_put(jobj_new_seg); + json_object_put(jobj_old_seg); json_object_put(jobj_segs_hot); return NULL; } @@ -733,6 +780,7 @@ static int reencrypt_make_post_segments(struct crypt_device *cd, return rh->jobj_segs_post ? 0 : -EINVAL; } #endif + static uint64_t reencrypt_data_shift(struct luks2_hdr *hdr) { json_object *jobj_keyslot, *jobj_area, *jobj_data_shift; @@ -847,13 +895,13 @@ void LUKS2_reencrypt_free(struct crypt_device *cd, struct luks2_reencrypt *rh) free(rh); } -int LUKS2_reencrypt_max_hotzone_size(struct crypt_device *cd, +#if USE_LUKS2_REENCRYPTION +int LUKS2_reencrypt_max_hotzone_size(struct crypt_device *cd __attribute__((unused)), struct luks2_hdr *hdr, const struct reenc_protection *rp, int reencrypt_keyslot, uint64_t *r_length) { -#if USE_LUKS2_REENCRYPTION int r; uint64_t dummy, area_length; @@ -886,11 +934,8 @@ int LUKS2_reencrypt_max_hotzone_size(struct crypt_device *cd, } return -EINVAL; -#else - return -ENOTSUP; -#endif } -#if USE_LUKS2_REENCRYPTION + static size_t reencrypt_get_alignment(struct crypt_device *cd, struct luks2_hdr *hdr) { @@ -971,7 +1016,6 @@ static int reencrypt_offset_backward_moved(struct luks2_hdr *hdr, json_object *j } static int reencrypt_offset_forward_moved(struct luks2_hdr *hdr, - json_object *jobj_segments, uint64_t data_shift, uint64_t *offset) { @@ -1049,7 +1093,7 @@ static int reencrypt_offset(struct luks2_hdr *hdr, if (di == CRYPT_REENCRYPT_FORWARD) { if (reencrypt_mode(hdr) == CRYPT_REENCRYPT_DECRYPT && LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment") >= 0) { - r = reencrypt_offset_forward_moved(hdr, jobj_segments, data_shift, offset); + r = reencrypt_offset_forward_moved(hdr, data_shift, offset); if (!r && *offset > device_size) *offset = device_size; return r; @@ -1386,7 +1430,7 @@ static int reencrypt_init_storage_wrappers(struct crypt_device *cd, static int reencrypt_context_set_names(struct luks2_reencrypt *rh, const char *name) { - if (!rh | !name) + if (!rh || !name) return -EINVAL; if (*name == '/') { @@ -1964,9 +2008,7 @@ static int reencrypt_set_decrypt_shift_segments(struct crypt_device *cd, crypt_reencrypt_direction_info di) { int r; - uint64_t first_segment_offset, first_segment_length, - second_segment_offset, second_segment_length, - data_offset = LUKS2_get_data_offset(hdr) << SECTOR_SHIFT; + uint64_t data_offset = LUKS2_get_data_offset(hdr) << SECTOR_SHIFT; json_object *jobj_segment_first = NULL, *jobj_segment_second = NULL, *jobj_segments; if (di == CRYPT_REENCRYPT_BACKWARD) @@ -1976,47 +2018,49 @@ static int reencrypt_set_decrypt_shift_segments(struct crypt_device *cd, * future data_device layout: * [encrypted first segment (max data shift size)][gap (data shift size)][second encrypted data segment] */ - first_segment_offset = 0; - first_segment_length = moved_segment_length; - if (dev_size > moved_segment_length) { - second_segment_offset = data_offset + first_segment_length; - second_segment_length = 0; - } - jobj_segments = json_object_new_object(); if (!jobj_segments) return -ENOMEM; r = -EINVAL; - jobj_segment_first = json_segment_create_crypt(first_segment_offset, - crypt_get_iv_offset(cd), &first_segment_length, - crypt_get_cipher_spec(cd), crypt_get_sector_size(cd), 0); + jobj_segment_first = json_segment_create_crypt(0, crypt_get_iv_offset(cd), + &moved_segment_length, crypt_get_cipher_spec(cd), + NULL, crypt_get_sector_size(cd), 0); if (!jobj_segment_first) { log_dbg(cd, "Failed generate 1st segment."); - return r; + goto err; } + r = json_object_object_add_by_uint_by_ref(jobj_segments, 0, &jobj_segment_first); + if (r) + goto err; + if (dev_size > moved_segment_length) { - jobj_segment_second = json_segment_create_crypt(second_segment_offset, - crypt_get_iv_offset(cd) + (first_segment_length >> SECTOR_SHIFT), - second_segment_length ? &second_segment_length : NULL, + jobj_segment_second = json_segment_create_crypt(data_offset + moved_segment_length, + crypt_get_iv_offset(cd) + (moved_segment_length >> SECTOR_SHIFT), + NULL, crypt_get_cipher_spec(cd), + NULL, /* integrity */ crypt_get_sector_size(cd), 0); if (!jobj_segment_second) { - json_object_put(jobj_segment_first); + r = -EINVAL; log_dbg(cd, "Failed generate 2nd segment."); - return r; + goto err; } - } - - json_object_object_add(jobj_segments, "0", jobj_segment_first); - if (jobj_segment_second) - json_object_object_add(jobj_segments, "1", jobj_segment_second); - r = LUKS2_segments_set(cd, hdr, jobj_segments, 0); + r = json_object_object_add_by_uint_by_ref(jobj_segments, 1, &jobj_segment_second); + if (r) + goto err; + } - return r ?: LUKS2_digest_segment_assign(cd, hdr, CRYPT_ANY_SEGMENT, 0, 1, 0); + if (!(r = LUKS2_segments_set(cd, hdr, jobj_segments, 0))) + return LUKS2_digest_segment_assign(cd, hdr, CRYPT_ANY_SEGMENT, 0, 1, 0); +err: + json_object_put(jobj_segment_first); + json_object_put(jobj_segment_second); + json_object_put(jobj_segments); + return r; } static int reencrypt_make_targets(struct crypt_device *cd, @@ -2429,6 +2473,7 @@ static int reencrypt_make_backup_segments(struct crypt_device *cd, uint64_t data_offset, const struct crypt_params_reencrypt *params) { + const char *type; int r, segment, moved_segment = -1, digest_old = -1, digest_new = -1; json_object *jobj_tmp, *jobj_segment_new = NULL, *jobj_segment_old = NULL, *jobj_segment_bcp = NULL; uint32_t sector_size = params->luks2 ? params->luks2->sector_size : SECTOR_SIZE; @@ -2460,9 +2505,17 @@ static int reencrypt_make_backup_segments(struct crypt_device *cd, if (r) goto err; moved_segment = segment++; - json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), moved_segment, jobj_segment_bcp); - if (!strcmp(json_segment_type(jobj_segment_bcp), "crypt")) - LUKS2_digest_segment_assign(cd, hdr, moved_segment, digest_old, 1, 0); + r = json_object_object_add_by_uint_by_ref(LUKS2_get_segments_jobj(hdr), moved_segment, &jobj_segment_bcp); + if (r) + goto err; + + if (!(type = json_segment_type(LUKS2_get_segment_jobj(hdr, moved_segment)))) { + r = -EINVAL; + goto err; + } + + if (!strcmp(type, "crypt") && ((r = LUKS2_digest_segment_assign(cd, hdr, moved_segment, digest_old, 1, 0)))) + goto err; } /* FIXME: Add detection for case (digest old == digest new && old segment == new segment) */ @@ -2478,6 +2531,7 @@ static int reencrypt_make_backup_segments(struct crypt_device *cd, json_segment_get_iv_offset(jobj_tmp), device_size ? &device_size : NULL, json_segment_get_cipher(jobj_tmp), + NULL, /* integrity */ json_segment_get_sector_size(jobj_tmp), 0); } else { @@ -2505,10 +2559,14 @@ static int reencrypt_make_backup_segments(struct crypt_device *cd, r = LUKS2_segment_set_flag(jobj_segment_old, "backup-previous"); if (r) goto err; - json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), segment, jobj_segment_old); - jobj_segment_old = NULL; - if (digest_old >= 0) - LUKS2_digest_segment_assign(cd, hdr, segment, digest_old, 1, 0); + + r = json_object_object_add_by_uint_by_ref(LUKS2_get_segments_jobj(hdr), segment, &jobj_segment_old); + if (r) + goto err; + + if (digest_old >= 0 && (r = LUKS2_digest_segment_assign(cd, hdr, segment, digest_old, 1, 0))) + goto err; + segment++; if (digest_new >= 0) { @@ -2520,7 +2578,7 @@ static int reencrypt_make_backup_segments(struct crypt_device *cd, } jobj_segment_new = json_segment_create_crypt(segment_offset, crypt_get_iv_offset(cd), - NULL, cipher, sector_size, 0); + NULL, cipher, NULL, sector_size, 0); } else if (params->mode == CRYPT_REENCRYPT_DECRYPT) { segment_offset = data_offset; if (modify_offset(&segment_offset, data_shift, params->direction)) { @@ -2538,10 +2596,13 @@ static int reencrypt_make_backup_segments(struct crypt_device *cd, r = LUKS2_segment_set_flag(jobj_segment_new, "backup-final"); if (r) goto err; - json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), segment, jobj_segment_new); - jobj_segment_new = NULL; - if (digest_new >= 0) - LUKS2_digest_segment_assign(cd, hdr, segment, digest_new, 1, 0); + + r = json_object_object_add_by_uint_by_ref(LUKS2_get_segments_jobj(hdr), segment, &jobj_segment_new); + if (r) + goto err; + + if (digest_new >= 0 && (r = LUKS2_digest_segment_assign(cd, hdr, segment, digest_new, 1, 0))) + goto err; /* FIXME: also check occupied space by keyslot in shrunk area */ if (params->direction == CRYPT_REENCRYPT_FORWARD && data_shift && @@ -2556,6 +2617,7 @@ static int reencrypt_make_backup_segments(struct crypt_device *cd, err: json_object_put(jobj_segment_new); json_object_put(jobj_segment_old); + json_object_put(jobj_segment_bcp); return r; } @@ -2590,7 +2652,6 @@ static int reencrypt_verify_keys(struct crypt_device *cd, } static int reencrypt_upload_single_key(struct crypt_device *cd, - struct luks2_hdr *hdr, int digest, struct volume_key *vks) { @@ -2615,11 +2676,11 @@ static int reencrypt_upload_keys(struct crypt_device *cd, return 0; if (digest_new >= 0 && !crypt_is_cipher_null(reencrypt_segment_cipher_new(hdr)) && - (r = reencrypt_upload_single_key(cd, hdr, digest_new, vks))) + (r = reencrypt_upload_single_key(cd, digest_new, vks))) return r; if (digest_old >= 0 && !crypt_is_cipher_null(reencrypt_segment_cipher_old(hdr)) && - (r = reencrypt_upload_single_key(cd, hdr, digest_old, vks))) { + (r = reencrypt_upload_single_key(cd, digest_old, vks))) { crypt_drop_keyring_key(cd, vks); return r; } @@ -3256,7 +3317,17 @@ static int reencrypt_load(struct crypt_device *cd, struct luks2_hdr *hdr, return 0; } +#else +int LUKS2_reencrypt_max_hotzone_size(struct crypt_device *cd __attribute__((unused)), + struct luks2_hdr *hdr __attribute__((unused)), + const struct reenc_protection *rp __attribute__((unused)), + int reencrypt_keyslot __attribute__((unused)), + uint64_t *r_length __attribute__((unused))) +{ + return -ENOTSUP; +} #endif + static int reencrypt_lock_internal(struct crypt_device *cd, const char *uuid, struct crypt_lock_handle **reencrypt_lock) { int r; @@ -3705,7 +3776,7 @@ out: return r; } -#endif + static int reencrypt_init_by_passphrase(struct crypt_device *cd, const char *name, const char *passphrase, @@ -3716,7 +3787,6 @@ static int reencrypt_init_by_passphrase(struct crypt_device *cd, const char *cipher_mode, const struct crypt_params_reencrypt *params) { -#if USE_LUKS2_REENCRYPTION int r; crypt_reencrypt_info ri; struct volume_key *vks = NULL; @@ -3778,11 +3848,22 @@ out: crypt_drop_keyring_key(cd, vks); crypt_free_volume_key(vks); return r < 0 ? r : LUKS2_find_keyslot(hdr, "reencrypt"); +} #else +static int reencrypt_init_by_passphrase(struct crypt_device *cd, + const char *name __attribute__((unused)), + const char *passphrase __attribute__((unused)), + size_t passphrase_size __attribute__((unused)), + int keyslot_old __attribute__((unused)), + int keyslot_new __attribute__((unused)), + const char *cipher __attribute__((unused)), + const char *cipher_mode __attribute__((unused)), + const struct crypt_params_reencrypt *params __attribute__((unused))) +{ log_err(cd, _("This operation is not supported for this device type.")); return -ENOTSUP; -#endif } +#endif int crypt_reencrypt_init_by_keyring(struct crypt_device *cd, const char *name, @@ -3797,14 +3878,20 @@ int crypt_reencrypt_init_by_keyring(struct crypt_device *cd, char *passphrase; size_t passphrase_size; - if (onlyLUKS2mask(cd, CRYPT_REQUIREMENT_ONLINE_REENCRYPT) || !passphrase_description) + if (onlyLUKS2reencrypt(cd) || !passphrase_description) return -EINVAL; if (params && (params->flags & CRYPT_REENCRYPT_INITIALIZE_ONLY) && (params->flags & CRYPT_REENCRYPT_RESUME_ONLY)) return -EINVAL; - r = keyring_get_passphrase(passphrase_description, &passphrase, &passphrase_size); + if (device_is_dax(crypt_data_device(cd)) > 0) { + log_err(cd, _("Reencryption is not supported for DAX (persistent memory) devices.")); + return -EINVAL; + } + + r = crypt_keyring_get_user_key(cd, passphrase_description, &passphrase, &passphrase_size); if (r < 0) { - log_err(cd, _("Failed to read passphrase from keyring (error %d)."), r); + log_dbg(cd, "crypt_keyring_get_user_key failed (error %d)", r); + log_err(cd, _("Failed to read passphrase from keyring.")); return -EINVAL; } @@ -3826,11 +3913,16 @@ int crypt_reencrypt_init_by_passphrase(struct crypt_device *cd, const char *cipher_mode, const struct crypt_params_reencrypt *params) { - if (onlyLUKS2mask(cd, CRYPT_REQUIREMENT_ONLINE_REENCRYPT) || !passphrase) + if (onlyLUKS2reencrypt(cd) || !passphrase) return -EINVAL; if (params && (params->flags & CRYPT_REENCRYPT_INITIALIZE_ONLY) && (params->flags & CRYPT_REENCRYPT_RESUME_ONLY)) return -EINVAL; + if (device_is_dax(crypt_data_device(cd)) > 0) { + log_err(cd, _("Reencryption is not supported for DAX (persistent memory) devices.")); + return -EINVAL; + } + return reencrypt_init_by_passphrase(cd, name, passphrase, passphrase_size, keyslot_old, keyslot_new, cipher, cipher_mode, params); } @@ -4112,14 +4204,12 @@ static int reencrypt_teardown(struct crypt_device *cd, struct luks2_hdr *hdr, return r; } -#endif int crypt_reencrypt_run( struct crypt_device *cd, int (*progress)(uint64_t size, uint64_t offset, void *usrptr), void *usrptr) { -#if USE_LUKS2_REENCRYPTION int r; crypt_reencrypt_info ri; struct luks2_hdr *hdr; @@ -4127,7 +4217,7 @@ int crypt_reencrypt_run( reenc_status_t rs; bool quit = false; - if (onlyLUKS2mask(cd, CRYPT_REQUIREMENT_ONLINE_REENCRYPT)) + if (onlyLUKS2reencrypt(cd)) return -EINVAL; hdr = crypt_get_hdr(cd, CRYPT_LUKS2); @@ -4180,19 +4270,9 @@ int crypt_reencrypt_run( r = reencrypt_teardown(cd, hdr, rh, rs, quit, progress, usrptr); return r; -#else - log_err(cd, _("This operation is not supported for this device type.")); - return -ENOTSUP; -#endif } -int crypt_reencrypt( - struct crypt_device *cd, - int (*progress)(uint64_t size, uint64_t offset, void *usrptr)) -{ - return crypt_reencrypt_run(cd, progress, NULL); -} -#if USE_LUKS2_REENCRYPTION + static int reencrypt_recovery(struct crypt_device *cd, struct luks2_hdr *hdr, uint64_t device_size, @@ -4228,7 +4308,27 @@ out: return r; } +#else /* USE_LUKS2_REENCRYPTION */ +int crypt_reencrypt_run( + struct crypt_device *cd, + int (*progress)(uint64_t size, uint64_t offset, void *usrptr), + void *usrptr) +{ + UNUSED(progress); + UNUSED(usrptr); + + log_err(cd, _("This operation is not supported for this device type.")); + return -ENOTSUP; +} #endif + +int crypt_reencrypt( + struct crypt_device *cd, + int (*progress)(uint64_t size, uint64_t offset, void *usrptr)) +{ + return crypt_reencrypt_run(cd, progress, NULL); +} + /* * use only for calculation of minimal data device size. * The real data offset is taken directly from segments! @@ -4246,7 +4346,7 @@ int LUKS2_reencrypt_data_offset(struct luks2_hdr *hdr, bool blockwise) /* internal only */ int LUKS2_reencrypt_check_device_size(struct crypt_device *cd, struct luks2_hdr *hdr, - uint64_t check_size, uint64_t *dev_size, bool activation, bool dynamic) + uint64_t check_size, uint64_t *dev_size, bool device_exclusive_check, bool dynamic) { int r; uint64_t data_offset, real_size = 0; @@ -4255,7 +4355,8 @@ int LUKS2_reencrypt_check_device_size(struct crypt_device *cd, struct luks2_hdr (LUKS2_get_segment_by_flag(hdr, "backup-moved-segment") || dynamic)) check_size += reencrypt_data_shift(hdr); - r = device_check_access(cd, crypt_data_device(cd), activation ? DEV_EXCL : DEV_OK); + r = device_check_access(cd, crypt_data_device(cd), + device_exclusive_check ? DEV_EXCL : DEV_OK); if (r) return r; @@ -4333,6 +4434,39 @@ out: return r < 0 ? r : keyslot; } + +int LUKS2_reencrypt_locked_recovery_by_vks(struct crypt_device *cd, + struct volume_key *vks) +{ + uint64_t minimal_size, device_size; + int r = -EINVAL; + struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + struct volume_key *vk = NULL; + + log_dbg(cd, "Entering reencryption crash recovery."); + + if (LUKS2_get_data_size(hdr, &minimal_size, NULL)) + return r; + + if (crypt_use_keyring_for_vk(cd)) + vk = vks; + while (vk) { + r = LUKS2_volume_key_load_in_keyring_by_digest(cd, vk, crypt_volume_key_get_id(vk)); + if (r < 0) + goto out; + vk = crypt_volume_key_next(vk); + } + + if (LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, true, false)) + goto out; + + r = reencrypt_recovery(cd, hdr, device_size, vks); + +out: + if (r < 0) + crypt_drop_keyring_key(cd, vks); + return r; +} #endif crypt_reencrypt_info LUKS2_reencrypt_get_params(struct luks2_hdr *hdr, struct crypt_params_reencrypt *params) diff --git a/lib/luks2/luks2_reencrypt_digest.c b/lib/luks2/luks2_reencrypt_digest.c index bc86f54..fcdad12 100644 --- a/lib/luks2/luks2_reencrypt_digest.c +++ b/lib/luks2/luks2_reencrypt_digest.c @@ -1,9 +1,9 @@ /* * LUKS - Linux Unified Key Setup v2, reencryption digest helpers * - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2022-2023 Ondrej Kozina - * Copyright (C) 2022-2023 Milan Broz + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Ondrej Kozina + * Copyright (C) 2022-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -375,6 +375,22 @@ int LUKS2_keyslot_reencrypt_digest_create(struct crypt_device *cd, return LUKS2_digest_assign(cd, hdr, keyslot_reencrypt, digest_reencrypt, 1, 0); } +void LUKS2_reencrypt_lookup_key_ids(struct crypt_device *cd, struct luks2_hdr *hdr, struct volume_key *vk) +{ + int digest_old, digest_new; + + digest_old = LUKS2_reencrypt_digest_old(hdr); + digest_new = LUKS2_reencrypt_digest_new(hdr); + + while (vk) { + if (digest_old >= 0 && LUKS2_digest_verify_by_digest(cd, digest_old, vk) == digest_old) + crypt_volume_key_set_id(vk, digest_old); + if (digest_new >= 0 && LUKS2_digest_verify_by_digest(cd, digest_new, vk) == digest_new) + crypt_volume_key_set_id(vk, digest_new); + vk = vk->next; + } +} + int LUKS2_reencrypt_digest_verify(struct crypt_device *cd, struct luks2_hdr *hdr, struct volume_key *vks) diff --git a/lib/luks2/luks2_segment.c b/lib/luks2/luks2_segment.c index 63e7c14..af87f4f 100644 --- a/lib/luks2/luks2_segment.c +++ b/lib/luks2/luks2_segment.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, internal segment handling * - * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2023 Ondrej Kozina + * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -91,6 +91,33 @@ uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise) return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj); } +static uint64_t json_segment_get_opal_size(json_object *jobj_segment, unsigned blockwise) +{ + json_object *jobj; + + if (!jobj_segment || + !json_object_object_get_ex(jobj_segment, "opal_segment_size", &jobj)) + return 0; + + return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj); +} + +static bool json_segment_set_size(json_object *jobj_segment, const uint64_t *size_bytes) +{ + json_object *jobj; + + if (!jobj_segment) + return false; + + jobj = size_bytes ? crypt_jobj_new_uint64(*size_bytes) : json_object_new_string("dynamic"); + if (!jobj) + return false; + + json_object_object_add(jobj_segment, "size", jobj); + + return true; +} + const char *json_segment_get_cipher(json_object *jobj_segment) { json_object *jobj; @@ -116,6 +143,37 @@ uint32_t json_segment_get_sector_size(json_object *jobj_segment) return i < 0 ? SECTOR_SIZE : i; } +int json_segment_get_opal_segment_id(json_object *jobj_segment, uint32_t *ret_opal_segment_id) +{ + json_object *jobj_segment_id; + + assert(ret_opal_segment_id); + + if (!json_object_object_get_ex(jobj_segment, "opal_segment_number", &jobj_segment_id)) + return -EINVAL; + + *ret_opal_segment_id = json_object_get_int(jobj_segment_id); + + return 0; +} + +int json_segment_get_opal_key_size(json_object *jobj_segment, size_t *ret_key_size) +{ + json_object *jobj_key_size; + + assert(ret_key_size); + + if (!jobj_segment) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_segment, "opal_key_size", &jobj_key_size)) + return -EINVAL; + + *ret_key_size = json_object_get_int(jobj_key_size); + + return 0; +} + static json_object *json_segment_get_flags(json_object *jobj_segment) { json_object *jobj; @@ -245,24 +303,94 @@ json_object *json_segment_create_linear(uint64_t offset, const uint64_t *length, return jobj; } +static bool json_add_crypt_fields(json_object *jobj_segment, uint64_t iv_offset, + const char *cipher, const char *integrity, + uint32_t sector_size, unsigned reencryption) +{ + json_object *jobj_integrity; + + assert(cipher); + + json_object_object_add(jobj_segment, "iv_tweak", crypt_jobj_new_uint64(iv_offset)); + json_object_object_add(jobj_segment, "encryption", json_object_new_string(cipher)); + json_object_object_add(jobj_segment, "sector_size", json_object_new_int(sector_size)); + + if (integrity) { + jobj_integrity = json_object_new_object(); + if (!jobj_integrity) + return false; + + json_object_object_add(jobj_integrity, "type", json_object_new_string(integrity)); + json_object_object_add(jobj_integrity, "journal_encryption", json_object_new_string("none")); + json_object_object_add(jobj_integrity, "journal_integrity", json_object_new_string("none")); + json_object_object_add(jobj_segment, "integrity", jobj_integrity); + } + + if (reencryption) + LUKS2_segment_set_flag(jobj_segment, "in-reencryption"); + + return true; +} + json_object *json_segment_create_crypt(uint64_t offset, uint64_t iv_offset, const uint64_t *length, - const char *cipher, uint32_t sector_size, - unsigned reencryption) + const char *cipher, const char *integrity, + uint32_t sector_size, unsigned reencryption) { json_object *jobj = _segment_create_generic("crypt", offset, length); + if (!jobj) return NULL; - json_object_object_add(jobj, "iv_tweak", crypt_jobj_new_uint64(iv_offset)); - json_object_object_add(jobj, "encryption", json_object_new_string(cipher)); - json_object_object_add(jobj, "sector_size", json_object_new_int(sector_size)); - if (reencryption) - LUKS2_segment_set_flag(jobj, "in-reencryption"); + if (json_add_crypt_fields(jobj, iv_offset, cipher, integrity, sector_size, reencryption)) + return jobj; + + json_object_put(jobj); + return NULL; +} + +static void json_add_opal_fields(json_object *jobj_segment, const uint64_t *length, + uint32_t segment_number, uint32_t key_size) +{ + assert(jobj_segment); + assert(length); + + json_object_object_add(jobj_segment, "opal_segment_number", json_object_new_int(segment_number)); + json_object_object_add(jobj_segment, "opal_key_size", json_object_new_int(key_size)); + json_object_object_add(jobj_segment, "opal_segment_size", crypt_jobj_new_uint64(*length)); +} + +json_object *json_segment_create_opal(uint64_t offset, const uint64_t *length, + uint32_t segment_number, uint32_t key_size) +{ + json_object *jobj = _segment_create_generic("hw-opal", offset, length); + if (!jobj) + return NULL; + + json_add_opal_fields(jobj, length, segment_number, key_size); return jobj; } +json_object *json_segment_create_opal_crypt(uint64_t offset, const uint64_t *length, + uint32_t segment_number, uint32_t key_size, + uint64_t iv_offset, const char *cipher, + const char *integrity, uint32_t sector_size, + unsigned reencryption) +{ + json_object *jobj = _segment_create_generic("hw-opal-crypt", offset, length); + if (!jobj) + return NULL; + + json_add_opal_fields(jobj, length, segment_number, key_size); + + if (json_add_crypt_fields(jobj, iv_offset, cipher, integrity, sector_size, reencryption)) + return jobj; + + json_object_put(jobj); + return NULL; +} + uint64_t LUKS2_segment_offset(struct luks2_hdr *hdr, int segment, unsigned blockwise) { return json_segment_get_offset(LUKS2_get_segment_jobj(hdr, segment), blockwise); @@ -288,11 +416,85 @@ uint64_t LUKS2_segment_size(struct luks2_hdr *hdr, int segment, unsigned blockwi return json_segment_get_size(LUKS2_get_segment_jobj(hdr, segment), blockwise); } +uint64_t LUKS2_opal_segment_size(struct luks2_hdr *hdr, int segment, unsigned blockwise) +{ + return json_segment_get_opal_size(LUKS2_get_segment_jobj(hdr, segment), blockwise); +} + +bool LUKS2_segment_set_size(struct luks2_hdr *hdr, int segment, const uint64_t *segment_size_bytes) +{ + return json_segment_set_size(LUKS2_get_segment_jobj(hdr, segment), segment_size_bytes); +} + int LUKS2_segment_is_type(struct luks2_hdr *hdr, int segment, const char *type) { return !strcmp(json_segment_type(LUKS2_get_segment_jobj(hdr, segment)) ?: "", type); } +static bool json_segment_is_hw_opal_only(json_object *jobj_segment) +{ + const char *type = json_segment_type(jobj_segment); + + if (!type) + return false; + + return !strcmp(type, "hw-opal"); +} + +static bool json_segment_is_hw_opal_crypt(json_object *jobj_segment) +{ + const char *type = json_segment_type(jobj_segment); + + if (!type) + return false; + + return !strcmp(type, "hw-opal-crypt"); +} + +static bool json_segment_is_hw_opal(json_object *jobj_segment) +{ + return json_segment_is_hw_opal_crypt(jobj_segment) || + json_segment_is_hw_opal_only(jobj_segment); +} + +bool LUKS2_segment_is_hw_opal_only(struct luks2_hdr *hdr, int segment) +{ + return json_segment_is_hw_opal_only(LUKS2_get_segment_jobj(hdr, segment)); +} + +bool LUKS2_segment_is_hw_opal_crypt(struct luks2_hdr *hdr, int segment) +{ + return json_segment_is_hw_opal_crypt(LUKS2_get_segment_jobj(hdr, segment)); +} + +bool LUKS2_segment_is_hw_opal(struct luks2_hdr *hdr, int segment) +{ + return json_segment_is_hw_opal(LUKS2_get_segment_jobj(hdr, segment)); +} + +int LUKS2_get_opal_segment_number(struct luks2_hdr *hdr, int segment, uint32_t *ret_opal_segment_number) +{ + json_object *jobj_segment = LUKS2_get_segment_jobj(hdr, segment); + + assert(ret_opal_segment_number); + + if (!json_segment_is_hw_opal(jobj_segment)) + return -ENOENT; + + return json_segment_get_opal_segment_id(jobj_segment, ret_opal_segment_number); +} + +int LUKS2_get_opal_key_size(struct luks2_hdr *hdr, int segment) +{ + size_t key_size = 0; + json_object *jobj_segment = LUKS2_get_segment_jobj(hdr, segment); + + if (json_segment_get_opal_key_size(jobj_segment, &key_size) < 0) + return 0; + + return key_size; +} + int LUKS2_last_segment_by_type(struct luks2_hdr *hdr, const char *type) { json_object *jobj_segments; @@ -424,3 +626,27 @@ bool json_segment_cmp(json_object *jobj_segment_1, json_object *jobj_segment_2) return true; } + +bool LUKS2_segments_dynamic_size(struct luks2_hdr *hdr) +{ + json_object *jobj_segments, *jobj_size; + + assert(hdr); + + jobj_segments = LUKS2_get_segments_jobj(hdr); + if (!jobj_segments) + return false; + + json_object_object_foreach(jobj_segments, key, val) { + UNUSED(key); + + if (json_segment_is_backup(val)) + continue; + + if (json_object_object_get_ex(val, "size", &jobj_size) && + !strcmp(json_object_get_string(jobj_size), "dynamic")) + return true; + } + + return false; +} diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c index 5f65918..9c09be2 100644 --- a/lib/luks2/luks2_token.c +++ b/lib/luks2/luks2_token.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, token handling * - * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2023 Milan Broz + * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -25,7 +25,9 @@ #include "luks2_internal.h" #if USE_EXTERNAL_TOKENS +#define TOKENS_PATH_MAX PATH_MAX static bool external_tokens_enabled = true; +static char external_tokens_path[TOKENS_PATH_MAX] = EXTERNAL_LUKS2_TOKENS_PATH; #else static bool external_tokens_enabled = false; #endif @@ -51,31 +53,37 @@ void crypt_token_external_disable(void) const char *crypt_token_external_path(void) { - return external_tokens_enabled ? EXTERNAL_LUKS2_TOKENS_PATH : NULL; +#if USE_EXTERNAL_TOKENS + return external_tokens_enabled ? external_tokens_path : NULL; +#else + return NULL; +#endif } #if USE_EXTERNAL_TOKENS -static void *token_dlvsym(struct crypt_device *cd, - void *handle, - const char *symbol, - const char *version) +int crypt_token_set_external_path(const char *path) { - char *error; - void *sym; + int r; + char tokens_path[TOKENS_PATH_MAX]; -#ifdef HAVE_DLVSYM - log_dbg(cd, "Loading symbol %s@%s.", symbol, version); - sym = dlvsym(handle, symbol, version); -#else - log_dbg(cd, "Loading default version of symbol %s.", symbol); - sym = dlsym(handle, symbol); -#endif - error = dlerror(); + if (!path) + path = EXTERNAL_LUKS2_TOKENS_PATH; + else if (*path != '/') + return -EINVAL; - if (error) - log_dbg(cd, "%s", error); + r = snprintf(tokens_path, sizeof(tokens_path), "%s", path); + if (r < 0 || (size_t)r >= sizeof(tokens_path)) + return -EINVAL; - return sym; + (void)strcpy(external_tokens_path, tokens_path); + + return 0; +} +#else +#pragma GCC diagnostic ignored "-Wunused-parameter" +int crypt_token_set_external_path(const char *path) +{ + return -ENOTSUP; } #endif @@ -98,6 +106,29 @@ static bool token_validate_v1(struct crypt_device *cd, const crypt_token_handler } #if USE_EXTERNAL_TOKENS +static void *token_dlvsym(struct crypt_device *cd, + void *handle, + const char *symbol, + const char *version) +{ + char *error; + void *sym; + +#ifdef HAVE_DLVSYM + log_dbg(cd, "Loading symbol %s@%s.", symbol, version); + sym = dlvsym(handle, symbol, version); +#else + log_dbg(cd, "Loading default version of symbol %s.", symbol); + sym = dlsym(handle, symbol); +#endif + error = dlerror(); + + if (error) + log_dbg(cd, "%s", error); + + return sym; +} + static bool token_validate_v2(struct crypt_device *cd, const struct crypt_token_handler_internal *h) { if (!h) @@ -127,12 +158,10 @@ static bool external_token_name_valid(const char *name) return true; } -#endif static int crypt_token_load_external(struct crypt_device *cd, const char *name, struct crypt_token_handler_internal *ret) { -#if USE_EXTERNAL_TOKENS struct crypt_token_handler_v2 *token; void *h; char buf[PATH_MAX]; @@ -192,11 +221,40 @@ crypt_token_load_external(struct crypt_device *cd, const char *name, struct cryp ret->version = 2; return 0; -#else +} + +void crypt_token_unload_external_all(struct crypt_device *cd) +{ + int i; + + for (i = LUKS2_TOKENS_MAX - 1; i >= 0; i--) { + if (token_handlers[i].version < 2) + continue; + + log_dbg(cd, "Unloading %s token handler.", token_handlers[i].u.v2.name); + + free(CONST_CAST(void *)token_handlers[i].u.v2.name); + + if (dlclose(CONST_CAST(void *)token_handlers[i].u.v2.dlhandle)) + log_dbg(cd, "%s", dlerror()); + } +} + +#else /* USE_EXTERNAL_TOKENS */ + +static int crypt_token_load_external(struct crypt_device *cd __attribute__((unused)), + const char *name __attribute__((unused)), + struct crypt_token_handler_internal *ret __attribute__((unused))) +{ return -ENOTSUP; -#endif } +void crypt_token_unload_external_all(struct crypt_device *cd __attribute__((unused))) +{ +} + +#endif + static int is_builtin_candidate(const char *type) { return !strncmp(type, LUKS2_BUILTIN_TOKEN_PREFIX, LUKS2_BUILTIN_TOKEN_PREFIX_LEN); @@ -243,25 +301,6 @@ int crypt_token_register(const crypt_token_handler *handler) return 0; } -void crypt_token_unload_external_all(struct crypt_device *cd) -{ -#if USE_EXTERNAL_TOKENS - int i; - - for (i = LUKS2_TOKENS_MAX - 1; i >= 0; i--) { - if (token_handlers[i].version < 2) - continue; - - log_dbg(cd, "Unloading %s token handler.", token_handlers[i].u.v2.name); - - free(CONST_CAST(void *)token_handlers[i].u.v2.name); - - if (dlclose(CONST_CAST(void *)token_handlers[i].u.v2.dlhandle)) - log_dbg(cd, "%s", dlerror()); - } -#endif -} - static const void *LUKS2_token_handler_type(struct crypt_device *cd, const char *type) { @@ -423,12 +462,12 @@ static const char *token_json_to_string(json_object *jobj_token) JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE); } -static int token_is_usable(struct luks2_hdr *hdr, json_object *jobj_token, int segment, +static int token_is_usable(struct luks2_hdr *hdr, json_object *jobj_token, int keyslot, int segment, crypt_keyslot_priority minimal_priority, bool requires_keyslot) { crypt_keyslot_priority keyslot_priority; json_object *jobj_array; - int i, keyslot, len, r = -ENOENT; + int i, slot, len, r = -ENOENT; if (!jobj_token) return -EINVAL; @@ -451,16 +490,19 @@ static int token_is_usable(struct luks2_hdr *hdr, json_object *jobj_token, int s return -ENOENT; for (i = 0; i < len; i++) { - keyslot = atoi(json_object_get_string(json_object_array_get_idx(jobj_array, i))); + slot = atoi(json_object_get_string(json_object_array_get_idx(jobj_array, i))); + + if (keyslot != CRYPT_ANY_SLOT && slot != keyslot) + continue; - keyslot_priority = LUKS2_keyslot_priority_get(hdr, keyslot); + keyslot_priority = LUKS2_keyslot_priority_get(hdr, slot); if (keyslot_priority == CRYPT_SLOT_PRIORITY_INVALID) return -EINVAL; if (keyslot_priority < minimal_priority) continue; - r = LUKS2_keyslot_for_segment(hdr, keyslot, segment); + r = LUKS2_keyslot_for_segment(hdr, slot, segment); if (r != -ENOENT) return r; } @@ -480,6 +522,7 @@ static int translate_errno(struct crypt_device *cd, int ret_val, const char *typ static int token_open(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, int token, json_object *jobj_token, const char *type, @@ -507,7 +550,7 @@ static int token_open(struct crypt_device *cd, return -ENOENT; } - r = token_is_usable(hdr, jobj_token, segment, priority, requires_keyslot); + r = token_is_usable(hdr, jobj_token, keyslot, segment, priority, requires_keyslot); if (r < 0) { if (r == -ENOENT) log_dbg(cd, "Token %d unusable for segment %d with desired keyslot priority %d.", @@ -569,32 +612,22 @@ static void update_return_errno(int r, int *stored) *stored = r; } -static int LUKS2_keyslot_open_by_token(struct crypt_device *cd, +static int try_token_keyslot_unlock(struct crypt_device *cd, struct luks2_hdr *hdr, + const char *type, + json_object *jobj_token_keyslots, int token, int segment, crypt_keyslot_priority priority, const char *buffer, size_t buffer_len, - struct volume_key **vk) + struct volume_key **r_vk) { + json_object *jobj; crypt_keyslot_priority keyslot_priority; - json_object *jobj_token, *jobj_token_keyslots, *jobj_type, *jobj; - unsigned int num = 0; int i, r = -ENOENT, stored_retval = -ENOENT; + unsigned int num = 0; - jobj_token = LUKS2_get_token_jobj(hdr, token); - if (!jobj_token) - return -EINVAL; - - if (!json_object_object_get_ex(jobj_token, "type", &jobj_type)) - return -EINVAL; - - json_object_object_get_ex(jobj_token, "keyslots", &jobj_token_keyslots); - if (!jobj_token_keyslots) - return -EINVAL; - - /* Try to open keyslot referenced in token */ for (i = 0; i < (int) json_object_array_length(jobj_token_keyslots) && r < 0; i++) { jobj = json_object_array_get_idx(jobj_token_keyslots, i); num = atoi(json_object_get_string(jobj)); @@ -604,8 +637,8 @@ static int LUKS2_keyslot_open_by_token(struct crypt_device *cd, if (keyslot_priority < priority) continue; log_dbg(cd, "Trying to open keyslot %u with token %d (type %s).", - num, token, json_object_get_string(jobj_type)); - r = LUKS2_keyslot_open(cd, num, segment, buffer, buffer_len, vk); + num, token, type); + r = LUKS2_keyslot_open(cd, num, segment, buffer, buffer_len, r_vk); /* short circuit on fatal error */ if (r < 0 && r != -EPERM && r != -ENOENT) return r; @@ -620,6 +653,53 @@ static int LUKS2_keyslot_open_by_token(struct crypt_device *cd, return num; } +static int LUKS2_keyslot_open_by_token(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + int token, + int segment, + crypt_keyslot_priority min_priority, + const char *buffer, + size_t buffer_len, + struct volume_key **vk) +{ + json_object *jobj_token, *jobj_token_keyslots, *jobj_type; + crypt_keyslot_priority priority = CRYPT_SLOT_PRIORITY_PREFER; + int r = -ENOENT, stored_retval = -ENOENT; + + jobj_token = LUKS2_get_token_jobj(hdr, token); + if (!jobj_token) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_token, "type", &jobj_type)) + return -EINVAL; + + json_object_object_get_ex(jobj_token, "keyslots", &jobj_token_keyslots); + if (!jobj_token_keyslots) + return -EINVAL; + + /* with specific keyslot just ignore priorities and unlock */ + if (keyslot != CRYPT_ANY_SLOT) { + log_dbg(cd, "Trying to open keyslot %u with token %d (type %s).", + keyslot, token, json_object_get_string(jobj_type)); + return LUKS2_keyslot_open(cd, keyslot, segment, buffer, buffer_len, vk); + } + + /* Try to open keyslot referenced in token */ + while (priority >= min_priority) { + r = try_token_keyslot_unlock(cd, hdr, json_object_get_string(jobj_type), + jobj_token_keyslots, token, segment, + priority, buffer, buffer_len, vk); + if (r == -EINVAL || r >= 0) + return r; + if (r == -EPERM) + stored_retval = r; + priority--; + } + + return stored_retval; +} + static bool token_is_blocked(int token, uint32_t *block_list) { /* it is safe now, but have assert in case LUKS2_TOKENS_MAX grows */ @@ -640,6 +720,7 @@ static int token_open_priority(struct crypt_device *cd, struct luks2_hdr *hdr, json_object *jobj_tokens, const char *type, + int keyslot, int segment, crypt_keyslot_priority priority, const char *pin, @@ -660,9 +741,10 @@ static int token_open_priority(struct crypt_device *cd, token = atoi(slot); if (token_is_blocked(token, block_list)) continue; - r = token_open(cd, hdr, token, val, type, segment, priority, pin, pin_size, &buffer, &buffer_size, usrptr, true); + r = token_open(cd, hdr, keyslot, token, val, type, segment, priority, pin, pin_size, + &buffer, &buffer_size, usrptr, true); if (!r) { - r = LUKS2_keyslot_open_by_token(cd, hdr, token, segment, priority, + r = LUKS2_keyslot_open_by_token(cd, hdr, keyslot, token, segment, priority, buffer, buffer_size, vk); LUKS2_token_buffer_free(cd, token, buffer, buffer_size); } @@ -679,8 +761,9 @@ static int token_open_priority(struct crypt_device *cd, return *stored_retval; } -static int token_open_any(struct crypt_device *cd, struct luks2_hdr *hdr, const char *type, int segment, - const char *pin, size_t pin_size, void *usrptr, struct volume_key **vk) +static int token_open_any(struct crypt_device *cd, struct luks2_hdr *hdr, const char *type, + int keyslot, int segment, const char *pin, size_t pin_size, void *usrptr, + struct volume_key **vk) { json_object *jobj_tokens; int r, retval = -ENOENT; @@ -692,17 +775,22 @@ static int token_open_any(struct crypt_device *cd, struct luks2_hdr *hdr, const if (!type) usrptr = NULL; - r = token_open_priority(cd, hdr, jobj_tokens, type, segment, CRYPT_SLOT_PRIORITY_PREFER, + if (keyslot != CRYPT_ANY_SLOT) + return token_open_priority(cd, hdr, jobj_tokens, type, keyslot, segment, CRYPT_SLOT_PRIORITY_IGNORE, + pin, pin_size, usrptr, &retval, &blocked, vk); + + r = token_open_priority(cd, hdr, jobj_tokens, type, keyslot, segment, CRYPT_SLOT_PRIORITY_PREFER, pin, pin_size, usrptr, &retval, &blocked, vk); if (break_loop_retval(r)) return r; - return token_open_priority(cd, hdr, jobj_tokens, type, segment, CRYPT_SLOT_PRIORITY_NORMAL, + return token_open_priority(cd, hdr, jobj_tokens, type, keyslot, segment, CRYPT_SLOT_PRIORITY_NORMAL, pin, pin_size, usrptr, &retval, &blocked, vk); } int LUKS2_token_unlock_key(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, int token, const char *type, const char *pin, @@ -714,6 +802,7 @@ int LUKS2_token_unlock_key(struct crypt_device *cd, char *buffer; size_t buffer_size; json_object *jobj_token; + crypt_keyslot_priority min_priority; int r = -ENOENT; assert(vk); @@ -724,13 +813,27 @@ int LUKS2_token_unlock_key(struct crypt_device *cd, if (segment < 0 && segment != CRYPT_ANY_SEGMENT) return -EINVAL; + if (keyslot != CRYPT_ANY_SLOT || token != CRYPT_ANY_TOKEN) + min_priority = CRYPT_SLOT_PRIORITY_IGNORE; + else + min_priority = CRYPT_SLOT_PRIORITY_NORMAL; + + if (keyslot != CRYPT_ANY_SLOT) { + r = LUKS2_keyslot_for_segment(hdr, keyslot, segment); + if (r < 0) { + if (r == -ENOENT) + log_dbg(cd, "Keyslot %d unusable for segment %d.", keyslot, segment); + return r; + } + } + if (token >= 0 && token < LUKS2_TOKENS_MAX) { if ((jobj_token = LUKS2_get_token_jobj(hdr, token))) { - r = token_open(cd, hdr, token, jobj_token, type, segment, CRYPT_SLOT_PRIORITY_IGNORE, + r = token_open(cd, hdr, keyslot, token, jobj_token, type, segment, min_priority, pin, pin_size, &buffer, &buffer_size, usrptr, true); if (!r) { - r = LUKS2_keyslot_open_by_token(cd, hdr, token, segment, CRYPT_SLOT_PRIORITY_IGNORE, - buffer, buffer_size, vk); + r = LUKS2_keyslot_open_by_token(cd, hdr, keyslot, token, segment, + min_priority, buffer, buffer_size, vk); LUKS2_token_buffer_free(cd, token, buffer, buffer_size); } } @@ -745,7 +848,7 @@ int LUKS2_token_unlock_key(struct crypt_device *cd, * success (>= 0) or any other negative errno short-circuits token activation loop * immediately */ - r = token_open_any(cd, hdr, type, segment, pin, pin_size, usrptr, vk); + r = token_open_any(cd, hdr, type, keyslot, segment, pin, pin_size, usrptr, vk); else r = -EINVAL; @@ -754,6 +857,7 @@ int LUKS2_token_unlock_key(struct crypt_device *cd, int LUKS2_token_open_and_activate(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, int token, const char *name, const char *type, @@ -763,15 +867,15 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd, void *usrptr) { bool use_keyring; - int keyslot, r, segment; - struct volume_key *vk = NULL; + int r, segment; + struct volume_key *p_crypt, *p_opal, *crypt_key = NULL, *opal_key = NULL, *vk = NULL; if (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) segment = CRYPT_ANY_SEGMENT; else segment = CRYPT_DEFAULT_SEGMENT; - r = LUKS2_token_unlock_key(cd, hdr, token, type, pin, pin_size, segment, usrptr, &vk); + r = LUKS2_token_unlock_key(cd, hdr, keyslot, token, type, pin, pin_size, segment, usrptr, &vk); if (r < 0) return r; @@ -779,23 +883,39 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd, keyslot = r; - if (!crypt_use_keyring_for_vk(cd)) + if (LUKS2_segment_is_hw_opal(hdr, CRYPT_DEFAULT_SEGMENT)) { + r = LUKS2_split_crypt_and_opal_keys(cd, hdr, vk, &crypt_key, &opal_key); + if (r < 0) { + crypt_free_volume_key(vk); + return r; + } + + p_crypt = crypt_key; + p_opal = opal_key ?: vk; + } else { + p_crypt = vk; + p_opal = NULL; + } + + if (!crypt_use_keyring_for_vk(cd) || !p_crypt) use_keyring = false; else use_keyring = ((name && !crypt_is_cipher_null(crypt_get_cipher(cd))) || (flags & CRYPT_ACTIVATE_KEYRING_KEY)); if (use_keyring) { - if (!(r = LUKS2_volume_key_load_in_keyring_by_keyslot(cd, hdr, vk, keyslot))) + if (!(r = LUKS2_volume_key_load_in_keyring_by_keyslot(cd, hdr, p_crypt, keyslot))) flags |= CRYPT_ACTIVATE_KEYRING_KEY; } if (r >= 0 && name) - r = LUKS2_activate(cd, name, vk, flags); + r = LUKS2_activate(cd, name, p_crypt, p_opal, flags); if (r < 0) - crypt_drop_keyring_key(cd, vk); + crypt_drop_keyring_key(cd, p_crypt); crypt_free_volume_key(vk); + crypt_free_volume_key(crypt_key); + crypt_free_volume_key(opal_key); return r < 0 ? r : keyslot; } @@ -995,8 +1115,9 @@ int LUKS2_token_unlock_passphrase(struct crypt_device *cd, if (token >= 0 && token < LUKS2_TOKENS_MAX) { if ((jobj_token = LUKS2_get_token_jobj(hdr, token))) - r = token_open(cd, hdr, token, jobj_token, type, CRYPT_ANY_SEGMENT, CRYPT_SLOT_PRIORITY_IGNORE, - pin, pin_size, &buffer, &buffer_size, usrptr, false); + r = token_open(cd, hdr, CRYPT_ANY_SLOT, token, jobj_token, type, + CRYPT_ANY_SEGMENT, CRYPT_SLOT_PRIORITY_IGNORE, pin, pin_size, + &buffer, &buffer_size, usrptr, false); } else if (token == CRYPT_ANY_TOKEN) { json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens); @@ -1005,7 +1126,7 @@ int LUKS2_token_unlock_passphrase(struct crypt_device *cd, json_object_object_foreach(jobj_tokens, slot, val) { token = atoi(slot); - r = token_open(cd, hdr, token, val, type, CRYPT_ANY_SEGMENT, CRYPT_SLOT_PRIORITY_IGNORE, + r = token_open(cd, hdr, CRYPT_ANY_SLOT, token, val, type, CRYPT_ANY_SEGMENT, CRYPT_SLOT_PRIORITY_IGNORE, pin, pin_size, &buffer, &buffer_size, usrptr, false); /* diff --git a/lib/luks2/luks2_token_keyring.c b/lib/luks2/luks2_token_keyring.c index ad18798..1d141b9 100644 --- a/lib/luks2/luks2_token_keyring.c +++ b/lib/luks2/luks2_token_keyring.c @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup v2, kernel keyring token * - * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2023 Ondrej Kozina + * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -40,14 +40,11 @@ int keyring_open(struct crypt_device *cd, json_object_object_get_ex(jobj_token, "key_description", &jobj_key); - r = keyring_get_passphrase(json_object_get_string(jobj_key), buffer, buffer_len); - if (r == -ENOTSUP) { - log_dbg(cd, "Kernel keyring features disabled."); + r = crypt_keyring_get_user_key(cd, json_object_get_string(jobj_key), buffer, buffer_len); + if (r == -ENOTSUP) return -ENOENT; - } else if (r < 0) { - log_dbg(cd, "keyring_get_passphrase failed (error %d)", r); + else if (r < 0) return -EPERM; - } return 0; } diff --git a/lib/meson.build b/lib/meson.build new file mode 100644 index 0000000..9f503b6 --- /dev/null +++ b/lib/meson.build @@ -0,0 +1,116 @@ +subdir('crypto_backend') +lib_build_dir = meson.current_build_dir() + +libutils_io = static_library('utils_io', + files( + 'utils_io.c', + )) + +libcryptsetup_sym_path = join_paths(meson.current_source_dir(), 'libcryptsetup.sym') + +libcryptsetup_deps = [ + uuid, + devmapper, + libargon2_external, + jsonc, + blkid, + dl, +] + +libcryptsetup_sources = files( + 'bitlk/bitlk.c', + 'fvault2/fvault2.c', + 'integrity/integrity.c', + 'loopaes/loopaes.c', + 'luks1/af.c', + 'luks1/keyencryption.c', + 'luks1/keymanage.c', + 'luks2/hw_opal/hw_opal.c', + 'luks2/luks2_digest.c', + 'luks2/luks2_digest_pbkdf2.c', + 'luks2/luks2_disk_metadata.c', + 'luks2/luks2_json_format.c', + 'luks2/luks2_json_metadata.c', + 'luks2/luks2_keyslot.c', + 'luks2/luks2_keyslot_luks2.c', + 'luks2/luks2_keyslot_reenc.c', + 'luks2/luks2_luks1_convert.c', + 'luks2/luks2_reencrypt.c', + 'luks2/luks2_reencrypt_digest.c', + 'luks2/luks2_segment.c', + 'luks2/luks2_token.c', + 'luks2/luks2_token_keyring.c', + 'tcrypt/tcrypt.c', + 'verity/rs_decode_char.c', + 'verity/rs_encode_char.c', + 'verity/verity.c', + 'verity/verity_fec.c', + 'verity/verity_hash.c', + 'crypt_plain.c', + 'keyslot_context.c', + 'libdevmapper.c', + 'random.c', + 'setup.c', + 'utils.c', + 'utils_benchmark.c', + 'utils_blkid.c', + 'utils_crypt.c', + 'utils_device.c', + 'utils_device_locking.c', + 'utils_devpath.c', + 'utils_keyring.c', + 'utils_loop.c', + 'utils_pbkdf.c', + 'utils_safe_memory.c', + 'utils_storage_wrappers.c', + 'utils_wipe.c', + 'volumekey.c', +) + +if enable_static + libcryptsetup = static_library('cryptsetup', + libcryptsetup_sources, + dependencies: libcryptsetup_deps, + link_with: [ + libcrypto_backend, + libutils_io, + ], + install: true) +else + libcryptsetup = library('cryptsetup', + libcryptsetup_sources, + dependencies: libcryptsetup_deps, + version: libcryptsetup_version, + link_args: [ + '-Wl,--version-script=' + + libcryptsetup_sym_path, + ], + link_with: [ + libcrypto_backend, + libutils_io, + ], + install: true) +endif + +lib_tools_files = files( + 'utils_blkid.c', + 'utils_crypt.c', + 'utils_io.c', + 'utils_loop.c', +) +lib_utils_crypt_files = files( + 'utils_crypt.c', +) +lib_ssh_token_files = files( + 'utils_io.c', + 'utils_loop.c', +) + +install_headers( + 'libcryptsetup.h', +) +pkgconfig.generate( + libcryptsetup, + name: 'libcryptsetup', + version: PACKAGE_VERSION, + description: 'cryptsetup library') diff --git a/lib/random.c b/lib/random.c index 0dfcff9..c86492d 100644 --- a/lib/random.c +++ b/lib/random.c @@ -1,7 +1,7 @@ /* * cryptsetup kernel RNG access functions * - * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/setup.c b/lib/setup.c index 1c9d47d..ff84292 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -31,6 +31,7 @@ #include "libcryptsetup.h" #include "luks1/luks.h" #include "luks2/luks2.h" +#include "luks2/luks2_internal.h" #include "loopaes/loopaes.h" #include "verity/verity.h" #include "tcrypt/tcrypt.h" @@ -40,6 +41,7 @@ #include "utils_device_locking.h" #include "internal.h" #include "keyslot_context.h" +#include "luks2/hw_opal/hw_opal.h" #define CRYPT_CD_UNRESTRICTED (1 << 0) #define CRYPT_CD_QUIET (1 << 1) @@ -58,6 +60,12 @@ struct crypt_device { /* global context scope settings */ unsigned key_in_keyring:1; + bool link_vk_to_keyring; + int32_t keyring_to_link_vk; + const char *user_key_name1; + const char *user_key_name2; + key_type_t keyring_key_type; + uint64_t data_offset; uint64_t metadata_size; /* Used in LUKS2 format */ uint64_t keyslots_size; /* Used in LUKS2 format */ @@ -122,8 +130,10 @@ struct crypt_device { /* buffers, must refresh from kernel on every query */ char cipher_spec[MAX_CIPHER_LEN*2+1]; char cipher[MAX_CIPHER_LEN]; + char integrity_spec[MAX_INTEGRITY_LEN]; const char *cipher_mode; unsigned int key_size; + uint32_t sector_size; } none; } u; @@ -221,6 +231,45 @@ struct device *crypt_data_device(struct crypt_device *cd) return cd->device; } +uint64_t crypt_get_metadata_size_bytes(struct crypt_device *cd) +{ + assert(cd); + return cd->metadata_size; +} + +uint64_t crypt_get_keyslots_size_bytes(struct crypt_device *cd) +{ + assert(cd); + return cd->keyslots_size; +} + +uint64_t crypt_get_data_offset_sectors(struct crypt_device *cd) +{ + assert(cd); + return cd->data_offset; +} + +int crypt_opal_supported(struct crypt_device *cd, struct device *opal_device) +{ + int r; + + assert(cd); + assert(opal_device); + + r = opal_supported(cd, opal_device); + if (r <= 0) { + if (r == -ENOTSUP) + log_err(cd, _("OPAL support is disabled in libcryptsetup.")); + else + log_err(cd, _("Device %s or kernel does not support OPAL encryption."), + device_path(opal_device)); + r = -EINVAL; + } else + r = 0; + + return r; +} + int init_crypto(struct crypt_device *ctx) { struct utsname uts; @@ -237,8 +286,9 @@ int init_crypto(struct crypt_device *ctx) log_err(ctx, _("Cannot initialize crypto backend.")); if (!r && !_crypto_logged) { - log_dbg(ctx, "Crypto backend (%s) initialized in cryptsetup library version %s.", - crypt_backend_version(), PACKAGE_VERSION); + log_dbg(ctx, "Crypto backend (%s%s) initialized in cryptsetup library version %s.", + crypt_backend_version(), crypt_argon2_version(), PACKAGE_VERSION); + if (!uname(&uts)) log_dbg(ctx, "Detected kernel %s %s %s.", uts.sysname, uts.release, uts.machine); @@ -333,7 +383,7 @@ static int isFVAULT2(const char *type) return (type && !strcmp(CRYPT_FVAULT2, type)); } -static int _onlyLUKS(struct crypt_device *cd, uint32_t cdflags) +static int _onlyLUKS(struct crypt_device *cd, uint32_t cdflags, uint32_t mask) { int r = 0; @@ -352,12 +402,22 @@ static int _onlyLUKS(struct crypt_device *cd, uint32_t cdflags) if (r || (cdflags & CRYPT_CD_UNRESTRICTED) || isLUKS1(cd->type)) return r; - return LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, 0, cdflags & CRYPT_CD_QUIET); + return LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, mask, cdflags & CRYPT_CD_QUIET); +} + +static int onlyLUKSunrestricted(struct crypt_device *cd) +{ + return _onlyLUKS(cd, CRYPT_CD_UNRESTRICTED, 0); +} + +static int onlyLUKSnoRequirements(struct crypt_device *cd) +{ + return _onlyLUKS(cd, 0, 0); } static int onlyLUKS(struct crypt_device *cd) { - return _onlyLUKS(cd, 0); + return _onlyLUKS(cd, 0, CRYPT_REQUIREMENT_OPAL); } static int _onlyLUKS2(struct crypt_device *cd, uint32_t cdflags, uint32_t mask) @@ -382,16 +442,21 @@ static int _onlyLUKS2(struct crypt_device *cd, uint32_t cdflags, uint32_t mask) return LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, mask, cdflags & CRYPT_CD_QUIET); } +static int onlyLUKS2unrestricted(struct crypt_device *cd) +{ + return _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED, 0); +} + /* Internal only */ int onlyLUKS2(struct crypt_device *cd) { - return _onlyLUKS2(cd, 0, 0); + return _onlyLUKS2(cd, 0, CRYPT_REQUIREMENT_OPAL); } /* Internal only */ -int onlyLUKS2mask(struct crypt_device *cd, uint32_t mask) +int onlyLUKS2reencrypt(struct crypt_device *cd) { - return _onlyLUKS2(cd, 0, mask); + return _onlyLUKS2(cd, 0, CRYPT_REQUIREMENT_ONLINE_REENCRYPT); } static void crypt_set_null_type(struct crypt_device *cd) @@ -461,6 +526,10 @@ int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid) if (!dm_uuid || !hdr_uuid) return -EINVAL; + /* skip beyond LUKS2_HW_OPAL prefix */ + if (!strncmp(dm_uuid, CRYPT_LUKS2_HW_OPAL, strlen(CRYPT_LUKS2_HW_OPAL))) + dm_uuid = dm_uuid + strlen(CRYPT_LUKS2_HW_OPAL); + str = strchr(dm_uuid, '-'); if (!str) return -EINVAL; @@ -481,33 +550,55 @@ int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid) } /* - * compares type of active device to provided string (only if there is no explicit type) + * compares two UUIDs returned by device-mapper (striped by cryptsetup) + * used for stacked LUKS2 & INTEGRITY devices */ -static int crypt_uuid_type_cmp(struct crypt_device *cd, const char *type) +static int crypt_uuid_integrity_cmp(const char *dm_uuid, const char *dmi_uuid) { - struct crypt_dm_active_device dmd; - size_t len; - int r; + int i; + char *str, *stri; - /* Must use header-on-disk if we know the type here */ - if (cd->type || !cd->u.none.active_name) + if (!dm_uuid || !dmi_uuid) return -EINVAL; - log_dbg(cd, "Checking if active device %s without header has UUID type %s.", - cd->u.none.active_name, type); + /* skip beyond LUKS2_HW_OPAL prefix */ + if (!strncmp(dm_uuid, CRYPT_LUKS2_HW_OPAL, strlen(CRYPT_LUKS2_HW_OPAL))) + dm_uuid = dm_uuid + strlen(CRYPT_LUKS2_HW_OPAL); - r = dm_query_device(cd, cd->u.none.active_name, DM_ACTIVE_UUID, &dmd); - if (r < 0) - return r; + str = strchr(dm_uuid, '-'); + if (!str) + return -EINVAL; + + stri = strchr(dmi_uuid, '-'); + if (!stri) + return -EINVAL; + + for (i = 1; str[i] && str[i] != '-'; i++) { + if (!stri[i]) + return -EINVAL; + + if (str[i] != stri[i]) + return -EINVAL; + } + + return 0; +} + +/* + * compares type of active device to provided string + */ +int crypt_uuid_type_cmp(const char *dm_uuid, const char *type) +{ + size_t len; + + assert(type); - r = -ENODEV; len = strlen(type); - if (dmd.uuid && strlen(dmd.uuid) > len && - !strncmp(dmd.uuid, type, len) && dmd.uuid[len] == '-') - r = 0; + if (dm_uuid && strlen(dm_uuid) > len && + !strncmp(dm_uuid, type, len) && dm_uuid[len] == '-') + return 0; - free(CONST_CAST(void*)dmd.uuid); - return r; + return -ENODEV; } int PLAIN_activate(struct crypt_device *cd, @@ -763,9 +854,12 @@ static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair) if (r) return r; - if (!reload && !(type = strdup(CRYPT_LUKS2))) { - r = -ENOMEM; - goto out; + if (!reload) { + type = strdup(CRYPT_LUKS2); + if (!type) { + r = -ENOMEM; + goto out; + } } if (verify_pbkdf_params(cd, &cd->pbkdf)) { @@ -1188,6 +1282,17 @@ static int _init_by_name_crypt_none(struct crypt_device *cd) } } + if (!r && tgt->u.crypt.integrity) { + r = snprintf(cd->u.none.integrity_spec, sizeof(cd->u.none.integrity_spec), + "%s", tgt->u.crypt.integrity); + if (r < 0 || (size_t)r >= sizeof(cd->u.none.integrity_spec)) + r = -EINVAL; + else + r = 0; + } + + cd->u.none.sector_size = tgt->u.crypt.sector_size; + dm_targets_free(cd, &dmd); return r; } @@ -1245,7 +1350,13 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name) r = crypt_parse_name_and_mode(tgt->type == DM_LINEAR ? "null" : tgt->u.crypt.cipher, cipher, &key_nums, cipher_mode); if (r < 0) { - log_dbg(cd, "Cannot parse cipher and mode from active device."); + /* Allow crypt null context with unknown cipher string */ + if (tgt->type == DM_CRYPT && !tgt->u.crypt.integrity) { + crypt_set_null_type(cd); + r = 0; + goto out; + } + log_err(cd, _("No known cipher specification pattern detected for active device %s."), name); goto out; } @@ -1260,10 +1371,13 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name) r = -EINVAL; goto out; } - if (!cd->metadata_device) { - device_free(cd, cd->device); - MOVE_REF(cd->device, tgti->data_device); - } + + /* + * Data device for crypt with integrity is not dm-integrity device, + * but always the device underlying dm-integrity. + */ + device_free(cd, cd->device); + MOVE_REF(cd->device, tgti->data_device); } /* do not try to lookup LUKS2 header in detached header mode */ @@ -1717,6 +1831,9 @@ static int _crypt_format_luks1(struct crypt_device *cd, return -ENOMEM; } + if (device_is_dax(crypt_data_device(cd)) > 0) + log_std(cd, _("WARNING: DAX device can corrupt data as it does not guarantee atomic sector updates.\n")); + if (params && cd->metadata_device) { /* For detached header the alignment is used directly as data offset */ if (!cd->data_offset) @@ -1772,6 +1889,116 @@ static int _crypt_format_luks1(struct crypt_device *cd, return 0; } +static int LUKS2_check_encryption_params(struct crypt_device *cd, + const char *cipher, + const char *cipher_mode, + const char *integrity, + size_t volume_key_size, + const struct crypt_params_luks2 *params, + const char **ret_integrity) +{ + int r, integrity_key_size = 0; + + assert(cipher); + assert(cipher_mode); + assert(ret_integrity); + + if (integrity) { + if (params->integrity_params) { + /* Standalone dm-integrity must not be used */ + if (params->integrity_params->integrity || + params->integrity_params->integrity_key_size) + return -EINVAL; + /* FIXME: journal encryption and MAC is here not yet supported */ + if (params->integrity_params->journal_crypt || + params->integrity_params->journal_integrity) + return -ENOTSUP; + } + if (!INTEGRITY_tag_size(integrity, cipher, cipher_mode)) { + /* merge "none" string into NULL to make branching logic is easier */ + if (!strcmp(integrity, "none")) + integrity = NULL; + else + return -EINVAL; + } + integrity_key_size = INTEGRITY_key_size(integrity); + if ((integrity_key_size < 0) || (integrity_key_size >= (int)volume_key_size)) { + log_err(cd, _("Volume key is too small for encryption with integrity extensions.")); + return -EINVAL; + } + } + + /* FIXME: allow this later also for normal ciphers (check AF_ALG availability. */ + if (integrity && !integrity_key_size) { + r = crypt_cipher_check_kernel(cipher, cipher_mode, integrity, volume_key_size); + if (r < 0) { + log_err(cd, _("Cipher %s-%s (key size %zd bits) is not available."), + cipher, cipher_mode, volume_key_size * 8); + return r; + } + } + + if ((!integrity || integrity_key_size) && !crypt_cipher_wrapped_key(cipher, cipher_mode) && + !INTEGRITY_tag_size(NULL, cipher, cipher_mode)) { + r = LUKS_check_cipher(cd, volume_key_size - integrity_key_size, + cipher, cipher_mode); + if (r < 0) + return r; + } + + *ret_integrity = integrity; + + return 0; +} + +static int LUKS2_check_encryption_sector(struct crypt_device *cd, uint64_t device_size_bytes, + uint64_t data_offset_bytes, uint32_t sector_size, bool modify_sector_size, + bool verify_data_area_alignment, uint32_t *ret_sector_size) +{ + uint32_t dmc_flags; + + assert(ret_sector_size); + + if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE || + NOTPOW2(sector_size)) { + log_err(cd, _("Unsupported encryption sector size.")); + return -EINVAL; + } + + if (sector_size != SECTOR_SIZE && !dm_flags(cd, DM_CRYPT, &dmc_flags) && + !(dmc_flags & DM_SECTOR_SIZE_SUPPORTED)) { + if (modify_sector_size) { + log_dbg(cd, "dm-crypt does not support encryption sector size option. Reverting to 512 bytes."); + sector_size = SECTOR_SIZE; + } else + log_std(cd, _("WARNING: The device activation will fail, dm-crypt is missing " + "support for requested encryption sector size.\n")); + } + + if (modify_sector_size) { + if (data_offset_bytes && MISALIGNED(data_offset_bytes, sector_size)) { + log_dbg(cd, "Data offset not aligned to sector size. Reverting to 512 bytes."); + sector_size = SECTOR_SIZE; + } else if (MISALIGNED(device_size_bytes - data_offset_bytes, sector_size)) { + /* underflow does not affect misalignment checks */ + log_dbg(cd, "Device size is not aligned to sector size. Reverting to 512 bytes."); + sector_size = SECTOR_SIZE; + } + } + + /* underflow does not affect misalignment checks */ + if (verify_data_area_alignment && + sector_size > SECTOR_SIZE && + MISALIGNED(device_size_bytes - data_offset_bytes, sector_size)) { + log_err(cd, _("Device size is not aligned to requested sector size.")); + return -EINVAL; + } + + *ret_sector_size = sector_size; + + return 0; +} + static int _crypt_format_luks2(struct crypt_device *cd, const char *cipher, const char *cipher_mode, @@ -1781,13 +2008,13 @@ static int _crypt_format_luks2(struct crypt_device *cd, struct crypt_params_luks2 *params, bool sector_size_autodetect) { - int r, integrity_key_size = 0; + int r; unsigned long required_alignment = DEFAULT_DISK_ALIGNMENT; unsigned long alignment_offset = 0; unsigned int sector_size; + char cipher_spec[2*MAX_CAPI_ONE_LEN]; const char *integrity = params ? params->integrity : NULL; - uint64_t dev_size; - uint32_t dmc_flags; + uint64_t data_offset_bytes, dev_size, metadata_size_bytes, keyslots_size_bytes; cd->u.luks2.hdr.jobj = NULL; cd->u.luks2.keyslot_cipher = NULL; @@ -1819,6 +2046,9 @@ static int _crypt_format_luks2(struct crypt_device *cd, return -ENOMEM; } + if (device_is_dax(crypt_data_device(cd)) > 0) + log_std(cd, _("WARNING: DAX device can corrupt data as it does not guarantee atomic sector updates.\n")); + if (sector_size_autodetect) { sector_size = device_optimal_encryption_sector_size(cd, crypt_data_device(cd)); log_dbg(cd, "Auto-detected optimal encryption sector size for device %s is %d bytes.", @@ -1826,45 +2056,6 @@ static int _crypt_format_luks2(struct crypt_device *cd, } else sector_size = params ? params->sector_size : SECTOR_SIZE; - if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE || - NOTPOW2(sector_size)) { - log_err(cd, _("Unsupported encryption sector size.")); - return -EINVAL; - } - if (sector_size != SECTOR_SIZE && !dm_flags(cd, DM_CRYPT, &dmc_flags) && - !(dmc_flags & DM_SECTOR_SIZE_SUPPORTED)) { - if (sector_size_autodetect) { - log_dbg(cd, "dm-crypt does not support encryption sector size option. Reverting to 512 bytes."); - sector_size = SECTOR_SIZE; - } else - log_std(cd, _("WARNING: The device activation will fail, dm-crypt is missing " - "support for requested encryption sector size.\n")); - } - - if (integrity) { - if (params->integrity_params) { - /* Standalone dm-integrity must not be used */ - if (params->integrity_params->integrity || - params->integrity_params->integrity_key_size) - return -EINVAL; - /* FIXME: journal encryption and MAC is here not yet supported */ - if (params->integrity_params->journal_crypt || - params->integrity_params->journal_integrity) - return -ENOTSUP; - } - if (!INTEGRITY_tag_size(integrity, cipher, cipher_mode)) { - if (!strcmp(integrity, "none")) - integrity = NULL; - else - return -EINVAL; - } - integrity_key_size = INTEGRITY_key_size(integrity); - if ((integrity_key_size < 0) || (integrity_key_size >= (int)volume_key_size)) { - log_err(cd, _("Volume key is too small for encryption with integrity extensions.")); - return -EINVAL; - } - } - r = device_check_access(cd, crypt_metadata_device(cd), DEV_EXCL); if (r < 0) return r; @@ -1901,67 +2092,45 @@ static int _crypt_format_luks2(struct crypt_device *cd, &required_alignment, &alignment_offset, DEFAULT_DISK_ALIGNMENT); + r = LUKS2_check_encryption_params(cd, cipher, cipher_mode, integrity, + volume_key_size, params, &integrity); + if (r < 0) + goto out; + r = device_size(crypt_data_device(cd), &dev_size); if (r < 0) goto out; - if (sector_size_autodetect) { - if (cd->data_offset && MISALIGNED(cd->data_offset, sector_size)) { - log_dbg(cd, "Data offset not aligned to sector size. Reverting to 512 bytes."); - sector_size = SECTOR_SIZE; - } else if (MISALIGNED(dev_size - (uint64_t)required_alignment - (uint64_t)alignment_offset, sector_size)) { - /* underflow does not affect misalignment checks */ - log_dbg(cd, "Device size is not aligned to sector size. Reverting to 512 bytes."); - sector_size = SECTOR_SIZE; - } - } + r = LUKS2_hdr_get_storage_params(cd, alignment_offset, required_alignment, + &metadata_size_bytes, &keyslots_size_bytes, &data_offset_bytes); + if (r < 0) + goto out; - /* FIXME: allow this later also for normal ciphers (check AF_ALG availability. */ - if (integrity && !integrity_key_size) { - r = crypt_cipher_check_kernel(cipher, cipher_mode, integrity, volume_key_size); - if (r < 0) { - log_err(cd, _("Cipher %s-%s (key size %zd bits) is not available."), - cipher, cipher_mode, volume_key_size * 8); - goto out; - } - } + r = LUKS2_check_encryption_sector(cd, dev_size, data_offset_bytes, sector_size, + sector_size_autodetect, integrity == NULL, + §or_size); + if (r < 0) + goto out; - if ((!integrity || integrity_key_size) && !crypt_cipher_wrapped_key(cipher, cipher_mode) && - !INTEGRITY_tag_size(NULL, cipher, cipher_mode)) { - r = LUKS_check_cipher(cd, volume_key_size - integrity_key_size, - cipher, cipher_mode); - if (r < 0) - goto out; + if (*cipher_mode != '\0') + r = snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", cipher, cipher_mode); + else + r = snprintf(cipher_spec, sizeof(cipher_spec), "%s", cipher); + if (r < 0 || (size_t)r >= sizeof(cipher_spec)) { + r = -EINVAL; + goto out; } r = LUKS2_generate_hdr(cd, &cd->u.luks2.hdr, cd->volume_key, - cipher, cipher_mode, + cipher_spec, integrity, uuid, sector_size, - cd->data_offset * SECTOR_SIZE, - alignment_offset, - required_alignment, - cd->metadata_size, cd->keyslots_size); + data_offset_bytes, + metadata_size_bytes, keyslots_size_bytes, + 0, 0, 0); if (r < 0) goto out; - if (cd->metadata_size && (cd->metadata_size != LUKS2_metadata_size(&cd->u.luks2.hdr))) - log_std(cd, _("WARNING: LUKS2 metadata size changed to %" PRIu64 " bytes.\n"), - LUKS2_metadata_size(&cd->u.luks2.hdr)); - - if (cd->keyslots_size && (cd->keyslots_size != LUKS2_keyslots_size(&cd->u.luks2.hdr))) - log_std(cd, _("WARNING: LUKS2 keyslots area size changed to %" PRIu64 " bytes.\n"), - LUKS2_keyslots_size(&cd->u.luks2.hdr)); - - if (!integrity && sector_size > SECTOR_SIZE) { - dev_size -= (crypt_get_data_offset(cd) * SECTOR_SIZE); - if (dev_size % sector_size) { - log_err(cd, _("Device size is not aligned to requested sector size.")); - r = -EINVAL; - goto out; - } - } - if (params && (params->label || params->subsystem)) { r = LUKS2_hdr_labels(cd, &cd->u.luks2.hdr, params->label, params->subsystem, 0); @@ -2000,7 +2169,7 @@ static int _crypt_format_luks2(struct crypt_device *cd, goto out; } - r = INTEGRITY_format(cd, params ? params->integrity_params : NULL, NULL, NULL); + r = INTEGRITY_format(cd, params ? params->integrity_params : NULL, NULL, NULL, 0); if (r) log_err(cd, _("Cannot format integrity for device %s."), data_device_path(cd)); @@ -2039,6 +2208,464 @@ out: return 0; } +static int opal_topology_alignment(struct crypt_device *cd, + uint64_t partition_offset_sectors, + uint64_t data_offset_sectors, + uint64_t required_alignment_sectors, + uint64_t default_alignment_bytes, + uint64_t *ret_alignment_offset_bytes, + uint64_t *ret_alignment_bytes, + uint32_t *ret_opal_block_bytes, + uint64_t *ret_opal_alignment_granularity_blocks) +{ + bool opal_align; + int r; + uint32_t opal_block_bytes; + uint64_t opal_alignment_granularity_blocks, opal_lowest_lba_blocks; + + assert(cd); + assert(ret_alignment_offset_bytes); + assert(ret_alignment_bytes); + assert(ret_opal_block_bytes); + assert(ret_opal_alignment_granularity_blocks); + + r = opal_geometry(cd, crypt_data_device(cd), &opal_align, &opal_block_bytes, + &opal_alignment_granularity_blocks, &opal_lowest_lba_blocks); + if (r) { + log_err(cd, _("Cannot get OPAL alignment parameters.")); + return -EINVAL; + } + + log_dbg(cd, "OPAL geometry: alignment: '%c', logical block size: %" PRIu32 + ", alignment granularity: %" PRIu64 ", lowest aligned LBA: %" PRIu64, + opal_align ? 'y' : 'n', opal_block_bytes, opal_alignment_granularity_blocks, opal_lowest_lba_blocks); + + if (opal_block_bytes < SECTOR_SIZE || NOTPOW2(opal_block_bytes)) { + log_err(cd, _("Bogus OPAL logical block size.")); + return -EINVAL; + } + + if (data_offset_sectors && + MISALIGNED(data_offset_sectors + partition_offset_sectors, opal_block_bytes / SECTOR_SIZE)) { + log_err(cd, _("Requested data offset is not compatible with OPAL block size.")); + return -EINVAL; + } + + /* Data offset has priority over data alignment parameter */ + if (!data_offset_sectors && + MISALIGNED(required_alignment_sectors, opal_block_bytes / SECTOR_SIZE)) { + log_err(cd, _("Requested data alignment is not compatible with OPAL alignment.")); + return -EINVAL; + } + + if (!opal_align) { + /* For detached header the alignment is used directly as data offset */ + if (required_alignment_sectors || cd->metadata_device) + *ret_alignment_bytes = required_alignment_sectors * SECTOR_SIZE; + else + *ret_alignment_bytes = default_alignment_bytes; + *ret_alignment_offset_bytes = 0; + *ret_opal_block_bytes = opal_block_bytes; + *ret_opal_alignment_granularity_blocks = 1; + return 0; + } + + if (data_offset_sectors) { + if (MISALIGNED((((data_offset_sectors + partition_offset_sectors) * SECTOR_SIZE) / opal_block_bytes) - opal_lowest_lba_blocks, + opal_alignment_granularity_blocks)) { + // FIXME: Add hint to user on how to fix it + log_err(cd, _("Data offset does not satisfy OPAL alignment requirements.")); + return -EINVAL; + } + + *ret_alignment_offset_bytes = 0; + *ret_alignment_bytes = 0; + *ret_opal_block_bytes = opal_block_bytes; + *ret_opal_alignment_granularity_blocks = opal_alignment_granularity_blocks; + + return 0; + } + + if (MISALIGNED(required_alignment_sectors * SECTOR_SIZE, opal_block_bytes * opal_alignment_granularity_blocks)) { + log_err(cd, _("Requested data alignment does not satisfy locking range alignment requirements.")); + return -EINVAL; + } + + /* For detached header the alignment is used directly as data offset */ + if (required_alignment_sectors || cd->metadata_device) + *ret_alignment_bytes = required_alignment_sectors * SECTOR_SIZE; + else + *ret_alignment_bytes = size_round_up(default_alignment_bytes, opal_block_bytes * opal_alignment_granularity_blocks); + + /* data offset is not set, calculate proper alignment */ + *ret_alignment_offset_bytes = (partition_offset_sectors * SECTOR_SIZE) % (opal_block_bytes * opal_alignment_granularity_blocks); + if (*ret_alignment_offset_bytes) + *ret_alignment_offset_bytes = opal_block_bytes * opal_alignment_granularity_blocks - *ret_alignment_offset_bytes; + + if (*ret_alignment_offset_bytes) + log_dbg(cd, "Compensating misaligned partition offset by %" PRIu64 "bytes.", + *ret_alignment_offset_bytes); + + *ret_alignment_offset_bytes += (opal_lowest_lba_blocks * opal_block_bytes); + *ret_opal_block_bytes = opal_block_bytes; + *ret_opal_alignment_granularity_blocks = opal_alignment_granularity_blocks; + + log_dbg(cd, "OPAL alignment (%" PRIu32 "/%" PRIu64 "), offset = %" PRIu64 ". Required alignment is %" PRIu64 ".", + opal_block_bytes, opal_alignment_granularity_blocks, *ret_alignment_offset_bytes, *ret_alignment_bytes); + + return 0; +} + +int crypt_format_luks2_opal(struct crypt_device *cd, + const char *cipher, + const char *cipher_mode, + const char *uuid, + const char *volume_keys, + size_t volume_keys_size, + struct crypt_params_luks2 *params, + struct crypt_params_hw_opal *opal_params) +{ + bool opal_range_reset = false, subsystem_overridden = false, sector_size_autodetect = cipher != NULL; + int r; + char cipher_spec[128]; + const char *integrity = params ? params->integrity : NULL; + uint32_t sector_size, opal_block_bytes, opal_segment_number = 1; /* We'll use the partition number if available later */ + uint64_t alignment_offset_bytes, data_offset_bytes, device_size_bytes, opal_alignment_granularity_blocks, + partition_offset_sectors, range_offset_blocks, range_size_bytes, + required_alignment_bytes, metadata_size_bytes, keyslots_size_bytes, + provided_data_sectors; + struct volume_key *user_key = NULL; + struct crypt_lock_handle *opal_lh = NULL; + + if (!cd || !params || !opal_params || + !opal_params->admin_key || !opal_params->admin_key_size || !opal_params->user_key_size) + return -EINVAL; + + if (cd->type) { + log_dbg(cd, "Context already formatted as %s.", cd->type); + return -EINVAL; + } + + log_dbg(cd, "Formatting device %s as type LUKS2 with OPAL HW encryption.", mdata_device_path(cd) ?: "(none)"); + + if (volume_keys_size < opal_params->user_key_size) + return -EINVAL; + + if (cipher && (volume_keys_size == opal_params->user_key_size)) + return -EINVAL; + + if (!crypt_metadata_device(cd)) { + log_err(cd, _("Can't format LUKS without device.")); + return -EINVAL; + } + + if (params->data_alignment && + MISALIGNED(cd->data_offset, params->data_alignment)) { + log_err(cd, _("Requested data alignment is not compatible with data offset.")); + return -EINVAL; + } + + if (params->data_device) { + if (!cd->metadata_device) + cd->metadata_device = cd->device; + else + device_free(cd, cd->device); + cd->device = NULL; + if (device_alloc(cd, &cd->device, params->data_device) < 0) + return -ENOMEM; + } + + r = crypt_opal_supported(cd, crypt_data_device(cd)); + if (r < 0) + return r; + + if (params->sector_size) + sector_size_autodetect = false; + + partition_offset_sectors = crypt_dev_partition_offset(device_path(crypt_data_device(cd))); + + r = device_check_access(cd, crypt_metadata_device(cd), DEV_EXCL); + if (r < 0) + return r; + + /* + * Check both data and metadata devices for exclusive access since + * we don't want to setup locking range on already used partition. + */ + if (crypt_metadata_device(cd) != crypt_data_device(cd)) { + r = device_check_access(cd, crypt_data_device(cd), DEV_EXCL); + if (r < 0) + return r; + } + + if (!(cd->type = strdup(CRYPT_LUKS2))) + return -ENOMEM; + + if (volume_keys) + cd->volume_key = crypt_alloc_volume_key(volume_keys_size, volume_keys); + else + cd->volume_key = crypt_generate_volume_key(cd, volume_keys_size); + + if (!cd->volume_key) { + r = -ENOMEM; + goto out; + } + + if (cipher) { + user_key = crypt_alloc_volume_key(opal_params->user_key_size, cd->volume_key->key); + if (!user_key) { + r = -ENOMEM; + goto out; + } + } + + r = 0; + if (params->pbkdf) + r = crypt_set_pbkdf_type(cd, params->pbkdf); + else if (verify_pbkdf_params(cd, &cd->pbkdf)) + r = init_pbkdf_type(cd, NULL, CRYPT_LUKS2); + + if (r < 0) + goto out; + + if (cd->metadata_device && !cd->data_offset) + /* For detached header the alignment is used directly as data offset */ + cd->data_offset = params->data_alignment; + + r = opal_topology_alignment(cd, partition_offset_sectors, + cd->data_offset, params->data_alignment, + DEFAULT_DISK_ALIGNMENT, &alignment_offset_bytes, &required_alignment_bytes, + &opal_block_bytes, &opal_alignment_granularity_blocks); + if (r < 0) + goto out; + + if (sector_size_autodetect) { + sector_size = device_optimal_encryption_sector_size(cd, crypt_data_device(cd)); + if ((opal_block_bytes * opal_alignment_granularity_blocks) > sector_size) + sector_size = opal_block_bytes * opal_alignment_granularity_blocks; + if (sector_size > MAX_SECTOR_SIZE) + sector_size = MAX_SECTOR_SIZE; + log_dbg(cd, "Auto-detected optimal encryption sector size for device %s is %d bytes.", + device_path(crypt_data_device(cd)), sector_size); + } else + sector_size = params->sector_size; + + /* To ensure it is obvious and explicit that OPAL is being used, set the + * subsystem tag if the user hasn't passed one. */ + if (!params->subsystem) { + params->subsystem = "HW-OPAL"; + subsystem_overridden = true; + } + + /* We need to give the drive a segment number - use the partition number if there is + * one, otherwise the first valid (1) number if it's a single-volume setup */ + r = crypt_dev_get_partition_number(device_path(crypt_data_device(cd))); + if (r > 0) + opal_segment_number = r; + + if (cipher) { + r = LUKS2_check_encryption_params(cd, cipher, cipher_mode, integrity, + volume_keys_size - opal_params->user_key_size, + params, &integrity); + if (r < 0) + goto out; + } + + r = device_size(crypt_data_device(cd), &device_size_bytes); + if (r < 0) + goto out; + + r = LUKS2_hdr_get_storage_params(cd, alignment_offset_bytes, required_alignment_bytes, + &metadata_size_bytes, &keyslots_size_bytes, &data_offset_bytes); + if (r < 0) + goto out; + + r = -EINVAL; + if (device_size_bytes < data_offset_bytes && !cd->metadata_device) { + log_err(cd, _("Device %s is too small."), device_path(crypt_data_device(cd))); + goto out; + } + + device_size_bytes -= data_offset_bytes; + range_size_bytes = device_size_bytes - (device_size_bytes % (opal_block_bytes * opal_alignment_granularity_blocks)); + if (!range_size_bytes) + goto out; + + if (device_size_bytes != range_size_bytes) + log_err(cd, _("Compensating device size by %" PRIu64 " sectors to align it with OPAL alignment granularity."), + (device_size_bytes - range_size_bytes) / SECTOR_SIZE); + + if (cipher) { + r = LUKS2_check_encryption_sector(cd, device_size_bytes, data_offset_bytes, sector_size, + sector_size_autodetect, integrity == NULL, + §or_size); + if (r < 0) + goto out; + + if (*cipher_mode != '\0') + r = snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", cipher, cipher_mode); + else + r = snprintf(cipher_spec, sizeof(cipher_spec), "%s", cipher); + if (r < 0 || (size_t)r >= sizeof(cipher_spec)) { + r = -EINVAL; + goto out; + } + } + + r = LUKS2_generate_hdr(cd, &cd->u.luks2.hdr, cd->volume_key, + cipher ? cipher_spec : NULL, integrity, uuid, + sector_size, + data_offset_bytes, + metadata_size_bytes, keyslots_size_bytes, + device_size_bytes, + opal_segment_number, + opal_params->user_key_size); + if (r < 0) + goto out; + + log_dbg(cd, "Adding LUKS2 OPAL requirement flag."); + r = LUKS2_config_set_requirement_version(cd, &cd->u.luks2.hdr, CRYPT_REQUIREMENT_OPAL, 1, false); + if (r < 0) + goto out; + + if (params->label || params->subsystem) { + r = LUKS2_hdr_labels(cd, &cd->u.luks2.hdr, + params->label, params->subsystem, 0); + if (r < 0) + goto out; + } + + device_set_block_size(crypt_data_device(cd), sector_size); + + r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr, cd->metadata_device != NULL); + if (r < 0) { + log_err(cd, _("Cannot wipe header on device %s."), + mdata_device_path(cd)); + if (device_size_bytes < LUKS2_hdr_and_areas_size(&cd->u.luks2.hdr)) + log_err(cd, _("Device %s is too small."), device_path(crypt_metadata_device(cd))); + goto out; + } + + range_offset_blocks = (data_offset_bytes + partition_offset_sectors * SECTOR_SIZE) / opal_block_bytes; + + r = opal_exclusive_lock(cd, crypt_data_device(cd), &opal_lh); + if (r < 0) { + log_err(cd, _("Failed to acquire OPAL lock on device %s."), device_path(crypt_data_device(cd))); + goto out; + } + + r = opal_setup_ranges(cd, crypt_data_device(cd), user_key ?: cd->volume_key, + range_offset_blocks, range_size_bytes / opal_block_bytes, + opal_segment_number, opal_params->admin_key, opal_params->admin_key_size); + if (r < 0) { + if (r == -EPERM) + log_err(cd, _("Incorrect OPAL Admin key.")); + else + log_err(cd, _("Cannot setup OPAL segment.")); + goto out; + } + + opal_range_reset = true; + + /* integrity metadata goes in unlocked OPAL locking range */ + if (crypt_get_integrity_tag_size(cd)) { + r = opal_unlock(cd, crypt_data_device(cd), opal_segment_number, user_key ?: cd->volume_key); + if (r < 0) + goto out; + + r = crypt_wipe_device(cd, crypt_data_device(cd), CRYPT_WIPE_ZERO, + crypt_get_data_offset(cd) * SECTOR_SIZE, + 8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL); + if (r < 0) { + if (r == -EBUSY) + log_err(cd, _("Cannot format device %s in use."), + data_device_path(cd)); + else if (r == -EACCES) { + log_err(cd, _("Cannot format device %s, permission denied."), + data_device_path(cd)); + r = -EINVAL; + } else + log_err(cd, _("Cannot wipe header on device %s."), + data_device_path(cd)); + + goto out; + } + + r = INTEGRITY_format(cd, params->integrity_params, NULL, NULL, + /* + * Create reduced dm-integrity device only if locking range size does + * not match device size. + */ + device_size_bytes != range_size_bytes ? range_size_bytes / SECTOR_SIZE : 0); + if (r) + log_err(cd, _("Cannot format integrity for device %s."), + data_device_path(cd)); + if (r < 0) + goto out; + + r = INTEGRITY_data_sectors(cd, crypt_data_device(cd), + crypt_get_data_offset(cd) * SECTOR_SIZE, + &provided_data_sectors); + if (r < 0) + goto out; + + if (!LUKS2_segment_set_size(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, + &(uint64_t) {provided_data_sectors * SECTOR_SIZE})) { + r = -EINVAL; + goto out; + } + + r = opal_lock(cd, crypt_data_device(cd), opal_segment_number); + if (r < 0) + goto out; + } + + /* override sequence id check with format */ + r = LUKS2_hdr_write_force(cd, &cd->u.luks2.hdr); + if (r < 0) { + if (r == -EBUSY) + log_err(cd, _("Cannot format device %s in use."), + mdata_device_path(cd)); + else if (r == -EACCES) { + log_err(cd, _("Cannot format device %s, permission denied."), + mdata_device_path(cd)); + r = -EINVAL; + } else if (r == -EIO) { + log_err(cd, _("Cannot format device %s, OPAL device seems to be fully write-protected now."), + mdata_device_path(cd)); + log_err(cd, _("This is perhaps a bug in firmware. Run OPAL PSID reset and reconnect for recovery.")); + } else + log_err(cd, _("Cannot format device %s."), + mdata_device_path(cd)); + } + +out: + crypt_free_volume_key(user_key); + + if (subsystem_overridden) + params->subsystem = NULL; + + if (r >= 0) { + opal_exclusive_unlock(cd, opal_lh); + return 0; + } + + if (opal_range_reset && + (opal_reset_segment(cd, crypt_data_device(cd), opal_segment_number, + opal_params->admin_key, opal_params->admin_key_size) < 0)) + log_err(cd, _("Locking range %d reset on device %s failed."), + opal_segment_number, device_path(crypt_data_device(cd))); + + opal_exclusive_unlock(cd, opal_lh); + LUKS2_hdr_free(cd, &cd->u.luks2.hdr); + + crypt_set_null_type(cd); + crypt_free_volume_key(cd->volume_key); + cd->volume_key = NULL; + + return r; +} + static int _crypt_format_loopaes(struct crypt_device *cd, const char *cipher, const char *uuid, @@ -2329,7 +2956,7 @@ static int _crypt_format_integrity(struct crypt_device *cd, cd->u.integrity.params.journal_integrity = journal_integrity; cd->u.integrity.params.journal_crypt = journal_crypt; - r = INTEGRITY_format(cd, params, cd->u.integrity.journal_crypt_key, cd->u.integrity.journal_mac_key); + r = INTEGRITY_format(cd, params, cd->u.integrity.journal_crypt_key, cd->u.integrity.journal_mac_key, 0); if (r) log_err(cd, _("Cannot format integrity for device %s."), mdata_device_path(cd)); @@ -2674,7 +3301,7 @@ int crypt_compare_dm_devices(struct crypt_device *cd, } static int _reload_device(struct crypt_device *cd, const char *name, - struct crypt_dm_active_device *sdmd) + struct crypt_dm_active_device *sdmd, uint32_t dmflags) { int r; struct crypt_dm_active_device tdmd; @@ -2742,7 +3369,7 @@ static int _reload_device(struct crypt_device *cd, const char *name, tdmd.flags = sdmd->flags; tgt->size = tdmd.size = sdmd->size; - r = dm_reload_device(cd, name, &tdmd, 0, 1); + r = dm_reload_device(cd, name, &tdmd, dmflags, 1); out: dm_targets_free(cd, &tdmd); free(CONST_CAST(void*)tdmd.uuid); @@ -2925,15 +3552,10 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size) struct crypt_dm_active_device dmdq, dmd = {}; struct dm_target *tgt = &dmdq.segment; struct crypt_params_integrity params = {}; - uint32_t supported_flags = 0; + uint32_t supported_flags = 0, dmflags = 0; uint64_t old_size; int r; - /* - * FIXME: Also with LUKS2 we must not allow resize when there's - * explicit size stored in metadata (length != "dynamic") - */ - /* Device context type must be initialized */ if (!cd || !cd->type || !name) return -EINVAL; @@ -2943,7 +3565,15 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size) return -ENOTSUP; } - log_dbg(cd, "Resizing device %s to %" PRIu64 " sectors.", name, new_size); + if (isLUKS2(cd->type) && !LUKS2_segments_dynamic_size(&cd->u.luks2.hdr)) { + log_err(cd, _("Can not resize LUKS2 device with static size.")); + return -EINVAL; + } + + if (new_size) + log_dbg(cd, "Resizing device %s to %" PRIu64 " sectors.", name, new_size); + else + log_dbg(cd, "Resizing device %s to underlying device size.", name); r = dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_INTEGRITY_PARAMS | DM_ACTIVE_JOURNAL_CRYPT_KEY | @@ -3011,7 +3641,8 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size) tgt->u.integrity.journal_integrity_key, ¶ms); if (r) goto out; - r = _reload_device(cd, name, &dmd); + /* Backend device cannot be smaller here, device_block_adjust() will fail if so. */ + r = _reload_device(cd, name, &dmd, DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH); if (r) goto out; @@ -3079,8 +3710,13 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size) r = -ENOTSUP; else if (isLUKS2(cd->type)) r = LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, 0, 0); - if (!r) - r = _reload_device(cd, name, &dmd); + + if (!r) { + /* Skip flush and lockfs if extending device */ + if (new_size > dmdq.size) + dmflags = DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH; + r = _reload_device(cd, name, &dmd, dmflags); + } if (r && tgt->type == DM_INTEGRITY && !dm_flags(cd, tgt->type, &supported_flags) && @@ -3271,6 +3907,8 @@ void crypt_free(struct crypt_device *cd) free(CONST_CAST(void*)cd->pbkdf.type); free(CONST_CAST(void*)cd->pbkdf.hash); + free(CONST_CAST(void*)cd->user_key_name1); + free(CONST_CAST(void*)cd->user_key_name2); /* Some structures can contain keys (TCRYPT), wipe it */ crypt_safe_memzero(cd, sizeof(*cd)); @@ -3298,38 +3936,85 @@ static char *crypt_get_device_key_description(struct crypt_device *cd, const cha int crypt_suspend(struct crypt_device *cd, const char *name) { - char *key_desc; + bool dm_opal_uuid; crypt_status_info ci; int r; - uint32_t dmflags = DM_SUSPEND_WIPE_KEY; - - /* FIXME: check context uuid matches the dm-crypt device uuid (onlyLUKS branching) */ + struct crypt_dm_active_device dmd, dmdi = {}; + uint32_t opal_segment_number = 1, dmflags = DM_SUSPEND_WIPE_KEY; + struct dm_target *tgt = &dmd.segment; + char *key_desc = NULL, *iname = NULL; + struct crypt_lock_handle *opal_lh = NULL; if (!cd || !name) return -EINVAL; log_dbg(cd, "Suspending volume %s.", name); - if (cd->type) - r = onlyLUKS(cd); - else { - r = crypt_uuid_type_cmp(cd, CRYPT_LUKS1); - if (r < 0) - r = crypt_uuid_type_cmp(cd, CRYPT_LUKS2); - if (r < 0) - log_err(cd, _("This operation is supported only for LUKS device.")); - } - - if (r < 0) + if (cd->type && ((r = onlyLUKS(cd)) < 0)) return r; - ci = crypt_status(NULL, name); + ci = crypt_status(cd, name); if (ci < CRYPT_ACTIVE) { log_err(cd, _("Volume %s is not active."), name); return -EINVAL; } - dm_backend_init(cd); + r = dm_query_device(cd, name, DM_ACTIVE_UUID, &dmd); + if (r < 0) + return r; + + log_dbg(cd, "Checking if active device %s has UUID type LUKS.", name); + + r = crypt_uuid_type_cmp(dmd.uuid, CRYPT_LUKS2); + if (r < 0) + r = crypt_uuid_type_cmp(dmd.uuid, CRYPT_LUKS1); + + if (r < 0) { + log_err(cd, _("This operation is supported only for LUKS device.")); + goto out; + } + + r = -EINVAL; + + if (isLUKS2(cd->type) && crypt_uuid_type_cmp(dmd.uuid, CRYPT_LUKS2)) { + log_dbg(cd, "LUKS device header type: %s mismatches DM device type.", cd->type); + goto out; + } + + if (isLUKS1(cd->type) && crypt_uuid_type_cmp(dmd.uuid, CRYPT_LUKS1)) { + log_dbg(cd, "LUKS device header type: %s mismatches DM device type.", cd->type); + goto out; + } + + /* check if active device has LUKS2-OPAL dm uuid prefix */ + dm_opal_uuid = !crypt_uuid_type_cmp(dmd.uuid, CRYPT_LUKS2_HW_OPAL); + + if (!dm_opal_uuid && isLUKS2(cd->type) && + LUKS2_segment_is_hw_opal(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT)) + goto out; + + if (cd->type && (r = crypt_uuid_cmp(dmd.uuid, LUKS_UUID(cd))) < 0) { + log_dbg(cd, "LUKS device header uuid: %s mismatches DM returned uuid %s", + LUKS_UUID(cd), dmd.uuid); + goto out; + } + + /* check UUID of integrity device underneath crypt device */ + if (crypt_get_integrity_tag_size(cd)) { + r = dm_get_iname(name, &iname, false); + if (r) + goto out; + + r = dm_query_device(cd, iname, DM_ACTIVE_UUID, &dmdi); + if (r < 0) + goto out; + + r = crypt_uuid_integrity_cmp(dmd.uuid, dmdi.uuid); + if (r < 0) { + log_dbg(cd, "Integrity device uuid: %s mismatches crypt device uuid %s", dmdi.uuid, dmd.uuid); + goto out; + } + } r = dm_status_suspended(cd, name); if (r < 0) @@ -3343,44 +4028,78 @@ int crypt_suspend(struct crypt_device *cd, key_desc = crypt_get_device_key_description(cd, name); - /* we can't simply wipe wrapped keys */ - if (crypt_cipher_wrapped_key(crypt_get_cipher(cd), crypt_get_cipher_mode(cd))) + if (dm_opal_uuid && crypt_data_device(cd)) { + if (isLUKS2(cd->type)) { + r = LUKS2_get_opal_segment_number(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, &opal_segment_number); + if (r < 0) + goto out; + } else { + /* Guess OPAL range number for LUKS2-OPAL device with missing header */ + r = crypt_dev_get_partition_number(device_path(crypt_data_device(cd))); + if (r > 0) + opal_segment_number = r; + } + } + + /* we can't simply wipe wrapped keys. HW OPAL only encryption does not use dm-crypt target */ + if (crypt_cipher_wrapped_key(crypt_get_cipher(cd), crypt_get_cipher_mode(cd)) || + (dm_opal_uuid && tgt->type == DM_LINEAR)) dmflags &= ~DM_SUSPEND_WIPE_KEY; r = dm_suspend_device(cd, name, dmflags); - if (r == -ENOTSUP) - log_err(cd, _("Suspend is not supported for device %s."), name); - else if (r) - log_err(cd, _("Error during suspending device %s."), name); - else - crypt_drop_keyring_key_by_description(cd, key_desc, LOGON_KEY); - free(key_desc); + if (r) { + if (r == -ENOTSUP) + log_err(cd, _("Suspend is not supported for device %s."), name); + else + log_err(cd, _("Error during suspending device %s."), name); + goto out; + } + + /* Suspend integrity device underneath; keep crypt suspended if it fails */ + if (crypt_get_integrity_tag_size(cd)) { + r = dm_suspend_device(cd, iname, 0); + if (r) + log_err(cd, _("Error during suspending device %s."), iname); + } + + crypt_drop_keyring_key_by_description(cd, key_desc, cd->keyring_key_type); + + if (dm_opal_uuid && crypt_data_device(cd)) { + r = opal_exclusive_lock(cd, crypt_data_device(cd), &opal_lh); + if (r < 0) { + log_err(cd, _("Failed to acquire OPAL lock on device %s."), device_path(crypt_data_device(cd))); + goto out; + } + } + + if (dm_opal_uuid && (!crypt_data_device(cd) || opal_lock(cd, crypt_data_device(cd), opal_segment_number))) + log_err(cd, _("Device %s was suspended but hardware OPAL device cannot be locked."), name); out: - dm_backend_exit(cd); + opal_exclusive_unlock(cd, opal_lh); + free(key_desc); + free(iname); + dm_targets_free(cd, &dmd); + dm_targets_free(cd, &dmdi); + free(CONST_CAST(void*)dmd.uuid); + free(CONST_CAST(void*)dmdi.uuid); return r; } -/* key must be properly verified */ -static int resume_by_volume_key(struct crypt_device *cd, +static int resume_luks1_by_volume_key(struct crypt_device *cd, struct volume_key *vk, const char *name) { - int digest, r; + int r; struct volume_key *zerokey = NULL; + assert(vk && crypt_volume_key_get_id(vk) == 0); + assert(name); + if (crypt_is_cipher_null(crypt_get_cipher_spec(cd))) { zerokey = crypt_alloc_volume_key(0, NULL); if (!zerokey) return -ENOMEM; vk = zerokey; - } else if (crypt_use_keyring_for_vk(cd)) { - /* LUKS2 path only */ - digest = LUKS2_digest_by_segment(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); - if (digest < 0) - return -EINVAL; - r = LUKS2_volume_key_load_in_keyring_by_digest(cd, vk, digest); - if (r < 0) - return r; } r = dm_resume_and_reinstate_key(cd, name, vk); @@ -3390,77 +4109,230 @@ static int resume_by_volume_key(struct crypt_device *cd, else if (r) log_err(cd, _("Error during resuming device %s."), name); - if (r < 0) - crypt_drop_keyring_key(cd, vk); - crypt_free_volume_key(zerokey); return r; } -int crypt_resume_by_passphrase(struct crypt_device *cd, - const char *name, - int keyslot, - const char *passphrase, - size_t passphrase_size) +static void crypt_unlink_key_from_custom_keyring(struct crypt_device *cd, key_serial_t kid) { - struct volume_key *vk = NULL; - int r; + assert(cd); + assert(cd->keyring_to_link_vk); + + log_dbg(cd, "Unlinking volume key (id: %" PRIi32 ") from kernel keyring (id: %" PRIi32 ").", + kid, cd->keyring_to_link_vk); + + if (!keyring_unlink_key_from_keyring(kid, cd->keyring_to_link_vk)) + return; + + log_dbg(cd, "keyring_unlink_key_from_keyring failed with errno %d.", errno); + log_err(cd, _("Failed to unlink volume key from user specified keyring.")); +} - /* FIXME: check context uuid matches the dm-crypt device uuid */ +static key_serial_t crypt_single_volume_key_load_in_user_keyring(struct crypt_device *cd, struct volume_key *vk, const char *user_key_name) +{ + key_serial_t kid; + const char *type_name; + + assert(cd); + assert(cd->link_vk_to_keyring); - if (!passphrase || !name) + if (!vk || !(type_name = key_type_name(cd->keyring_key_type))) return -EINVAL; - log_dbg(cd, "Resuming volume %s.", name); + log_dbg(cd, "Linking volume key (type %s, name %s) to the specified keyring", + type_name, user_key_name); - if ((r = onlyLUKS(cd))) - return r; + kid = keyring_add_key_to_custom_keyring(cd->keyring_key_type, user_key_name, vk->key, vk->keylength, cd->keyring_to_link_vk); + if (kid <= 0) { + log_dbg(cd, "The keyring_link_key_to_keyring function failed (error %d).", errno); + } - r = dm_status_suspended(cd, name); - if (r < 0) - return r; + return kid; +} - if (!r) { - log_err(cd, _("Volume %s is not suspended."), name); +static int crypt_volume_key_load_in_user_keyring(struct crypt_device *cd, struct volume_key *vk, key_serial_t *kid1_out, key_serial_t *kid2_out) +{ + key_serial_t kid1, kid2 = 0; + + assert(cd); + assert(cd->link_vk_to_keyring); + assert(cd->user_key_name1); + + if (!vk || !key_type_name(cd->keyring_key_type)) + return -EINVAL; + + kid1 = crypt_single_volume_key_load_in_user_keyring(cd, vk, cd->user_key_name1); + if (kid1 <= 0) return -EINVAL; + + vk = vk->next; + if (vk) { + assert(cd->user_key_name2); + kid2 = crypt_single_volume_key_load_in_user_keyring(cd, vk, cd->user_key_name2); + if (kid2 <= 0) { + crypt_unlink_key_from_custom_keyring(cd, kid1); + return -EINVAL; + } } - if (isLUKS1(cd->type)) - r = LUKS_open_key_with_hdr(keyslot, passphrase, passphrase_size, - &cd->u.luks1.hdr, &vk, cd); + *kid2_out = kid2; + *kid1_out = kid1; + return 0; +} + +static int resume_luks2_by_volume_key(struct crypt_device *cd, + int digest, + struct volume_key *vk, + const char *name) +{ + bool use_keyring; + int r, enc_type; + uint32_t opal_segment_number; + struct volume_key *p_crypt = vk, *p_opal = NULL, *zerokey = NULL, *crypt_key = NULL, *opal_key = NULL; + char *iname = NULL; + struct crypt_lock_handle *opal_lh = NULL; + key_serial_t kid1 = 0, kid2 = 0; + + assert(digest >= 0); + assert(vk && crypt_volume_key_get_id(vk) == digest); + assert(name); + + enc_type = crypt_get_hw_encryption_type(cd); + if (enc_type < 0) + return enc_type; + + use_keyring = crypt_use_keyring_for_vk(cd); + + if (enc_type == CRYPT_OPAL_HW_ONLY || enc_type == CRYPT_SW_AND_OPAL_HW) { + r = LUKS2_get_opal_segment_number(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, + &opal_segment_number); + if (r < 0) + return r; + + r = LUKS2_split_crypt_and_opal_keys(cd, &cd->u.luks2.hdr, + vk, &crypt_key, + &opal_key); + if (r < 0) + return r; + + p_crypt = crypt_key; + p_opal = opal_key ?: vk; + } + + if (enc_type != CRYPT_OPAL_HW_ONLY && crypt_is_cipher_null(crypt_get_cipher_spec(cd))) { + zerokey = crypt_alloc_volume_key(0, NULL); + if (!zerokey) { + r = -ENOMEM; + goto out; + } + p_crypt = zerokey; + use_keyring = false; + } + + if (use_keyring) { + if (p_crypt) { + r = LUKS2_volume_key_load_in_keyring_by_digest(cd, p_crypt, digest); + if (r < 0) + goto out; + } + + /* upload volume key in custom keyring if requested */ + if (cd->link_vk_to_keyring) { + r = crypt_volume_key_load_in_user_keyring(cd, vk, &kid1, &kid2); + if (r < 0) { + log_err(cd, _("Failed to link volume key in user defined keyring.")); + goto out; + } + } + } + + if (p_opal) { + r = opal_exclusive_lock(cd, crypt_data_device(cd), &opal_lh); + if (r < 0) { + log_err(cd, _("Failed to acquire OPAL lock on device %s."), device_path(crypt_data_device(cd))); + goto out; + } + + r = opal_unlock(cd, crypt_data_device(cd), opal_segment_number, p_opal); + if (r < 0) { + p_opal = NULL; /* do not lock on error path */ + goto out; + } + } + + if (crypt_get_integrity_tag_size(cd)) { + r = dm_get_iname(name, &iname, false); + if (r) + goto out; + + r = dm_resume_device(cd, iname, 0); + if (r) + log_err(cd, _("Error during resuming device %s."), iname); + } + + if (enc_type == CRYPT_OPAL_HW_ONLY) + r = dm_resume_device(cd, name, 0); else - r = LUKS2_keyslot_open(cd, keyslot, CRYPT_DEFAULT_SEGMENT, passphrase, passphrase_size, &vk); + r = dm_resume_and_reinstate_key(cd, name, p_crypt); - if (r < 0) - return r; + if (r == -ENOTSUP) + log_err(cd, _("Resume is not supported for device %s."), name); + else if (r) + log_err(cd, _("Error during resuming device %s."), name); - keyslot = r; +out: + if (r < 0) { + crypt_drop_keyring_key(cd, p_crypt); + if (cd->link_vk_to_keyring && kid1) + crypt_unlink_key_from_custom_keyring(cd, kid1); + if (cd->link_vk_to_keyring && kid2) + crypt_unlink_key_from_custom_keyring(cd, kid2); + } - r = resume_by_volume_key(cd, vk, name); + if (r < 0 && p_opal) + opal_lock(cd, crypt_data_device(cd), opal_segment_number); - crypt_free_volume_key(vk); - return r < 0 ? r : keyslot; + opal_exclusive_unlock(cd, opal_lh); + crypt_free_volume_key(zerokey); + crypt_free_volume_key(opal_key); + crypt_free_volume_key(crypt_key); + free(iname); + + return r; } -int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd, - const char *name, - int keyslot, - const char *keyfile, - size_t keyfile_size, - uint64_t keyfile_offset) +/* key must be properly verified */ +static int resume_by_volume_key(struct crypt_device *cd, + struct volume_key *vk, + const char *name) { - struct volume_key *vk = NULL; - char *passphrase_read = NULL; - size_t passphrase_size_read; - int r; + assert(cd); - /* FIXME: check context uuid matches the dm-crypt device uuid */ + if (isLUKS2(cd->type)) + return resume_luks2_by_volume_key(cd, + LUKS2_digest_by_segment(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT), + vk, name); - if (!name || !keyfile) + if (isLUKS1(cd->type)) + return resume_luks1_by_volume_key(cd, vk, name); + + return -EINVAL; +} + +int crypt_resume_by_keyslot_context(struct crypt_device *cd, + const char *name, + int keyslot, + struct crypt_keyslot_context *kc) +{ + int r; + struct volume_key *vk = NULL; + int unlocked_keyslot = -EINVAL; + + if (!name) return -EINVAL; - log_dbg(cd, "Resuming volume %s.", name); + log_dbg(cd, "Resuming volume %s [keyslot %d] using %s.", name, keyslot, keyslot_context_type_string(kc)); if ((r = onlyLUKS(cd))) return r; @@ -3474,29 +4346,67 @@ int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd, return -EINVAL; } - r = crypt_keyfile_device_read(cd, keyfile, - &passphrase_read, &passphrase_size_read, - keyfile_offset, keyfile_size, 0); - if (r < 0) - return r; - - if (isLUKS1(cd->type)) - r = LUKS_open_key_with_hdr(keyslot, passphrase_read, passphrase_size_read, - &cd->u.luks1.hdr, &vk, cd); + if (isLUKS1(cd->type) && kc->get_luks1_volume_key) + r = kc->get_luks1_volume_key(cd, kc, keyslot, &vk); + else if (isLUKS2(cd->type) && kc->get_luks2_volume_key) + r = kc->get_luks2_volume_key(cd, kc, keyslot, &vk); else - r = LUKS2_keyslot_open(cd, keyslot, CRYPT_DEFAULT_SEGMENT, - passphrase_read, passphrase_size_read, &vk); - - crypt_safe_free(passphrase_read); + r = -EINVAL; if (r < 0) - return r; + goto out; + unlocked_keyslot = r; - keyslot = r; + if (isLUKS1(cd->type)) { + r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); + crypt_volume_key_set_id(vk, 0); + } else if (isLUKS2(cd->type)) { + r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); + crypt_volume_key_set_id(vk, r); + } else + r = -EINVAL; + if (r < 0) + goto out; r = resume_by_volume_key(cd, vk, name); crypt_free_volume_key(vk); - return r < 0 ? r : keyslot; + return r < 0 ? r : unlocked_keyslot; +out: + crypt_free_volume_key(vk); + return r; +} + +int crypt_resume_by_passphrase(struct crypt_device *cd, + const char *name, + int keyslot, + const char *passphrase, + size_t passphrase_size) +{ + int r; + struct crypt_keyslot_context kc; + + crypt_keyslot_unlock_by_passphrase_init_internal(&kc, passphrase, passphrase_size); + r = crypt_resume_by_keyslot_context(cd, name, keyslot, &kc); + crypt_keyslot_context_destroy_internal(&kc); + + return r; +} + +int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd, + const char *name, + int keyslot, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset) +{ + int r; + struct crypt_keyslot_context kc; + + crypt_keyslot_unlock_by_keyfile_init_internal(&kc, keyfile, keyfile_size, keyfile_offset); + r = crypt_resume_by_keyslot_context(cd, name, keyslot, &kc); + crypt_keyslot_context_destroy_internal(&kc); + + return r; } int crypt_resume_by_keyfile(struct crypt_device *cd, @@ -3525,43 +4435,16 @@ int crypt_resume_by_volume_key(struct crypt_device *cd, const char *volume_key, size_t volume_key_size) { - struct volume_key *vk = NULL; int r; + struct crypt_keyslot_context kc; - if (!name || !volume_key) - return -EINVAL; - - log_dbg(cd, "Resuming volume %s by volume key.", name); - - if ((r = onlyLUKS(cd))) - return r; - - r = dm_status_suspended(cd, name); - if (r < 0) - return r; - - if (!r) { - log_err(cd, _("Volume %s is not suspended."), name); - return -EINVAL; - } - - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - if (!vk) - return -ENOMEM; + crypt_keyslot_unlock_by_key_init_internal(&kc, volume_key, volume_key_size); + r = crypt_resume_by_keyslot_context(cd, name, CRYPT_ANY_SLOT /* unused */, &kc); + crypt_keyslot_context_destroy_internal(&kc); - if (isLUKS1(cd->type)) - r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); - else if (isLUKS2(cd->type)) - r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); - else - r = -EINVAL; if (r == -EPERM || r == -ENOENT) log_err(cd, _("Volume key does not match the volume.")); - if (r >= 0) - r = resume_by_volume_key(cd, vk, name); - - crypt_free_volume_key(vk); return r; } @@ -3569,35 +4452,14 @@ int crypt_resume_by_token_pin(struct crypt_device *cd, const char *name, const char *type, int token, const char *pin, size_t pin_size, void *usrptr) { - struct volume_key *vk = NULL; - int r, keyslot; - - if (!name) - return -EINVAL; - - log_dbg(cd, "Resuming volume %s by token (%s type) %d.", - name, type ?: "any", token); - - if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET, 0))) - return r; - - r = dm_status_suspended(cd, name); - if (r < 0) - return r; - - if (!r) { - log_err(cd, _("Volume %s is not suspended."), name); - return -EINVAL; - } + int r; + struct crypt_keyslot_context kc; - r = LUKS2_token_unlock_key(cd, &cd->u.luks2.hdr, token, type, - pin, pin_size, CRYPT_DEFAULT_SEGMENT, usrptr, &vk); - keyslot = r; - if (r >= 0) - r = resume_by_volume_key(cd, vk, name); + crypt_keyslot_unlock_by_token_init_internal(&kc, token, type, pin, pin_size, usrptr); + r = crypt_resume_by_keyslot_context(cd, name, CRYPT_ANY_SLOT, &kc); + crypt_keyslot_context_destroy_internal(&kc); - crypt_free_volume_key(vk); - return r < 0 ? r : keyslot; + return r; } /* @@ -3635,7 +4497,8 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, const char *new_passphrase, size_t new_passphrase_size) { - int digest = -1, r, keyslot_new_orig = keyslot_new; + bool keyslot_swap = false; + int digest = -1, r; struct luks2_keyslot_params params; struct volume_key *vk = NULL; @@ -3670,13 +4533,21 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, } keyslot_old = r; - if (keyslot_new == CRYPT_ANY_SLOT) { - if (isLUKS1(cd->type)) - keyslot_new = LUKS_keyslot_find_empty(&cd->u.luks1.hdr); - else if (isLUKS2(cd->type)) + if (isLUKS2(cd->type)) { + /* If there is a free keyslot (both id and binary area) avoid in-place keyslot area overwrite */ + if (keyslot_new == CRYPT_ANY_SLOT || keyslot_new == keyslot_old) { keyslot_new = LUKS2_keyslot_find_empty(cd, &cd->u.luks2.hdr, vk->keylength); - if (keyslot_new < 0) - keyslot_new = keyslot_old; + if (keyslot_new < 0) + keyslot_new = keyslot_old; + else + keyslot_swap = true; + } + } else if (isLUKS1(cd->type)) { + if (keyslot_new == CRYPT_ANY_SLOT) { + keyslot_new = LUKS_keyslot_find_empty(&cd->u.luks1.hdr); + if (keyslot_new < 0) + keyslot_new = keyslot_old; + } } log_dbg(cd, "Key change, old slot %d, new slot %d.", keyslot_old, keyslot_new); @@ -3699,16 +4570,8 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, r = LUKS2_token_assignment_copy(cd, &cd->u.luks2.hdr, keyslot_old, keyslot_new, 0); if (r < 0) goto out; - } else { + } else log_dbg(cd, "Key slot %d is going to be overwritten.", keyslot_old); - /* FIXME: improve return code so that we can detect area is damaged */ - r = LUKS2_keyslot_wipe(cd, &cd->u.luks2.hdr, keyslot_old, 1); - if (r) { - /* (void)crypt_keyslot_destroy(cd, keyslot_old); */ - r = -EINVAL; - goto out; - } - } r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot_new, new_passphrase, @@ -3717,7 +4580,7 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, goto out; /* Swap old & new so the final keyslot number remains */ - if (keyslot_new_orig == CRYPT_ANY_SLOT && keyslot_old != keyslot_new) { + if (keyslot_swap && keyslot_old != keyslot_new) { r = LUKS2_keyslot_swap(cd, &cd->u.luks2.hdr, keyslot_old, keyslot_new); if (r < 0) goto out; @@ -3827,7 +4690,7 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot) log_dbg(cd, "Destroying keyslot %d.", keyslot); - if ((r = _onlyLUKS(cd, CRYPT_CD_UNRESTRICTED))) + if ((r = onlyLUKSunrestricted(cd))) return r; ki = crypt_keyslot_status(cd, keyslot); @@ -3844,7 +4707,7 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot) return LUKS_del_key(keyslot, &cd->u.luks1.hdr, cd); } - return LUKS2_keyslot_wipe(cd, &cd->u.luks2.hdr, keyslot, 0); + return LUKS2_keyslot_wipe(cd, &cd->u.luks2.hdr, keyslot); } static int _check_header_data_overlap(struct crypt_device *cd, const char *name) @@ -3960,12 +4823,14 @@ int create_or_reload_device(struct crypt_device *cd, const char *name, int r; enum devcheck device_check; struct dm_target *tgt; + uint64_t offset; + uint32_t dmflags = 0; if (!type || !name || !single_segment(dmd)) return -EINVAL; tgt = &dmd->segment; - if (tgt->type != DM_CRYPT && tgt->type != DM_INTEGRITY) + if (tgt->type != DM_CRYPT && tgt->type != DM_INTEGRITY && tgt->type != DM_LINEAR) return -EINVAL; /* drop CRYPT_ACTIVATE_REFRESH flag if any device is inactive */ @@ -3973,14 +4838,18 @@ int create_or_reload_device(struct crypt_device *cd, const char *name, if (r) return r; - if (dmd->flags & CRYPT_ACTIVATE_REFRESH) - r = _reload_device(cd, name, dmd); - else { - if (tgt->type == DM_CRYPT) { + if (dmd->flags & CRYPT_ACTIVATE_REFRESH) { + /* Refresh and recalculate means increasing dm-integrity device */ + if (tgt->type == DM_INTEGRITY && dmd->flags & CRYPT_ACTIVATE_RECALCULATE) + dmflags = DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH;; + r = _reload_device(cd, name, dmd, dmflags); + } else { + if (tgt->type == DM_CRYPT || tgt->type == DM_LINEAR) { device_check = dmd->flags & CRYPT_ACTIVATE_SHARED ? DEV_OK : DEV_EXCL; + offset = tgt->type == DM_CRYPT ? tgt->u.crypt.offset : tgt->u.linear.offset; r = device_block_adjust(cd, tgt->data_device, device_check, - tgt->u.crypt.offset, &dmd->size, &dmd->flags); + offset, &dmd->size, &dmd->flags); if (!r) { tgt->size = dmd->size; r = dm_create_device(cd, name, type, dmd); @@ -4009,15 +4878,18 @@ int create_or_reload_device_with_integrity(struct crypt_device *cd, const char * struct crypt_dm_active_device *dmdi) { int r; - const char *iname = NULL; - char *ipath = NULL; + char *iname = NULL, *ipath = NULL; if (!type || !name || !dmd || !dmdi) return -EINVAL; - if (asprintf(&ipath, "%s/%s_dif", dm_get_dir(), name) < 0) - return -ENOMEM; - iname = ipath + strlen(dm_get_dir()) + 1; + r = dm_get_iname(name, &iname, false); + if (r) + goto out; + + r = dm_get_iname(name, &ipath, true); + if (r) + goto out; /* drop CRYPT_ACTIVATE_REFRESH flag if any device is inactive */ r = check_devices(cd, name, iname, &dmd->flags); @@ -4030,6 +4902,7 @@ int create_or_reload_device_with_integrity(struct crypt_device *cd, const char * r = _create_device_with_integrity(cd, type, name, iname, ipath, dmd, dmdi); out: free(ipath); + free(iname); return r; } @@ -4043,7 +4916,8 @@ static int _open_and_activate(struct crypt_device *cd, { bool use_keyring; int r; - struct volume_key *vk = NULL; + struct volume_key *p_crypt = NULL, *p_opal = NULL, *crypt_key = NULL, *opal_key = NULL, *vk = NULL; + key_serial_t kid1 = 0, kid2 = 0; r = LUKS2_keyslot_open(cd, keyslot, (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) ? @@ -4053,6 +4927,22 @@ static int _open_and_activate(struct crypt_device *cd, return r; keyslot = r; + /* split the key only if we do activation */ + if (name && LUKS2_segment_is_hw_opal(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT)) { + r = LUKS2_split_crypt_and_opal_keys(cd, &cd->u.luks2.hdr, + vk, &crypt_key, + &opal_key); + if (r < 0) + goto out; + + /* copy volume key digest id in crypt subkey */ + crypt_volume_key_set_id(crypt_key, crypt_volume_key_get_id(vk)); + + p_crypt = crypt_key; + p_opal = opal_key ?: vk; + } else + p_crypt = vk; + if (!crypt_use_keyring_for_vk(cd)) use_keyring = false; else @@ -4060,25 +4950,44 @@ static int _open_and_activate(struct crypt_device *cd, (flags & CRYPT_ACTIVATE_KEYRING_KEY)); if (use_keyring) { - r = LUKS2_volume_key_load_in_keyring_by_keyslot(cd, - &cd->u.luks2.hdr, vk, keyslot); - if (r < 0) - goto out; - flags |= CRYPT_ACTIVATE_KEYRING_KEY; + /* upload dm-crypt part of volume key in thread keyring if requested */ + if (p_crypt) { + r = LUKS2_volume_key_load_in_keyring_by_digest(cd, p_crypt, + crypt_volume_key_get_id(p_crypt)); + if (r < 0) + goto out; + flags |= CRYPT_ACTIVATE_KEYRING_KEY; + } + + /* upload the volume key in custom user keyring if requested */ + if (cd->link_vk_to_keyring) { + r = crypt_volume_key_load_in_user_keyring(cd, vk, &kid1, &kid2); + if (r < 0) { + log_err(cd, _("Failed to link volume key in user defined keyring.")); + goto out; + } + } } if (name) - r = LUKS2_activate(cd, name, vk, flags); + r = LUKS2_activate(cd, name, p_crypt, p_opal, flags); out: - if (r < 0) - crypt_drop_keyring_key(cd, vk); + if (r < 0) { + crypt_drop_keyring_key(cd, p_crypt); + if (cd->link_vk_to_keyring && kid1) + crypt_unlink_key_from_custom_keyring(cd, kid1); + if (cd->link_vk_to_keyring && kid2) + crypt_unlink_key_from_custom_keyring(cd, kid2); + } crypt_free_volume_key(vk); + crypt_free_volume_key(crypt_key); + crypt_free_volume_key(opal_key); return r < 0 ? r : keyslot; } #if USE_LUKS2_REENCRYPTION -static int load_all_keys(struct crypt_device *cd, struct luks2_hdr *hdr, struct volume_key *vks) +static int load_all_keys(struct crypt_device *cd, struct volume_key *vks) { int r; struct volume_key *vk = vks; @@ -4129,7 +5038,7 @@ static int _open_all_keys(struct crypt_device *cd, keyslot = r; if (r >= 0 && (flags & CRYPT_ACTIVATE_KEYRING_KEY)) - r = load_all_keys(cd, hdr, _vks); + r = load_all_keys(cd, _vks); if (r >= 0 && vks) MOVE_REF(*vks, _vks); @@ -4141,6 +5050,107 @@ static int _open_all_keys(struct crypt_device *cd, return r < 0 ? r : keyslot; } +static int _open_and_activate_reencrypt_device_by_vk(struct crypt_device *cd, + struct luks2_hdr *hdr, + const char *name, + struct volume_key *vks, + uint32_t flags) +{ + bool dynamic_size; + crypt_reencrypt_info ri; + uint64_t minimal_size, device_size; + int r = 0; + struct crypt_lock_handle *reencrypt_lock = NULL; + key_serial_t kid1 = 0, kid2 = 0; + struct volume_key *vk; + + if (!vks) + return -EINVAL; + + if (crypt_use_keyring_for_vk(cd)) + flags |= CRYPT_ACTIVATE_KEYRING_KEY; + + r = LUKS2_reencrypt_lock(cd, &reencrypt_lock); + if (r) { + if (r == -EBUSY) + log_err(cd, _("Reencryption in-progress. Cannot activate device.")); + else + log_err(cd, _("Failed to get reencryption lock.")); + return r; + } + + if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) + goto out; + + ri = LUKS2_reencrypt_status(hdr); + + if (ri == CRYPT_REENCRYPT_CRASH) { + r = LUKS2_reencrypt_locked_recovery_by_vks(cd, vks); + if (r < 0) { + log_err(cd, _("LUKS2 reencryption recovery using volume key(s) failed.")); + goto out; + } + + ri = LUKS2_reencrypt_status(hdr); + } + /* recovery finished reencryption or it's already finished */ + if (ri == CRYPT_REENCRYPT_NONE) { + vk = crypt_volume_key_by_id(vks, LUKS2_digest_by_segment(hdr, CRYPT_DEFAULT_SEGMENT)); + if (!vk) { + r = -EPERM; + goto out; + } + + r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); + if (r == -EPERM || r == -ENOENT) + log_err(cd, _("Volume key does not match the volume.")); + if (r >= 0 && cd->link_vk_to_keyring) { + kid1 = crypt_single_volume_key_load_in_user_keyring(cd, vk, cd->user_key_name1); + if (kid1 <= 0) + r = -EINVAL; + } + if (r >= 0) + r = LUKS2_activate(cd, name, vk, NULL, flags); + goto out; + } + if (ri > CRYPT_REENCRYPT_CLEAN) { + r = -EINVAL; + goto out; + } + + if ((flags & CRYPT_ACTIVATE_KEYRING_KEY)) { + r = load_all_keys(cd, vks); + if (r < 0) + goto out; + } + + if ((r = LUKS2_get_data_size(hdr, &minimal_size, &dynamic_size))) + goto out; + + r = LUKS2_reencrypt_digest_verify(cd, hdr, vks); + if (r < 0) + goto out; + + log_dbg(cd, "Entering clean reencryption state mode."); + + r = LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, true, dynamic_size); + if (r < 0) + goto out; + if (cd->link_vk_to_keyring) { + r = crypt_volume_key_load_in_user_keyring(cd, vks, &kid1, &kid2); + if (r < 0) { + log_err(cd, _("Failed to link volume keys in user defined keyring.")); + goto out; + } + } + r = LUKS2_activate_multi(cd, name, vks, device_size >> SECTOR_SHIFT, flags); +out: + LUKS2_reencrypt_unlock(cd, reencrypt_lock); + crypt_drop_keyring_key(cd, vks); + + return r; +} + static int _open_and_activate_reencrypt_device(struct crypt_device *cd, struct luks2_hdr *hdr, int keyslot, @@ -4155,6 +5165,7 @@ static int _open_and_activate_reencrypt_device(struct crypt_device *cd, struct volume_key *vks = NULL; int r = 0; struct crypt_lock_handle *reencrypt_lock = NULL; + key_serial_t kid1 = 0, kid2 = 0; if (crypt_use_keyring_for_vk(cd)) flags |= CRYPT_ACTIVATE_KEYRING_KEY; @@ -4215,15 +5226,31 @@ static int _open_and_activate_reencrypt_device(struct crypt_device *cd, log_dbg(cd, "Entering clean reencryption state mode."); + if (cd->link_vk_to_keyring) { + r = crypt_volume_key_load_in_user_keyring(cd, vks, &kid1, &kid2); + if (r < 0) { + log_err(cd, _("Failed to link volume keys in user defined keyring.")); + goto out; + } + } + if (r >= 0) - r = LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, true, dynamic_size); + r = LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, + !(flags & CRYPT_ACTIVATE_SHARED), + dynamic_size); if (r >= 0) r = LUKS2_activate_multi(cd, name, vks, device_size >> SECTOR_SHIFT, flags); out: LUKS2_reencrypt_unlock(cd, reencrypt_lock); - if (r < 0) + if (r < 0) { crypt_drop_keyring_key(cd, vks); + if (cd->link_vk_to_keyring && kid1) + crypt_unlink_key_from_custom_keyring(cd, kid1); + if (cd->link_vk_to_keyring && kid2) + crypt_unlink_key_from_custom_keyring(cd, kid2); + } + crypt_free_volume_key(vks); return r < 0 ? r : keyslot; @@ -4269,6 +5296,43 @@ static int _open_and_activate_luks2(struct crypt_device *cd, return r; } + +static int _activate_luks2_by_volume_key(struct crypt_device *cd, + const char *name, + struct volume_key *vk, + struct volume_key *external_key, + uint32_t flags) +{ + int r; + crypt_reencrypt_info ri; + int digest_new, digest_old; + struct volume_key *vk_old = NULL, *vk_new = NULL; + ri = LUKS2_reencrypt_status(&cd->u.luks2.hdr); + if (ri == CRYPT_REENCRYPT_INVALID) + return -EINVAL; + + if (ri > CRYPT_REENCRYPT_NONE) { + digest_new = LUKS2_reencrypt_digest_new(&cd->u.luks2.hdr); + digest_old = LUKS2_reencrypt_digest_old(&cd->u.luks2.hdr); + + if (digest_new >= 0) { + vk_new = crypt_volume_key_by_id(vk, digest_new); + assert(vk_new); + assert(crypt_volume_key_get_id(vk_new) == digest_new); + } + if (digest_old >= 0) { + vk_old = crypt_volume_key_by_id(vk, digest_old); + assert(vk_old); + assert(crypt_volume_key_get_id(vk_old) == digest_old); + } + r = _open_and_activate_reencrypt_device_by_vk(cd, &cd->u.luks2.hdr, name, vk, flags); + } else { + assert(crypt_volume_key_get_id(vk) == LUKS2_digest_by_segment(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT)); + r = LUKS2_activate(cd, name, vk, external_key, flags); + } + + return r; +} #else static int _open_and_activate_luks2(struct crypt_device *cd, int keyslot, @@ -4290,6 +5354,29 @@ static int _open_and_activate_luks2(struct crypt_device *cd, return _open_and_activate(cd, keyslot, name, passphrase, passphrase_size, flags); } + +static int _activate_luks2_by_volume_key(struct crypt_device *cd, + const char *name, + struct volume_key *vk, + struct volume_key *external_key, + uint32_t flags) +{ + int r; + crypt_reencrypt_info ri; + ri = LUKS2_reencrypt_status(&cd->u.luks2.hdr); + if (ri == CRYPT_REENCRYPT_INVALID) + return -EINVAL; + + if (ri > CRYPT_REENCRYPT_NONE) { + log_err(cd, _("This operation is not supported for this device type.")); + r = -ENOTSUP; + } else { + assert(crypt_volume_key_get_id(vk) == LUKS2_digest_by_segment(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT)); + r = LUKS2_activate(cd, name, vk, external_key, flags); + } + + return r; +} #endif static int _activate_by_passphrase(struct crypt_device *cd, @@ -4364,16 +5451,23 @@ out: static int _activate_loopaes(struct crypt_device *cd, const char *name, - char *buffer, + const char *buffer, size_t buffer_size, uint32_t flags) { int r; unsigned int key_count = 0; struct volume_key *vk = NULL; + char *buffer_copy; + + buffer_copy = crypt_safe_alloc(buffer_size); + if (!buffer_copy) + return -ENOMEM; + memcpy(buffer_copy, buffer, buffer_size); r = LOOPAES_parse_keyfile(cd, &vk, cd->u.loopaes.hdr.hash, &key_count, - buffer, buffer_size); + buffer_copy, buffer_size); + crypt_safe_free(buffer_copy); if (!r && name) r = LOOPAES_activate(cd, name, cd->u.loopaes.cipher, key_count, @@ -4408,66 +5502,352 @@ static int _activate_check_status(struct crypt_device *cd, const char *name, uns return r; } -// activation/deactivation of device mapping -int crypt_activate_by_passphrase(struct crypt_device *cd, +static int _verify_key(struct crypt_device *cd, + int segment, + struct volume_key *vk) +{ + int r = -EINVAL; + crypt_reencrypt_info ri; + struct luks2_hdr *hdr = &cd->u.luks2.hdr; + + assert(cd); + + if (isPLAIN(cd->type)) { + if (vk && vk->keylength == cd->u.plain.key_size) { + r = KEY_VERIFIED; + } else + log_err(cd, _("Incorrect volume key specified for plain device.")); + } else if (isLUKS1(cd->type)) { + r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); + if (r == -EPERM) + log_err(cd, _("Volume key does not match the volume.")); + } else if (isLUKS2(cd->type)) { + ri = LUKS2_reencrypt_status(hdr); + if (ri == CRYPT_REENCRYPT_INVALID) + return -EINVAL; + + if (ri > CRYPT_REENCRYPT_NONE) { + LUKS2_reencrypt_lookup_key_ids(cd, hdr, vk); + r = LUKS2_reencrypt_digest_verify(cd, hdr, vk); + if (r == -EPERM || r == -ENOENT || r == -EINVAL) + log_err(cd, _("Reencryption volume keys do not match the volume.")); + return r; + } + + if (segment == CRYPT_ANY_SEGMENT) + r = LUKS2_digest_any_matching(cd, &cd->u.luks2.hdr, vk); + else { + r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, segment, vk); + if (r == -EPERM || r == -ENOENT) + log_err(cd, _("Volume key does not match the volume.")); + } + } else if (isVERITY(cd->type)) + r = KEY_VERIFIED; + else if (isTCRYPT(cd->type)) + r = KEY_VERIFIED; + else if (isINTEGRITY(cd->type)) + r = KEY_VERIFIED; + else if (isBITLK(cd->type)) + r = KEY_VERIFIED; + else + log_err(cd, _("Device type is not properly initialized.")); + + if (r >= KEY_VERIFIED) + crypt_volume_key_set_id(vk, r); + + return r > 0 ? 0 : r; +} + +/* activation/deactivation of device mapping */ +static int _activate_by_volume_key(struct crypt_device *cd, const char *name, - int keyslot, - const char *passphrase, - size_t passphrase_size, + struct volume_key *vk, + struct volume_key *external_key, uint32_t flags) { int r; - if (!cd || !passphrase || (!name && (flags & CRYPT_ACTIVATE_REFRESH))) - return -EINVAL; - - log_dbg(cd, "%s volume %s [keyslot %d] using passphrase.", - name ? "Activating" : "Checking", name ?: "passphrase", - keyslot); + assert(cd); + assert(name); - r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH); + r = _check_header_data_overlap(cd, name); if (r < 0) return r; - return _activate_by_passphrase(cd, name, keyslot, passphrase, passphrase_size, flags); + /* use key directly, no hash */ + if (isPLAIN(cd->type)) { + assert(!external_key); + assert(crypt_volume_key_get_id(vk) == KEY_VERIFIED); + + r = PLAIN_activate(cd, name, vk, cd->u.plain.hdr.size, flags); + } else if (isLUKS1(cd->type)) { + assert(!external_key); + assert(crypt_volume_key_get_id(vk) == KEY_VERIFIED); + + r = LUKS1_activate(cd, name, vk, flags); + } else if (isLUKS2(cd->type)) { + r = _activate_luks2_by_volume_key(cd, name, vk, external_key, flags); + } else if (isVERITY(cd->type)) { + assert(crypt_volume_key_get_id(vk) == KEY_VERIFIED); + r = VERITY_activate(cd, name, vk, external_key, cd->u.verity.fec_device, + &cd->u.verity.hdr, flags); + } else if (isTCRYPT(cd->type)) { + assert(!external_key); + r = TCRYPT_activate(cd, name, &cd->u.tcrypt.hdr, + &cd->u.tcrypt.params, flags); + } else if (isINTEGRITY(cd->type)) { + assert(!external_key); + assert(!vk || crypt_volume_key_get_id(vk) == KEY_VERIFIED); + r = INTEGRITY_activate(cd, name, &cd->u.integrity.params, vk, + cd->u.integrity.journal_crypt_key, + cd->u.integrity.journal_mac_key, flags, + cd->u.integrity.sb_flags); + } else if (isBITLK(cd->type)) { + assert(!external_key); + r = BITLK_activate_by_volume_key(cd, name, vk->key, vk->keylength, + &cd->u.bitlk.params, flags); + } else { + log_err(cd, _("Device type is not properly initialized.")); + r = -EINVAL; + } + + return r; } -int crypt_activate_by_keyfile_device_offset(struct crypt_device *cd, - const char *name, +int crypt_activate_by_keyslot_context(struct crypt_device *cd, +const char *name, int keyslot, - const char *keyfile, - size_t keyfile_size, - uint64_t keyfile_offset, + struct crypt_keyslot_context *kc, + int additional_keyslot, + struct crypt_keyslot_context *additional_kc, uint32_t flags) { - char *passphrase_read = NULL; - size_t passphrase_size_read; - int r; + bool use_keyring; + struct volume_key *p_ext_key, *crypt_key = NULL, *opal_key = NULL, *vk = NULL, + *vk_sign = NULL, *p_crypt = NULL; + size_t passphrase_size; + const char *passphrase = NULL; + int unlocked_keyslot, required_keys, unlocked_keys = 0, r = -EINVAL; + key_serial_t kid1 = 0, kid2 = 0; + struct luks2_hdr *hdr = &cd->u.luks2.hdr; - if (!cd || !keyfile || - ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd))) + if (!cd || !kc) return -EINVAL; - log_dbg(cd, "%s volume %s [keyslot %d] using keyfile %s.", - name ? "Activating" : "Checking", name ?: "passphrase", keyslot, keyfile); - + log_dbg(cd, "%s volume %s [keyslot %d] using %s.", + name ? "Activating" : "Checking", name ?: "passphrase", keyslot, keyslot_context_type_string(kc)); + if (!name && (flags & CRYPT_ACTIVATE_REFRESH)) + return -EINVAL; + if ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd)) + return -EINVAL; + if ((flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) && name) + return -EINVAL; + if ((kc->type == CRYPT_KC_TYPE_KEYRING) && !kernel_keyring_support()) { + log_err(cd, _("Kernel keyring is not supported by the kernel.")); + return -EINVAL; + } + if ((kc->type == CRYPT_KC_TYPE_SIGNED_KEY) && !kernel_keyring_support()) { + log_err(cd, _("Kernel keyring missing: required for passing signature to kernel.")); + return -EINVAL; + } + r = _check_header_data_overlap(cd, name); + if (r < 0) + return r; r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH); if (r < 0) return r; - r = crypt_keyfile_device_read(cd, keyfile, - &passphrase_read, &passphrase_size_read, - keyfile_offset, keyfile_size, 0); + /* for TCRYPT and token skip passphrase activation */ + if (kc->get_passphrase && kc->type != CRYPT_KC_TYPE_TOKEN && !isTCRYPT(cd->type)) { + r = kc->get_passphrase(cd, kc, &passphrase, &passphrase_size); + if (r < 0) + return r; + /* TODO: Only loopaes should by activated by passphrase method */ + if (passphrase) { + if (isLOOPAES(cd->type)) + return _activate_loopaes(cd, name, passphrase, passphrase_size, flags); + else + return _activate_by_passphrase(cd, name, keyslot, passphrase, passphrase_size, flags); + } + } + /* only passphrase unlock is supported with loopaes */ + if (isLOOPAES(cd->type)) + return -EINVAL; + + /* activate by volume key */ + r = -EINVAL; + if (isLUKS1(cd->type)) { + if (kc->get_luks1_volume_key) + r = kc->get_luks1_volume_key(cd, kc, keyslot, &vk); + } else if (isLUKS2(cd->type)) { + required_keys = LUKS2_reencrypt_vks_count(hdr); + + if (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY && kc->get_luks2_key) + r = kc->get_luks2_key(cd, kc, keyslot, CRYPT_ANY_SEGMENT, &vk); + else if (kc->get_luks2_volume_key) + r = kc->get_luks2_volume_key(cd, kc, keyslot, &vk); + if (r >= 0) { + unlocked_keys++; + + if (required_keys > 1 && vk && additional_kc) { + if (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY && additional_kc->get_luks2_key) + r = additional_kc->get_luks2_key(cd, additional_kc, additional_keyslot, CRYPT_ANY_SEGMENT, &vk->next); + else if (additional_kc->get_luks2_volume_key) + r = additional_kc->get_luks2_volume_key(cd, additional_kc, additional_keyslot, &vk->next); + if (r >= 0) + unlocked_keys++; + } + + if (unlocked_keys < required_keys) + r = -ESRCH; + } + } else if (isTCRYPT(cd->type)) { + r = 0; + } else if (name && isPLAIN(cd->type)) { + if (kc->get_plain_volume_key) + r = kc->get_plain_volume_key(cd, kc, &vk); + } else if (name && isBITLK(cd->type)) { + if (kc->get_bitlk_volume_key) + r = kc->get_bitlk_volume_key(cd, kc, &vk); + } else if (isFVAULT2(cd->type)) { + if (kc->get_fvault2_volume_key) + r = kc->get_fvault2_volume_key(cd, kc, &vk); + } else if (isVERITY(cd->type) && (name || kc->type != CRYPT_KC_TYPE_SIGNED_KEY)) { + if (kc->get_verity_volume_key) + r = kc->get_verity_volume_key(cd, kc, &vk, &vk_sign); + if (r >= 0) + r = VERITY_verify_params(cd, &cd->u.verity.hdr, vk_sign != NULL, + cd->u.verity.fec_device, vk); + + free(CONST_CAST(void*)cd->u.verity.root_hash); + cd->u.verity.root_hash = NULL; + flags |= CRYPT_ACTIVATE_READONLY; + } else if (isINTEGRITY(cd->type)) { + if (kc->get_integrity_volume_key) + r = kc->get_integrity_volume_key(cd, kc, &vk); + } + if (r < 0 && (r != -ENOENT || kc->type == CRYPT_KC_TYPE_TOKEN)) + goto out; + unlocked_keyslot = r; + + if (r == -ENOENT && isLUKS(cd->type) && cd->volume_key) { + vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); + r = vk ? 0 : -ENOMEM; + } + if (r == -ENOENT && isINTEGRITY(cd->type)) + r = 0; + if (r < 0) goto out; - if (isLOOPAES(cd->type)) - r = _activate_loopaes(cd, name, passphrase_read, passphrase_size_read, flags); - else - r = _activate_by_passphrase(cd, name, keyslot, passphrase_read, passphrase_size_read, flags); + r = _verify_key(cd, + flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY ? CRYPT_ANY_SEGMENT : CRYPT_DEFAULT_SEGMENT, + vk); + if (r < 0) + goto out; + + if (isLUKS2(cd->type)) { + /* split the key only if we do activation */ + if (name && LUKS2_segment_is_hw_opal(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT)) { + r = LUKS2_split_crypt_and_opal_keys(cd, &cd->u.luks2.hdr, + vk, &crypt_key, + &opal_key); + if (r < 0) + goto out; + + /* copy volume key digest id in crypt subkey */ + crypt_volume_key_set_id(crypt_key, crypt_volume_key_get_id(vk)); + + p_crypt = crypt_key; + p_ext_key = opal_key ?: vk; + } else { + p_crypt = vk; + p_ext_key = NULL; + } + + if (!crypt_use_keyring_for_vk(cd)) + use_keyring = false; + else + use_keyring = (name && !crypt_is_cipher_null(crypt_get_cipher(cd))) || + (flags & CRYPT_ACTIVATE_KEYRING_KEY); + + if (use_keyring) { + /* upload dm-crypt part of volume key in thread keyring if requested */ + if (p_crypt) { + r = LUKS2_volume_key_load_in_keyring_by_digest(cd, p_crypt, crypt_volume_key_get_id(p_crypt)); + if (r < 0) + goto out; + flags |= CRYPT_ACTIVATE_KEYRING_KEY; + } + + /* upload the volume key in custom user keyring if requested */ + if (cd->link_vk_to_keyring) { + r = crypt_volume_key_load_in_user_keyring(cd, vk, &kid1, &kid2); + if (r < 0) { + log_err(cd, _("Failed to link volume key in user defined keyring.")); + goto out; + } + } + } + } else { + p_crypt = vk; + p_ext_key = vk_sign; + } + + if (name) + r = _activate_by_volume_key(cd, name, p_crypt, p_ext_key, flags); + if (r >= 0 && unlocked_keyslot >= 0) + r = unlocked_keyslot; out: - crypt_safe_free(passphrase_read); + if (r < 0) { + crypt_drop_keyring_key(cd, vk); + crypt_drop_keyring_key(cd, p_crypt); + if (cd->link_vk_to_keyring && kid1) + crypt_unlink_key_from_custom_keyring(cd, kid1); + if (cd->link_vk_to_keyring && kid2) + crypt_unlink_key_from_custom_keyring(cd, kid2); + } + + crypt_free_volume_key(vk); + crypt_free_volume_key(crypt_key); + crypt_free_volume_key(opal_key); + crypt_free_volume_key(vk_sign); + return r; +} + +int crypt_activate_by_passphrase(struct crypt_device *cd, + const char *name, + int keyslot, + const char *passphrase, + size_t passphrase_size, + uint32_t flags) +{ + int r; + struct crypt_keyslot_context kc; + + crypt_keyslot_unlock_by_passphrase_init_internal(&kc, passphrase, passphrase_size); + r = crypt_activate_by_keyslot_context(cd, name, keyslot, &kc, CRYPT_ANY_SLOT, NULL, flags); + crypt_keyslot_context_destroy_internal(&kc); + + return r; +} + +int crypt_activate_by_keyfile_device_offset(struct crypt_device *cd, + const char *name, + int keyslot, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset, + uint32_t flags) +{ + int r; + struct crypt_keyslot_context kc; + + crypt_keyslot_unlock_by_keyfile_init_internal(&kc, keyfile, keyfile_size, keyfile_offset); + r = crypt_activate_by_keyslot_context(cd, name, keyslot, &kc, CRYPT_ANY_SLOT, NULL, flags); + crypt_keyslot_context_destroy_internal(&kc); + return r; } @@ -4493,135 +5873,19 @@ int crypt_activate_by_keyfile_offset(struct crypt_device *cd, return crypt_activate_by_keyfile_device_offset(cd, name, keyslot, keyfile, keyfile_size, keyfile_offset, flags); } + int crypt_activate_by_volume_key(struct crypt_device *cd, const char *name, const char *volume_key, size_t volume_key_size, uint32_t flags) { - bool use_keyring; - struct volume_key *vk = NULL; int r; + struct crypt_keyslot_context kc; - if (!cd || - ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd))) - return -EINVAL; - - log_dbg(cd, "%s volume %s by volume key.", name ? "Activating" : "Checking", - name ?: ""); - - r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH); - if (r < 0) - return r; - - r = _check_header_data_overlap(cd, name); - if (r < 0) - return r; - - /* use key directly, no hash */ - if (isPLAIN(cd->type)) { - if (!name) - return -EINVAL; - - if (!volume_key || !volume_key_size || volume_key_size != cd->u.plain.key_size) { - log_err(cd, _("Incorrect volume key specified for plain device.")); - return -EINVAL; - } - - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - if (!vk) - return -ENOMEM; - - r = PLAIN_activate(cd, name, vk, cd->u.plain.hdr.size, flags); - } else if (isLUKS1(cd->type)) { - /* If key is not provided, try to use internal key */ - if (!volume_key) { - if (!cd->volume_key) { - log_err(cd, _("Volume key does not match the volume.")); - return -EINVAL; - } - volume_key_size = cd->volume_key->keylength; - volume_key = cd->volume_key->key; - } - - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - if (!vk) - return -ENOMEM; - r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); - - if (r == -EPERM) - log_err(cd, _("Volume key does not match the volume.")); - - if (!r && name) - r = LUKS1_activate(cd, name, vk, flags); - } else if (isLUKS2(cd->type)) { - /* If key is not provided, try to use internal key */ - if (!volume_key) { - if (!cd->volume_key) { - log_err(cd, _("Volume key does not match the volume.")); - return -EINVAL; - } - volume_key_size = cd->volume_key->keylength; - volume_key = cd->volume_key->key; - } - - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - if (!vk) - return -ENOMEM; - - r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); - if (r == -EPERM || r == -ENOENT) - log_err(cd, _("Volume key does not match the volume.")); - if (r > 0) - r = 0; - - if (!crypt_use_keyring_for_vk(cd)) - use_keyring = false; - else - use_keyring = (name && !crypt_is_cipher_null(crypt_get_cipher(cd))) || - (flags & CRYPT_ACTIVATE_KEYRING_KEY); - - if (!r && use_keyring) { - r = LUKS2_key_description_by_segment(cd, - &cd->u.luks2.hdr, vk, CRYPT_DEFAULT_SEGMENT); - if (!r) - r = crypt_volume_key_load_in_keyring(cd, vk); - if (!r) - flags |= CRYPT_ACTIVATE_KEYRING_KEY; - } - - if (!r && name) - r = LUKS2_activate(cd, name, vk, flags); - } else if (isVERITY(cd->type)) { - r = crypt_activate_by_signed_key(cd, name, volume_key, volume_key_size, NULL, 0, flags); - } else if (isTCRYPT(cd->type)) { - if (!name) - return 0; - r = TCRYPT_activate(cd, name, &cd->u.tcrypt.hdr, - &cd->u.tcrypt.params, flags); - } else if (isINTEGRITY(cd->type)) { - if (!name) - return 0; - if (volume_key) { - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - if (!vk) - return -ENOMEM; - } - r = INTEGRITY_activate(cd, name, &cd->u.integrity.params, vk, - cd->u.integrity.journal_crypt_key, - cd->u.integrity.journal_mac_key, flags, - cd->u.integrity.sb_flags); - } else if (isBITLK(cd->type)) { - r = BITLK_activate_by_volume_key(cd, name, volume_key, volume_key_size, - &cd->u.bitlk.params, flags); - } else { - log_err(cd, _("Device type is not properly initialized.")); - r = -EINVAL; - } - - if (r < 0) - crypt_drop_keyring_key(cd, vk); - crypt_free_volume_key(vk); + crypt_keyslot_unlock_by_key_init_internal(&kc, volume_key, volume_key_size); + r = crypt_activate_by_keyslot_context(cd, name, CRYPT_ANY_SLOT /* unused */, &kc, CRYPT_ANY_SLOT, NULL, flags); + crypt_keyslot_context_destroy_internal(&kc); return r; } @@ -4634,8 +5898,8 @@ int crypt_activate_by_signed_key(struct crypt_device *cd, size_t signature_size, uint32_t flags) { - char description[512]; int r; + struct crypt_keyslot_context kc; if (!cd || !isVERITY(cd->type)) return -EINVAL; @@ -4645,57 +5909,13 @@ int crypt_activate_by_signed_key(struct crypt_device *cd, return -EINVAL; } - if (name) - log_dbg(cd, "Activating volume %s by %skey.", name, signature ? "signed " : ""); - else - log_dbg(cd, "Checking volume by key."); - - if (cd->u.verity.hdr.flags & CRYPT_VERITY_ROOT_HASH_SIGNATURE && !signature) { - log_err(cd, _("Root hash signature required.")); - return -EINVAL; - } - - r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH); - if (r < 0) - return r; - - if (signature && !kernel_keyring_support()) { - log_err(cd, _("Kernel keyring missing: required for passing signature to kernel.")); - return -EINVAL; - } - - /* volume_key == root hash */ - free(CONST_CAST(void*)cd->u.verity.root_hash); - cd->u.verity.root_hash = NULL; - - if (signature) { - r = snprintf(description, sizeof(description)-1, "cryptsetup:%s%s%s", - crypt_get_uuid(cd) ?: "", crypt_get_uuid(cd) ? "-" : "", name); - if (r < 0) - return -EINVAL; - - log_dbg(cd, "Adding signature into keyring %s", description); - r = keyring_add_key_in_thread_keyring(USER_KEY, description, signature, signature_size); - if (r) { - log_err(cd, _("Failed to load key in kernel keyring.")); - return r; - } - } - - r = VERITY_activate(cd, name, volume_key, volume_key_size, - signature ? description : NULL, - cd->u.verity.fec_device, - &cd->u.verity.hdr, flags | CRYPT_ACTIVATE_READONLY); - - if (!r) { - cd->u.verity.root_hash_size = volume_key_size; - cd->u.verity.root_hash = malloc(volume_key_size); - if (cd->u.verity.root_hash) - memcpy(CONST_CAST(void*)cd->u.verity.root_hash, volume_key, volume_key_size); - } - if (signature) - crypt_drop_keyring_key_by_description(cd, description, USER_KEY); + crypt_keyslot_unlock_by_signed_key_init_internal(&kc, volume_key, volume_key_size, + signature, signature_size); + else + crypt_keyslot_unlock_by_key_init_internal(&kc, volume_key, volume_key_size); + r = crypt_activate_by_keyslot_context(cd, name, -2 /* unused */, &kc, CRYPT_ANY_SLOT, NULL, flags); + crypt_keyslot_context_destroy_internal(&kc); return r; } @@ -4723,6 +5943,17 @@ int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t cd = fake_cd; } + if (flags & (CRYPT_DEACTIVATE_DEFERRED | CRYPT_DEACTIVATE_DEFERRED_CANCEL)) { + struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + if (hdr) { + json_object *jobj = json_segments_get_segment(LUKS2_get_segments_jobj(hdr), 0); + if (jobj && !strcmp(json_segment_type(jobj), "hw-opal")) { + log_err(cd, _("OPAL does not support deferred deactivation.")); + return -EINVAL; + } + } + } + /* skip holders detection and early abort when some flags raised */ if (flags & (CRYPT_DEACTIVATE_FORCE | CRYPT_DEACTIVATE_DEFERRED | CRYPT_DEACTIVATE_DEFERRED_CANCEL)) get_flags &= ~DM_ACTIVE_HOLDERS; @@ -4986,7 +6217,7 @@ int crypt_volume_key_verify(struct crypt_device *cd, struct volume_key *vk; int r; - if ((r = _onlyLUKS(cd, CRYPT_CD_UNRESTRICTED))) + if ((r = onlyLUKSunrestricted(cd))) return r; vk = crypt_alloc_volume_key(volume_key_size, volume_key); @@ -5031,6 +6262,9 @@ int crypt_get_rng_type(struct crypt_device *cd) int crypt_memory_lock(struct crypt_device *cd, int lock) { + UNUSED(cd); + UNUSED(lock); + return 0; } @@ -5264,6 +6498,9 @@ const char *crypt_get_integrity(struct crypt_device *cd) if (isLUKS2(cd->type)) return LUKS2_get_integrity(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); + if (!cd->type && *cd->u.none.integrity_spec) + return cd->u.none.integrity_spec; + return NULL; } @@ -5272,10 +6509,7 @@ int crypt_get_integrity_key_size(struct crypt_device *cd) { int key_size = 0; - if (isINTEGRITY(cd->type)) - key_size = INTEGRITY_key_size(crypt_get_integrity(cd)); - - if (isLUKS2(cd->type)) + if (isINTEGRITY(cd->type) || isLUKS2(cd->type) || !cd->type) key_size = INTEGRITY_key_size(crypt_get_integrity(cd)); return key_size > 0 ? key_size : 0; @@ -5287,7 +6521,7 @@ int crypt_get_integrity_tag_size(struct crypt_device *cd) if (isINTEGRITY(cd->type)) return cd->u.integrity.params.tag_size; - if (isLUKS2(cd->type)) + if (isLUKS2(cd->type) || !cd->type) return INTEGRITY_tag_size(crypt_get_integrity(cd), crypt_get_cipher(cd), crypt_get_cipher_mode(cd)); @@ -5308,6 +6542,9 @@ int crypt_get_sector_size(struct crypt_device *cd) if (isLUKS2(cd->type)) return LUKS2_get_sector_size(&cd->u.luks2.hdr); + if (!cd->type && cd->u.none.sector_size) + return cd->u.none.sector_size; + return SECTOR_SIZE; } @@ -5403,6 +6640,14 @@ int crypt_get_volume_key_size(struct crypt_device *cd) return 0; } +int crypt_get_hw_encryption_key_size(struct crypt_device *cd) +{ + if (!cd || !isLUKS2(cd->type)) + return 0; + + return LUKS2_get_opal_key_size(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); +} + int crypt_keyslot_get_key_size(struct crypt_device *cd, int keyslot) { if (!cd || !isLUKS(cd->type)) @@ -5466,6 +6711,12 @@ const char *crypt_keyslot_get_encryption(struct crypt_device *cd, int keyslot, s return cd->u.luks2.keyslot_cipher; } + if (LUKS2_segment_is_hw_opal(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT)) { + /* Fallback to default LUKS2 keyslot encryption */ + *key_size = DEFAULT_LUKS2_KEYSLOT_KEYBITS / 8; + return DEFAULT_LUKS2_KEYSLOT_CIPHER; + } + /* Try to reuse volume encryption parameters */ cipher = LUKS2_get_cipher(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); if (!LUKS2_keyslot_cipher_incompatible(cd, cipher)) { @@ -5606,7 +6857,7 @@ uint64_t crypt_get_iv_offset(struct crypt_device *cd) crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot) { - if (_onlyLUKS(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED) < 0) + if (_onlyLUKS(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0) < 0) return CRYPT_SLOT_INVALID; if (isLUKS1(cd->type)) @@ -5633,7 +6884,7 @@ int crypt_keyslot_area(struct crypt_device *cd, uint64_t *offset, uint64_t *length) { - if (_onlyLUKS(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED) || !offset || !length) + if (_onlyLUKS(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0) || !offset || !length) return -EINVAL; if (isLUKS2(cd->type)) @@ -5644,7 +6895,7 @@ int crypt_keyslot_area(struct crypt_device *cd, crypt_keyslot_priority crypt_keyslot_get_priority(struct crypt_device *cd, int keyslot) { - if (_onlyLUKS(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED)) + if (_onlyLUKS(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0)) return CRYPT_SLOT_PRIORITY_INVALID; if (keyslot < 0 || keyslot >= crypt_keyslot_max(cd->type)) @@ -5684,6 +6935,21 @@ const char *crypt_get_default_type(void) return DEFAULT_LUKS_FORMAT; } +int crypt_get_hw_encryption_type(struct crypt_device *cd) +{ + if (!cd) + return -EINVAL; + + if (isLUKS2(cd->type)) { + if (LUKS2_segment_is_hw_opal_crypt(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT)) + return CRYPT_SW_AND_OPAL_HW; + else if (LUKS2_segment_is_hw_opal_only(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT)) + return CRYPT_OPAL_HW_ONLY; + } + + return CRYPT_SW_ONLY; +} + int crypt_get_verity_info(struct crypt_device *cd, struct crypt_params_verity *vp) { @@ -5753,6 +7019,11 @@ int crypt_get_integrity_info(struct crypt_device *cd, ip->journal_crypt_key_size = 0; ip->journal_crypt_key = NULL; return 0; + } else if (!cd->type) { + memset(ip, 0, sizeof(*ip)); + ip->integrity = crypt_get_integrity(cd); + ip->integrity_key_size = crypt_get_integrity_key_size(cd); + ip->tag_size = crypt_get_integrity_tag_size(cd); } return -ENOTSUP; @@ -5771,7 +7042,7 @@ int crypt_convert(struct crypt_device *cd, log_dbg(cd, "Converting LUKS device to type %s", type); - if ((r = onlyLUKS(cd))) + if ((r = onlyLUKSnoRequirements(cd))) return r; if (isLUKS1(cd->type) && isLUKS2(type)) @@ -5797,6 +7068,10 @@ int crypt_convert(struct crypt_device *cd, /* Internal access function to header pointer */ void *crypt_get_hdr(struct crypt_device *cd, const char *type) { + /* One type can be OPAL */ + if (isLUKS2(type) && isLUKS2(cd->type)) + return &cd->u.luks2.hdr; + /* If requested type differs, ignore it */ if (strcmp(cd->type, type)) return NULL; @@ -5807,9 +7082,6 @@ void *crypt_get_hdr(struct crypt_device *cd, const char *type) if (isLUKS1(cd->type)) return &cd->u.luks1.hdr; - if (isLUKS2(cd->type)) - return &cd->u.luks2.hdr; - if (isLOOPAES(cd->type)) return &cd->u.loopaes; @@ -5842,26 +7114,13 @@ int crypt_activate_by_token_pin(struct crypt_device *cd, const char *name, void *usrptr, uint32_t flags) { int r; + struct crypt_keyslot_context kc; - log_dbg(cd, "%s volume %s using token (%s type) %d.", - name ? "Activating" : "Checking", name ?: "passphrase", - type ?: "any", token); - - if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0))) - return r; - - if ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd)) - return -EINVAL; - - if ((flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) && name) - return -EINVAL; - - r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH); - if (r < 0) - return r; + crypt_keyslot_unlock_by_token_init_internal(&kc, token, type, pin, pin_size, usrptr); + r = crypt_activate_by_keyslot_context(cd, name, CRYPT_ANY_SLOT, &kc, CRYPT_ANY_SLOT, NULL, flags); + crypt_keyslot_context_destroy_internal(&kc); - return LUKS2_token_open_and_activate(cd, &cd->u.luks2.hdr, token, name, type, - pin, pin_size, flags, usrptr); + return r; } int crypt_activate_by_token(struct crypt_device *cd, @@ -5879,7 +7138,7 @@ int crypt_token_json_get(struct crypt_device *cd, int token, const char **json) log_dbg(cd, "Requesting JSON for token %d.", token); - if ((r = _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED, 0))) + if ((r = onlyLUKS2unrestricted(cd))) return r; return LUKS2_token_json_get(&cd->u.luks2.hdr, token, json) ?: token; @@ -5926,7 +7185,7 @@ int crypt_token_luks2_keyring_get(struct crypt_device *cd, log_dbg(cd, "Requesting LUKS2 keyring token %d.", token); - if ((r = _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED, 0))) + if ((r = onlyLUKS2unrestricted(cd))) return r; token_info = LUKS2_token_status(cd, &cd->u.luks2.hdr, token, &type); @@ -6041,7 +7300,7 @@ int crypt_persistent_flags_get(struct crypt_device *cd, crypt_flags_type type, u if (!flags) return -EINVAL; - if ((r = _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED, 0))) + if ((r = onlyLUKS2unrestricted(cd))) return r; if (type == CRYPT_FLAGS_ACTIVATION) @@ -6404,10 +7663,9 @@ int crypt_volume_key_keyring(struct crypt_device *cd __attribute__((unused)), in /* internal only */ int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key *vk) { - int r; - const char *type_name = key_type_name(LOGON_KEY); + key_serial_t kid; - if (!vk || !cd || !type_name) + if (!vk || !cd) return -EINVAL; if (!vk->key_description) { @@ -6415,15 +7673,83 @@ int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key return -EINVAL; } - log_dbg(cd, "Loading key (%zu bytes, type %s) in thread keyring.", vk->keylength, type_name); + log_dbg(cd, "Loading key (type logon, name %s) in thread keyring.", vk->key_description); - r = keyring_add_key_in_thread_keyring(LOGON_KEY, vk->key_description, vk->key, vk->keylength); - if (r) { - log_dbg(cd, "keyring_add_key_in_thread_keyring failed (error %d)", r); + kid = keyring_add_key_in_thread_keyring(LOGON_KEY, vk->key_description, vk->key, vk->keylength); + if (kid < 0) { + log_dbg(cd, "keyring_add_key_in_thread_keyring failed (error %d)", errno); log_err(cd, _("Failed to load key in kernel keyring.")); } else crypt_set_key_in_keyring(cd, 1); + return kid < 0 ? -EINVAL : 0; +} + +/* internal only */ +int crypt_keyring_get_user_key(struct crypt_device *cd, + const char *key_description, + char **key, + size_t *key_size) +{ + int r; + key_serial_t kid; + + if (!key_description || !key || !key_size) + return -EINVAL; + + log_dbg(cd, "Requesting key %s (user type)", key_description); + + kid = keyring_request_key_id(USER_KEY, key_description); + if (kid == -ENOTSUP) { + log_dbg(cd, "Kernel keyring features disabled."); + return -ENOTSUP; + } else if (kid < 0) { + log_dbg(cd, "keyring_request_key_id failed with errno %d.", errno); + return -EINVAL; + } + + log_dbg(cd, "Reading content of kernel key (id %" PRIi32 ").", kid); + + r = keyring_read_key(kid, key, key_size); + if (r < 0) + log_dbg(cd, "keyring_read_key failed with errno %d.", errno); + + return r; +} + +/* internal only */ +int crypt_keyring_get_key_by_name(struct crypt_device *cd, + const char *key_description, + char **key, + size_t *key_size) +{ + int r; + key_serial_t kid; + + if (!key_description || !key || !key_size) + return -EINVAL; + + log_dbg(cd, "Searching for key by name %s.", key_description); + + kid = keyring_find_key_id_by_name(key_description); + if (kid == -ENOTSUP) { + log_dbg(cd, "Kernel keyring features disabled."); + return -ENOTSUP; + } else if (kid < 0) { + log_dbg(cd, "keyring_find_key_id_by_name failed with errno %d.", errno); + return -EINVAL; + } + else if (kid == 0) { + log_dbg(cd, "keyring_find_key_id_by_name failed with errno %d.", ENOENT); + return -ENOENT; + } + + log_dbg(cd, "Reading content of kernel key (id %" PRIi32 ").", kid); + + r = keyring_read_key(kid, key, key_size); + if (r < 0) + log_dbg(cd, "keyring_read_key failed with errno %d.", errno); + return r; } @@ -6445,18 +7771,96 @@ void crypt_set_key_in_keyring(struct crypt_device *cd, unsigned key_in_keyring) /* internal only */ void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *key_description, key_type_t ktype) { - int r; + key_serial_t kid; const char *type_name = key_type_name(ktype); if (!key_description || !type_name) return; - log_dbg(cd, "Requesting keyring %s key for revoke and unlink.", type_name); + log_dbg(cd, "Requesting kernel key %s (type %s) for unlink from thread keyring.", key_description, type_name); - r = keyring_revoke_and_unlink_key(ktype, key_description); - if (r) - log_dbg(cd, "keyring_revoke_and_unlink_key failed (error %d)", r); crypt_set_key_in_keyring(cd, 0); + + kid = keyring_request_key_id(ktype, key_description); + if (kid == -ENOTSUP) { + log_dbg(cd, "Kernel keyring features disabled."); + return; + } else if (kid < 0) { + log_dbg(cd, "keyring_request_key_id failed with errno %d.", errno); + return; + } + + log_dbg(cd, "Unlinking volume key (id: %" PRIi32 ") from thread keyring.", kid); + + if (!keyring_unlink_key_from_thread_keyring(kid)) + return; + + log_dbg(cd, "keyring_unlink_key_from_thread_keyring failed with errno %d.", errno); + log_err(cd, _("Failed to unlink volume key from thread keyring.")); + +} + +int crypt_set_keyring_to_link(struct crypt_device *cd, const char *key_description, + const char *old_key_description, + const char *key_type_desc, const char *keyring_to_link_vk) +{ + key_type_t key_type = USER_KEY; + const char *name1 = NULL, *name2 = NULL; + int32_t id = 0; + int r, ri; + struct luks2_hdr *hdr; + unsigned user_descriptions_count, vks_count = 1; + + if (!cd || ((!key_description && !old_key_description) && (keyring_to_link_vk || key_type_desc)) || + ((key_description || old_key_description) && !keyring_to_link_vk)) + return -EINVAL; + + hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + + /* if only one key description is supplied, force it to be the first one */ + if (!key_description && old_key_description) + return -EINVAL; + + if ((r = _onlyLUKS2(cd, 0, CRYPT_REQUIREMENT_OPAL | CRYPT_REQUIREMENT_ONLINE_REENCRYPT))) + return r; + + if (key_type_desc) + key_type = key_type_by_name(key_type_desc); + if (key_type != LOGON_KEY && key_type != USER_KEY) + return -EINVAL; + + ri = crypt_reencrypt_status(cd, NULL); + if (ri > CRYPT_REENCRYPT_NONE && ri < CRYPT_REENCRYPT_INVALID) + vks_count = LUKS2_reencrypt_vks_count(hdr); + + user_descriptions_count = (key_description ? 1 : 0) + (old_key_description ? 1 : 0); + if (user_descriptions_count != 0 && vks_count > user_descriptions_count) + return -ESRCH; + + if (keyring_to_link_vk) { + id = keyring_find_keyring_id_by_name(keyring_to_link_vk); + if (id == 0) { + log_err(cd, _("Could not find keyring described by \"%s\"."), keyring_to_link_vk); + return -EINVAL; + } + if (key_description && !(name1 = strdup(key_description))) + return -ENOMEM; + if (old_key_description && !(name2 = strdup(old_key_description))) { + free(CONST_CAST(void*)name1); + return -ENOMEM; + } + } + + cd->keyring_key_type = key_type; + + free(CONST_CAST(void*)cd->user_key_name1); + free(CONST_CAST(void*)cd->user_key_name2); + cd->user_key_name1 = name1; + cd->user_key_name2 = name2; + cd->keyring_to_link_vk = id; + cd->link_vk_to_keyring = id != 0; + + return 0; } /* internal only */ @@ -6476,34 +7880,15 @@ int crypt_activate_by_keyring(struct crypt_device *cd, int keyslot, uint32_t flags) { - char *passphrase; - size_t passphrase_size; int r; + struct crypt_keyslot_context kc; if (!cd || !key_description) return -EINVAL; - log_dbg(cd, "%s volume %s [keyslot %d] using passphrase in keyring.", - name ? "Activating" : "Checking", name ?: "passphrase", keyslot); - - if (!kernel_keyring_support()) { - log_err(cd, _("Kernel keyring is not supported by the kernel.")); - return -EINVAL; - } - - r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH); - if (r < 0) - return r; - - r = keyring_get_passphrase(key_description, &passphrase, &passphrase_size); - if (r < 0) { - log_err(cd, _("Failed to read passphrase from keyring (error %d)."), r); - return -EINVAL; - } - - r = _activate_by_passphrase(cd, name, keyslot, passphrase, passphrase_size, flags); - - crypt_safe_free(passphrase); + crypt_keyslot_unlock_by_keyring_internal(&kc, key_description); + r = crypt_activate_by_keyslot_context(cd, name, keyslot, &kc, CRYPT_ANY_SLOT, NULL, flags); + crypt_keyslot_context_destroy_internal(&kc); return r; } diff --git a/lib/tcrypt/tcrypt.c b/lib/tcrypt/tcrypt.c index 60e4966..9ae7aaa 100644 --- a/lib/tcrypt/tcrypt.c +++ b/lib/tcrypt/tcrypt.c @@ -1,8 +1,8 @@ /* * TCRYPT (TrueCrypt-compatible) and VeraCrypt volume handling * - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2023 Milan Broz + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -47,6 +47,8 @@ static const struct { { 0, 1, "pbkdf2", "whirlpool", 500000, 15000, 1000 }, { 0, 1, "pbkdf2", "sha256", 500000, 15000, 1000 }, // VeraCrypt 1.0f { 0, 1, "pbkdf2", "sha256", 200000, 0, 2048 }, // boot only + { 0, 1, "pbkdf2", "blake2s-256", 500000, 15000, 1000 }, // VeraCrypt 1.26.2 + { 0, 1, "pbkdf2", "blake2s-256", 200000, 0, 2048 }, // boot only { 0, 1, "pbkdf2", "ripemd160", 655331, 15000, 1000 }, { 0, 1, "pbkdf2", "ripemd160", 327661, 0, 2048 }, // boot only { 0, 1, "pbkdf2", "stribog512",500000, 15000, 1000 }, @@ -572,7 +574,7 @@ static int TCRYPT_init_hdr(struct crypt_device *cd, pwd[i] += params->passphrase[i]; for (i = 0; tcrypt_kdf[i].name; i++) { - if (params->hash_name && strcmp(params->hash_name, tcrypt_kdf[i].hash)) + if (params->hash_name && !strstr(tcrypt_kdf[i].hash, params->hash_name)) continue; if (!(params->flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_kdf[i].legacy) continue; diff --git a/lib/tcrypt/tcrypt.h b/lib/tcrypt/tcrypt.h index b95d74d..1e8765a 100644 --- a/lib/tcrypt/tcrypt.h +++ b/lib/tcrypt/tcrypt.h @@ -1,8 +1,8 @@ /* * TCRYPT (TrueCrypt-compatible) header definition * - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2023 Milan Broz + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/utils.c b/lib/utils.c index bfcf60d..cf86816 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -45,20 +45,77 @@ unsigned crypt_cpusonline(void) uint64_t crypt_getphysmemory_kb(void) { long pagesize, phys_pages; - uint64_t phys_memory_kb; + uint64_t phys_memory_kb, page_size_kb; pagesize = sysconf(_SC_PAGESIZE); phys_pages = sysconf(_SC_PHYS_PAGES); - if (pagesize < 0 || phys_pages < 0) + if (pagesize <= 0 || phys_pages <= 0) return 0; - phys_memory_kb = pagesize / 1024; - phys_memory_kb *= phys_pages; + page_size_kb = pagesize / 1024; + phys_memory_kb = page_size_kb * phys_pages; + /* sanity check for overflow */ + if (phys_memory_kb / phys_pages != page_size_kb) + return 0; + + /* coverity[return_overflow:FALSE] */ return phys_memory_kb; } +uint64_t crypt_getphysmemoryfree_kb(void) +{ + long pagesize, phys_pages; + uint64_t phys_memoryfree_kb, page_size_kb; + + pagesize = sysconf(_SC_PAGESIZE); + phys_pages = sysconf(_SC_AVPHYS_PAGES); + + if (pagesize <= 0 || phys_pages <= 0) + return 0; + + page_size_kb = pagesize / 1024; + phys_memoryfree_kb = page_size_kb * phys_pages; + + /* sanity check for overflow */ + if (phys_memoryfree_kb / phys_pages != page_size_kb) + return 0; + + /* coverity[return_overflow:FALSE] */ + return phys_memoryfree_kb; +} + +bool crypt_swapavailable(void) +{ + int fd; + ssize_t size; + char buf[4096], *p; + uint64_t total; + + if ((fd = open("/proc/meminfo", O_RDONLY)) < 0) + return true; + + size = read(fd, buf, sizeof(buf)); + close(fd); + if (size < 1) + return true; + + if (size < (ssize_t)sizeof(buf)) + buf[size] = 0; + else + buf[sizeof(buf) - 1] = 0; + + p = strstr(buf, "SwapTotal:"); + if (!p) + return true; + + if (sscanf(p, "SwapTotal: %" PRIu64 " kB", &total) != 1) + return true; + + return total > 0; +} + void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise) { int _priority, new_priority; diff --git a/lib/utils_benchmark.c b/lib/utils_benchmark.c index 728e4df..6f2077c 100644 --- a/lib/utils_benchmark.c +++ b/lib/utils_benchmark.c @@ -1,8 +1,8 @@ /* * libcryptsetup - cryptsetup library, cipher benchmark * - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2023 Milan Broz + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -101,6 +101,7 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd, { int r, priority; const char *kdf_opt; + uint32_t memory_kb; if (!pbkdf || (!password && password_size)) return -EINVAL; @@ -113,6 +114,14 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd, log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt); + memory_kb = pbkdf_adjusted_phys_memory_kb(); + if (memory_kb < pbkdf->max_memory_kb) { + log_dbg(cd, "Not enough physical memory detected, " + "PBKDF max memory decreased from %dkB to %dkB.", + pbkdf->max_memory_kb, memory_kb); + pbkdf->max_memory_kb = memory_kb; + } + crypt_process_priority(cd, &priority, true); r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size, salt, salt_size, volume_key_size, pbkdf->time_ms, diff --git a/lib/utils_blkid.c b/lib/utils_blkid.c index 5a848a1..230dcab 100644 --- a/lib/utils_blkid.c +++ b/lib/utils_blkid.c @@ -1,7 +1,7 @@ /* * blkid probe utilities * - * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,6 +29,7 @@ #include "utils_io.h" #ifdef HAVE_BLKID + #include <blkid/blkid.h> /* make bad checksums flag optional */ #ifndef BLKID_SUBLKS_BADCSUM @@ -45,11 +46,9 @@ static size_t crypt_getpagesize(void) return r <= 0 ? 4096 : (size_t)r; } #endif -#endif void blk_set_chains_for_wipes(struct blkid_handle *h) { -#ifdef HAVE_BLKID blkid_probe_enable_partitions(h->pr, 1); blkid_probe_set_partitions_flags(h->pr, 0 #ifdef HAVE_BLKID_WIPE @@ -65,7 +64,6 @@ void blk_set_chains_for_wipes(struct blkid_handle *h) BLKID_SUBLKS_VERSION | BLKID_SUBLKS_MAGIC | BLKID_SUBLKS_BADCSUM); -#endif } void blk_set_chains_for_full_print(struct blkid_handle *h) @@ -75,25 +73,19 @@ void blk_set_chains_for_full_print(struct blkid_handle *h) void blk_set_chains_for_superblocks(struct blkid_handle *h) { -#ifdef HAVE_BLKID blkid_probe_enable_superblocks(h->pr, 1); blkid_probe_set_superblocks_flags(h->pr, BLKID_SUBLKS_TYPE); -#endif } void blk_set_chains_for_fast_detection(struct blkid_handle *h) { -#ifdef HAVE_BLKID blkid_probe_enable_partitions(h->pr, 1); blkid_probe_set_partitions_flags(h->pr, 0); blk_set_chains_for_superblocks(h); -#endif } int blk_init_by_path(struct blkid_handle **h, const char *path) { - int r = -ENOTSUP; -#ifdef HAVE_BLKID struct blkid_handle *tmp = malloc(sizeof(*tmp)); if (!tmp) return -ENOMEM; @@ -107,16 +99,11 @@ int blk_init_by_path(struct blkid_handle **h, const char *path) } *h = tmp; - - r = 0; -#endif - return r; + return 0; } int blk_init_by_fd(struct blkid_handle **h, int fd) { - int r = -ENOTSUP; -#ifdef HAVE_BLKID struct blkid_handle *tmp = malloc(sizeof(*tmp)); if (!tmp) return -ENOMEM; @@ -136,13 +123,9 @@ int blk_init_by_fd(struct blkid_handle **h, int fd) tmp->fd = fd; *h = tmp; - - r = 0; -#endif - return r; + return 0; } -#ifdef HAVE_BLKID static int blk_superblocks_luks(struct blkid_handle *h, bool enable) { char luks[] = "crypto_LUKS"; @@ -154,47 +137,34 @@ static int blk_superblocks_luks(struct blkid_handle *h, bool enable) enable ? BLKID_FLTR_ONLYIN : BLKID_FLTR_NOTIN, luks_filter); } -#endif int blk_superblocks_filter_luks(struct blkid_handle *h) { - int r = -ENOTSUP; -#ifdef HAVE_BLKID - r = blk_superblocks_luks(h, false); -#endif - return r; + return blk_superblocks_luks(h, false); } int blk_superblocks_only_luks(struct blkid_handle *h) { - int r = -ENOTSUP; -#ifdef HAVE_BLKID - r = blk_superblocks_luks(h, true); -#endif - return r; + return blk_superblocks_luks(h, true); } blk_probe_status blk_probe(struct blkid_handle *h) { blk_probe_status pr = PRB_FAIL; -#ifdef HAVE_BLKID + int r = blkid_do_probe(h->pr); if (r == 0) pr = PRB_OK; else if (r == 1) pr = PRB_EMPTY; -#endif + return pr; } blk_probe_status blk_safeprobe(struct blkid_handle *h) { - int r = -1; -#ifdef HAVE_BLKID - r = blkid_do_safeprobe(h->pr); -#endif - switch (r) { + switch (blkid_do_safeprobe(h->pr)) { case -2: return PRB_AMBIGUOUS; case 1: @@ -208,43 +178,30 @@ blk_probe_status blk_safeprobe(struct blkid_handle *h) int blk_is_partition(struct blkid_handle *h) { - int r = 0; -#ifdef HAVE_BLKID - r = blkid_probe_has_value(h->pr, "PTTYPE"); -#endif - return r; + return blkid_probe_has_value(h->pr, "PTTYPE"); } int blk_is_superblock(struct blkid_handle *h) { - int r = 0; -#ifdef HAVE_BLKID - r = blkid_probe_has_value(h->pr, "TYPE"); -#endif - return r; + return blkid_probe_has_value(h->pr, "TYPE");; } const char *blk_get_partition_type(struct blkid_handle *h) { const char *value = NULL; -#ifdef HAVE_BLKID (void) blkid_probe_lookup_value(h->pr, "PTTYPE", &value, NULL); -#endif return value; } const char *blk_get_superblock_type(struct blkid_handle *h) { const char *value = NULL; -#ifdef HAVE_BLKID (void) blkid_probe_lookup_value(h->pr, "TYPE", &value, NULL); -#endif return value; } void blk_free(struct blkid_handle *h) { -#ifdef HAVE_BLKID if (!h) return; @@ -252,10 +209,8 @@ void blk_free(struct blkid_handle *h) blkid_free_probe(h->pr); free(h); -#endif } -#ifdef HAVE_BLKID #ifndef HAVE_BLKID_WIPE static int blk_step_back(struct blkid_handle *h) { @@ -268,11 +223,9 @@ static int blk_step_back(struct blkid_handle *h) #endif } #endif /* not HAVE_BLKID_WIPE */ -#endif /* HAVE_BLKID */ int blk_do_wipe(struct blkid_handle *h) { -#ifdef HAVE_BLKID #ifdef HAVE_BLKID_WIPE return blkid_do_wipe(h->pr, 0); #else @@ -319,29 +272,110 @@ int blk_do_wipe(struct blkid_handle *h) return -EIO; #endif -#else /* HAVE_BLKID */ - return -ENOTSUP; -#endif } int blk_supported(void) { - int r = 0; -#ifdef HAVE_BLKID - r = 1; -#endif - return r; + return 1; } unsigned blk_get_block_size(struct blkid_handle *h) { unsigned block_size = 0; -#ifdef HAVE_BLKID const char *data; if (!blk_is_superblock(h) || !blkid_probe_has_value(h->pr, "BLOCK_SIZE") || blkid_probe_lookup_value(h->pr, "BLOCK_SIZE", &data, NULL) || sscanf(data, "%u", &block_size) != 1) block_size = 0; -#endif + return block_size; } + +#else /* HAVE_BLKID */ +#pragma GCC diagnostic ignored "-Wunused-parameter" + +void blk_set_chains_for_wipes(struct blkid_handle *h) +{ +} + +void blk_set_chains_for_full_print(struct blkid_handle *h) +{ +} + +void blk_set_chains_for_superblocks(struct blkid_handle *h) +{ +} + +void blk_set_chains_for_fast_detection(struct blkid_handle *h) +{ +} + +int blk_init_by_path(struct blkid_handle **h, const char *path) +{ + return -ENOTSUP; +} + +int blk_init_by_fd(struct blkid_handle **h, int fd) +{ + return -ENOTSUP; +} + +int blk_superblocks_filter_luks(struct blkid_handle *h) +{ + return -ENOTSUP; +} + +int blk_superblocks_only_luks(struct blkid_handle *h) +{ + return -ENOTSUP; +} + +blk_probe_status blk_probe(struct blkid_handle *h) +{ + return PRB_FAIL; +} + +blk_probe_status blk_safeprobe(struct blkid_handle *h) +{ + return PRB_FAIL; +} + +int blk_is_partition(struct blkid_handle *h) +{ + return 0; +} + +int blk_is_superblock(struct blkid_handle *h) +{ + return 0; +} + +const char *blk_get_partition_type(struct blkid_handle *h) +{ + return NULL; +} + +const char *blk_get_superblock_type(struct blkid_handle *h) +{ + return NULL; +} + +void blk_free(struct blkid_handle *h) +{ +} + +int blk_do_wipe(struct blkid_handle *h) +{ + return -ENOTSUP; +} + +int blk_supported(void) +{ + return 0; +} + +unsigned blk_get_block_size(struct blkid_handle *h) +{ + return 0; +} +#endif diff --git a/lib/utils_blkid.h b/lib/utils_blkid.h index 3ee1434..7e005f0 100644 --- a/lib/utils_blkid.h +++ b/lib/utils_blkid.h @@ -1,7 +1,7 @@ /* * blkid probe utilities * - * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c index 0b7dc37..1e97610 100644 --- a/lib/utils_crypt.c +++ b/lib/utils_crypt.c @@ -2,8 +2,8 @@ * utils_crypt - cipher utilities for cryptsetup * * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -43,7 +43,13 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums, cipher, cipher_mode) == 2) { if (!strcmp(cipher_mode, "plain")) strcpy(cipher_mode, "cbc-plain"); - if (key_nums) { + if (!strncmp(cipher, "capi:", 5)) { + /* CAPI must not use internal cipher driver names with dash */ + if (strchr(cipher_mode, ')')) + return -EINVAL; + if (key_nums) + *key_nums = 1; + } else if (key_nums) { char *tmp = strchr(cipher, ':'); *key_nums = tmp ? atoi(++tmp) : 1; if (!*key_nums) @@ -300,6 +306,15 @@ int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const cha if (i != 2) return -EINVAL; + /* non-cryptsetup compatible mode (generic driver with dash?) */ + if (strrchr(iv, ')')) { + if (i_dm) + return -EINVAL; + if (!(*org_c = strdup(c_dm))) + return -ENOMEM; + return 0; + } + len = strlen(tmp); if (len < 2) return -EINVAL; diff --git a/lib/utils_crypt.h b/lib/utils_crypt.h index 92e0705..0a4b5d6 100644 --- a/lib/utils_crypt.h +++ b/lib/utils_crypt.h @@ -2,8 +2,8 @@ * utils_crypt - cipher utilities for cryptsetup * * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -30,9 +30,12 @@ struct crypt_device; #define MAX_CIPHER_LEN 32 #define MAX_CIPHER_LEN_STR "31" #define MAX_KEYFILES 32 +#define MAX_KEYRING_LINKS 2 +#define MAX_VK_IN_KEYRING 2 #define MAX_CAPI_ONE_LEN 2 * MAX_CIPHER_LEN #define MAX_CAPI_ONE_LEN_STR "63" /* for sscanf length + '\0' */ #define MAX_CAPI_LEN 144 /* should be enough to fit whole capi string */ +#define MAX_INTEGRITY_LEN 64 int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums, char *cipher_mode); diff --git a/lib/utils_device.c b/lib/utils_device.c index d80ea62..8bc329d 100644 --- a/lib/utils_device.c +++ b/lib/utils_device.c @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -178,6 +178,7 @@ static int device_ready(struct crypt_device *cd, struct device *device) int devfd = -1, r = 0; struct stat st; size_t tmp_size; + const char *dm_name; if (!device) return -EINVAL; @@ -188,7 +189,12 @@ static int device_ready(struct crypt_device *cd, struct device *device) device->o_direct = 0; devfd = open(device_path(device), O_RDONLY | O_DIRECT); if (devfd >= 0) { - if (device_read_test(devfd) == 0) { + /* skip check for suspended DM devices */ + dm_name = device_dm_name(device); + if (dm_name && dm_status_suspended(cd, dm_name)) { + close(devfd); + devfd = -1; + } else if (device_read_test(devfd) == 0) { device->o_direct = 1; } else { close(devfd); @@ -470,7 +476,7 @@ void device_free(struct crypt_device *cd, struct device *device) /* Get block device path */ const char *device_block_path(const struct device *device) { - if (!device || !device->init_done) + if (!device) return NULL; return device->path; @@ -482,7 +488,7 @@ const char *device_dm_name(const struct device *device) const char *dmdir = dm_get_dir(); size_t dmdir_len = strlen(dmdir); - if (!device || !device->init_done) + if (!device) return NULL; if (strncmp(device->path, dmdir, dmdir_len)) @@ -985,6 +991,22 @@ int device_is_rotational(struct device *device) return crypt_dev_is_rotational(major(st.st_rdev), minor(st.st_rdev)); } +int device_is_dax(struct device *device) +{ + struct stat st; + + if (!device) + return -EINVAL; + + if (stat(device_path(device), &st) < 0) + return -EINVAL; + + if (!S_ISBLK(st.st_mode)) + return 0; + + return crypt_dev_is_dax(major(st.st_rdev), minor(st.st_rdev)); +} + size_t device_alignment(struct device *device) { int devfd; diff --git a/lib/utils_device_locking.c b/lib/utils_device_locking.c index e18ea77..ef3f6b4 100644 --- a/lib/utils_device_locking.c +++ b/lib/utils_device_locking.c @@ -1,8 +1,8 @@ /* * Metadata on-disk locking for processes serialization * - * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2023 Ondrej Kozina + * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -134,7 +134,7 @@ static int open_resource(struct crypt_device *cd, const char *res) return -EINVAL; log_dbg(cd, "Opening lock resource file %s/%s", DEFAULT_LUKS2_LOCK_PATH, res); - r = openat(lockdir_fd, res, O_CREAT | O_NOFOLLOW | O_RDWR | O_CLOEXEC, 0777); + r = openat(lockdir_fd, res, O_CREAT|O_NOFOLLOW|O_RDWR|O_CLOEXEC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); err = errno; close(lockdir_fd); @@ -405,30 +405,6 @@ int device_write_lock_internal(struct crypt_device *cd, struct device *device) return 1; } -int crypt_read_lock(struct crypt_device *cd, const char *resource, bool blocking, struct crypt_lock_handle **lock) -{ - int r; - struct crypt_lock_handle *h; - - if (!resource) - return -EINVAL; - - log_dbg(cd, "Acquiring %sblocking read lock for resource %s.", blocking ? "" : "non", resource); - - r = acquire_and_verify(cd, NULL, resource, LOCK_SH | (blocking ? 0 : LOCK_NB), &h); - if (r < 0) - return r; - - h->type = DEV_LOCK_READ; - h->refcnt = 1; - - log_dbg(cd, "READ lock for resource %s taken.", resource); - - *lock = h; - - return 0; -} - int crypt_write_lock(struct crypt_device *cd, const char *resource, bool blocking, struct crypt_lock_handle **lock) { int r; diff --git a/lib/utils_device_locking.h b/lib/utils_device_locking.h index b73f15d..3fa09a5 100644 --- a/lib/utils_device_locking.h +++ b/lib/utils_device_locking.h @@ -1,8 +1,8 @@ /* * Metadata on-disk locking for processes serialization * - * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2023 Ondrej Kozina + * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -37,7 +37,6 @@ void device_unlock_internal(struct crypt_device *cd, struct device *device); int device_locked_verify(struct crypt_device *cd, int fd, struct crypt_lock_handle *h); -int crypt_read_lock(struct crypt_device *cd, const char *name, bool blocking, struct crypt_lock_handle **lock); int crypt_write_lock(struct crypt_device *cd, const char *name, bool blocking, struct crypt_lock_handle **lock); void crypt_unlock_internal(struct crypt_device *cd, struct crypt_lock_handle *h); diff --git a/lib/utils_devpath.c b/lib/utils_devpath.c index dc5a5bb..5e7e13e 100644 --- a/lib/utils_devpath.c +++ b/lib/utils_devpath.c @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -210,6 +210,24 @@ static int _path_get_uint64(const char *sysfs_path, uint64_t *value, const char return _read_uint64(path, value); } +int crypt_dev_get_partition_number(const char *dev_path) +{ + uint64_t partno; + struct stat st; + + if (stat(dev_path, &st) < 0) + return 0; + + if (!S_ISBLK(st.st_mode)) + return 0; + + if (!_sysfs_get_uint64(major(st.st_rdev), minor(st.st_rdev), + &partno, "partition")) + return -EINVAL; + + return (int)partno; +} + int crypt_dev_is_rotational(int major, int minor) { uint64_t val; @@ -220,6 +238,16 @@ int crypt_dev_is_rotational(int major, int minor) return val ? 1 : 0; } +int crypt_dev_is_dax(int major, int minor) +{ + uint64_t val; + + if (!_sysfs_get_uint64(major, minor, &val, "queue/dax")) + return 0; /* if failed, expect non-DAX device */ + + return val ? 1 : 0; +} + int crypt_dev_is_partition(const char *dev_path) { uint64_t val; @@ -253,6 +281,7 @@ uint64_t crypt_dev_partition_offset(const char *dev_path) &val, "start")) return 0; + /* coverity[tainted_data_return:FALSE] */ return val; } diff --git a/lib/utils_dm.h b/lib/utils_dm.h index 79212a2..dbbd470 100644 --- a/lib/utils_dm.h +++ b/lib/utils_dm.h @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -72,7 +72,7 @@ static inline uint32_t act2dmflags(uint32_t act_flags) #define DM_INTEGRITY_DISCARDS_SUPPORTED (1 << 23) /* dm-integrity discards/TRIM option is supported */ #define DM_INTEGRITY_RESIZE_SUPPORTED (1 << 23) /* dm-integrity resize of the integrity device supported (introduced in the same version as discards)*/ #define DM_VERITY_PANIC_CORRUPTION_SUPPORTED (1 << 24) /* dm-verity panic on corruption */ -#define DM_CRYPT_NO_WORKQUEUE_SUPPORTED (1 << 25) /* dm-crypt suppot for bypassing workqueues */ +#define DM_CRYPT_NO_WORKQUEUE_SUPPORTED (1 << 25) /* dm-crypt support for bypassing workqueues */ #define DM_INTEGRITY_FIX_HMAC_SUPPORTED (1 << 26) /* hmac covers also superblock */ #define DM_INTEGRITY_RESET_RECALC_SUPPORTED (1 << 27) /* dm-integrity automatic recalculation supported */ #define DM_VERITY_TASKLETS_SUPPORTED (1 << 28) /* dm-verity tasklets supported */ @@ -234,6 +234,7 @@ int dm_clear_device(struct crypt_device *cd, const char *name); int dm_cancel_deferred_removal(const char *name); const char *dm_get_dir(void); +int dm_get_iname(const char *name, char **iname, bool with_path); int lookup_dm_dev_by_uuid(struct crypt_device *cd, const char *uuid, const char *type); diff --git a/lib/utils_io.c b/lib/utils_io.c index a5bc501..1c6b456 100644 --- a/lib/utils_io.c +++ b/lib/utils_io.c @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/utils_io.h b/lib/utils_io.h index f8b3f00..ce6a6ed 100644 --- a/lib/utils_io.h +++ b/lib/utils_io.h @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/utils_keyring.c b/lib/utils_keyring.c index a0c4db1..6bd3c48 100644 --- a/lib/utils_keyring.c +++ b/lib/utils_keyring.c @@ -1,8 +1,8 @@ /* * kernel keyring utilities * - * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2023 Ondrej Kozina + * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -19,9 +19,14 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include <assert.h> +#include <ctype.h> #include <errno.h> +#include <fcntl.h> #include <stdio.h> +#include <stdbool.h> #include <stdlib.h> +#include <string.h> #include <unistd.h> #include <sys/syscall.h> @@ -29,11 +34,6 @@ #include "libcryptsetup_macros.h" #include "utils_keyring.h" -#ifndef HAVE_KEY_SERIAL_T -#define HAVE_KEY_SERIAL_T -typedef int32_t key_serial_t; -#endif - #ifdef KERNEL_KEYRING static const struct { @@ -42,6 +42,9 @@ static const struct { } key_types[] = { { LOGON_KEY, "logon" }, { USER_KEY, "user" }, + { BIG_KEY, "big_key" }, + { TRUSTED_KEY, "trusted" }, + { ENCRYPTED_KEY, "encrypted" }, }; #include <linux/keyctl.h> @@ -65,16 +68,22 @@ static key_serial_t add_key(const char *type, return syscall(__NR_add_key, type, description, payload, plen, keyring); } +/* keyctl_describe */ +static long keyctl_describe(key_serial_t id, char *buffer, size_t buflen) +{ + return syscall(__NR_keyctl, KEYCTL_DESCRIBE, id, buffer, buflen); +} + /* keyctl_read */ static long keyctl_read(key_serial_t key, char *buffer, size_t buflen) { return syscall(__NR_keyctl, KEYCTL_READ, key, buffer, buflen); } -/* keyctl_revoke */ -static long keyctl_revoke(key_serial_t key) +/* keyctl_link */ +static long keyctl_link(key_serial_t key, key_serial_t keyring) { - return syscall(__NR_keyctl, KEYCTL_REVOKE, key); + return syscall(__NR_keyctl, KEYCTL_LINK, key, keyring); } /* keyctl_unlink */ @@ -82,156 +91,380 @@ static long keyctl_unlink(key_serial_t key, key_serial_t keyring) { return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring); } -#endif -int keyring_check(void) +/* inspired by keyutils written by David Howells (dhowells@redhat.com) */ +static key_serial_t keyring_process_proc_keys_line(char *line, const char *type, const char *desc, + key_serial_t destringid) { -#ifdef KERNEL_KEYRING - /* logon type key descriptions must be in format "prefix:description" */ - return syscall(__NR_request_key, "logon", "dummy", NULL, 0) == -1l && errno != ENOSYS; -#else + char typebuf[41], rdesc[1024], *kdesc, *cp; + int ndesc, n; + key_serial_t id; + int dlen; + + assert(desc); + dlen = strlen(desc); + cp = line + strlen(line); + + ndesc = 0; + n = sscanf(line, "%x %*s %*u %*s %*x %*d %*d %40s %n", + &id, typebuf, &ndesc); + if (n == 2 && ndesc > 0 && ndesc <= cp - line) { + if (strcmp(typebuf, type) != 0) + return 0; + kdesc = line + ndesc; + if (memcmp(kdesc, desc, dlen) != 0) + return 0; + if (kdesc[dlen] != ':' && + kdesc[dlen] != '\0' && + kdesc[dlen] != ' ') + return 0; + kdesc[dlen] = '\0'; + + /* The key type appends extra stuff to the end of the + * description after a colon in /proc/keys. Colons, + * however, are allowed in descriptions, so we need to + * make a further check. */ + n = keyctl_describe(id, rdesc, sizeof(rdesc) - 1); + if (n < 0) + return 0; + if ((size_t)n >= sizeof(rdesc) - 1) + return 0; + rdesc[n] = '\0'; + + cp = strrchr(rdesc, ';'); + if (!cp) + return 0; + cp++; + if (strcmp(cp, desc) != 0) + return 0; + + + if (destringid && keyctl_link(id, destringid) == -1) + return 0; + + return id; + } + return 0; -#endif } -int keyring_add_key_in_thread_keyring(key_type_t ktype, const char *key_desc, const void *key, size_t key_size) -{ -#ifdef KERNEL_KEYRING - key_serial_t kid; - const char *type_name = key_type_name(ktype); +/* inspired by keyutils written by David Howells (dhowells@redhat.com), returns 0 ID on failure */ - if (!type_name || !key_desc) - return -EINVAL; +static key_serial_t find_key_by_type_and_desc(const char *type, const char *desc, key_serial_t destringid) +{ + key_serial_t id; + int f; + char buf[1024]; + char *newline; + size_t buffer_len = 0; + + int n; + + do { + id = request_key(type, desc, NULL, 0); + } while (id < 0 && errno == EINTR); + if (id >= 0 || errno == ENOMEM) + return id; + + f = open("/proc/keys", O_RDONLY); + if (f < 0) + return 0; - kid = add_key(type_name, key_desc, key, key_size, KEY_SPEC_THREAD_KEYRING); - if (kid < 0) - return -errno; + while ((n = read(f, buf + buffer_len, sizeof(buf) - buffer_len - 1)) > 0) { + buffer_len += n; + buf[buffer_len] = '\0'; + newline = strchr(buf, '\n'); + while (newline != NULL && buffer_len != 0) { + *newline = '\0'; + + if ((id = keyring_process_proc_keys_line(buf, type, desc, destringid))) { + close(f); + return id; + } + + buffer_len -= newline - buf + 1; + assert(buffer_len <= sizeof(buf) - 1); + memmove(buf, newline + 1, buffer_len); + buf[buffer_len] = '\0'; + newline = strchr(buf, '\n'); + } + } + close(f); return 0; -#else - return -ENOTSUP; -#endif } -/* currently used in client utilities only */ -int keyring_add_key_in_user_keyring(key_type_t ktype, const char *key_desc, const void *key, size_t key_size) +int keyring_check(void) +{ + /* logon type key descriptions must be in format "prefix:description" */ + return syscall(__NR_request_key, "logon", "dummy", NULL, 0) == -1l && errno != ENOSYS; +} + +static key_serial_t keyring_add_key_in_keyring(key_type_t ktype, + const char *key_desc, + const void *key, + size_t key_size, + key_serial_t keyring) { -#ifdef KERNEL_KEYRING const char *type_name = key_type_name(ktype); - key_serial_t kid; if (!type_name || !key_desc) return -EINVAL; - kid = add_key(type_name, key_desc, key, key_size, KEY_SPEC_USER_KEYRING); - if (kid < 0) - return -errno; - - return 0; -#else - return -ENOTSUP; -#endif + return add_key(type_name, key_desc, key, key_size, keyring); } -/* alias for the same code */ -int keyring_get_key(const char *key_desc, - char **key, - size_t *key_size) +key_serial_t keyring_add_key_in_thread_keyring(key_type_t ktype, const char *key_desc, const void *key, size_t key_size) { - return keyring_get_passphrase(key_desc, key, key_size); + return keyring_add_key_in_keyring(ktype, key_desc, key, key_size, KEY_SPEC_THREAD_KEYRING); } -int keyring_get_passphrase(const char *key_desc, - char **passphrase, - size_t *passphrase_len) +key_serial_t keyring_request_key_id(key_type_t key_type, + const char *key_description) { -#ifdef KERNEL_KEYRING - int err; key_serial_t kid; - long ret; + + do { + kid = request_key(key_type_name(key_type), key_description, NULL, 0); + } while (kid < 0 && errno == EINTR); + + return kid; +} + +int keyring_read_key(key_serial_t kid, + char **key, + size_t *key_size) +{ + long r; char *buf = NULL; size_t len = 0; - do - kid = request_key(key_type_name(USER_KEY), key_desc, NULL, 0); - while (kid < 0 && errno == EINTR); - - if (kid < 0) - return -errno; + assert(key); + assert(key_size); /* just get payload size */ - ret = keyctl_read(kid, NULL, 0); - if (ret > 0) { - len = ret; + r = keyctl_read(kid, NULL, 0); + if (r > 0) { + len = r; buf = crypt_safe_alloc(len); if (!buf) return -ENOMEM; /* retrieve actual payload data */ - ret = keyctl_read(kid, buf, len); + r = keyctl_read(kid, buf, len); } - if (ret < 0) { - err = errno; + if (r < 0) { crypt_safe_free(buf); - return -err; + return -EINVAL; } - *passphrase = buf; - *passphrase_len = len; + *key = buf; + *key_size = len; return 0; -#else - return -ENOTSUP; -#endif } -static int keyring_revoke_and_unlink_key_type(const char *type_name, const char *key_desc) +int keyring_unlink_key_from_keyring(key_serial_t kid, key_serial_t keyring_id) { -#ifdef KERNEL_KEYRING - key_serial_t kid; + return keyctl_unlink(kid, keyring_id) < 0 ? -EINVAL : 0; +} - if (!type_name || !key_desc) - return -EINVAL; +int keyring_unlink_key_from_thread_keyring(key_serial_t kid) +{ + return keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING) < 0 ? -EINVAL : 0; +} + +const char *key_type_name(key_type_t type) +{ + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(key_types); i++) + if (type == key_types[i].type) + return key_types[i].type_name; + + return NULL; +} + +key_serial_t keyring_find_key_id_by_name(const char *key_name) +{ + key_serial_t id = 0; + char *end; + char *name_copy, *name_copy_p; - do - kid = request_key(type_name, key_desc, NULL, 0); - while (kid < 0 && errno == EINTR); + assert(key_name); + + if (key_name[0] == '@') { + if (strcmp(key_name, "@t" ) == 0) return KEY_SPEC_THREAD_KEYRING; + if (strcmp(key_name, "@p" ) == 0) return KEY_SPEC_PROCESS_KEYRING; + if (strcmp(key_name, "@s" ) == 0) return KEY_SPEC_SESSION_KEYRING; + if (strcmp(key_name, "@u" ) == 0) return KEY_SPEC_USER_KEYRING; + if (strcmp(key_name, "@us") == 0) return KEY_SPEC_USER_SESSION_KEYRING; + if (strcmp(key_name, "@g" ) == 0) return KEY_SPEC_GROUP_KEYRING; + if (strcmp(key_name, "@a" ) == 0) return KEY_SPEC_REQKEY_AUTH_KEY; - if (kid < 0) return 0; + } - if (keyctl_revoke(kid)) - return -errno; + /* handle a lookup-by-name request "%<type>:<desc>", eg: "%keyring:_ses" */ + name_copy = strdup(key_name); + if (!name_copy) + goto out; + name_copy_p = name_copy; + + if (name_copy_p[0] == '%') { + const char *type; + + name_copy_p++; + if (!*name_copy_p) + goto out; + + if (*name_copy_p == ':') { + type = "keyring"; + name_copy_p++; + } else { + type = name_copy_p; + name_copy_p = strchr(name_copy_p, ':'); + if (!name_copy_p) + goto out; + *(name_copy_p++) = '\0'; + } + + if (!*name_copy_p) + goto out; + + id = find_key_by_type_and_desc(type, name_copy_p, 0); + goto out; + } + + id = strtoul(key_name, &end, 0); + if (*end) + id = 0; - /* - * best effort only. the key could have been linked - * in some other keyring and its payload is now - * revoked anyway. - */ - keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING); - keyctl_unlink(kid, KEY_SPEC_PROCESS_KEYRING); - keyctl_unlink(kid, KEY_SPEC_USER_KEYRING); +out: + if (name_copy) + free(name_copy); + + return id; +} + +static bool numbered(const char *str) +{ + char *endp; + + errno = 0; + (void) strtol(str, &endp, 0); + if (errno == ERANGE) + return false; + + return *endp == '\0' ? true : false; +} + +key_serial_t keyring_find_keyring_id_by_name(const char *keyring_name) +{ + assert(keyring_name); + + /* "%:" is abbreviation for the type keyring */ + if ((keyring_name[0] == '@' && keyring_name[1] != 'a') || + strstr(keyring_name, "%:") || strstr(keyring_name, "%keyring:") || + numbered(keyring_name)) + return keyring_find_key_id_by_name(keyring_name); return 0; -#else - return -ENOTSUP; -#endif } -const char *key_type_name(key_type_t type) +key_type_t key_type_by_name(const char *name) { -#ifdef KERNEL_KEYRING unsigned int i; for (i = 0; i < ARRAY_SIZE(key_types); i++) - if (type == key_types[i].type) - return key_types[i].type_name; -#endif + if (!strcmp(key_types[i].type_name, name)) + return key_types[i].type; + + return INVALID_KEY; +} + +key_serial_t keyring_add_key_to_custom_keyring(key_type_t ktype, + const char *key_desc, + const void *key, + size_t key_size, + key_serial_t keyring_to_link) +{ + const char *type_name = key_type_name(ktype); + + if (!type_name || !key_desc) + return -EINVAL; + + return add_key(type_name, key_desc, key, key_size, keyring_to_link); +} + +#else /* KERNEL_KEYRING */ +#pragma GCC diagnostic ignored "-Wunused-parameter" + +int keyring_check(void) +{ + return 0; +} + +key_serial_t keyring_add_key_in_thread_keyring(key_type_t ktype, const char *key_desc, const void *key, size_t key_size) +{ + return -ENOTSUP; +} + +key_serial_t keyring_request_key_id(key_type_t key_type, + const char *key_description) +{ + return -ENOTSUP; +} + +int keyring_read_key(key_serial_t kid, + char **key, + size_t *key_size) +{ + return -ENOTSUP; +} + +int keyring_read_by_id(const char *key_desc, char **passphrase, size_t *passphrase_len) +{ + return -ENOTSUP; +} + +const char *key_type_name(key_type_t type) +{ return NULL; } -int keyring_revoke_and_unlink_key(key_type_t ktype, const char *key_desc) +key_serial_t keyring_find_key_id_by_name(const char *key_name) { - return keyring_revoke_and_unlink_key_type(key_type_name(ktype), key_desc); + return 0; } + +key_serial_t keyring_find_keyring_id_by_name(const char *keyring_name) +{ + return 0; +} + +key_type_t key_type_by_name(const char *name) +{ + return INVALID_KEY; +} + +key_serial_t keyring_add_key_to_custom_keyring(key_type_t ktype, + const char *key_desc, + const void *key, + size_t key_size, + key_serial_t keyring_to_link) +{ + return -ENOTSUP; +} + +int keyring_unlink_key_from_keyring(key_serial_t kid, key_serial_t keyring_id) +{ + return -ENOTSUP; +} + +int keyring_unlink_key_from_thread_keyring(key_serial_t kid) +{ + return -ENOTSUP; +} +#endif diff --git a/lib/utils_keyring.h b/lib/utils_keyring.h index 0248862..896f8d8 100644 --- a/lib/utils_keyring.h +++ b/lib/utils_keyring.h @@ -1,8 +1,8 @@ /* * kernel keyring syscall wrappers * - * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2016-2023 Ondrej Kozina + * Copyright (C) 2016-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,33 +23,38 @@ #define _UTILS_KEYRING #include <stddef.h> +#include <stdint.h> -typedef enum { LOGON_KEY = 0, USER_KEY } key_type_t; +#ifndef HAVE_KEY_SERIAL_T +#define HAVE_KEY_SERIAL_T +typedef int32_t key_serial_t; +#endif + +typedef enum { LOGON_KEY = 0, USER_KEY, BIG_KEY, TRUSTED_KEY, ENCRYPTED_KEY, INVALID_KEY } key_type_t; const char *key_type_name(key_type_t ktype); +key_type_t key_type_by_name(const char *name); +key_serial_t keyring_find_key_id_by_name(const char *key_name); +key_serial_t keyring_find_keyring_id_by_name(const char *keyring_name); int keyring_check(void); -int keyring_get_key(const char *key_desc, - char **key, - size_t *key_size); +key_serial_t keyring_request_key_id(key_type_t key_type, + const char *key_description); -int keyring_get_passphrase(const char *key_desc, - char **passphrase, - size_t *passphrase_len); - -int keyring_add_key_in_thread_keyring( - key_type_t ktype, - const char *key_desc, - const void *key, - size_t key_size); +int keyring_read_key(key_serial_t kid, + char **key, + size_t *key_size); -int keyring_add_key_in_user_keyring( +key_serial_t keyring_add_key_in_thread_keyring( key_type_t ktype, const char *key_desc, const void *key, size_t key_size); -int keyring_revoke_and_unlink_key(key_type_t ktype, const char *key_desc); +key_serial_t keyring_add_key_to_custom_keyring(key_type_t ktype, const char *key_desc, const void *key, + size_t key_size, key_serial_t keyring_to_link); +int keyring_unlink_key_from_keyring(key_serial_t kid, key_serial_t keyring_id); +int keyring_unlink_key_from_thread_keyring(key_serial_t kid); #endif diff --git a/lib/utils_loop.c b/lib/utils_loop.c index 9b31603..092ebfc 100644 --- a/lib/utils_loop.c +++ b/lib/utils_loop.c @@ -1,8 +1,8 @@ /* * loopback block device utilities * - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -282,7 +282,7 @@ static char *_sysfs_backing_file(const char *loop) { struct stat st; char buf[PATH_MAX]; - size_t len; + ssize_t len; int fd; if (stat(loop, &st) || !S_ISBLK(st.st_mode)) diff --git a/lib/utils_loop.h b/lib/utils_loop.h index c1f6356..17a78aa 100644 --- a/lib/utils_loop.h +++ b/lib/utils_loop.h @@ -1,8 +1,8 @@ /* * loopback block device utilities * - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/utils_pbkdf.c b/lib/utils_pbkdf.c index 4d7e18d..4341e91 100644 --- a/lib/utils_pbkdf.c +++ b/lib/utils_pbkdf.c @@ -1,8 +1,8 @@ /* * utils_pbkdf - PBKDF settings for libcryptsetup * - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -61,9 +61,9 @@ const struct crypt_pbkdf_type *crypt_get_pbkdf_type_params(const char *pbkdf_typ return NULL; } -static uint32_t adjusted_phys_memory(void) +uint32_t pbkdf_adjusted_phys_memory_kb(void) { - uint64_t memory_kb = crypt_getphysmemory_kb(); + uint64_t free_kb, memory_kb = crypt_getphysmemory_kb(); /* Ignore bogus value */ if (memory_kb < (128 * 1024) || memory_kb > UINT32_MAX) @@ -75,6 +75,22 @@ static uint32_t adjusted_phys_memory(void) */ memory_kb /= 2; + /* + * Never use more that half of available free memory on system without swap. + */ + if (!crypt_swapavailable()) { + free_kb = crypt_getphysmemoryfree_kb(); + + /* + * Using exactly free memory causes OOM too, use only half of the value. + * Ignore small values (< 64MB), user should use PBKDF2 in such environment. + */ + free_kb /= 2; + + if (free_kb > (64 * 1024) && free_kb < memory_kb) + return free_kb; + } + return memory_kb; } @@ -238,7 +254,8 @@ int init_pbkdf_type(struct crypt_device *cd, cd_pbkdf->parallel_threads = pbkdf_limits.max_parallel; } - if (cd_pbkdf->parallel_threads) { + /* Do not limit threads by online CPUs if user forced values (no benchmark). */ + if (cd_pbkdf->parallel_threads && !(cd_pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK)) { cpus = crypt_cpusonline(); if (cd_pbkdf->parallel_threads > cpus) { log_dbg(cd, "Only %u active CPUs detected, " @@ -248,8 +265,9 @@ int init_pbkdf_type(struct crypt_device *cd, } } - if (cd_pbkdf->max_memory_kb) { - memory_kb = adjusted_phys_memory(); + /* Do not limit by available physical memory if user forced values (no benchmark). */ + if (cd_pbkdf->max_memory_kb && !(cd_pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK)) { + memory_kb = pbkdf_adjusted_phys_memory_kb(); if (cd_pbkdf->max_memory_kb > memory_kb) { log_dbg(cd, "Not enough physical memory detected, " "PBKDF max memory decreased from %dkB to %dkB.", diff --git a/lib/utils_safe_memory.c b/lib/utils_safe_memory.c index b161369..753842d 100644 --- a/lib/utils_safe_memory.c +++ b/lib/utils_safe_memory.c @@ -1,8 +1,8 @@ /* * utils_safe_memory - safe memory helpers * - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/utils_storage_wrappers.c b/lib/utils_storage_wrappers.c index 6ff5afa..4a3aae3 100644 --- a/lib/utils_storage_wrappers.c +++ b/lib/utils_storage_wrappers.c @@ -2,7 +2,7 @@ * Generic wrapper for storage functions * (experimental only) * - * Copyright (C) 2018-2023 Ondrej Kozina + * Copyright (C) 2018-2024 Ondrej Kozina * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/utils_storage_wrappers.h b/lib/utils_storage_wrappers.h index f7781e8..272c5c1 100644 --- a/lib/utils_storage_wrappers.h +++ b/lib/utils_storage_wrappers.h @@ -2,7 +2,7 @@ * Generic wrapper for storage functions * (experimental only) * - * Copyright (C) 2018-2023 Ondrej Kozina + * Copyright (C) 2018-2024 Ondrej Kozina * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c index 1df46c1..368e6dc 100644 --- a/lib/utils_wipe.c +++ b/lib/utils_wipe.c @@ -2,8 +2,8 @@ * utils_wipe - wipe a device * * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -26,6 +26,8 @@ #include <sys/stat.h> #include <linux/fs.h> #include "internal.h" +#include "luks2/luks2_internal.h" +#include "luks2/hw_opal/hw_opal.h" /* block device zeroout ioctls, introduced in Linux kernel 3.7 */ #ifndef BLKZEROOUT @@ -309,3 +311,73 @@ int crypt_wipe(struct crypt_device *cd, return r; } + +int crypt_wipe_hw_opal(struct crypt_device *cd, + int segment, + const char *password, + size_t password_size, + uint32_t flags) +{ + int r; + struct luks2_hdr *hdr; + uint32_t opal_segment_number; + struct crypt_lock_handle *opal_lh = NULL; + + UNUSED(flags); + + if (!cd) + return -EINVAL; + + if (!password) + return -EINVAL; + + if (segment < CRYPT_LUKS2_SEGMENT || segment > 8) + return -EINVAL; + + r = crypt_opal_supported(cd, crypt_data_device(cd)); + if (r < 0) + return r; + + if (segment == CRYPT_NO_SEGMENT) { + r = opal_factory_reset(cd, crypt_data_device(cd), password, password_size); + if (r == -EPERM) + log_err(cd, _("Incorrect OPAL PSID.")); + else if (r < 0) + log_err(cd, _("Cannot erase OPAL device.")); + return r; + } + + if (onlyLUKS2(cd) < 0) + return -EINVAL; + + hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + if (!hdr) + return -EINVAL; + + if (segment == CRYPT_LUKS2_SEGMENT) { + r = LUKS2_get_opal_segment_number(hdr, CRYPT_DEFAULT_SEGMENT, &opal_segment_number); + if (r < 0) { + log_dbg(cd, "Can not get OPAL segment number."); + return r; + } + } else + opal_segment_number = segment; + + r = opal_exclusive_lock(cd, crypt_data_device(cd), &opal_lh); + if (r < 0) { + log_err(cd, _("Failed to acquire OPAL lock on device %s."), device_path(crypt_data_device(cd))); + return -EINVAL; + } + + r = opal_reset_segment(cd, + crypt_data_device(cd), + opal_segment_number, + password, + password_size); + + opal_exclusive_unlock(cd, opal_lh); + if (r < 0) + return r; + + return LUKS2_wipe_header_areas(cd, hdr, crypt_header_is_detached(cd)); +} diff --git a/lib/verity/rs.h b/lib/verity/rs.h index 7638924..34785aa 100644 --- a/lib/verity/rs.h +++ b/lib/verity/rs.h @@ -3,7 +3,7 @@ * * Copyright (C) 2004 Phil Karn, KA9Q * libcryptsetup modifications - * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/verity/rs_decode_char.c b/lib/verity/rs_decode_char.c index 4473202..94c8523 100644 --- a/lib/verity/rs_decode_char.c +++ b/lib/verity/rs_decode_char.c @@ -3,7 +3,7 @@ * * Copyright (C) 2002, Phil Karn, KA9Q * libcryptsetup modifications - * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/verity/rs_encode_char.c b/lib/verity/rs_encode_char.c index 55b502a..a520562 100644 --- a/lib/verity/rs_encode_char.c +++ b/lib/verity/rs_encode_char.c @@ -3,7 +3,7 @@ * * Copyright (C) 2002, Phil Karn, KA9Q * libcryptsetup modifications - * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/verity/verity.c b/lib/verity/verity.c index 0d7a8f5..b3dd1b3 100644 --- a/lib/verity/verity.c +++ b/lib/verity/verity.c @@ -1,7 +1,7 @@ /* * dm-verity volume handling * - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -251,91 +251,133 @@ int VERITY_UUID_generate(char **uuid_string) return 0; } +int VERITY_verify_params(struct crypt_device *cd, + struct crypt_params_verity *hdr, + bool signed_root_hash, + struct device *fec_device, + struct volume_key *root_hash) +{ + bool userspace_verification; + int v, r; + unsigned int fec_errors = 0; + + assert(cd); + assert(hdr); + assert(root_hash); + + log_dbg(cd, "Verifying VERITY device using hash %s.", + hdr->hash_name); + + userspace_verification = hdr->flags & CRYPT_VERITY_CHECK_HASH; + + if (userspace_verification && signed_root_hash) { + log_err(cd, _("Root hash signature verification is not supported.")); + return -EINVAL; + } + + if ((hdr->flags & CRYPT_VERITY_ROOT_HASH_SIGNATURE) && !signed_root_hash) { + log_err(cd, _("Root hash signature required.")); + return -EINVAL; + } + + if (!userspace_verification) + return 0; + + log_dbg(cd, "Verification of VERITY data in userspace required."); + r = VERITY_verify(cd, hdr, root_hash->key, root_hash->keylength); + + if ((r == -EPERM || r == -EFAULT) && fec_device) { + v = r; + log_dbg(cd, "Verification failed, trying to repair with FEC device."); + r = VERITY_FEC_process(cd, hdr, fec_device, 1, &fec_errors); + if (r < 0) + log_err(cd, _("Errors cannot be repaired with FEC device.")); + else if (fec_errors) { + log_err(cd, _("Found %u repairable errors with FEC device."), + fec_errors); + /* If root hash failed, we cannot be sure it was properly repaired */ + } + if (v == -EFAULT) + r = -EPERM; + } + + return r; +} + /* Activate verity device in kernel device-mapper */ int VERITY_activate(struct crypt_device *cd, const char *name, - const char *root_hash, - size_t root_hash_size, - const char *signature_description, + struct volume_key *root_hash, + struct volume_key *signature, struct device *fec_device, struct crypt_params_verity *verity_hdr, uint32_t activation_flags) { uint32_t dmv_flags; - unsigned int fec_errors = 0; - int r, v; - struct crypt_dm_active_device dmd = { - .size = verity_hdr->data_size * verity_hdr->data_block_size / 512, - .flags = activation_flags, - .uuid = crypt_get_uuid(cd), - }; - - log_dbg(cd, "Trying to activate VERITY device %s using hash %s.", - name ?: "[none]", verity_hdr->hash_name); - - if (verity_hdr->flags & CRYPT_VERITY_CHECK_HASH) { - if (signature_description) { - log_err(cd, _("Root hash signature verification is not supported.")); - return -EINVAL; - } + int r; + key_serial_t kid; + char *description = NULL; + struct crypt_dm_active_device dmd = { 0 }; - log_dbg(cd, "Verification of data in userspace required."); - r = VERITY_verify(cd, verity_hdr, root_hash, root_hash_size); - - if ((r == -EPERM || r == -EFAULT) && fec_device) { - v = r; - log_dbg(cd, "Verification failed, trying to repair with FEC device."); - r = VERITY_FEC_process(cd, verity_hdr, fec_device, 1, &fec_errors); - if (r < 0) - log_err(cd, _("Errors cannot be repaired with FEC device.")); - else if (fec_errors) { - log_err(cd, _("Found %u repairable errors with FEC device."), - fec_errors); - /* If root hash failed, we cannot be sure it was properly repaired */ - } - if (v == -EFAULT) - r = -EPERM; - } + assert(name); + assert(root_hash); + assert(verity_hdr); + + dmd.size = verity_hdr->data_size * verity_hdr->data_block_size / 512; + dmd.flags = activation_flags; + dmd.uuid = crypt_get_uuid(cd); + + log_dbg(cd, "Activating VERITY device %s using hash %s.", + name, verity_hdr->hash_name); + if (signature) { + r = asprintf(&description, "cryptsetup:%s%s%s", + crypt_get_uuid(cd) ?: "", crypt_get_uuid(cd) ? "-" : "", name); if (r < 0) - return r; - } + return -EINVAL; - if (!name) - return 0; + log_dbg(cd, "Adding signature %s (type user) into thread keyring.", description); + kid = keyring_add_key_in_thread_keyring(USER_KEY, description, signature->key, signature->keylength); + if (kid < 0) { + log_dbg(cd, "keyring_add_key_in_thread_keyring failed with errno %d.", errno); + log_err(cd, _("Failed to load key in kernel keyring.")); + free(description); + return -EINVAL; + } + } r = device_block_adjust(cd, crypt_metadata_device(cd), DEV_OK, 0, NULL, NULL); if (r) - return r; + goto out; r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL, 0, &dmd.size, &dmd.flags); if (r) - return r; + goto out; if (fec_device) { r = device_block_adjust(cd, fec_device, DEV_OK, 0, NULL, NULL); if (r) - return r; + goto out; } r = dm_verity_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), - crypt_metadata_device(cd), fec_device, root_hash, - root_hash_size, signature_description, + crypt_metadata_device(cd), fec_device, root_hash->key, + root_hash->keylength, description, VERITY_hash_offset_block(verity_hdr), VERITY_FEC_blocks(cd, fec_device, verity_hdr), verity_hdr); if (r) - return r; + goto out; r = dm_create_device(cd, name, CRYPT_VERITY, &dmd); if (r < 0 && (dm_flags(cd, DM_VERITY, &dmv_flags) || !(dmv_flags & DM_VERITY_SUPPORTED))) { log_err(cd, _("Kernel does not support dm-verity mapping.")); r = -ENOTSUP; } - if (r < 0 && signature_description && !(dmv_flags & DM_VERITY_SIGNATURE_SUPPORTED)) { + if (r < 0 && signature && !(dmv_flags & DM_VERITY_SIGNATURE_SUPPORTED)) { log_err(cd, _("Kernel does not support dm-verity signature option.")); r = -ENOTSUP; } @@ -351,6 +393,8 @@ int VERITY_activate(struct crypt_device *cd, r = 0; out: + crypt_drop_keyring_key_by_description(cd, description, USER_KEY); + free(description); dm_targets_free(cd, &dmd); return r; } diff --git a/lib/verity/verity.h b/lib/verity/verity.h index afc411e..00e9867 100644 --- a/lib/verity/verity.h +++ b/lib/verity/verity.h @@ -1,7 +1,7 @@ /* * dm-verity volume handling * - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -23,6 +23,7 @@ #include <stddef.h> #include <stdint.h> +#include <stdbool.h> #define VERITY_MAX_HASH_TYPE 1 #define VERITY_BLOCK_SIZE_OK(x) ((x) % 512 || (x) < 512 || \ @@ -31,6 +32,7 @@ struct crypt_device; struct crypt_params_verity; struct device; +struct volume_key; int VERITY_read_sb(struct crypt_device *cd, uint64_t sb_offset, @@ -44,13 +46,18 @@ int VERITY_write_sb(struct crypt_device *cd, int VERITY_activate(struct crypt_device *cd, const char *name, - const char *root_hash, - size_t root_hash_size, - const char *signature_description, + struct volume_key *root_hash, + struct volume_key *signature, struct device *fec_device, struct crypt_params_verity *verity_hdr, uint32_t activation_flags); +int VERITY_verify_params(struct crypt_device *cd, + struct crypt_params_verity *hdr, + bool signed_root_hash, + struct device *fec_device, + struct volume_key *root_hash); + int VERITY_verify(struct crypt_device *cd, struct crypt_params_verity *verity_hdr, const char *root_hash, diff --git a/lib/verity/verity_fec.c b/lib/verity/verity_fec.c index 2dbf59e..15608fd 100644 --- a/lib/verity/verity_fec.c +++ b/lib/verity/verity_fec.c @@ -2,7 +2,7 @@ * dm-verity Forward Error Correction (FEC) support * * Copyright (C) 2015 Google, Inc. All rights reserved. - * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/verity/verity_hash.c b/lib/verity/verity_hash.c index f33b737..0e351aa 100644 --- a/lib/verity/verity_hash.c +++ b/lib/verity/verity_hash.c @@ -1,7 +1,7 @@ /* * dm-verity volume handling * - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/lib/volumekey.c b/lib/volumekey.c index 00791ac..3de7f76 100644 --- a/lib/volumekey.c +++ b/lib/volumekey.c @@ -2,7 +2,7 @@ * cryptsetup volume key implementation * * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -39,7 +39,7 @@ struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key) vk->key_description = NULL; vk->keylength = keylength; - vk->id = -1; + vk->id = KEY_NOT_VERIFIED; vk->next = NULL; /* keylength 0 is valid => no key */ diff --git a/man/Makemodule.am b/man/Makemodule.am index 41e21da..03beb7a 100644 --- a/man/Makemodule.am +++ b/man/Makemodule.am @@ -107,6 +107,8 @@ if SSHPLUGIN_TOKEN MANPAGES += $(SSHPLUGIN_MANPAGES) endif +EXTRA_DIST += man/meson_dist_convert.sh + if ENABLE_ASCIIDOC EXTRA_DIST += $(MANPAGES_ALL) man8_MANS += $(MANPAGES) $(MANLINKS) diff --git a/man/common_options.adoc b/man/common_options.adoc index 56a6e29..497d7fd 100644 --- a/man/common_options.adoc +++ b/man/common_options.adoc @@ -131,8 +131,14 @@ ifdef::ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY[] The passphrase supplied via --key-file is always the passphrase for existing keyslot requested by the command. + +ifdef::ACTION_LUKSADDKEY[] If you want to set a new passphrase via key file, you have to use a positional argument or parameter --new-keyfile. +endif::[] +ifdef::ACTION_LUKSCHANGEKEY[] +If you want to set a new passphrase via key file, you have to use a +positional argument. +endif::[] + endif::[] ifdef::ACTION_OPEN[] @@ -153,6 +159,16 @@ If this option is not used, cryptsetup will ask for all active keyslot passphrases. endif::[] endif::[] +ifdef::ACTION_ERASE[] +*--key-file, -d* _name_ *(LUKS2 with HW OPAL only)*:: + +Read the Admin PIN or PSID (with --hw-opal-factory-reset) from file +depending on options used. ++ +If the name given is "-", then the secret will be read from stdin. +In this case, reading will not stop at newline characters. ++ +endif::[] ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_BITLKDUMP[] *--keyfile-offset* _value_:: @@ -229,6 +245,19 @@ partially predictable volume key which will compromise security. endif::[] endif::[] +ifdef::ACTION_OPEN,ACTION_LUKSRESUME,ACTION_LUKSADDKEY[] +*--volume-key-keyring* _<key description>_:: +Use a volume key stored in a keyring. +This allows one to open _luks_ and device types without giving a passphrase. +The key and associated type has to be readable from userspace so that volume +key digest may be verified in before activation. ++ +The _<key description>_ uses keyctl-compatible syntax. This can either be a +numeric key ID or a string name in the format _%<key type>:<key name>_. See +also *KEY IDENTIFIERS* section of *keyctl*(1). When no _%<key type>:_ prefix +is specified we assume the key type is _user_ (default type). +endif::[] + ifdef::ACTION_LUKSDUMP[] *--dump-json-metadata*:: For _luksDump_ (LUKS2 only) this option prints content of LUKS2 header @@ -476,7 +505,8 @@ You can see all PBKDF parameters for particular LUKS2 keyslot with *NOTE:* If you do not want to use benchmark and want to specify all parameters directly, use _--pbkdf-force-iterations_ with _--pbkdf-memory_ and _--pbkdf-parallel_. This will override the values -without benchmarking. Note it can cause extremely long unlocking time. +without benchmarking. Note it can cause extremely long unlocking time +or cause out-of-memory conditions with unconditional process termination. Use only in specific cases, for example, if you know that the formatted device will be used on some small embedded system. + @@ -670,7 +700,7 @@ endif::[] ifndef::ACTION_BENCHMARK,ACTION_BITLKDUMP[] *--header <device or file storing the LUKS header>*:: -ifndef::ACTION_OPEN[] +ifndef::ACTION_OPEN,ACTION_ERASE[] Use a detached (separated) metadata device or file where the LUKS header is stored. This option allows one to store ciphertext and LUKS header on different devices. @@ -693,7 +723,7 @@ FAQ for header size calculation. The --align-payload option is taken as absolute sector alignment on ciphertext device and can be zero. endif::[] -ifndef::ACTION_LUKSFORMAT,ACTION_OPEN[] +ifndef::ACTION_LUKSFORMAT,ACTION_OPEN,ACTION_ERASE[] For commands that change the LUKS header (e.g. _luksAddKey_), specify the device or file with the LUKS header directly as the LUKS device. @@ -713,6 +743,9 @@ decryption operation continues as if the ordinary detached header was passed. *WARNING:* Never put exported header file in a filesystem on top of device you are about to decrypt! It would cause a deadlock. endif::[] +ifdef::ACTION_ERASE[] +Use to specify detached LUKS2 header when erasing HW OPAL enabled data device. +endif::[] endif::[] ifdef::ACTION_LUKSHEADERBACKUP,ACTION_LUKSHEADERRESTORE[] @@ -720,6 +753,19 @@ ifdef::ACTION_LUKSHEADERBACKUP,ACTION_LUKSHEADERRESTORE[] Specify file with header backup file. endif::[] +ifdef::ACTION_LUKSFORMAT[] +*--hw-opal*:: +Format LUKS2 device with dm-crypt encryption stacked on top HW based encryption configured +on SED OPAL locking range. This option enables both SW and HW based data encryption. +endif::[] + +ifdef::ACTION_LUKSFORMAT[] +*--hw-opal-only*:: +Format LUKS2 device with HW based encryption configured on SED OPAL locking range only. LUKS2 +format only manages locking range unlock key. This option enables HW based data encryption managed +by SED OPAL drive only. +endif::[] + ifdef::ACTION_REENCRYPT[] *--force-offline-reencrypt (LUKS2 only)*:: Bypass active device auto-detection and enforce offline reencryption. @@ -757,6 +803,11 @@ Removes a previously configured deferred device removal in _close_ command. endif::[] +ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[] +*--disable-blkid*:: +Disable use of blkid library for checking and wiping on-disk signatures. +endif::[] + ifdef::ACTION_OPEN,ACTION_LUKSRESUME,ACTION_RESIZE,ACTION_TOKEN[] *--disable-external-tokens*:: Disable loading of plugins for external LUKS2 tokens. @@ -789,6 +840,26 @@ ifdef::ACTION_TOKEN[] Set key description in keyring for use with _token_ command. endif::[] +ifdef::ACTION_OPEN,ACTION_LUKSRESUME[] +*--link-vk-to-keyring* _<keyring_description>::<key_description>_:: +Link volume key in a keyring with specified key name. The volume key is linked only +if requested action is successfully finished. ++ +_<keyring_description>_ string has to contain existing kernel keyring +description. The keyring name may be optionally prefixed with "%:" or "%keyring:" type descriptions. +Or, the keyring may also be specified directly by numeric key id. Also special keyring notations +starting with "@" may be used to select existing predefined kernel keyrings. ++ +The string "::" is delimiter used to separate keyring description and key description. ++ +_<key_description>_ part describes key type and key name of volume key linked in the keyring +described in _<keyring_description>_. The type may be specified by adding "%<type_name>:" prefix in front of +key name. If type is missing default _user_ type is applied. If the key of same name and same type already exists (already linked in the keyring) +it will get replaced in the process. ++ +See also *KEY IDENTIFIERS* section of *keyctl*(1). +endif::[] + ifdef::ACTION_CONFIG[] *--priority <normal|prefer|ignore>*:: Set a priority for LUKS2 keyslot. The _prefer_ priority marked slots @@ -800,7 +871,7 @@ endif::[] ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME,ACTION_TOKEN,ACTION_LUKSADDKEY[] *--token-id*:: ifndef::ACTION_TOKEN,ACTION_LUKSADDKEY[] -Specify what token to use and allow token PIN prompt to take precedence over interative +Specify what token to use and allow token PIN prompt to take precedence over interactive keyslot passphrase prompt. If omitted, all available tokens (not protected by PIN) will be checked before proceeding further with passphrase prompt. endif::[] @@ -1163,6 +1234,12 @@ Enlarge data offset to specified value by shrinking device size. You cannot shrink device more than by 64 MiB (131072 sectors). endif::[] +ifdef::ACTION_RESIZE,ACTION_OPEN,ACTION_LUKSADDKEY,ACTION_LUKSDUMP,ACTION_LUKSRESUME,ACTION_TOKEN[] +*--external-tokens-path* _absolute_path_:: +Override system directory path where cryptsetup searches for external token +handlers (or token plugins). It must be absolute path (starting with '/' character). +endif::[] + ifdef::COMMON_OPTIONS[] *--batch-mode, -q*:: Suppresses all confirmation questions. Use with care! diff --git a/man/cryptsetup-erase.8.adoc b/man/cryptsetup-erase.8.adoc index 97a13aa..6ad7eca 100644 --- a/man/cryptsetup-erase.8.adoc +++ b/man/cryptsetup-erase.8.adoc @@ -18,11 +18,17 @@ cryptsetup-erase, cryptsetup-luksErase - erase all keyslots == DESCRIPTION Erase all keyslots and make the LUKS container permanently inaccessible. -You do not need to provide any password for this operation. +Unless the device is configured with HW OPAL support you do not need to +provide any password for this operation. *WARNING:* This operation is irreversible. -*<options>* can be [--header, --disable-locks]. +*WARNING:* with *--hw-opal-factory-reset* ALL data is lost on the device, +regardless of the partition it is ran on, if any, and regardless of any LUKS2 +header backup, and does not require a valid LUKS2 header to be present on the +device to run. + +*<options>* can be [--header, --disable-locks, --hw-opal-factory-reset, --key-file]. include::man/common_options.adoc[] include::man/common_footer.adoc[] diff --git a/man/cryptsetup-luksAddKey.8.adoc b/man/cryptsetup-luksAddKey.8.adoc index 9686a1d..306ef64 100644 --- a/man/cryptsetup-luksAddKey.8.adoc +++ b/man/cryptsetup-luksAddKey.8.adoc @@ -19,9 +19,9 @@ cryptsetup-luksAddKey - add a new passphrase Adds a keyslot protected by a new passphrase. An existing passphrase must be supplied interactively, via --key-file or LUKS2 token (plugin). Alternatively to existing passphrase user may pass directly volume key -(via --volume-key-file). The new passphrase to be added can be specified -interactively, read from the file given as the positional argument (also -via --new-keyfile parameter) or via LUKS2 token. +(via --volume-key-file or --volume-key-keyring). The new passphrase to be added +can be specified interactively, read from the file given as the positional +argument (also via --new-keyfile parameter) or via LUKS2 token. *NOTE:* with --unbound option the action creates new unbound LUKS2 keyslot. The keyslot cannot be used for device activation. If you don't @@ -34,11 +34,11 @@ algorithm is always the same for all keyslots. *<options>* can be [--key-file, --keyfile-offset, --keyfile-size, --new-keyfile, --new-keyfile-offset, --new-keyfile-size, --key-slot, ---new-key-slot, --volume-key-file, --force-password, --hash, --header, ---disable-locks, --iter-time, --pbkdf, --pbkdf-force-iterations, ---pbkdf-memory, --pbkdf-parallel, --unbound, --type, --keyslot-cipher, ---keyslot-key-size, --key-size, --timeout, --token-id, --token-type, ---token-only, --new-token-id, --verify-passphrase]. +--new-key-slot, --volume-key-file, --volume-key-keyring, --force-password, +--hash, --header, --disable-locks, --iter-time, --pbkdf, +--pbkdf-force-iterations, --pbkdf-memory, --pbkdf-parallel, --unbound, --type, +--keyslot-cipher, --keyslot-key-size, --key-size, --timeout, --token-id, +--token-type, --token-only, --new-token-id, --verify-passphrase, --external-tokens-path]. include::man/common_options.adoc[] diff --git a/man/cryptsetup-luksChangeKey.8.adoc b/man/cryptsetup-luksChangeKey.8.adoc index 7dd5f3b..23376c0 100644 --- a/man/cryptsetup-luksChangeKey.8.adoc +++ b/man/cryptsetup-luksChangeKey.8.adoc @@ -30,7 +30,9 @@ overwritten directly. *WARNING:* If a key-slot is overwritten, a media failure during this operation can cause the overwrite to fail after the old passphrase has -been wiped and make the LUKS container inaccessible. +been wiped and make the LUKS container inaccessible. LUKS2 mitigates +that by never overwriting existing keyslot area as long as there's +a free space in keyslots area at least for one more LUKS2 keyslot. *NOTE:* some parameters are effective only if used with LUKS2 format that supports per-keyslot parameters. For LUKS1, PBKDF type and hash diff --git a/man/cryptsetup-luksDump.8.adoc b/man/cryptsetup-luksDump.8.adoc index f9f3910..b1b3907 100644 --- a/man/cryptsetup-luksDump.8.adoc +++ b/man/cryptsetup-luksDump.8.adoc @@ -40,7 +40,7 @@ use --dump-json-metadata option. *<options>* can be [--dump-volume-key, --dump-json-metadata, --key-file, --keyfile-offset, --keyfile-size, --header, --disable-locks, ---volume-key-file, --type, --unbound, --key-slot, --timeout]. +--volume-key-file, --type, --unbound, --key-slot, --timeout, --external-tokens-path]. *WARNING:* If --dump-volume-key is used with --key-file and the argument to --key-file is '-', no validation question will be asked and no diff --git a/man/cryptsetup-luksFormat.8.adoc b/man/cryptsetup-luksFormat.8.adoc index be241f8..c9c3565 100644 --- a/man/cryptsetup-luksFormat.8.adoc +++ b/man/cryptsetup-luksFormat.8.adoc @@ -29,6 +29,8 @@ in use, e.g., mounted filesystem, used in LVM, active RAID member, etc. The device or filesystem has to be un-mounted in order to call luksFormat. To use specific version of LUKS format, use _--type luks1_ or _type luks2_. +To use OPAL hardware encryption on a self-encrypting drive, use +_--hw-opal_ or _--hw-opal-only_. *<options>* can be [--hash, --cipher, --verify-passphrase, --key-size, --key-slot, --key-file (takes precedence over optional second argument), @@ -41,7 +43,7 @@ For LUKS2, additional *<options>* can be [--integrity, --integrity-no-wipe, --sector-size, --label, --subsystem, --pbkdf, --pbkdf-memory, --pbkdf-parallel, --disable-locks, --disable-keyring, --luks2-metadata-size, --luks2-keyslots-size, --keyslot-cipher, ---keyslot-key-size, --integrity-legacy-padding]. +--keyslot-key-size, --integrity-legacy-padding, --hw-opal, --hw-opal-only]. *WARNING:* Doing a luksFormat on an existing LUKS container will make all data in the old container permanently irretrievable unless you have a diff --git a/man/cryptsetup-luksResume.8.adoc b/man/cryptsetup-luksResume.8.adoc index 9d81cbc..ba9f690 100644 --- a/man/cryptsetup-luksResume.8.adoc +++ b/man/cryptsetup-luksResume.8.adoc @@ -23,7 +23,8 @@ interactively for a passphrase if no token is usable (LUKS2 only) or *<options>* can be [--key-file, --keyfile-size, --keyfile-offset, --key-slot, --header, --disable-keyring, --disable-locks, --token-id, --token-only, --token-type, --disable-external-tokens, --type, --tries, ---timeout, --verify-passphrase]. +--timeout, --verify-passphrase, --volume-key-keyring, --link-vk-to-keyring, +--external-tokens-path]. include::man/common_options.adoc[] include::man/common_footer.adoc[] diff --git a/man/cryptsetup-luksSuspend.8.adoc b/man/cryptsetup-luksSuspend.8.adoc index ed20681..c5f90ce 100644 --- a/man/cryptsetup-luksSuspend.8.adoc +++ b/man/cryptsetup-luksSuspend.8.adoc @@ -20,6 +20,10 @@ Suspends an active device (all IO operations will block and accesses to the device will wait indefinitely) and wipes the encryption key from kernel memory. Needs kernel 2.6.19 or later. +While the _luksSuspend_ operation wipes encryption keys from memory, +it does not remove possible plaintext data in various caches or in-kernel +metadata for mounted filesystems. + After this operation, you have to use _luksResume_ to reinstate the encryption key and unblock the device or _close_ to remove the mapped device. diff --git a/man/cryptsetup-open.8.adoc b/man/cryptsetup-open.8.adoc index 5e8e7a6..73a5dc5 100644 --- a/man/cryptsetup-open.8.adoc +++ b/man/cryptsetup-open.8.adoc @@ -35,18 +35,22 @@ is inverted for historical reasons, all other aliases use the standard *<device> <name>* order. === PLAIN -*open --type plain <device> <name>* + +*open --type plain <device> <name>* --cipher <spec> --key-size <bits> --hash <alg> + plainOpen <device> <name> (*old syntax*) + create <name> <device> (*OBSOLETE syntax*) Opens (creates a mapping with) <name> backed by device <device>. +*WARNING:* You should always specify options *--cipher*, *--key-size* and +(if no keyfile is used) then also *--hash* to avoid incompatibility as +default values can be different in older cryptsetup versions. + + *<options>* can be [--hash, --cipher, --verify-passphrase, --sector-size, --key-file, --keyfile-size, --keyfile-offset, --key-size, --offset, --skip, --device-size, --size, --readonly, --shared, --allow-discards, --refresh, --timeout, --verify-passphrase, --iv-large-sectors]. -Example: 'cryptsetup open --type plain /dev/sda10 e1' maps the raw +Example: 'cryptsetup open --type plain --cipher aes-cbc-essiv:sha256 --key-size 256 --hash sha256 /dev/sda10 e1' maps the raw encrypted device /dev/sda10 to the mapped (decrypted) device /dev/mapper/e1, which can then be mounted, fsck-ed or have a filesystem created on it. @@ -74,7 +78,8 @@ matching PIN protected token. --volume-key-file, --token-id, --token-only, --token-type, --disable-external-tokens, --disable-keyring, --disable-locks, --type, --refresh, --serialize-memory-hard-pbkdf, --unbound, --tries, --timeout, ---verify-passphrase, --persistent]. +--verify-passphrase, --persistent, --volume-key-keyring, --link-vk-to-keyring, +--external-tokens-path]. === loopAES *open --type loopaes <device> <name> --key-file <keyfile>* + @@ -150,6 +155,11 @@ Opens the BITLK (a BitLocker compatible) <device> and sets up a mapping --readonly, --test-passphrase, --allow-discards --volume-key-file, --tries, --timeout, --verify-passphrase]. +Note that *--test-passphrase* doesn't work with *--volume-key-file* because +we cannot check whether the provided volume key is correct for this device +or not. When using *--volume-key-file* the device will be opened even if +the provided key is not correct. + === FileVault2 *open --type fvault2 <device> <name>* + fvault2Open <device> <name> (*old syntax*) diff --git a/man/cryptsetup-reencrypt.8.adoc b/man/cryptsetup-reencrypt.8.adoc index 154a469..387b0a9 100644 --- a/man/cryptsetup-reencrypt.8.adoc +++ b/man/cryptsetup-reencrypt.8.adoc @@ -31,7 +31,7 @@ which otherwise require full on-disk data change (re-encryption). The _reencrypt_ action reencrypts data on LUKS device in-place. You can regenerate *volume key* (the real key used in on-disk encryption -unclocked by passphrase), *cipher*, *cipher mode* or *encryption sector size* +unlocked by passphrase), *cipher*, *cipher mode* or *encryption sector size* (LUKS2 only). Reencryption process may be safely interrupted by a user via SIGINT @@ -43,7 +43,7 @@ options available for _luksFormat_ action for respective LUKS version (see cryptsetup-luksFormat man page for more details). See *cryptsetup-luksFormat*(8). *NOTE* that for encrypt and decrypt mode, the whole device must be -treated as unencrypted -- there are no quarantees of confidentiality as +treated as unencrypted -- there are no guarantees of confidentiality as part of the device contains plaintext. *ALWAYS BE SURE YOU HAVE RELIABLE BACKUP BEFORE USING THIS ACTION ON LUKS DEVICE.* diff --git a/man/cryptsetup-resize.8.adoc b/man/cryptsetup-resize.8.adoc index 4cff482..b9a5502 100644 --- a/man/cryptsetup-resize.8.adoc +++ b/man/cryptsetup-resize.8.adoc @@ -36,7 +36,7 @@ keyring is used by default for LUKS2 devices. *<options>* can be [--size, --device-size, --token-id, --token-only, --token-type, --key-slot, --key-file, --keyfile-size, --keyfile-offset, --timeout, --disable-external-tokens, --disable-locks, --disable-keyring, ---verify-passphrase, --timeout]. +--verify-passphrase, --timeout, --external-tokens-path]. include::man/common_options.adoc[] include::man/common_footer.adoc[] diff --git a/man/cryptsetup-token.8.adoc b/man/cryptsetup-token.8.adoc index 7a3a069..5fa6af8 100644 --- a/man/cryptsetup-token.8.adoc +++ b/man/cryptsetup-token.8.adoc @@ -49,7 +49,7 @@ replace the existing token. *<options>* can be [--header, --token-id, --key-slot, --key-description, --disable-external-tokens, --disable-locks, --disable-keyring, ---json-file, --token-replace, --unbound]. +--json-file, --token-replace, --unbound, --external-tokens-path]. include::man/common_options.adoc[] include::man/common_footer.adoc[] diff --git a/man/cryptsetup.8.adoc b/man/cryptsetup.8.adoc index ddd3a12..442012d 100644 --- a/man/cryptsetup.8.adoc +++ b/man/cryptsetup.8.adoc @@ -21,7 +21,8 @@ features than plain dm-crypt. On the other hand, the header is visible and vulnerable to damage. In addition, cryptsetup provides limited support for the use of loop-AES -volumes, TrueCrypt, VeraCrypt, BitLocker and FileVault2 compatible volumes. +volumes, TrueCrypt, VeraCrypt, BitLocker and FileVault2 compatible volumes, +and for hardware-based encryption on OPAL capable drives. For more information about specific cryptsetup action see *cryptsetup-<action>*(8), where *<action>* is the name of the @@ -423,15 +424,44 @@ Opens the FVAULT2 (a FileVault2-compatible) <device> (usually the second partition on the device) and sets up a mapping <name>. + See *cryptsetup-open*(8). -=== DUMP -*fvault2Dump <device>* +== SED (Self Encrypting Drive) OPAL EXTENSION + +cryptsetup supports using native hardware encryption on drives that provide an +*OPAL* interface, both nested with *dm-crypt* and standalone. Passphrases, +tokens and metadata are stored using the LUKS2 header format, and are thus +compatible with any software or system that uses LUKS2 (e.g.: tokens). + +*WARNING:* this support is new and experimental, and requires at least kernel +v6.4. Resizing devices is not supported. + +*--hw-opal* can be specified for OPAL + dm-crypt, and +*--hw-opal-only* can be specified to use OPAL only, without a dm-crypt layer. + +Opening, closing and enrolling tokens work in the same way as with LUKS2 and +dm-crypt. The new parameters are only necessary when formatting, the LUKS2 +metadata will ensure the right setup is performed when opening or closing. If +no *subsystem* is specified, it will be automatically set to *HW-OPAL* so that +it is immediately apparent when a device uses OPAL. -Dump the header information of an FVAULT2 device. + -See *cryptsetup-fvault2Dump*(8). +=== FORMAT +*luksFormat --type luks2 --hw-opal <device> [<key file>]* + +Additionally specify *--hw-opal-only* instead of *--hw-opal* to avoid the +dm-crypt layer. Other than the usual passphrase, an admin password will have +to be specified when formatting the first partition of the drive, and will have +to be re-supplied when formatting any other partition until a factory reset +is performed. + +=== ERASE +*erase <device>* -Note that cryptsetup does not use any macOS code or proprietary -specifications. Please report all problems related to this compatibility -extension to the cryptsetup project. +Securely erase a partition or device. Requires admin password. +Additionally specify *--hw-opal-factory-reset* for a FULL factory reset of the +drive, using the drive's *PSID* (typically printed on the label) instead of the +admin password. +*WARNING*: a factory reset will cause ALL data on the device to be lost, +regardless of the partition it is ran on, if any, and regardless of any LUKS2 +header backup. == MISCELLANEOUS ACTIONS @@ -671,11 +701,13 @@ The dm-crypt device then resides on top of such a dm-integrity device. All activation and deactivation of this device stack is performed by cryptsetup, there is no difference in using *luksOpen* for integrity protected devices. If you want to format LUKS2 device with data -integrity protection, use *--integrity* option. +integrity protection, use *--integrity* option (see *cryptsetup-luksFormat(8)*). -Since dm-integrity doesn't support discards (TRIM), dm-crypt device on -top of it inherits this, so integrity protection mode doesn't support -discards either. +Albeit Linux kernel 5.7 added TRIM support for standalone dm-integrity devices, +*cryptsetup(8)* can't offer support for discards (TRIM) in authenticated +encryption mode, because the underlying dm-crypt kernel module does not support +this functionality when dm-integrity is used as auth tag space allocator +(see *--allow-discards* in *cryptsetup-luksFormat(8)*). Some integrity modes requires two independent keys (key for encryption and for authentication). Both these keys are stored in one LUKS keyslot. diff --git a/man/integritysetup.8.adoc b/man/integritysetup.8.adoc index 2aec1a6..e89b0f7 100644 --- a/man/integritysetup.8.adoc +++ b/man/integritysetup.8.adoc @@ -44,6 +44,10 @@ create <name> <device> (*OBSOLETE syntax*) Open a mapping with <name> backed by device <device>. +If the integrity algorithm of the device is non-default, +then the algorithm should be specified with the *--integrity* option. +This will not be detected from the device. + *<options>* can be [--data-device, --batch-mode, --journal-watermark, --journal-commit-time, --buffer-sectors, --integrity, --integrity-key-size, --integrity-key-file, --integrity-no-journal, diff --git a/man/meson.build b/man/meson.build new file mode 100644 index 0000000..5013093 --- /dev/null +++ b/man/meson.build @@ -0,0 +1,256 @@ +fs = import('fs') + +adocfiles_common = [ + 'common_options.adoc', + 'common_footer.adoc', +] + +manpage_tuples_to_build = [] +manpage_tuples_all = [] + +# tuple with adoc file and generated aliases +cryptsetup_manpages = [ + [ + 'cryptsetup.8.adoc', + [], + ], + [ + 'cryptsetup-open.8.adoc', + [ + 'cryptsetup-create.8', + 'cryptsetup-plainOpen.8', + 'cryptsetup-luksOpen.8', + 'cryptsetup-loopaesOpen.8', + 'cryptsetup-tcryptOpen.8', + 'cryptsetup-bitlkOpen.8', + ], + ], + [ + 'cryptsetup-close.8.adoc', + [], + ], + [ + 'cryptsetup-reencrypt.8.adoc', + [], + ], + [ + 'cryptsetup-status.8.adoc', + [], + ], + [ + 'cryptsetup-resize.8.adoc', + [], + ], + [ + 'cryptsetup-refresh.8.adoc', + [], + ], + [ + 'cryptsetup-luksFormat.8.adoc', + [], + ], + [ + 'cryptsetup-luksSuspend.8.adoc', + [], + ], + [ + 'cryptsetup-luksResume.8.adoc', + [], + ], + [ + 'cryptsetup-luksAddKey.8.adoc', + [], + ], + [ + 'cryptsetup-luksRemoveKey.8.adoc', + [], + ], + [ + 'cryptsetup-luksConvertKey.8.adoc', + [], + ], + [ + 'cryptsetup-luksKillSlot.8.adoc', + [], + ], + [ + 'cryptsetup-luksChangeKey.8.adoc', + [], + ], + [ + 'cryptsetup-erase.8.adoc', + [ + 'cryptsetup-luksErase.8', + ], + ], + [ + 'cryptsetup-luksUUID.8.adoc', + [], + ], + [ + 'cryptsetup-isLuks.8.adoc', + [], + ], + [ + 'cryptsetup-luksDump.8.adoc', + [], + ], + [ + 'cryptsetup-luksHeaderBackup.8.adoc', + [], + ], + [ + 'cryptsetup-luksHeaderRestore.8.adoc', + [], + ], + [ + 'cryptsetup-token.8.adoc', + [], + ], + [ + 'cryptsetup-convert.8.adoc', + [], + ], + [ + 'cryptsetup-config.8.adoc', + [], + ], + [ + 'cryptsetup-tcryptDump.8.adoc', + [], + ], + [ + 'cryptsetup-bitlkDump.8.adoc', + [], + ], + [ + 'cryptsetup-fvault2Dump.8.adoc', + [], + ], + [ + 'cryptsetup-repair.8.adoc', + [], + ], + [ + 'cryptsetup-benchmark.8.adoc', + [], + ], +] + +veritysetup_manpages = [ + [ + 'veritysetup.8.adoc', + [], + ], +] +integritysetup_manpages = [ + [ + 'integritysetup.8.adoc', + [], + ], +] +sshplugin_manpages = [ + [ + 'cryptsetup-ssh.8.adoc', + [], + ], +] + +if get_option('cryptsetup') + manpage_tuples_to_build += cryptsetup_manpages +endif +manpage_tuples_all += cryptsetup_manpages +if get_option('veritysetup') + manpage_tuples_to_build += veritysetup_manpages +endif +manpage_tuples_all += veritysetup_manpages +if get_option('integritysetup') + manpage_tuples_to_build += integritysetup_manpages +endif +manpage_tuples_all += integritysetup_manpages +if get_option('ssh-token') + manpage_tuples_to_build += sshplugin_manpages +endif +manpage_tuples_all += sshplugin_manpages + +adocfiles_all = [] +foreach tuple : manpage_tuples_all + adocfiles_all += tuple[0] +endforeach + +prebuilt_manpages_exist = true +foreach manpage_tuple : manpage_tuples_to_build + adocfile = manpage_tuple[0] + aliases = manpage_tuple[1] + manfile = fs.replace_suffix(adocfile, '') + + prebuilt_manpages_exist = prebuilt_manpages_exist and fs.exists(manfile) + + foreach alias : aliases + prebuilt_manpages_exist = prebuilt_manpages_exist and fs.exists(alias) + endforeach +endforeach + +built_manpages = [] + +if use_asciidoc + meson.add_dist_script(find_program('meson_dist_convert.sh'), + asciidoc, meson.project_version(), adocfiles_all) + + foreach manpage_tuple : manpage_tuples_to_build + adocfile = manpage_tuple[0] + aliases = manpage_tuple[1] + + mandir = join_paths(get_option('prefix'), get_option('mandir'), 'man8') + manfile = fs.replace_suffix(adocfile, '') + + built_manpages += custom_target(manfile, + command: [ + asciidoc, + '-b', 'manpage', + '--failure-level', 'ERROR', + '-a', 'release-version=@0@'.format( + meson.project_version(), + ), + '-o', '@BASENAME@', + '@INPUT@', + '--destination-dir=@0@'.format( + meson.current_build_dir(), + ), + '--base-dir=@SOURCE_ROOT@', + ], + input: adocfile, + depend_files: adocfiles_common, + install: true, + install_dir: mandir, + output: [ + manfile, + ] + aliases, + ) + endforeach +else + # use_asciidoc == false + if prebuilt_manpages_exist + message('Using prebuilt manpages.') + foreach manpage_tuple : manpage_tuples_to_build + adocfile = manpage_tuple[0] + aliases = manpage_tuple[1] + manfile = fs.replace_suffix(adocfile, '') + + install_man(manfile) + foreach alias : aliases + install_man(alias) + endforeach + endforeach + else + warning('Neither asciidoctor nor prebuilt manual pages found. Skipping manpage installation') + endif +endif + +man = custom_target( + 'man', + output: 'man', + depends: built_manpages, + command: [ + nop_command, + ]) diff --git a/man/meson_dist_convert.sh b/man/meson_dist_convert.sh new file mode 100755 index 0000000..3b55d05 --- /dev/null +++ b/man/meson_dist_convert.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# generates manpages from AsciiDoc files when building dist tarball +# run asciidoctor in parallel on `nproc` cores + +set -e + +[ -z "$MESON_DIST_ROOT" ] && echo "This script is meant to be run only from meson while generating dist tarball." && exit 1 + +if [ $# -lt 3 ]; then + echo "Usage: $0 <asciidoctor path> <release version> <adocfiles>" + exit 1 +fi + +ASCIIDOCTOR="$1" +RELEASE_VERSION="$2" +shift 2 + +cd $MESON_DIST_ROOT/man +i=1 +N=$(nproc) +for adocfile in "$@" +do + $ASCIIDOCTOR -b manpage --failure-level ERROR -a release-version=$RELEASE_VERSION --base-dir=$MESON_DIST_ROOT $adocfile & + if [ $(( $i % $N )) -eq 0 ]; then wait; fi + i=$((i+1)) +done diff --git a/meson.build b/meson.build new file mode 100644 index 0000000..b26c71c --- /dev/null +++ b/meson.build @@ -0,0 +1,748 @@ +project('cryptsetup', + 'c', + default_options: [ 'prefix=/usr' ], + meson_version: '>=0.64', + version: '2.7.0') + +libcryptsetup_version = '12.10.0' + +includes_root = include_directories('.') +includes_lib = include_directories('lib') +includes_tools = [ + includes_root, + includes_lib, +] + +warning('meson build system support for cryptsetup is considered experimental at the moment ') + +pkgconfig = import('pkgconfig') +cc = meson.get_compiler('c') +nop_command = find_program('echo') +conf = configuration_data() + +PACKAGE_VERSION = meson.project_version() +conf.set_quoted('PACKAGE_VERSION', PACKAGE_VERSION) +conf.set_quoted('PACKAGE_NAME', meson.project_name()) +conf.set_quoted('PACKAGE', meson.project_name()) +conf.set('_GNU_SOURCE', true) + +default_string_options = [ + 'default-loopaes-cipher', + 'default-luks1-cipher', + 'default-luks1-hash', + 'default-luks1-mode', + 'default-luks2-external-tokens-path', + 'default-luks2-keyslot-cipher', + 'default-luks2-lock-path', + 'default-luks2-pbkdf', + 'default-plain-cipher', + 'default-plain-hash', + 'default-plain-mode', + 'default-verity-hash', +] + +default_int_options = [ + 'default-integrity-keyfile-size-maxkb', + 'default-keyfile-size-maxkb', + 'default-loopaes-keybits', + 'default-luks1-iter-time', + 'default-luks1-keybits', + 'default-luks2-iter-time', + 'default-luks2-keyslot-keybits', + 'default-luks2-lock-dir-perms', + 'default-luks2-memory-kb', + 'default-luks2-parallel-threads', + 'default-passphrase-size-max', + 'default-plain-keybits', + 'default-verity-data-block', + 'default-verity-fec-roots', + 'default-verity-hash-block', + 'default-verity-salt-size', +] + +foreach default_option : (default_string_options) + conf.set_quoted(default_option.underscorify().to_upper(), get_option(default_option)) +endforeach + +foreach default_option : (default_int_options) + conf.set(default_option.underscorify().to_upper(), get_option(default_option)) +endforeach + +sanitizer = get_option('b_sanitize') +sanitizer_enabled = sanitizer != '' and sanitizer != 'none' + +enable_static = get_option('enable-static') +if get_option('static-cryptsetup') + if not enable_static + warning('Requested static cryptsetup build, enabling static library.') + enable_static = true + endif + + conf.set10('STATIC_TOOLS', true) +endif +link_args = [] +if enable_static == true + if not sanitizer_enabled + link_args += '--static' + else + warning('Turning off statically linked binaries as they are not compatible with sanitizer build. Will keep preferring static external dependencies.') + endif +endif + +required_headers = [ + 'byteswap.h', + 'ctype.h', + 'endian.h', + 'fcntl.h', + 'inttypes.h', + 'locale.h', + 'malloc.h', + 'stdint.h', + 'sys/ioctl.h', + 'sys/mman.h', + 'sys/statvfs.h', + 'sys/sysmacros.h', + 'uchar.h', + 'unistd.h', +] +foreach header : required_headers + conf.set10('HAVE_' + header.underscorify().to_upper(), cc.has_header(header)) +endforeach + +fcntl_header = conf.get('HAVE_FCNTL_H') == 1 ? 'fcntl.h' : 'stdio.h' +if cc.has_header_symbol(fcntl_header, 'O_CLOEXEC') + conf.set10('HAVE_DECL_O_CLOEXEC', true) +else + message('O_CLOEXEC not provided, setting to 0') + conf.set10('O_CLOEXEC', false, + description: 'Defined to 0 if not provided') +endif + +# ========================================================================== +# AsciiDoc manual pages + +asciidoc = find_program('asciidoctor', required: false) +opt_asciidoc = get_option('asciidoc') +if opt_asciidoc.enabled() and not asciidoc.found() + error('Building man pages requires asciidoctor installed.') +endif +use_asciidoc = asciidoc.found() and not opt_asciidoc.disabled() + +# ========================================================================== +# keyring + +if get_option('keyring') + assert(cc.has_header('linux/keyctl.h'), + 'You need Linux kernel headers with kernel keyring service compiled.') + assert(cc.has_header_symbol('syscall.h', '__NR_add_key',), + 'The kernel is missing add_key syscall.') + assert(cc.has_header_symbol('syscall.h', '__NR_keyctl'), + 'The kernel is missing keyctl syscall.') + assert(cc.has_header_symbol('syscall.h', '__NR_request_key',), + 'The kernel is missing request_key syscall.') + conf.set10('KERNEL_KEYRING', true, + description: 'Enable kernel keyring service support') +endif + +if build_machine.endian() == 'big' + conf.set10('WORDS_BIGENDIAN', true) +endif + +# ========================================================================== + +uuid = dependency('uuid', + static: enable_static) +assert(cc.has_function('uuid_clear', + prefix: '#include <uuid.h>', dependencies: uuid), + 'You need the uuid library.') + +# ========================================================================== + +# AC_SEARCH_LIBS([clock_gettime],[rt posix4]) + +clock_gettime = [] +if not cc.has_function('clock_gettime', + prefix: '#include <time.h>') + clock_gettime = cc.find_library('rt') + + if not cc.has_function('clock_gettime', + prefix: '#include <time.h>', dependencies: clock_gettime) + clock_gettime = cc.find_library('posix4') + + if not cc.has_function('clock_gettime', + prefix: '#include <time.h>', dependencies: clock_gettime) + error('clock_gettime not found') + endif + endif +endif + +foreach function : [ + 'posix_memalign', + 'posix_fallocate', + 'explicit_bzero', +] + conf.set10('HAVE_' + function.underscorify().to_upper(), cc.has_function(function)) +endforeach + +# no need to enable large file support, as it is on be default in meson +# https://github.com/mesonbuild/meson/commit/853634a48da025c59eef70161dba0d150833f60d + +# ========================================================================== +# LUKS2 external tokens + +# dl is also required by all-symbols-test +dl = [] +if not cc.has_function('dlsym', + prefix: '#include <dlfcn.h>') + dl = cc.find_library('dl') + + if not cc.has_function('dlsym', + prefix: '#include <dlfcn.h>', dependencies: dl) + error('dlsym not found') + endif +endif +if cc.has_function('dlvsym', + dependencies: dl) + conf.set10('HAVE_DLVSYM', true) +endif + +if get_option('external-tokens') + assert(conf.has('HAVE_DLVSYM') and conf.get('HAVE_DLVSYM') == 1, + 'dl library has no dlvsym function') + conf.set10('USE_EXTERNAL_TOKENS', true, + description: 'Use external tokens') +endif + +# SSH external tokens +if not get_option('external-tokens') and get_option('ssh-token') + error('Requested LUKS2 ssh-token build, but external tokens are disabled.') +endif + +if get_option('luks2-reencryption') + conf.set10('USE_LUKS2_REENCRYPTION', true, + description: 'Use LUKS2 online reencryption extension') +endif + +# ========================================================================== + +popt = cc.find_library('popt', + static: enable_static) +assert(cc.has_function('poptConfigFileToString', + dependencies: popt), + 'You need popt 1.7 or newer to compile.') + +# ========================================================================== +# FIPS extensions + +if get_option('fips') + if enable_static + error('Static build is not compatible with FIPS.') + endif + + conf.set10('ENABLE_FIPS', true, + description: 'Enable FIPS mode restrictions') +endif + +# ========================================================================== +# pwquality library (cryptsetup CLI only) + +pwquality = [] +if get_option('pwquality') + pwquality = dependency('pwquality', + version: '>= 1.0.0', + static: enable_static) + conf.set10('ENABLE_PWQUALITY', true) +endif + +# ========================================================================== +# fuzzers, it requires own static library compilation later + +if get_option('fuzz-targets') + assert(sanitizer_enabled, + 'Fuzz targets are only supported with sanitizer enabled. Please set -Db_sanitize') + add_languages('cpp') + + if get_option('fuzzing-engine') == '' + fuzzing_engine = meson.get_compiler('cpp').find_library('Fuzzer', required: false) + if fuzzing_engine.found() + add_project_arguments('-fsanitize-coverage=trace-pc-guard,trace-cmp', + language: [ 'c', 'cpp' ]) + elif cc.has_argument( '-fsanitize=fuzzer-no-link',) and cc.has_argument( '-fsanitize=fuzzer',) + message('Using -fsanitize=fuzzer engine') + fuzzing_engine = declare_dependency(link_args: ['-fsanitize=fuzzer']) + add_project_arguments('-fsanitize=fuzzer-no-link', + language: [ 'c', 'cpp' ]) + else + error('Looks like neither libFuzzer nor -fsanitize=fuzzer-no-link is supported') + endif + else + fuzzing_engine = declare_dependency(link_args: get_option('fuzzing-engine').split()) + endif + + protobuf = dependency('protobuf', + required: false) + protoc = find_program('protoc', + required: false) + if not protoc.found() + protoc = find_program('tests/fuzz/build/static_lib_deps/bin/protoc', + required: false) + endif + if not protoc.found() or not protobuf.found() + error('protoc tool and/or protobuf pkg-config dependency not found') + endif + + libprotobuf_mutator = dependency('libprotobuf-mutator', + required: false) + if not libprotobuf_mutator.found() + error('libprotobuf-mutator not found') + endif + + protoc_generator = generator(protoc, + output: [ + '@BASENAME@.pb.cc', + '@BASENAME@.pb.h', + ], + arguments: [ + '--proto_path=@CURRENT_SOURCE_DIR@', + '--cpp_out=@BUILD_DIR@', + '@INPUT@', + ]) +endif + +# ========================================================================== +# passwdqc library (cryptsetup CLI only) + +passwdqc_config = '' +use_passwdqc = false +if get_option('passwdqc') == 'true' + use_passwdqc = true +elif get_option('passwdqc') == 'false' + use_passwdqc = false +elif get_option('passwdqc').startswith('/') + use_passwdqc = true + passwdqc_config = get_option('passwdqc') +else + error('Unrecognized passwdqc parameter "@0@" (supported options are true, false or absolute path).' + .format(get_option('passwdqc'))) +endif + +passwdqc = [] +conf.set_quoted('PASSWDQC_CONFIG_FILE', passwdqc_config, + description: 'passwdqc library config file') +if use_passwdqc + conf.set10('ENABLE_PASSWDQC', true, + description: 'Enable password quality checking using passwdqc library') + #passwdqc = dependency('passwdqc', required : false) + passwdqc = cc.find_library('passwdqc', + required: false, + static: enable_static) + assert(cc.has_function('passwdqc_check', + prefix: '#include <passwdqc.h>', dependencies: passwdqc), + 'failed to find passwdqc_check from the passwdqc library') + + assert(cc.has_function('passwdqc_params_free', + prefix: '#include <passwdqc.h>', dependencies: passwdqc), + 'failed to find passwdqc_params_free from the passwdqc library') + + conf.set10('HAVE_PASSWDQC_PARAMS_FREE', cc.has_function('passwdqc_params_free', + prefix: '#include <passwdqc.h>', dependencies: passwdqc)) +endif + +if use_passwdqc and get_option('pwquality') + error('pwquality and passwdqc are mutually incompatible.') +endif + +# ========================================================================== +# libdevmapper + +devmapper = dependency('devmapper', + version: '>= 1.02.03', + required: false, + static: enable_static) +if not devmapper.found() + message('devmapper not found using pkgconf') + devmapper = cc.find_library('devmapper', + static: enable_static) + assert(cc.has_function('dm_task_set_name', + prefix: '#include <libdevmapper.h>', dependencies: devmapper), + 'You need the device-mapper library.') + + assert(cc.has_function('dm_task_set_message', + prefix: '#include <libdevmapper.h>', dependencies: devmapper), + 'The device-mapper library on your system is too old.') +endif + +foreach function : [ + 'dm_device_get_name', + 'dm_device_has_holders', + 'dm_device_has_mounted_fs', + 'dm_task_deferred_remove', + 'dm_task_retry_remove', + 'dm_task_secure_data', +] + has_function = cc.has_function(function, + prefix: '#include <libdevmapper.h>', dependencies: devmapper) + conf.set10('HAVE_DECL_' + function.underscorify().to_upper(), has_function) +endforeach + +foreach symbol : [ + 'DM_DEVICE_GET_TARGET_VERSION', + 'DM_UDEV_DISABLE_DISK_RULES_FLAG', +] + has_symbol = cc.has_header_symbol('libdevmapper.h', symbol, + dependencies: devmapper) + conf.set10('HAVE_DECL_' + symbol.underscorify().to_upper(), has_symbol) +endforeach + +if cc.has_header_symbol('libdevmapper.h', 'DM_UDEV_DISABLE_DISK_RULES_FLAG', + dependencies: devmapper) + conf.set10('USE_UDEV', true, + description: 'Try to use udev synchronisation?') +else + warning('The device-mapper library on your system has no udev support, udev support disabled.') +endif + +# ========================================================================== +# Check for JSON-C used in LUKS2 + +jsonc = dependency('json-c', + static: enable_static) +foreach function : [ + 'json_object_object_add_ex', + 'json_object_deep_copy', +] + has_function = cc.has_function(function, + prefix: '#include <json_object.h>', dependencies: jsonc) + conf.set10('HAVE_DECL_' + function.underscorify().to_upper(), has_function) +endforeach + +# ========================================================================== +# Check for libssh and argp for SSH plugin + +if get_option('ssh-token') + argp = [] + + if not cc.has_function('argp_parse', prefix: '#include <argp.h>', dependencies: argp) + argp = cc.find_library('argp', + static: enable_static) + endif + + libssh = dependency('libssh') + conf.set10('HAVE_DECL_SSH_SESSION_IS_KNOWN_SERVER', + cc.has_function('ssh_session_is_known_server', + prefix: '#include <libssh/libssh.h>', dependencies: libssh)) +endif + +# ========================================================================== +# Crypto backend configuration. + +if get_option('kernel_crypto') + assert(cc.has_header('linux/if_alg.h'), + 'You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.') + conf.set10('ENABLE_AF_ALG', true, + description: 'Enable using of kernel userspace crypto') +endif + +crypto_backend_library = [] +use_internal_pbkdf2 = false +use_internal_argon2 = true + +if get_option('crypto-backend') == 'gcrypt' + req_version = '1.1.42' + if get_option('fips') + req_version = '1.4.5' + endif + + if get_option('gcrypt-pbkdf2').auto() + # Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password) + gcrypt_with_empty_password = dependency('libgcrypt', + version: '>=1.6.1', + required: false, + static: enable_static) + if gcrypt_with_empty_password.found() + req_version = '1.6.1' + use_internal_pbkdf2 = false + else + use_internal_pbkdf2 = true + endif + else + use_internal_pbkdf2 = get_option('gcrypt-pbkdf2').disabled() + endif + + if use_internal_pbkdf2 and get_option('fips') + error('Using internal cryptsetup PBKDF2 is not compatible with FIPS.') + endif + + if get_option('gcrypt-argon2').auto() + # Check if we can use gcrypt Argon2 (1.11.0 supports empty password) + gcrypt_with_empty_password = dependency('libgcrypt', + version: '>=1.11.0', + required: false, + static: enable_static) + if gcrypt_with_empty_password.found() + req_version = '1.11.0' + use_internal_argon2 = false + else + use_internal_argon2 = true + endif + else + use_internal_argon2 = get_option('gcrypt-argon2').disabled() + endif + + crypto_backend_library = dependency('libgcrypt', + version: '>=@0@'.format(req_version), + static: enable_static) + conf.set10('HAVE_DECL_GCRY_CIPHER_MODE_XTS', + cc.has_header_symbol('gcrypt.h', 'GCRY_CIPHER_MODE_XTS', + dependencies: crypto_backend_library)) + conf.set10('HAVE_DECL_GCRY_KDF_ARGON2', + cc.has_header_symbol('gcrypt.h', 'GCRY_KDF_ARGON2', + dependencies: crypto_backend_library)) + conf.set_quoted('GCRYPT_REQ_VERSION', req_version, + description: 'Requested gcrypt version') +elif get_option('crypto-backend') == 'openssl' + use_internal_pbkdf2 = false + use_internal_argon2 = true + crypto_backend_library = dependency('libcrypto', + version: '>=0.9.8', + static: enable_static) + conf.set10('HAVE_DECL_OSSL_GET_MAX_THREADS', + cc.has_header_symbol('openssl/thread.h', 'OSSL_get_max_threads', + dependencies: crypto_backend_library)) + conf.set10('HAVE_DECL_OSSL_KDF_PARAM_ARGON2_VERSION', + cc.has_header_symbol('openssl/core_names.h', 'OSSL_KDF_PARAM_ARGON2_VERSION', + dependencies: crypto_backend_library)) +elif get_option('crypto-backend') == 'nss' + if get_option('fips') + error('nss crypto backend is not supported with FIPS enabled') + endif + if enable_static + error('Static build of cryptsetup is not supported with NSS.') + endif + + warning('NSS backend does NOT provide backward compatibility (missing ripemd160 hash).') + use_internal_pbkdf2 = true + use_internal_argon2 = true + + crypto_backend_library = dependency('nss', + static: enable_static) + conf.set10('HAVE_DECL_NSS_GETVERSION', + cc.has_header_symbol('nss.h', 'NSS_GetVersion', + dependencies: crypto_backend_library)) +elif get_option('crypto-backend') == 'kernel' + if get_option('fips') + error('kernel crypto backend is not supported with FIPS enabled') + endif + use_internal_pbkdf2 = true + use_internal_argon2 = true + assert(cc.has_header('linux/if_alg.h'), + 'You need Linux kernel headers with userspace crypto interface.') +elif get_option('crypto-backend') == 'nettle' + if get_option('fips') + error('nettle crypto backend is not supported with FIPS enabled') + endif + assert(cc.has_header('nettle/sha.h'), + 'You need Nettle cryptographic library.') + conf.set10('HAVE_NETTLE_VERSION_H', cc.has_header('nettle/version.h')) + + crypto_backend_library = dependency('nettle', + static: enable_static) + use_internal_pbkdf2 = false + use_internal_argon2 = true + assert(cc.has_function('nettle_pbkdf2_hmac_sha256', + dependencies: crypto_backend_library), + 'You need Nettle library version 2.6 or more recent.') +endif +conf.set10('USE_INTERNAL_PBKDF2', use_internal_pbkdf2) + +libargon2_external = [] +threads = [] +use_internal_sse_argon2 = false +if not use_internal_argon2 or get_option('argon-implementation') == 'none' + if get_option('argon-implementation') == 'internal' or get_option('argon-implementation') == 'libargon2' + warning('Argon2 in crypto library is used; internal Argon2 options are ignored.') + endif + conf.set10('USE_INTERNAL_ARGON2', false, + description: 'Use internal Argon2.') +elif get_option('argon-implementation') == 'internal' + warning('Argon2 bundled (slow) reference implementation will be used, please consider using system library with -Dargon-implementation=libargon2') + + if get_option('internal-sse-argon2') + use_internal_sse_argon2 = cc.links( + '''#include <emmintrin.h> + __m128i testfunc(__m128i *a, __m128i *b) { + return _mm_xor_si128(_mm_loadu_si128(a), _mm_loadu_si128(b)); + } + int main(int argc, char **argv) { return 0; }''', + name: 'Argon2 SSE optimization can be used') + + if not use_internal_sse_argon2 + warning('Argon2 SSE optimization cannot be used, disabling.') + endif + endif + conf.set10('USE_INTERNAL_ARGON2', true, + description: 'Use internal Argon2.') + + threads = dependency('threads') +elif get_option('argon-implementation') == 'libargon2' + libargon2_external = dependency('libargon2', + static: enable_static) + assert(cc.has_header('argon2.h', + dependencies: libargon2_external), + 'You need libargon2 development library installed.') + assert(cc.has_header_symbol( + 'argon2.h', + 'Argon2_id', + dependencies: libargon2_external), + 'You need more recent Argon2 library with support for Argon2id.') + conf.set10('USE_INTERNAL_ARGON2', false, + description: 'Use internal Argon2.') + conf.set10('HAVE_ARGON2_H', true) +endif + +# ========================================================================== +# Link with blkid to check for other device types + +blkid = [] +if get_option('blkid') + blkid = dependency('blkid', + static: enable_static) + assert(cc.has_header('blkid/blkid.h', + dependencies: blkid), + 'You need blkid development library installed.') + + conf.set10('HAVE_BLKID', true, + description: 'Define to 1 to use blkid for detection of disk signatures.') + conf.set10('HAVE_BLKID_WIPE', + cc.has_function('blkid_do_wipe', + prefix: '#include <blkid/blkid.h>', dependencies: blkid), + description: 'Define to 1 to use blkid_do_wipe.') + conf.set10('HAVE_BLKID_STEP_BACK', + cc.has_function('blkid_probe_step_back', + prefix: '#include <blkid/blkid.h>', dependencies: blkid), + description: 'Define to 1 to use blkid_probe_step_back.') + + foreach header : [ + 'blkid_reset_probe', + 'blkid_probe_set_device', + 'blkid_probe_filter_superblocks_type', + 'blkid_do_safeprobe', + 'blkid_do_probe', + 'blkid_probe_lookup_value', + ] + assert(cc.has_function(header, + prefix: '#include <blkid/blkid.h>', dependencies: blkid), + 'Can not compile with blkid support, disable it by -Dblkid=false') + endforeach +endif + +have = get_option('hw-opal') +if have + if cc.has_header('linux/sed-opal.h') + foreach symbol : [ + 'OPAL_FL_SUM_SUPPORTED', + 'IOC_OPAL_GET_LR_STATUS', + 'IOC_OPAL_GET_GEOMETRY', + ] + if not cc.has_header_symbol('linux/sed-opal.h', symbol) + have = false + warning('OPAL support disabled, linux/sed-opal.h does not define ' + symbol) + endif + endforeach + + else + have = false + warning('OPAL support disabled, linux/sed-opal.h not found, requires kernel v6.4.') + endif +endif +conf.set10('HAVE_HW_OPAL', have, description: 'Define to 1 to enable OPAL support.') + + +# ========================================================================== +# Check compiler support for symver function attribute + +if cc.links( + '''void _test_sym(void); + + __attribute__((__symver__("sym@VERSION_4.2"))) void _test_sym(void) {} + int main(int argc, char **argv) { return 0; }''', + args: ['-O0', '-Werror' ], + name: 'for symver attribute support') + conf.set10('HAVE_ATTRIBUTE_SYMVER', true, + description: 'Define to 1 to use __attribute__((symver))') +endif + +# ========================================================================== + +if get_option('dev-random') + conf.set_quoted('DEFAULT_RNG', '/dev/random') +else + conf.set_quoted('DEFAULT_RNG', '/dev/urandom') +endif + +tmpfilesdir = get_option('tmpfilesdir') +if tmpfilesdir == '' + systemd = dependency('systemd', + method: 'pkg-config', + required: false) + if systemd.found() + tmpfilesdir = systemd.get_variable(pkgconfig: 'tmpfilesdir', default_value: '') + endif +endif + +if tmpfilesdir != '' + assert(tmpfilesdir.startswith('/',), + 'tmpfilesdir has to be an absolute path') +endif + +# ========================================================================== + +if get_option('luks_adjust_xts_keysize') + conf.set10('ENABLE_LUKS_ADJUST_XTS_KEYSIZE', true, + description: 'XTS mode - double default LUKS keysize if needed') +endif + +assert(get_option('default-luks2-lock-path').startswith('/'), + 'default-luks2-lock-path has to be an absolute path') + +luks2_external_tokens_path = get_option('default-luks2-external-tokens-path') +if luks2_external_tokens_path == 'LIBDIR/cryptsetup' + luks2_external_tokens_path = join_paths(get_option('prefix'), get_option('libdir'), 'cryptsetup') +endif +assert(luks2_external_tokens_path.startswith('/'), + 'default-luks2-external-tokens-path has to be an absolute path') +conf.set_quoted('EXTERNAL_LUKS2_TOKENS_PATH', luks2_external_tokens_path, + description: 'path to directory with LUKSv2 external token handlers (plugins)') + +if get_option('default-luks-format') == 'LUKS1' + conf.set('DEFAULT_LUKS_FORMAT', 'CRYPT_LUKS1') +elif get_option('default-luks-format') == 'LUKS2' + conf.set('DEFAULT_LUKS_FORMAT', 'CRYPT_LUKS2') +else + error('Unknown default LUKS format. Use LUKS1 or LUKS2 only.') +endif + +# ========================================================================== + +if get_option('nls') + conf.set10('ENABLE_NLS', true) + assert(find_program('gettext').found(), + 'You need gettext binary to build translations.') +endif + +# ========================================================================== + +configure_file( + output: 'config.h', + configuration: conf, +) +add_project_arguments('-include', 'config.h', + language: 'c') + +subdir('lib') +subdir('man') +subdir('po') +subdir('src') +subdir('scripts') +subdir('tokens') +subdir('tests') diff --git a/meson_options.txt b/meson_options.txt new file mode 100644 index 0000000..7f22cd4 --- /dev/null +++ b/meson_options.txt @@ -0,0 +1,57 @@ +option('argon-implementation', type : 'combo', choices : ['none', 'internal', 'libargon2'], description : 'which implementation of Argon2 PBKDF shall be used (cryptsetup internal, external libargon2 (PHC) or disable Argon2 support)', value : 'internal') +option('asciidoc', type : 'feature', description : 'generate man pages from asciidoc', value : 'enabled') +option('blkid', type : 'boolean', description : 'use of blkid for device signature detection and wiping', value : true) +option('crypto-backend', type : 'combo', choices : ['gcrypt', 'openssl', 'nss', 'kernel', 'nettle'], description : 'crypto backend', value : 'openssl') +option('cryptsetup', type : 'boolean', description : 'cryptsetup support', value : true) +option('default-integrity-keyfile-size-maxkb', type : 'integer', description : 'maximum integritysetup keyfile size (in KiB)', value : 4) +option('default-keyfile-size-maxkb', type : 'integer', description : 'maximum keyfile size (in KiB)', value : 8192) +option('default-loopaes-cipher', type : 'string', description : 'cipher for loop-AES mode', value : 'aes') +option('default-loopaes-keybits', type : 'integer', description : 'key length in bits for loop-AES mode', value : 256) +option('default-luks1-cipher', type : 'string', description : 'cipher for LUKS1', value : 'aes') +option('default-luks1-hash', type : 'string', description : 'hash function for LUKS1 header', value : 'sha256') +option('default-luks1-iter-time', type : 'integer', description : 'PBKDF2 iteration time for LUKS1 (in ms)', value : 2000) +option('default-luks1-keybits', type : 'integer', description : 'key length in bits for LUKS1', value : 256) +option('default-luks1-mode', type : 'string', description : 'cipher mode for LUKS1', value : 'xts-plain64') +option('default-luks2-external-tokens-path', type : 'string', description : 'path to directory with LUKSv2 external token handlers (plugins)', value : 'LIBDIR/cryptsetup') +option('default-luks2-iter-time', type : 'integer', description : 'Argon2 PBKDF iteration time for LUKS2 (in ms)', value : 2000) +option('default-luks2-keyslot-cipher', type : 'string', description : 'fallback cipher for LUKS2 keyslot (if data encryption is incompatible)', value : 'aes-xts-plain64') +option('default-luks2-keyslot-keybits', type : 'integer', description : 'fallback key size for LUKS2 keyslot (if data encryption is incompatible)', value : 512) +option('default-luks2-lock-dir-perms', type : 'integer', description : 'default luks2 locking directory permissions', value : 0o700) +option('default-luks2-lock-path', type : 'string', description : 'path to directory for LUKSv2 locks', value : '/run/cryptsetup') +option('default-luks2-memory-kb', type : 'integer', description : 'Argon2 PBKDF memory cost for LUKS2 (in kB)', value : 1048576) +option('default-luks2-parallel-threads', type : 'integer', description : 'Argon2 PBKDF max parallel cost for LUKS2 (if CPUs available)', value : 4) +option('default-luks2-pbkdf', type : 'string', description : 'Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2', value : 'argon2id') +option('default-luks-format', type : 'combo', choices : ['LUKS1', 'LUKS2'], description : 'default LUKS format version', value : 'LUKS2') +option('default-passphrase-size-max', type : 'integer', description : 'maximum passphrase size (in characters)', value : 512) +option('default-plain-cipher', type : 'string', description : 'cipher for plain mode', value : 'aes') +option('default-plain-hash', type : 'string', description : 'cipher for plain mode', value : 'sha256') +option('default-plain-keybits', type : 'integer', description : 'key length in bits for plain mode', value : 256) +option('default-plain-mode', type : 'string', description : 'cipher mode for plain mode', value : 'xts-plain64') +option('default-verity-data-block', type : 'integer', description : 'data block size for verity mode', value : 4096) +option('default-verity-fec-roots', type : 'integer', description : 'parity bytes for verity FEC', value : 2) +option('default-verity-hash-block', type : 'integer', description : 'hash block size for verity mode', value : 4096) +option('default-verity-hash', type : 'string', description : 'hash function for verity mode', value : 'sha256') +option('default-verity-salt-size', type : 'integer', description : 'salt size for verity mode', value : 32) +option('dev-random', type : 'boolean', description : 'use /dev/random by default for key generation (use /dev/urandom when set to false)', value : false) +option('enable-static', type : 'boolean', description : 'build static libraries', value : false) +option('external-tokens', type : 'boolean', description : 'external LUKS2 tokens', value : true) +option('fips', type : 'boolean', description : 'enable FIPS mode restrictions', value : false) +option('fuzzing-engine', type : 'string', description : 'specify LDFLAGS for linking with fuzzing engine (in OSS-Fuzz, LIB_FUZZING_ENGINE variable should be passed via this argument)') +option('fuzz-targets', type : 'boolean', description : 'enable building fuzz targets', value : false) +option('gcrypt-pbkdf2', type : 'feature', description : 'enable internal gcrypt PBKDF2', value : 'auto') +option('gcrypt-argon2', type : 'feature', description : 'enable internal gcrypt Argon2', value : 'auto') +option('hw-opal', type : 'boolean', description : 'support LUKS2 extension for SED OPAL HW encryption', value : true) +option('integritysetup', type : 'boolean', description : 'integritysetup Support', value : true) +option('internal-sse-argon2', type : 'boolean', description : 'use internal SSE implementation of Argon2 PBKDF', value : false) +option('kernel_crypto', type : 'boolean', description : 'kernel userspace crypto (no benchmark and tcrypt)', value : true) +option('keyring', type : 'boolean', description : 'kernel keyring support and builtin kernel keyring token', value : true) +option('luks2-reencryption', type : 'boolean', description : 'LUKS2 online reencryption extension', value : true) +option('luks_adjust_xts_keysize', type : 'boolean', description : 'XTS mode requires two keys, double default LUKS keysize if needed', value : true) +option('nls', type : 'boolean', description : 'use Native Language Support', value : true) +option('passwdqc', type : 'string', description : 'enable password quality checking using passwdqc library (optionally with CONFIG_PATH)', value : 'false') +option('pwquality', type : 'boolean', description : 'password quality checking using pwquality library', value : false) +option('ssh-token', type : 'boolean', description : 'LUKS2 ssh-token', value : true) +option('static-cryptsetup', type : 'boolean', description : 'enable build of static version of tools', value : false) +option('tmpfilesdir', type : 'string', description : 'override default path to directory with systemd temporary files') +option('udev', type : 'boolean', description : 'udev support', value : true) +option('veritysetup', type : 'boolean', description : 'veritysetup support', value : true) diff --git a/misc/fedora/cryptsetup.spec b/misc/fedora/cryptsetup.spec index d635d45..44cde6e 100644 --- a/misc/fedora/cryptsetup.spec +++ b/misc/fedora/cryptsetup.spec @@ -2,9 +2,9 @@ Summary: Utility for setting up encrypted disks Name: cryptsetup -Version: 2.5.0 +Version: 2.7.0 Release: 1%{?dist} -License: GPLv2+ and LGPLv2+ +License: GPL-2.0-or-later WITH cryptsetup-OpenSSL-exception AND LGPL-2.1-or-later WITH cryptsetup-OpenSSL-exception URL: https://gitlab.com/cryptsetup/cryptsetup BuildRequires: autoconf, automake, libtool, gettext-devel, BuildRequires: openssl-devel, popt-devel, device-mapper-devel @@ -18,7 +18,7 @@ Obsoletes: %{name}-reencrypt <= %{version} Provides: %{name}-reencrypt = %{version} %global upstream_version %{version_no_tilde} -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-%{upstream_version}.tar.xz +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{upstream_version}.tar.xz %description The cryptsetup package contains a utility for setting up diff --git a/po/POTFILES.in b/po/POTFILES.in index ed9ebfe..7e22598 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -41,6 +41,7 @@ lib/luks2/luks2_reencrypt_digest.c lib/luks2/luks2_segment.c lib/luks2/luks2_token.c lib/luks2/luks2_token_keyring.c +lib/luks2/hw_opal/hw_opal.c src/cryptsetup.c src/veritysetup.c src/integritysetup.c diff --git a/po/cryptsetup.pot b/po/cryptsetup.pot index 8c1423d..b3804b0 100644 --- a/po/cryptsetup.pot +++ b/po/cryptsetup.pot @@ -5,9 +5,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.6.1-rc0\n" +"Project-Id-Version: cryptsetup 2.7.0\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2023-02-01 15:58+0100\n" +"POT-Creation-Date: 2024-01-24 09:44+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -24,58 +24,62 @@ msgstr "" msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "" -#: lib/libdevmapper.c:1102 +#: lib/libdevmapper.c:1103 msgid "Requested deferred flag is not supported." msgstr "" -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1172 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "" -#: lib/libdevmapper.c:1501 +#: lib/libdevmapper.c:1510 msgid "Unknown dm target type." msgstr "" -#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 -#: lib/libdevmapper.c:1727 +#: lib/libdevmapper.c:1629 lib/libdevmapper.c:1635 lib/libdevmapper.c:1738 +#: lib/libdevmapper.c:1741 msgid "Requested dm-crypt performance options are not supported." msgstr "" -#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 +#: lib/libdevmapper.c:1644 lib/libdevmapper.c:1656 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "" -#: lib/libdevmapper.c:1641 +#: lib/libdevmapper.c:1650 msgid "Requested dm-verity tasklets option is not supported." msgstr "" -#: lib/libdevmapper.c:1653 +#: lib/libdevmapper.c:1662 msgid "Requested dm-verity FEC options are not supported." msgstr "" -#: lib/libdevmapper.c:1659 +#: lib/libdevmapper.c:1668 msgid "Requested data integrity options are not supported." msgstr "" -#: lib/libdevmapper.c:1663 +#: lib/libdevmapper.c:1672 msgid "Requested sector_size option is not supported." msgstr "" -#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 +#: lib/libdevmapper.c:1677 +msgid "The device size is not multiple of the requested sector size." +msgstr "" + +#: lib/libdevmapper.c:1684 lib/libdevmapper.c:1690 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "" -#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 -#: lib/luks2/luks2_json_metadata.c:2620 +#: lib/libdevmapper.c:1696 lib/libdevmapper.c:1744 lib/libdevmapper.c:1747 +#: lib/luks2/luks2_json_metadata.c:2754 msgid "Discard/TRIM is not supported." msgstr "" -#: lib/libdevmapper.c:1688 +#: lib/libdevmapper.c:1702 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "" -#: lib/libdevmapper.c:2724 +#: lib/libdevmapper.c:2738 #, c-format msgid "Failed to query dm-%s segment." msgstr "" @@ -108,662 +112,769 @@ msgstr "" msgid "Error reading from RNG." msgstr "" -#: lib/setup.c:231 +#: lib/setup.c:262 +msgid "OPAL support is disabled in libcryptsetup." +msgstr "" + +#: lib/setup.c:264 +#, c-format +msgid "Device %s or kernel does not support OPAL encryption." +msgstr "" + +#: lib/setup.c:280 msgid "Cannot initialize crypto RNG backend." msgstr "" -#: lib/setup.c:237 +#: lib/setup.c:286 msgid "Cannot initialize crypto backend." msgstr "" -#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 +#: lib/setup.c:318 lib/setup.c:2778 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "" -#: lib/setup.c:271 lib/loopaes/loopaes.c:90 +#: lib/setup.c:321 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "" -#: lib/setup.c:342 lib/setup.c:369 +#: lib/setup.c:392 lib/setup.c:429 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "" -#: lib/setup.c:348 lib/setup.c:3320 +#: lib/setup.c:398 lib/setup.c:3973 msgid "This operation is supported only for LUKS device." msgstr "" -#: lib/setup.c:375 +#: lib/setup.c:435 msgid "This operation is supported only for LUKS2 device." msgstr "" -#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 +#: lib/setup.c:492 lib/luks2/luks2_reencrypt.c:3071 msgid "All key slots full." msgstr "" -#: lib/setup.c:438 +#: lib/setup.c:503 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "" -#: lib/setup.c:444 +#: lib/setup.c:509 #, c-format msgid "Key slot %d is full, please select another one." msgstr "" -#: lib/setup.c:529 lib/setup.c:3042 +#: lib/setup.c:620 lib/setup.c:3673 msgid "Device size is not aligned to device logical block size." msgstr "" -#: lib/setup.c:627 +#: lib/setup.c:718 #, c-format msgid "Header detected but device %s is too small." msgstr "" -#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 -#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 +#: lib/setup.c:759 lib/setup.c:3564 lib/setup.c:5351 lib/setup.c:5371 +#: lib/luks2/luks2_reencrypt.c:3863 lib/luks2/luks2_reencrypt.c:4320 msgid "This operation is not supported for this device type." msgstr "" -#: lib/setup.c:673 +#: lib/setup.c:764 msgid "Illegal operation with reencryption in-progress." msgstr "" -#: lib/setup.c:802 +#: lib/setup.c:896 msgid "Failed to rollback LUKS2 metadata in memory." msgstr "" -#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 -#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 -#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 -#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 -#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 -#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:983 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1374 src/cryptsetup.c:1878 +#: src/cryptsetup.c:2059 src/cryptsetup.c:2114 src/cryptsetup.c:2319 +#: src/cryptsetup.c:2489 src/cryptsetup.c:2770 src/cryptsetup.c:3078 +#: src/cryptsetup.c:3146 src/utils_reencrypt.c:1488 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:85 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "" -#: lib/setup.c:892 lib/luks1/keymanage.c:530 +#: lib/setup.c:986 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "" -#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 -#: lib/setup.c:2952 lib/setup.c:4764 +#: lib/setup.c:1359 +#, c-format +msgid "No known cipher specification pattern detected for active device %s." +msgstr "" + +#: lib/setup.c:1605 lib/setup.c:3318 lib/setup.c:3400 lib/setup.c:3412 +#: lib/setup.c:3582 lib/setup.c:5995 #, c-format msgid "Device %s is not active." msgstr "" -#: lib/setup.c:1508 +#: lib/setup.c:1622 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "" -#: lib/setup.c:1590 +#: lib/setup.c:1704 msgid "Invalid plain crypt parameters." msgstr "" -#: lib/setup.c:1595 lib/setup.c:2054 +#: lib/setup.c:1709 lib/setup.c:2681 msgid "Invalid key size." msgstr "" -#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 +#: lib/setup.c:1714 lib/setup.c:2686 lib/setup.c:2889 msgid "UUID is not supported for this crypt type." msgstr "" -#: lib/setup.c:1605 lib/setup.c:2064 +#: lib/setup.c:1719 lib/setup.c:2691 msgid "Detached metadata device is not supported for this crypt type." msgstr "" -#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 -#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 +#: lib/setup.c:1729 lib/setup.c:1964 lib/luks2/luks2_reencrypt.c:3027 +#: src/cryptsetup.c:1475 src/cryptsetup.c:3847 msgid "Unsupported encryption sector size." msgstr "" -#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 +#: lib/setup.c:1737 lib/setup.c:1993 lib/setup.c:3667 msgid "Device size is not aligned to requested sector size." msgstr "" -#: lib/setup.c:1675 lib/setup.c:1799 +#: lib/setup.c:1789 lib/setup.c:2026 lib/setup.c:2358 msgid "Can't format LUKS without device." msgstr "" -#: lib/setup.c:1681 lib/setup.c:1805 +#: lib/setup.c:1795 lib/setup.c:2032 lib/setup.c:2364 msgid "Requested data alignment is not compatible with data offset." msgstr "" -#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 +#: lib/setup.c:1835 lib/setup.c:2050 +msgid "" +"WARNING: DAX device can corrupt data as it does not guarantee atomic sector " +"updates.\n" +msgstr "" + +#: lib/setup.c:1873 lib/setup.c:2145 lib/setup.c:2166 lib/setup.c:2542 +#: lib/setup.c:2588 lib/setup.c:2901 #, c-format msgid "Cannot wipe header on device %s." msgstr "" -#: lib/setup.c:1769 lib/setup.c:2036 +#: lib/setup.c:1886 lib/setup.c:2205 #, c-format msgid "" "Device %s is too small for activation, there is no remaining space for " "data.\n" msgstr "" -#: lib/setup.c:1840 +#: lib/setup.c:1926 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "" + +#: lib/setup.c:1935 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "" + +#: lib/setup.c:1974 msgid "" "WARNING: The device activation will fail, dm-crypt is missing support for " "requested encryption sector size.\n" msgstr "" -#: lib/setup.c:1863 -msgid "Volume key is too small for encryption with integrity extensions." +#: lib/setup.c:2148 lib/setup.c:2485 lib/setup.c:2545 lib/utils_device.c:917 +#: lib/luks1/keyencryption.c:255 lib/luks2/luks2_reencrypt.c:3095 +#: lib/luks2/luks2_reencrypt.c:4380 +#, c-format +msgid "Device %s is too small." msgstr "" -#: lib/setup.c:1923 +#: lib/setup.c:2159 lib/setup.c:2185 lib/setup.c:2581 lib/setup.c:2627 #, c-format -msgid "Cipher %s-%s (key size %zd bits) is not available." +msgid "Cannot format device %s in use." msgstr "" -#: lib/setup.c:1949 +#: lib/setup.c:2162 lib/setup.c:2188 lib/setup.c:2584 lib/setup.c:2630 #, c-format -msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" +msgid "Cannot format device %s, permission denied." msgstr "" -#: lib/setup.c:1953 +#: lib/setup.c:2174 lib/setup.c:2601 lib/setup.c:2961 #, c-format -msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" +msgid "Cannot format integrity for device %s." msgstr "" -#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 +#: lib/setup.c:2192 lib/setup.c:2638 #, c-format -msgid "Device %s is too small." +msgid "Cannot format device %s." +msgstr "" + +#: lib/setup.c:2235 +msgid "Cannot get OPAL alignment parameters." +msgstr "" + +#: lib/setup.c:2244 +msgid "Bogus OPAL logical block size." +msgstr "" + +#: lib/setup.c:2250 +msgid "Requested data offset is not compatible with OPAL block size." +msgstr "" + +#: lib/setup.c:2257 +msgid "Requested data alignment is not compatible with OPAL alignment." +msgstr "" + +#: lib/setup.c:2277 +msgid "Data offset does not satisfy OPAL alignment requirements." +msgstr "" + +#: lib/setup.c:2290 +msgid "" +"Requested data alignment does not satisfy locking range alignment " +"requirements." msgstr "" -#: lib/setup.c:1990 lib/setup.c:2016 +#: lib/setup.c:2495 #, c-format -msgid "Cannot format device %s in use." +msgid "" +"Compensating device size by %<PRIu64> sectors to align it with OPAL " +"alignment granularity." msgstr "" -#: lib/setup.c:1993 lib/setup.c:2019 +#: lib/setup.c:2553 lib/setup.c:4070 lib/setup.c:4253 lib/utils_wipe.c:368 +#: lib/luks2/luks2_json_metadata.c:2703 lib/luks2/luks2_json_metadata.c:2955 #, c-format -msgid "Cannot format device %s, permission denied." +msgid "Failed to acquire OPAL lock on device %s." +msgstr "" + +#: lib/setup.c:2562 +msgid "Incorrect OPAL Admin key." +msgstr "" + +#: lib/setup.c:2564 +msgid "Cannot setup OPAL segment." msgstr "" -#: lib/setup.c:2005 lib/setup.c:2334 +#: lib/setup.c:2634 #, c-format -msgid "Cannot format integrity for device %s." +msgid "" +"Cannot format device %s, OPAL device seems to be fully write-protected now." msgstr "" -#: lib/setup.c:2023 +#: lib/setup.c:2636 +msgid "" +"This is perhaps a bug in firmware. Run OPAL PSID reset and reconnect for " +"recovery." +msgstr "" + +#: lib/setup.c:2656 #, c-format -msgid "Cannot format device %s." +msgid "Locking range %d reset on device %s failed." msgstr "" -#: lib/setup.c:2049 +#: lib/setup.c:2676 msgid "Can't format LOOPAES without device." msgstr "" -#: lib/setup.c:2094 +#: lib/setup.c:2721 msgid "Can't format VERITY without device." msgstr "" -#: lib/setup.c:2105 lib/verity/verity.c:101 +#: lib/setup.c:2732 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "" -#: lib/setup.c:2111 lib/verity/verity.c:109 +#: lib/setup.c:2738 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "" -#: lib/setup.c:2116 lib/verity/verity.c:74 +#: lib/setup.c:2743 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "" -#: lib/setup.c:2121 +#: lib/setup.c:2748 msgid "Unsupported VERITY FEC offset." msgstr "" -#: lib/setup.c:2145 +#: lib/setup.c:2772 msgid "Data area overlaps with hash area." msgstr "" -#: lib/setup.c:2170 +#: lib/setup.c:2797 msgid "Hash area overlaps with FEC area." msgstr "" -#: lib/setup.c:2177 +#: lib/setup.c:2804 msgid "Data area overlaps with FEC area." msgstr "" -#: lib/setup.c:2313 +#: lib/setup.c:2940 #, c-format msgid "" "WARNING: Requested tag size %d bytes differs from %s size output (%d " "bytes).\n" msgstr "" -#: lib/setup.c:2392 +#: lib/setup.c:3019 #, c-format msgid "Unknown crypt device type %s requested." msgstr "" -#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 +#: lib/setup.c:3326 lib/setup.c:3405 lib/setup.c:3418 #, c-format msgid "Unsupported parameters on device %s." msgstr "" -#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 -#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 +#: lib/setup.c:3332 lib/setup.c:3425 lib/luks2/luks2_reencrypt.c:2923 +#: lib/luks2/luks2_reencrypt.c:3160 lib/luks2/luks2_reencrypt.c:3555 #, c-format msgid "Mismatching parameters on device %s." msgstr "" -#: lib/setup.c:2822 +#: lib/setup.c:3449 msgid "Crypt devices mismatch." msgstr "" -#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 -#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 +#: lib/setup.c:3486 lib/setup.c:3491 lib/luks2/luks2_reencrypt.c:2405 +#: lib/luks2/luks2_reencrypt.c:2939 lib/luks2/luks2_reencrypt.c:4124 #, c-format msgid "Failed to reload device %s." msgstr "" -#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 -#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 +#: lib/setup.c:3497 lib/setup.c:3503 lib/luks2/luks2_reencrypt.c:2376 +#: lib/luks2/luks2_reencrypt.c:2383 lib/luks2/luks2_reencrypt.c:2953 #, c-format msgid "Failed to suspend device %s." msgstr "" -#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 -#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 -#: lib/luks2/luks2_reencrypt.c:4036 +#: lib/setup.c:3509 lib/luks2/luks2_reencrypt.c:2390 +#: lib/luks2/luks2_reencrypt.c:2974 lib/luks2/luks2_reencrypt.c:4037 +#: lib/luks2/luks2_reencrypt.c:4128 #, c-format msgid "Failed to resume device %s." msgstr "" -#: lib/setup.c:2897 +#: lib/setup.c:3524 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "" -#: lib/setup.c:2900 lib/setup.c:2902 +#: lib/setup.c:3527 lib/setup.c:3529 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "" -#: lib/setup.c:2984 +#: lib/setup.c:3569 +msgid "Can not resize LUKS2 device with static size." +msgstr "" + +#: lib/setup.c:3614 msgid "Cannot resize loop device." msgstr "" -#: lib/setup.c:3027 +#: lib/setup.c:3658 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "" -#: lib/setup.c:3088 +#: lib/setup.c:3724 msgid "Resize failed, the kernel doesn't support it." msgstr "" -#: lib/setup.c:3120 +#: lib/setup.c:3756 msgid "Do you really want to change UUID of device?" msgstr "" -#: lib/setup.c:3212 +#: lib/setup.c:3848 msgid "Header backup file does not contain compatible LUKS header." msgstr "" -#: lib/setup.c:3328 +#: lib/setup.c:3958 #, c-format msgid "Volume %s is not active." msgstr "" -#: lib/setup.c:3339 +#: lib/setup.c:4024 #, c-format msgid "Volume %s is already suspended." msgstr "" -#: lib/setup.c:3352 +#: lib/setup.c:4052 #, c-format msgid "Suspend is not supported for device %s." msgstr "" -#: lib/setup.c:3354 +#: lib/setup.c:4054 lib/setup.c:4062 #, c-format msgid "Error during suspending device %s." msgstr "" -#: lib/setup.c:3389 +#: lib/setup.c:4076 +#, c-format +msgid "Device %s was suspended but hardware OPAL device cannot be locked." +msgstr "" + +#: lib/setup.c:4108 lib/setup.c:4280 #, c-format msgid "Resume is not supported for device %s." msgstr "" -#: lib/setup.c:3391 +#: lib/setup.c:4110 lib/setup.c:4271 lib/setup.c:4282 #, c-format msgid "Error during resuming device %s." msgstr "" -#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 -#: src/cryptsetup.c:2479 +#: lib/setup.c:4129 +msgid "Failed to unlink volume key from user specified keyring." +msgstr "" + +#: lib/setup.c:4244 lib/setup.c:4966 lib/setup.c:5787 +msgid "Failed to link volume key in user defined keyring." +msgstr "" + +#: lib/setup.c:4345 src/cryptsetup.c:2852 #, c-format msgid "Volume %s is not suspended." msgstr "" -#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 -#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 -#: src/cryptsetup.c:2011 +#: lib/setup.c:4446 lib/setup.c:5106 lib/setup.c:5523 lib/setup.c:5542 +#: lib/setup.c:7416 lib/setup.c:7438 lib/setup.c:7487 src/cryptsetup.c:2362 msgid "Volume key does not match the volume." msgstr "" -#: lib/setup.c:3737 +#: lib/setup.c:4600 msgid "Failed to swap new key slot." msgstr "" -#: lib/setup.c:3835 +#: lib/setup.c:4698 #, c-format msgid "Key slot %d is invalid." msgstr "" -#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 -#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 +#: lib/setup.c:4704 src/cryptsetup.c:2072 src/cryptsetup.c:2564 +#: src/cryptsetup.c:3246 src/cryptsetup.c:3306 #, c-format msgid "Keyslot %d is not active." msgstr "" -#: lib/setup.c:3860 +#: lib/setup.c:4723 msgid "Device header overlaps with data area." msgstr "" -#: lib/setup.c:4165 +#: lib/setup.c:5076 lib/setup.c:5176 msgid "Reencryption in-progress. Cannot activate device." msgstr "" -#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 -#: lib/luks2/luks2_reencrypt.c:3590 +#: lib/setup.c:5078 lib/setup.c:5178 lib/luks2/luks2_json_metadata.c:2861 +#: lib/luks2/luks2_reencrypt.c:3661 msgid "Failed to get reencryption lock." msgstr "" -#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 +#: lib/setup.c:5090 +msgid "LUKS2 reencryption recovery using volume key(s) failed." +msgstr "" + +#: lib/setup.c:5142 lib/setup.c:5232 +msgid "Failed to link volume keys in user defined keyring." +msgstr "" + +#: lib/setup.c:5191 lib/luks2/luks2_reencrypt.c:3680 msgid "LUKS2 reencryption recovery failed." msgstr "" -#: lib/setup.c:4352 lib/setup.c:4618 +#: lib/setup.c:5439 lib/setup.c:5553 lib/setup.c:5610 msgid "Device type is not properly initialized." msgstr "" -#: lib/setup.c:4400 +#: lib/setup.c:5494 #, c-format msgid "Device %s already exists." msgstr "" -#: lib/setup.c:4407 +#: lib/setup.c:5501 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "" -#: lib/setup.c:4527 +#: lib/setup.c:5519 msgid "Incorrect volume key specified for plain device." msgstr "" -#: lib/setup.c:4644 -msgid "Incorrect root hash specified for verity device." +#: lib/setup.c:5533 +msgid "Reencryption volume keys do not match the volume." msgstr "" -#: lib/setup.c:4654 -msgid "Root hash signature required." +#: lib/setup.c:5646 +msgid "Kernel keyring is not supported by the kernel." msgstr "" -#: lib/setup.c:4663 +#: lib/setup.c:5650 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "" -#: lib/setup.c:4680 lib/setup.c:6423 -msgid "Failed to load key in kernel keyring." +#: lib/setup.c:5908 +msgid "Incorrect root hash specified for verity device." msgstr "" -#: lib/setup.c:4736 +#: lib/setup.c:5951 +msgid "OPAL does not support deferred deactivation." +msgstr "" + +#: lib/setup.c:5967 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "" -#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 +#: lib/setup.c:5974 lib/setup.c:5990 lib/luks2/luks2_json_metadata.c:2915 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "" -#: lib/setup.c:4768 +#: lib/setup.c:5999 #, c-format msgid "Invalid device %s." msgstr "" -#: lib/setup.c:4908 +#: lib/setup.c:6139 msgid "Volume key buffer too small." msgstr "" -#: lib/setup.c:4925 +#: lib/setup.c:6156 msgid "Cannot retrieve volume key for LUKS2 device." msgstr "" -#: lib/setup.c:4934 +#: lib/setup.c:6165 msgid "Cannot retrieve volume key for LUKS1 device." msgstr "" -#: lib/setup.c:4944 +#: lib/setup.c:6175 msgid "Cannot retrieve volume key for plain device." msgstr "" -#: lib/setup.c:4952 +#: lib/setup.c:6183 msgid "Cannot retrieve root hash for verity device." msgstr "" -#: lib/setup.c:4959 +#: lib/setup.c:6190 msgid "Cannot retrieve volume key for BITLK device." msgstr "" -#: lib/setup.c:4964 +#: lib/setup.c:6195 msgid "Cannot retrieve volume key for FVAULT2 device." msgstr "" -#: lib/setup.c:4966 +#: lib/setup.c:6197 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "" -#: lib/setup.c:5147 lib/setup.c:5158 +#: lib/setup.c:6381 lib/setup.c:6392 msgid "Dump operation is not supported for this device type." msgstr "" -#: lib/setup.c:5500 +#: lib/setup.c:6751 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "" -#: lib/setup.c:5788 +#: lib/setup.c:7059 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "" -#: lib/setup.c:6098 lib/setup.c:6237 +#: lib/setup.c:7357 lib/setup.c:7496 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "" -#: lib/setup.c:6122 +#: lib/setup.c:7381 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "" -#: lib/setup.c:6128 +#: lib/setup.c:7387 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "" -#: lib/setup.c:6353 +#: lib/setup.c:7612 msgid "Cannot add key slot, all slots disabled and no volume key provided." msgstr "" -#: lib/setup.c:6490 -msgid "Kernel keyring is not supported by the kernel." +#: lib/setup.c:7681 lib/verity/verity.c:343 +msgid "Failed to load key in kernel keyring." msgstr "" -#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 +#: lib/setup.c:7799 +msgid "Failed to unlink volume key from thread keyring." +msgstr "" + +#: lib/setup.c:7843 #, c-format -msgid "Failed to read passphrase from keyring (error %d)." +msgid "Could not find keyring described by \"%s\"." msgstr "" -#: lib/setup.c:6523 +#: lib/setup.c:7908 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "" -#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 +#: lib/utils.c:215 lib/tcrypt/tcrypt.c:503 msgid "Failed to open key file." msgstr "" -#: lib/utils.c:163 +#: lib/utils.c:220 msgid "Cannot read keyfile from a terminal." msgstr "" -#: lib/utils.c:179 +#: lib/utils.c:236 msgid "Failed to stat key file." msgstr "" -#: lib/utils.c:187 lib/utils.c:208 +#: lib/utils.c:244 lib/utils.c:265 msgid "Cannot seek to requested keyfile offset." msgstr "" -#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 -#: src/utils_password.c:237 +#: lib/utils.c:259 lib/utils.c:274 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "" -#: lib/utils.c:237 +#: lib/utils.c:294 msgid "Error reading passphrase." msgstr "" -#: lib/utils.c:254 +#: lib/utils.c:311 msgid "Nothing to read on input." msgstr "" -#: lib/utils.c:261 +#: lib/utils.c:318 msgid "Maximum keyfile size exceeded." msgstr "" -#: lib/utils.c:266 +#: lib/utils.c:323 msgid "Cannot read requested amount of data." msgstr "" -#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 +#: lib/utils_device.c:213 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1461 #, c-format msgid "Device %s does not exist or access denied." msgstr "" -#: lib/utils_device.c:217 +#: lib/utils_device.c:223 #, c-format msgid "Device %s is not compatible." msgstr "" -#: lib/utils_device.c:561 +#: lib/utils_device.c:567 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "" -#: lib/utils_device.c:722 +#: lib/utils_device.c:728 #, c-format msgid "Device %s is too small. Need at least %<PRIu64> bytes." msgstr "" -#: lib/utils_device.c:803 +#: lib/utils_device.c:809 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "" -#: lib/utils_device.c:807 +#: lib/utils_device.c:813 #, c-format msgid "Cannot use device %s, permission denied." msgstr "" -#: lib/utils_device.c:810 +#: lib/utils_device.c:816 #, c-format msgid "Cannot get info about device %s." msgstr "" -#: lib/utils_device.c:833 +#: lib/utils_device.c:839 msgid "Cannot use a loopback device, running as non-root user." msgstr "" -#: lib/utils_device.c:844 +#: lib/utils_device.c:850 msgid "" "Attaching loopback device failed (loop device with autoclear flag is " "required)." msgstr "" -#: lib/utils_device.c:892 +#: lib/utils_device.c:898 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "" -#: lib/utils_device.c:900 +#: lib/utils_device.c:906 #, c-format msgid "Device %s has zero size." msgstr "" -#: lib/utils_pbkdf.c:100 +#: lib/utils_pbkdf.c:116 msgid "Requested PBKDF target time cannot be zero." msgstr "" -#: lib/utils_pbkdf.c:106 +#: lib/utils_pbkdf.c:122 #, c-format msgid "Unknown PBKDF type %s." msgstr "" -#: lib/utils_pbkdf.c:111 +#: lib/utils_pbkdf.c:127 #, c-format msgid "Requested hash %s is not supported." msgstr "" -#: lib/utils_pbkdf.c:122 +#: lib/utils_pbkdf.c:138 msgid "Requested PBKDF type is not supported for LUKS1." msgstr "" -#: lib/utils_pbkdf.c:128 +#: lib/utils_pbkdf.c:144 msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "" -#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#: lib/utils_pbkdf.c:149 lib/utils_pbkdf.c:159 #, c-format msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "" -#: lib/utils_pbkdf.c:148 +#: lib/utils_pbkdf.c:164 #, c-format msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." msgstr "" -#: lib/utils_pbkdf.c:155 +#: lib/utils_pbkdf.c:171 #, c-format msgid "" "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." msgstr "" -#: lib/utils_pbkdf.c:160 +#: lib/utils_pbkdf.c:176 msgid "Requested maximum PBKDF memory cannot be zero." msgstr "" -#: lib/utils_pbkdf.c:164 +#: lib/utils_pbkdf.c:180 msgid "Requested PBKDF parallel threads cannot be zero." msgstr "" -#: lib/utils_pbkdf.c:184 +#: lib/utils_pbkdf.c:200 msgid "Only PBKDF2 is supported in FIPS mode." msgstr "" -#: lib/utils_benchmark.c:175 +#: lib/utils_benchmark.c:184 msgid "PBKDF benchmark disabled but iterations not set." msgstr "" -#: lib/utils_benchmark.c:194 +#: lib/utils_benchmark.c:203 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "" -#: lib/utils_benchmark.c:214 +#: lib/utils_benchmark.c:223 msgid "Not compatible PBKDF options." msgstr "" @@ -780,16 +891,24 @@ msgid "" "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "" -#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: lib/utils_wipe.c:156 lib/utils_wipe.c:227 src/utils_reencrypt_luks1.c:734 #: src/utils_reencrypt_luks1.c:832 msgid "Cannot seek to device offset." msgstr "" -#: lib/utils_wipe.c:247 +#: lib/utils_wipe.c:249 #, c-format msgid "Device wipe error, offset %<PRIu64>." msgstr "" +#: lib/utils_wipe.c:344 +msgid "Incorrect OPAL PSID." +msgstr "" + +#: lib/utils_wipe.c:346 +msgid "Cannot erase OPAL device." +msgstr "" + #: lib/luks1/keyencryption.c:39 #, c-format msgid "" @@ -807,7 +926,7 @@ msgstr "" #: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 #: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 -#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 +#: lib/luks2/luks2_json_metadata.c:1528 lib/luks2/luks2_keyslot.c:712 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "" @@ -821,17 +940,17 @@ msgid "Failed to access temporary keystore device." msgstr "" #: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 -#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:197 msgid "IO error while encrypting keyslot." msgstr "" #: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 -#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:681 #: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 #: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 #: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 #: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 -#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: lib/luks2/luks2_json_metadata.c:1531 src/utils_reencrypt_luks1.c:121 #: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." @@ -853,32 +972,32 @@ msgstr "" msgid "LUKS keyslot %u is invalid." msgstr "" -#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1391 #, c-format msgid "Requested header backup file %s already exists." msgstr "" -#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1393 #, c-format msgid "Cannot create header backup file %s." msgstr "" -#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1400 #, c-format msgid "Cannot write header backup file %s." msgstr "" -#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1437 msgid "Backup file does not contain valid LUKS header." msgstr "" #: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 -#: lib/luks2/luks2_json_metadata.c:1420 +#: lib/luks2/luks2_json_metadata.c:1458 #, c-format msgid "Cannot open header backup file %s." msgstr "" -#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1466 #, c-format msgid "Cannot read header backup file %s." msgstr "" @@ -904,7 +1023,7 @@ msgid "" "keyslots." msgstr "" -#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1500 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -976,7 +1095,7 @@ msgstr "" msgid "LUKS hash %s is invalid." msgstr "" -#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1360 msgid "No known problems detected for LUKS header." msgstr "" @@ -996,8 +1115,8 @@ msgid "" msgstr "" #: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 -#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 -#: src/utils_reencrypt.c:539 +#: lib/luks2/luks2_json_format.c:243 lib/luks2/luks2_json_metadata.c:1274 +#: src/utils_reencrypt.c:554 msgid "Wrong LUKS UUID format provided." msgstr "" @@ -1034,7 +1153,7 @@ msgstr "" msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "" -#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:716 #, c-format msgid "Cannot wipe device %s." msgstr "" @@ -1055,48 +1174,48 @@ msgstr "" msgid "Kernel does not support loop-AES compatible mapping." msgstr "" -#: lib/tcrypt/tcrypt.c:508 +#: lib/tcrypt/tcrypt.c:510 #, c-format msgid "Error reading keyfile %s." msgstr "" -#: lib/tcrypt/tcrypt.c:558 +#: lib/tcrypt/tcrypt.c:560 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "" -#: lib/tcrypt/tcrypt.c:600 +#: lib/tcrypt/tcrypt.c:602 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "" -#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1235 msgid "Required kernel crypto interface not available." msgstr "" -#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 +#: lib/tcrypt/tcrypt.c:623 src/cryptsetup.c:1237 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "" -#: lib/tcrypt/tcrypt.c:762 +#: lib/tcrypt/tcrypt.c:764 #, c-format msgid "Activation is not supported for %d sector size." msgstr "" -#: lib/tcrypt/tcrypt.c:768 +#: lib/tcrypt/tcrypt.c:770 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "" -#: lib/tcrypt/tcrypt.c:799 +#: lib/tcrypt/tcrypt.c:801 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "" -#: lib/tcrypt/tcrypt.c:882 +#: lib/tcrypt/tcrypt.c:884 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "" -#: lib/tcrypt/tcrypt.c:1095 +#: lib/tcrypt/tcrypt.c:1097 msgid "This function is not supported without TCRYPT header load." msgstr "" @@ -1160,81 +1279,81 @@ msgstr "" msgid "Failed to convert BITLK volume description" msgstr "" -#: lib/bitlk/bitlk.c:882 +#: lib/bitlk/bitlk.c:884 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "" -#: lib/bitlk/bitlk.c:905 +#: lib/bitlk/bitlk.c:907 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "" -#: lib/bitlk/bitlk.c:909 +#: lib/bitlk/bitlk.c:911 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "" -#: lib/bitlk/bitlk.c:948 +#: lib/bitlk/bitlk.c:950 #, c-format msgid "Unsupported BEK metadata version %<PRIu32>" msgstr "" -#: lib/bitlk/bitlk.c:953 +#: lib/bitlk/bitlk.c:955 #, c-format msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length" msgstr "" -#: lib/bitlk/bitlk.c:979 +#: lib/bitlk/bitlk.c:981 msgid "Unexpected metadata entry found when parsing startup key." msgstr "" -#: lib/bitlk/bitlk.c:1075 +#: lib/bitlk/bitlk.c:1076 msgid "This operation is not supported." msgstr "" -#: lib/bitlk/bitlk.c:1083 +#: lib/bitlk/bitlk.c:1084 msgid "Unexpected key data size." msgstr "" -#: lib/bitlk/bitlk.c:1209 +#: lib/bitlk/bitlk.c:1210 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "" -#: lib/bitlk/bitlk.c:1214 +#: lib/bitlk/bitlk.c:1215 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "" -#: lib/bitlk/bitlk.c:1221 +#: lib/bitlk/bitlk.c:1222 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "" -#: lib/bitlk/bitlk.c:1262 +#: lib/bitlk/bitlk.c:1263 #, c-format msgid "" "WARNING: BitLocker volume size %<PRIu64> does not match the underlying " "device size %<PRIu64>" msgstr "" -#: lib/bitlk/bitlk.c:1389 +#: lib/bitlk/bitlk.c:1390 msgid "" "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "" -#: lib/bitlk/bitlk.c:1393 +#: lib/bitlk/bitlk.c:1394 msgid "" "Cannot activate device, kernel dm-crypt is missing support for BITLK " "Elephant diffuser." msgstr "" -#: lib/bitlk/bitlk.c:1397 +#: lib/bitlk/bitlk.c:1398 msgid "" "Cannot activate device, kernel dm-crypt is missing support for large sector " "size." msgstr "" -#: lib/bitlk/bitlk.c:1401 +#: lib/bitlk/bitlk.c:1402 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "" @@ -1272,28 +1391,32 @@ msgstr "" msgid "Error during update of verity header on device %s." msgstr "" -#: lib/verity/verity.c:278 +#: lib/verity/verity.c:274 msgid "Root hash signature verification is not supported." msgstr "" -#: lib/verity/verity.c:290 +#: lib/verity/verity.c:279 +msgid "Root hash signature required." +msgstr "" + +#: lib/verity/verity.c:294 msgid "Errors cannot be repaired with FEC device." msgstr "" -#: lib/verity/verity.c:292 +#: lib/verity/verity.c:296 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "" -#: lib/verity/verity.c:335 +#: lib/verity/verity.c:377 msgid "Kernel does not support dm-verity mapping." msgstr "" -#: lib/verity/verity.c:339 +#: lib/verity/verity.c:381 msgid "Kernel does not support dm-verity signature option." msgstr "" -#: lib/verity/verity.c:350 +#: lib/verity/verity.c:392 msgid "Verity device detected corruption after activation." msgstr "" @@ -1389,7 +1512,7 @@ msgstr "" msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." msgstr "" -#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:454 msgid "Kernel does not support dm-integrity mapping." msgstr "" @@ -1403,141 +1526,186 @@ msgid "" "activation options to override)." msgstr "" -#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 -#: lib/luks2/luks2_json_metadata.c:1482 +#: lib/luks2/luks2_disk_metadata.c:392 lib/luks2/luks2_json_metadata.c:1197 +#: lib/luks2/luks2_json_metadata.c:1520 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "" -#: lib/luks2/luks2_disk_metadata.c:400 +#: lib/luks2/luks2_disk_metadata.c:401 msgid "" "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." msgstr "" -#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 +#: lib/luks2/luks2_disk_metadata.c:710 lib/luks2/luks2_disk_metadata.c:731 msgid "" "Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery." msgstr "" -#: lib/luks2/luks2_json_format.c:229 -msgid "Requested data offset is too small." -msgstr "" - -#: lib/luks2/luks2_json_format.c:274 +#: lib/luks2/luks2_json_format.c:231 #, c-format msgid "" "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 " "keyslot count is very limited.\n" msgstr "" -#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 -#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_json_format.c:427 +msgid "Requested data offset is too small." +msgstr "" + +#: lib/luks2/luks2_json_format.c:468 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" +msgstr "" + +#: lib/luks2/luks2_json_format.c:472 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1184 lib/luks2/luks2_json_metadata.c:1366 +#: lib/luks2/luks2_json_metadata.c:1426 lib/luks2/luks2_keyslot_luks2.c:94 #: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1405 +#: lib/luks2/luks2_json_metadata.c:1443 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1446 +#: lib/luks2/luks2_json_metadata.c:1484 msgid "Data offset differ on device and backup, restore failed." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1452 +#: lib/luks2/luks2_json_metadata.c:1490 msgid "" "Binary header with keyslot areas size differ on device and backup, restore " "failed." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1459 +#: lib/luks2/luks2_json_metadata.c:1497 #, c-format msgid "Device %s %s%s%s%s" msgstr "" -#: lib/luks2/luks2_json_metadata.c:1460 +#: lib/luks2/luks2_json_metadata.c:1498 msgid "" "does not contain LUKS2 header. Replacing header can destroy data on that " "device." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1461 +#: lib/luks2/luks2_json_metadata.c:1499 msgid "" "already contains LUKS2 header. Replacing header will destroy existing " "keyslots." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1463 +#: lib/luks2/luks2_json_metadata.c:1501 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" "Replacing header with backup may corrupt the data on that device!" msgstr "" -#: lib/luks2/luks2_json_metadata.c:1465 +#: lib/luks2/luks2_json_metadata.c:1503 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" "Replacing header with backup may corrupt data." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1562 +#: lib/luks2/luks2_json_metadata.c:1600 #, c-format msgid "Ignored unknown flag %s." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 +#: lib/luks2/luks2_json_metadata.c:2525 lib/luks2/luks2_reencrypt.c:2105 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "" -#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 +#: lib/luks2/luks2_json_metadata.c:2537 lib/luks2/luks2_reencrypt.c:2119 msgid "Failed to set dm-crypt segment." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 +#: lib/luks2/luks2_json_metadata.c:2543 lib/luks2/luks2_reencrypt.c:2125 msgid "Failed to set dm-linear segment." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2615 +#: lib/luks2/luks2_json_metadata.c:2662 src/utils_reencrypt.c:433 +msgid "No known cipher specification pattern detected in LUKS2 header." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2670 +msgid "OPAL device must have static device size." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2690 +msgid "" +"Encrypted OPAL device with integrity must be smaller than locking range." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2695 +msgid "OPAL device must have same size as locking range." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2715 +#, c-format +msgid "OPAL device is %s already unlocked.\n" +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2748 msgid "Unsupported device integrity configuration." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2701 +#: lib/luks2/luks2_json_metadata.c:2764 +msgid "Underlying dm-integrity device with unexpected provided data sectors." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2859 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 +#: lib/luks2/luks2_json_metadata.c:2870 lib/luks2/luks2_reencrypt.c:4174 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2792 +#: lib/luks2/luks2_json_metadata.c:2939 lib/luks2/luks2_json_metadata.c:2961 +#, c-format +msgid "Device %s was deactivated but hardware OPAL device cannot be locked." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2980 msgid "Failed to read LUKS2 requirements." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2799 +#: lib/luks2/luks2_json_metadata.c:2987 msgid "Unmet LUKS2 requirements detected." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2807 +#: lib/luks2/luks2_json_metadata.c:2995 msgid "" "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "" -#: lib/luks2/luks2_json_metadata.c:2809 +#: lib/luks2/luks2_json_metadata.c:2997 msgid "" "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "" -#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 +#: lib/luks2/luks2_json_metadata.c:2999 +msgid "Operation incompatible with device using OPAL. Aborting." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:602 msgid "Not enough available memory to open a keyslot." msgstr "" -#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:604 msgid "Keyslot open failed." msgstr "" @@ -1546,523 +1714,592 @@ msgstr "" msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "" -#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:404 +#: lib/luks2/luks2_keyslot_reenc.c:447 lib/luks2/luks2_reencrypt.c:2729 #, c-format msgid "Hash algorithm %s is not available." msgstr "" -#: lib/luks2/luks2_keyslot_luks2.c:510 +#: lib/luks2/luks2_keyslot_luks2.c:371 +msgid "" +"Warning: keyslot operation could fail as it requires more than available " +"memory.\n" +msgstr "" + +#: lib/luks2/luks2_keyslot_luks2.c:520 msgid "No space for new keyslot." msgstr "" -#: lib/luks2/luks2_keyslot_reenc.c:593 +#: lib/luks2/luks2_keyslot_reenc.c:596 msgid "Invalid reencryption resilience mode change requested." msgstr "" -#: lib/luks2/luks2_keyslot_reenc.c:714 +#: lib/luks2/luks2_keyslot_reenc.c:717 #, c-format msgid "" "Can not update resilience type. New type only provides %<PRIu64> bytes, " "required space is: %<PRIu64> bytes." msgstr "" -#: lib/luks2/luks2_keyslot_reenc.c:724 +#: lib/luks2/luks2_keyslot_reenc.c:727 msgid "Failed to refresh reencryption verification digest." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:512 +#: lib/luks2/luks2_luks1_convert.c:545 #, c-format msgid "Cannot check status of device with uuid: %s." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:538 +#: lib/luks2/luks2_luks1_convert.c:571 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 +#: lib/luks2/luks2_luks1_convert.c:602 lib/luks2/luks2_reencrypt.c:3810 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:584 +#: lib/luks2/luks2_luks1_convert.c:617 msgid "Unable to move keyslot area. Not enough space." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:619 +#: lib/luks2/luks2_luks1_convert.c:652 msgid "Cannot convert to LUKS2 format - invalid metadata." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:636 +#: lib/luks2/luks2_luks1_convert.c:669 msgid "Unable to move keyslot area. LUKS2 keyslots area too small." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 +#: lib/luks2/luks2_luks1_convert.c:675 lib/luks2/luks2_luks1_convert.c:969 msgid "Unable to move keyslot area." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:732 +#: lib/luks2/luks2_luks1_convert.c:765 msgid "" "Cannot convert to LUKS1 format - default segment encryption sector size is " "not 512 bytes." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:740 +#: lib/luks2/luks2_luks1_convert.c:773 msgid "" "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:752 +#: lib/luks2/luks2_luks1_convert.c:785 #, c-format msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:757 +#: lib/luks2/luks2_luks1_convert.c:790 msgid "Cannot convert to LUKS1 format - device uses more segments." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:765 +#: lib/luks2/luks2_luks1_convert.c:798 #, c-format msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:779 +#: lib/luks2/luks2_luks1_convert.c:812 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:784 +#: lib/luks2/luks2_luks1_convert.c:817 #, c-format msgid "" "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still " "active." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:789 +#: lib/luks2/luks2_luks1_convert.c:822 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1152 +#: lib/luks2/luks2_reencrypt.c:1196 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1157 +#: lib/luks2/luks2_reencrypt.c:1201 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 -#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 -#: lib/luks2/luks2_reencrypt.c:3877 +#: lib/luks2/luks2_reencrypt.c:1408 lib/luks2/luks2_reencrypt.c:1595 +#: lib/luks2/luks2_reencrypt.c:1678 lib/luks2/luks2_reencrypt.c:1720 +#: lib/luks2/luks2_reencrypt.c:3969 msgid "Failed to initialize old segment storage wrapper." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 +#: lib/luks2/luks2_reencrypt.c:1422 lib/luks2/luks2_reencrypt.c:1573 msgid "Failed to initialize new segment storage wrapper." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 +#: lib/luks2/luks2_reencrypt.c:1549 lib/luks2/luks2_reencrypt.c:3981 msgid "Failed to initialize hotzone protection." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1578 +#: lib/luks2/luks2_reencrypt.c:1622 msgid "Failed to read checksums for current hotzone." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:1629 lib/luks2/luks2_reencrypt.c:3995 #, c-format msgid "Failed to read hotzone area starting at %<PRIu64>." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1604 +#: lib/luks2/luks2_reencrypt.c:1648 #, c-format msgid "Failed to decrypt sector %zu." msgstr "" -#: lib/luks2/luks2_reencrypt.c:1610 +#: lib/luks2/luks2_reencrypt.c:1654 #, c-format msgid "Failed to recover sector %zu." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2174 +#: lib/luks2/luks2_reencrypt.c:2218 #, c-format msgid "" "Source and target device sizes don't match. Source %<PRIu64>, target: " "%<PRIu64>." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2272 +#: lib/luks2/luks2_reencrypt.c:2316 #, c-format msgid "Failed to activate hotzone device %s." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2289 +#: lib/luks2/luks2_reencrypt.c:2333 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2296 +#: lib/luks2/luks2_reencrypt.c:2340 #, c-format msgid "Failed to load new mapping for device %s." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2367 +#: lib/luks2/luks2_reencrypt.c:2411 msgid "Failed to refresh reencryption devices stack." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2550 +#: lib/luks2/luks2_reencrypt.c:2611 msgid "Failed to set new keyslots area size." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2686 +#: lib/luks2/luks2_reencrypt.c:2747 #, c-format msgid "" "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 +#: lib/luks2/luks2_reencrypt.c:2784 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "" -#: lib/luks2/luks2_reencrypt.c:2760 +#: lib/luks2/luks2_reencrypt.c:2821 msgid "Moved segment size can not be greater than data shift value." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2802 +#: lib/luks2/luks2_reencrypt.c:2863 msgid "Invalid reencryption resilience parameters." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2824 +#: lib/luks2/luks2_reencrypt.c:2885 #, c-format msgid "" "Moved segment too large. Requested size %<PRIu64>, available space for: " "%<PRIu64>." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2911 +#: lib/luks2/luks2_reencrypt.c:2972 msgid "Failed to clear table." msgstr "" -#: lib/luks2/luks2_reencrypt.c:2997 +#: lib/luks2/luks2_reencrypt.c:3058 msgid "Reduced data size is larger than real device size." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3004 +#: lib/luks2/luks2_reencrypt.c:3065 #, c-format msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3038 +#: lib/luks2/luks2_reencrypt.c:3099 #, c-format msgid "" "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> " "sectors)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 -#: lib/luks2/luks2_reencrypt.c:3554 +#: lib/luks2/luks2_reencrypt.c:3106 lib/luks2/luks2_reencrypt.c:3604 +#: lib/luks2/luks2_reencrypt.c:3625 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3234 +#: lib/luks2/luks2_reencrypt.c:3295 msgid "Device not marked for LUKS2 reencryption." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 +#: lib/luks2/luks2_reencrypt.c:3312 lib/luks2/luks2_reencrypt.c:4286 msgid "Failed to load LUKS2 reencryption context." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3331 +#: lib/luks2/luks2_reencrypt.c:3402 msgid "Failed to get reencryption state." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 +#: lib/luks2/luks2_reencrypt.c:3406 lib/luks2/luks2_reencrypt.c:3720 msgid "Device is not in reencryption." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 +#: lib/luks2/luks2_reencrypt.c:3413 lib/luks2/luks2_reencrypt.c:3727 msgid "Reencryption process is already running." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 +#: lib/luks2/luks2_reencrypt.c:3415 lib/luks2/luks2_reencrypt.c:3729 msgid "Failed to acquire reencryption lock." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3362 +#: lib/luks2/luks2_reencrypt.c:3433 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3497 +#: lib/luks2/luks2_reencrypt.c:3568 msgid "Active device size and requested reencryption size don't match." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3511 +#: lib/luks2/luks2_reencrypt.c:3582 msgid "Illegal device size requested in reencryption parameters." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3588 +#: lib/luks2/luks2_reencrypt.c:3659 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3757 +#: lib/luks2/luks2_reencrypt.c:3827 msgid "LUKS2 reencryption already initialized in metadata." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3764 +#: lib/luks2/luks2_reencrypt.c:3834 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3859 +#: lib/luks2/luks2_reencrypt.c:3887 lib/luks2/luks2_reencrypt.c:3922 +msgid "Reencryption is not supported for DAX (persistent memory) devices." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3894 +msgid "Failed to read passphrase from keyring." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3951 msgid "Failed to set device segments for next reencryption hotzone." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:4003 msgid "Failed to write reencryption resilience metadata." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3918 +#: lib/luks2/luks2_reencrypt.c:4010 msgid "Decryption failed." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3923 +#: lib/luks2/luks2_reencrypt.c:4015 #, c-format msgid "Failed to write hotzone area starting at %<PRIu64>." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3928 +#: lib/luks2/luks2_reencrypt.c:4020 msgid "Failed to sync data." msgstr "" -#: lib/luks2/luks2_reencrypt.c:3936 +#: lib/luks2/luks2_reencrypt.c:4028 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4025 +#: lib/luks2/luks2_reencrypt.c:4117 msgid "Failed to write LUKS2 metadata." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4048 +#: lib/luks2/luks2_reencrypt.c:4140 msgid "Failed to wipe unused data device area." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4054 +#: lib/luks2/luks2_reencrypt.c:4146 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4064 +#: lib/luks2/luks2_reencrypt.c:4156 msgid "Failed to remove reencryption keyslot." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4074 +#: lib/luks2/luks2_reencrypt.c:4166 #, c-format msgid "" "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> " "sectors long." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4078 +#: lib/luks2/luks2_reencrypt.c:4170 msgid "Online reencryption failed." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4083 +#: lib/luks2/luks2_reencrypt.c:4175 msgid "Do not resume the device unless replaced with error target manually." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4137 +#: lib/luks2/luks2_reencrypt.c:4227 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4143 +#: lib/luks2/luks2_reencrypt.c:4233 msgid "Missing or invalid reencrypt context." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4150 +#: lib/luks2/luks2_reencrypt.c:4240 msgid "Failed to initialize reencryption device stack." msgstr "" -#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 +#: lib/luks2/luks2_reencrypt.c:4262 lib/luks2/luks2_reencrypt.c:4299 msgid "Failed to update reencryption context." msgstr "" -#: lib/luks2/luks2_reencrypt_digest.c:405 +#: lib/luks2/luks2_reencrypt_digest.c:421 msgid "Reencryption metadata is invalid." msgstr "" -#: src/cryptsetup.c:85 +#: lib/luks2/hw_opal/hw_opal.c:335 +#, c-format +msgid "" +"OPAL range %d offset %<PRIu64> does not match expected values %<PRIu64>." +msgstr "" + +#: lib/luks2/hw_opal/hw_opal.c:344 +#, c-format +msgid "OPAL range %d length %<PRIu64> does not match device length %<PRIu64>." +msgstr "" + +#: lib/luks2/hw_opal/hw_opal.c:351 +#, c-format +msgid "OPAL range %d locking is disabled." +msgstr "" + +#: lib/luks2/hw_opal/hw_opal.c:361 lib/luks2/hw_opal/hw_opal.c:368 +#, c-format +msgid "Unexpected OPAL range %d lock state." +msgstr "" + +#: src/cryptsetup.c:93 msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "" -#: src/cryptsetup.c:108 src/cryptsetup.c:1901 +#: src/cryptsetup.c:136 src/cryptsetup.c:2242 #, c-format msgid "Enter token PIN: " msgstr "" -#: src/cryptsetup.c:110 src/cryptsetup.c:1903 +#: src/cryptsetup.c:138 src/cryptsetup.c:2244 #, c-format msgid "Enter token %d PIN: " msgstr "" -#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 -#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:196 src/cryptsetup.c:1182 src/cryptsetup.c:1523 +#: src/utils_reencrypt.c:1137 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "" -#: src/cryptsetup.c:167 +#: src/cryptsetup.c:206 +#, c-format +msgid "" +"WARNING: Using default options for cipher (%s-%s, key size %u bits) that " +"could be incompatible with older versions." +msgstr "" + +#: src/cryptsetup.c:211 +#, c-format +msgid "" +"WARNING: Using default options for hash (%s) that could be incompatible with " +"older versions." +msgstr "" + +#: src/cryptsetup.c:215 +msgid "" +"For plain mode, always use options --cipher, --key-size and if no keyfile is " +"used, then also --hash." +msgstr "" + +#: src/cryptsetup.c:221 msgid "" "WARNING: The --hash parameter is being ignored in plain mode with keyfile " "specified.\n" msgstr "" -#: src/cryptsetup.c:175 +#: src/cryptsetup.c:229 msgid "" "WARNING: The --keyfile-size option is being ignored, the read size is the " "same as the encryption key size.\n" msgstr "" -#: src/cryptsetup.c:215 +#: src/cryptsetup.c:266 src/cryptsetup.c:1368 src/cryptsetup.c:1566 +#: src/integritysetup.c:197 src/utils_reencrypt.c:1346 +#, c-format +msgid "Blkid scan failed for %s." +msgstr "" + +#: src/cryptsetup.c:272 #, c-format msgid "" "Detected device signature(s) on %s. Proceeding further may damage existing " "data." msgstr "" -#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 -#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 -#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 +#: src/cryptsetup.c:278 src/cryptsetup.c:1256 src/cryptsetup.c:1304 +#: src/cryptsetup.c:1375 src/cryptsetup.c:1500 src/cryptsetup.c:1578 +#: src/cryptsetup.c:2622 src/cryptsetup.c:3049 src/integritysetup.c:187 +#: src/utils_reencrypt.c:138 src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:764 msgid "Operation aborted.\n" msgstr "" -#: src/cryptsetup.c:294 +#: src/cryptsetup.c:351 msgid "Option --key-file is required." msgstr "" -#: src/cryptsetup.c:345 +#: src/cryptsetup.c:402 msgid "Enter VeraCrypt PIM: " msgstr "" -#: src/cryptsetup.c:354 +#: src/cryptsetup.c:411 msgid "Invalid PIM value: parse error." msgstr "" -#: src/cryptsetup.c:357 +#: src/cryptsetup.c:414 msgid "Invalid PIM value: 0." msgstr "" -#: src/cryptsetup.c:360 +#: src/cryptsetup.c:417 msgid "Invalid PIM value: outside of range." msgstr "" -#: src/cryptsetup.c:383 +#: src/cryptsetup.c:440 msgid "No device header detected with this passphrase." msgstr "" -#: src/cryptsetup.c:456 src/cryptsetup.c:632 +#: src/cryptsetup.c:513 src/cryptsetup.c:689 #, c-format msgid "Device %s is not a valid BITLK device." msgstr "" -#: src/cryptsetup.c:464 +#: src/cryptsetup.c:521 msgid "" "Cannot determine volume key size for BITLK, please use --key-size option." msgstr "" -#: src/cryptsetup.c:506 +#: src/cryptsetup.c:563 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" "This dump should be always stored encrypted on safe place." msgstr "" -#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 +#: src/cryptsetup.c:630 src/cryptsetup.c:711 src/cryptsetup.c:2647 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" "This dump should be stored encrypted in a safe place." msgstr "" -#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#: src/cryptsetup.c:766 src/cryptsetup.c:796 #, c-format msgid "Device %s is not a valid FVAULT2 device." msgstr "" -#: src/cryptsetup.c:747 +#: src/cryptsetup.c:804 msgid "" "Cannot determine volume key size for FVAULT2, please use --key-size option." msgstr "" -#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 +#: src/cryptsetup.c:858 src/veritysetup.c:323 src/integritysetup.c:409 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "" -#: src/cryptsetup.c:835 +#: src/cryptsetup.c:892 src/cryptsetup.c:1903 src/cryptsetup.c:2177 +#: src/cryptsetup.c:2331 src/cryptsetup.c:2778 src/cryptsetup.c:2860 +#: src/cryptsetup.c:3387 +#, c-format +msgid "Failed to set external tokens path %s." +msgstr "" + +#: src/cryptsetup.c:901 msgid "" "Resize of active device requires volume key in keyring but --disable-keyring " "option is set." msgstr "" -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1061 msgid "Benchmark interrupted." msgstr "" -#: src/cryptsetup.c:1003 +#: src/cryptsetup.c:1082 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "" -#: src/cryptsetup.c:1005 +#: src/cryptsetup.c:1084 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "" -#: src/cryptsetup.c:1019 +#: src/cryptsetup.c:1098 #, c-format msgid "%-10s N/A\n" msgstr "" -#: src/cryptsetup.c:1021 +#: src/cryptsetup.c:1100 #, c-format msgid "" "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit " "key (requested %u ms time)\n" msgstr "" -#: src/cryptsetup.c:1045 +#: src/cryptsetup.c:1124 msgid "Result of benchmark is not reliable." msgstr "" -#: src/cryptsetup.c:1095 +#: src/cryptsetup.c:1174 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1115 +#: src/cryptsetup.c:1194 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "" -#: src/cryptsetup.c:1119 +#: src/cryptsetup.c:1198 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1138 +#: src/cryptsetup.c:1217 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "" -#: src/cryptsetup.c:1149 +#: src/cryptsetup.c:1228 msgid "N/A" msgstr "" -#: src/cryptsetup.c:1174 +#: src/cryptsetup.c:1253 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the " "reencryption operation is desirable (see luksDump output)\n" @@ -2070,580 +2307,623 @@ msgid "" "genuine." msgstr "" -#: src/cryptsetup.c:1180 +#: src/cryptsetup.c:1259 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "" -#: src/cryptsetup.c:1224 +#: src/cryptsetup.c:1303 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "" -#: src/cryptsetup.c:1233 +#: src/cryptsetup.c:1312 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "" -#: src/cryptsetup.c:1235 +#: src/cryptsetup.c:1314 msgid "Enter passphrase for reencryption recovery: " msgstr "" -#: src/cryptsetup.c:1290 +#: src/cryptsetup.c:1374 msgid "Really try to repair LUKS device header?" msgstr "" -#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1398 src/integritysetup.c:89 src/integritysetup.c:247 msgid "" "\n" "Wipe interrupted." msgstr "" -#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1403 src/integritysetup.c:94 src/integritysetup.c:284 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will " "contain invalid checksum).\n" msgstr "" -#: src/cryptsetup.c:1341 src/integritysetup.c:116 +#: src/cryptsetup.c:1425 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "" -#: src/cryptsetup.c:1392 +#: src/cryptsetup.c:1480 msgid "Integrity option can be used only for LUKS2 format." msgstr "" -#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 +#: src/cryptsetup.c:1485 src/cryptsetup.c:1550 msgid "Unsupported LUKS2 metadata size options." msgstr "" -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:1490 +msgid "OPAL is supported only for LUKS2 format." +msgstr "" + +#: src/cryptsetup.c:1499 msgid "Header file does not exist, do you want to create it?" msgstr "" -#: src/cryptsetup.c:1414 +#: src/cryptsetup.c:1507 #, c-format msgid "Cannot create header file %s." msgstr "" -#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 -#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 -#: src/integritysetup.c:333 +#: src/cryptsetup.c:1530 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:324 src/integritysetup.c:332 +#: src/integritysetup.c:342 msgid "No known integrity specification pattern detected." msgstr "" -#: src/cryptsetup.c:1450 +#: src/cryptsetup.c:1543 #, c-format msgid "Cannot use %s as on-disk header." msgstr "" -#: src/cryptsetup.c:1474 src/integritysetup.c:181 +#: src/cryptsetup.c:1572 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "" -#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 -#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1609 +msgid "OPAL Admin password cannot be empty." +msgstr "" + +#: src/cryptsetup.c:1623 src/cryptsetup.c:2194 src/cryptsetup.c:2344 +#: src/cryptsetup.c:2504 src/cryptsetup.c:2570 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "" -#: src/cryptsetup.c:1593 +#: src/cryptsetup.c:1755 +msgid "" +"Type specification in --link-vk-to-keyring keyring specification is ignored." +msgstr "" + +#: src/cryptsetup.c:1820 +msgid "Key types have to be the same for both volume keys." +msgstr "" + +#: src/cryptsetup.c:1825 +msgid "Both volume keys have to be linked to the same keyring." +msgstr "" + +#: src/cryptsetup.c:1835 +msgid "You need to supply more key names." +msgstr "" + +#: src/cryptsetup.c:1839 +msgid "Invalid --link-vk-to-keyring value." +msgstr "" + +#: src/cryptsetup.c:1884 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "" -#: src/cryptsetup.c:1600 +#: src/cryptsetup.c:1891 #, c-format msgid "" "LUKS file container %s is too small for activation, there is no remaining " "space for data." msgstr "" -#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 +#: src/cryptsetup.c:1918 src/cryptsetup.c:2350 msgid "" "Cannot determine volume key size for LUKS without keyslots, please use --key-" "size option." msgstr "" -#: src/cryptsetup.c:1658 +#: src/cryptsetup.c:1985 msgid "Device activated but cannot make flags persistent." msgstr "" -#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 +#: src/cryptsetup.c:2069 src/cryptsetup.c:2137 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "" -#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 +#: src/cryptsetup.c:2081 src/cryptsetup.c:2141 msgid "" "This is the last keyslot. Device will become unusable after purging this key." msgstr "" -#: src/cryptsetup.c:1750 +#: src/cryptsetup.c:2082 msgid "Enter any remaining passphrase: " msgstr "" -#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 +#: src/cryptsetup.c:2083 src/cryptsetup.c:2143 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "" -#: src/cryptsetup.c:1787 +#: src/cryptsetup.c:2119 msgid "Enter passphrase to be deleted: " msgstr "" -#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 -#: src/cryptsetup.c:2948 +#: src/cryptsetup.c:2169 src/cryptsetup.c:2553 src/cryptsetup.c:3211 +#: src/cryptsetup.c:3378 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "" -#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 +#: src/cryptsetup.c:2208 src/cryptsetup.c:2427 msgid "Enter new passphrase for key slot: " msgstr "" -#: src/cryptsetup.c:1968 +#: src/cryptsetup.c:2310 msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" msgstr "" -#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:2383 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "" -#: src/cryptsetup.c:2152 +#: src/cryptsetup.c:2508 msgid "Enter passphrase to be changed: " msgstr "" -#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2524 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "" -#: src/cryptsetup.c:2218 +#: src/cryptsetup.c:2574 msgid "Enter passphrase for keyslot to be converted: " msgstr "" -#: src/cryptsetup.c:2242 +#: src/cryptsetup.c:2598 msgid "Only one device argument for isLuks operation is supported." msgstr "" -#: src/cryptsetup.c:2350 +#: src/cryptsetup.c:2706 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "" -#: src/cryptsetup.c:2355 +#: src/cryptsetup.c:2711 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." msgstr "" -#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 +#: src/cryptsetup.c:2806 src/cryptsetup.c:2843 #, c-format msgid "%s is not active %s device name." msgstr "" -#: src/cryptsetup.c:2465 +#: src/cryptsetup.c:2838 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "" -#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 +#: src/cryptsetup.c:2916 src/cryptsetup.c:2935 msgid "Option --header-backup-file is required." msgstr "" -#: src/cryptsetup.c:2577 +#: src/cryptsetup.c:2966 #, c-format msgid "%s is not cryptsetup managed device." msgstr "" -#: src/cryptsetup.c:2588 +#: src/cryptsetup.c:2977 #, c-format msgid "Refresh is not supported for device type %s" msgstr "" -#: src/cryptsetup.c:2638 +#: src/cryptsetup.c:3027 #, c-format msgid "Unrecognized metadata device type %s." msgstr "" -#: src/cryptsetup.c:2640 +#: src/cryptsetup.c:3029 msgid "Command requires device and mapped name as arguments." msgstr "" -#: src/cryptsetup.c:2661 +#: src/cryptsetup.c:3039 +msgid "Enter OPAL PSID: " +msgstr "" + +#: src/cryptsetup.c:3039 +msgid "Enter OPAL Admin password: " +msgstr "" + +#: src/cryptsetup.c:3048 +msgid "" +"WARNING: WHOLE disk will be factory reset and all data will be lost! " +"Continue?" +msgstr "" + +#: src/cryptsetup.c:3091 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" "Device will become unusable after this operation." msgstr "" -#: src/cryptsetup.c:2668 +#: src/cryptsetup.c:3098 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "" -#: src/cryptsetup.c:2707 +#: src/cryptsetup.c:3137 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "" -#: src/cryptsetup.c:2723 +#: src/cryptsetup.c:3153 #, c-format msgid "Device is already %s type." msgstr "" -#: src/cryptsetup.c:2730 +#: src/cryptsetup.c:3160 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "" -#: src/cryptsetup.c:2733 +#: src/cryptsetup.c:3163 msgid "Operation aborted, device was NOT converted.\n" msgstr "" -#: src/cryptsetup.c:2773 +#: src/cryptsetup.c:3203 msgid "Option --priority, --label or --subsystem is missing." msgstr "" -#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 +#: src/cryptsetup.c:3237 src/cryptsetup.c:3277 src/cryptsetup.c:3297 #, c-format msgid "Token %d is invalid." msgstr "" -#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 +#: src/cryptsetup.c:3240 src/cryptsetup.c:3300 #, c-format msgid "Token %d in use." msgstr "" -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3252 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "" -#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 +#: src/cryptsetup.c:3263 src/cryptsetup.c:3326 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "" -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3280 #, c-format msgid "Token %d is not in use." msgstr "" -#: src/cryptsetup.c:2887 +#: src/cryptsetup.c:3317 msgid "Failed to import token from file." msgstr "" -#: src/cryptsetup.c:2912 +#: src/cryptsetup.c:3342 #, c-format msgid "Failed to get token %d for export." msgstr "" -#: src/cryptsetup.c:2925 +#: src/cryptsetup.c:3355 #, c-format msgid "Token %d is not assigned to keyslot %d." msgstr "" -#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#: src/cryptsetup.c:3357 src/cryptsetup.c:3364 #, c-format msgid "Failed to unassign token %d from keyslot %d." msgstr "" -#: src/cryptsetup.c:2983 +#: src/cryptsetup.c:3423 msgid "" "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " "for TCRYPT device." msgstr "" -#: src/cryptsetup.c:2986 +#: src/cryptsetup.c:3426 msgid "" "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT " "device type." msgstr "" -#: src/cryptsetup.c:2989 +#: src/cryptsetup.c:3429 msgid "" "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "" -#: src/cryptsetup.c:2993 +#: src/cryptsetup.c:3433 msgid "" "Option --veracrypt-query-pim is supported only for VeraCrypt compatible " "devices." msgstr "" -#: src/cryptsetup.c:2995 +#: src/cryptsetup.c:3435 msgid "" "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "" -#: src/cryptsetup.c:3004 +#: src/cryptsetup.c:3444 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "" -#: src/cryptsetup.c:3007 +#: src/cryptsetup.c:3447 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "" -#: src/cryptsetup.c:3010 +#: src/cryptsetup.c:3450 msgid "Option --shared is allowed only for open of plain device." msgstr "" -#: src/cryptsetup.c:3013 +#: src/cryptsetup.c:3453 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "" -#: src/cryptsetup.c:3016 +#: src/cryptsetup.c:3456 msgid "" "Option --offset with open action is only supported for plain and loopaes " "devices." msgstr "" -#: src/cryptsetup.c:3019 +#: src/cryptsetup.c:3459 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "" -#: src/cryptsetup.c:3023 +#: src/cryptsetup.c:3463 msgid "" "Sector size option with open action is supported only for plain devices." msgstr "" -#: src/cryptsetup.c:3027 +#: src/cryptsetup.c:3467 msgid "" "Large IV sectors option is supported only for opening plain type device with " "sector size larger than 512 bytes." msgstr "" -#: src/cryptsetup.c:3032 +#: src/cryptsetup.c:3472 msgid "" "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and " "FVAULT2 devices." msgstr "" -#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 +#: src/cryptsetup.c:3475 src/cryptsetup.c:3498 msgid "Options --device-size and --size cannot be combined." msgstr "" -#: src/cryptsetup.c:3038 +#: src/cryptsetup.c:3478 msgid "Option --unbound is allowed only for open of luks device." msgstr "" -#: src/cryptsetup.c:3041 +#: src/cryptsetup.c:3481 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "" -#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 +#: src/cryptsetup.c:3490 src/veritysetup.c:671 src/integritysetup.c:767 msgid "" "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "" -#: src/cryptsetup.c:3066 -msgid "Options --reduce-device-size and --data-size cannot be combined." +#: src/cryptsetup.c:3506 +msgid "Options --reduce-device-size and --device-size cannot be combined." msgstr "" -#: src/cryptsetup.c:3069 +#: src/cryptsetup.c:3509 msgid "Option --active-name can be set only for LUKS2 device." msgstr "" -#: src/cryptsetup.c:3072 +#: src/cryptsetup.c:3512 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "" -#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 +#: src/cryptsetup.c:3520 src/cryptsetup.c:3550 msgid "Keyslot specification is required." msgstr "" -#: src/cryptsetup.c:3088 +#: src/cryptsetup.c:3528 msgid "Options --align-payload and --offset cannot be combined." msgstr "" -#: src/cryptsetup.c:3091 +#: src/cryptsetup.c:3531 msgid "" "Option --integrity-no-wipe can be used only for format action with integrity " "extension." msgstr "" -#: src/cryptsetup.c:3094 +#: src/cryptsetup.c:3534 msgid "Only one of --use-[u]random options is allowed." msgstr "" -#: src/cryptsetup.c:3102 +#: src/cryptsetup.c:3542 msgid "Key size is required with --unbound option." msgstr "" -#: src/cryptsetup.c:3122 +#: src/cryptsetup.c:3562 msgid "Invalid token action." msgstr "" -#: src/cryptsetup.c:3125 +#: src/cryptsetup.c:3565 msgid "--key-description parameter is mandatory for token add action." msgstr "" -#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 +#: src/cryptsetup.c:3569 src/cryptsetup.c:3582 msgid "Action requires specific token. Use --token-id parameter." msgstr "" -#: src/cryptsetup.c:3133 +#: src/cryptsetup.c:3573 msgid "Option --unbound is valid only with token add action." msgstr "" -#: src/cryptsetup.c:3135 +#: src/cryptsetup.c:3575 msgid "Options --key-slot and --unbound cannot be combined." msgstr "" -#: src/cryptsetup.c:3140 +#: src/cryptsetup.c:3580 msgid "Action requires specific keyslot. Use --key-slot parameter." msgstr "" -#: src/cryptsetup.c:3156 +#: src/cryptsetup.c:3596 msgid "<device> [--type <type>] [<name>]" msgstr "" -#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 +#: src/cryptsetup.c:3596 src/veritysetup.c:491 src/integritysetup.c:544 msgid "open device as <name>" msgstr "" -#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 -#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 -#: src/integritysetup.c:537 src/integritysetup.c:539 +#: src/cryptsetup.c:3597 src/cryptsetup.c:3598 src/cryptsetup.c:3599 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:545 +#: src/integritysetup.c:546 src/integritysetup.c:548 msgid "<name>" msgstr "" -#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 +#: src/cryptsetup.c:3597 src/veritysetup.c:492 src/integritysetup.c:545 msgid "close device (remove mapping)" msgstr "" -#: src/cryptsetup.c:3158 src/integritysetup.c:539 +#: src/cryptsetup.c:3598 src/integritysetup.c:548 msgid "resize active device" msgstr "" -#: src/cryptsetup.c:3159 +#: src/cryptsetup.c:3599 msgid "show device status" msgstr "" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3600 msgid "[--cipher <cipher>]" msgstr "" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3600 msgid "benchmark cipher" msgstr "" -#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 -#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 -#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 -#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 -#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 +#: src/cryptsetup.c:3601 src/cryptsetup.c:3602 src/cryptsetup.c:3603 +#: src/cryptsetup.c:3604 src/cryptsetup.c:3605 src/cryptsetup.c:3612 +#: src/cryptsetup.c:3613 src/cryptsetup.c:3614 src/cryptsetup.c:3615 +#: src/cryptsetup.c:3616 src/cryptsetup.c:3617 src/cryptsetup.c:3618 +#: src/cryptsetup.c:3619 src/cryptsetup.c:3620 src/cryptsetup.c:3621 msgid "<device>" msgstr "" -#: src/cryptsetup.c:3161 +#: src/cryptsetup.c:3601 msgid "try to repair on-disk metadata" msgstr "" -#: src/cryptsetup.c:3162 +#: src/cryptsetup.c:3602 msgid "reencrypt LUKS2 device" msgstr "" -#: src/cryptsetup.c:3163 +#: src/cryptsetup.c:3603 msgid "erase all keyslots (remove encryption key)" msgstr "" -#: src/cryptsetup.c:3164 +#: src/cryptsetup.c:3604 msgid "convert LUKS from/to LUKS2 format" msgstr "" -#: src/cryptsetup.c:3165 +#: src/cryptsetup.c:3605 msgid "set permanent configuration options for LUKS2" msgstr "" -#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 +#: src/cryptsetup.c:3606 src/cryptsetup.c:3607 msgid "<device> [<new key file>]" msgstr "" -#: src/cryptsetup.c:3166 +#: src/cryptsetup.c:3606 msgid "formats a LUKS device" msgstr "" -#: src/cryptsetup.c:3167 +#: src/cryptsetup.c:3607 msgid "add key to LUKS device" msgstr "" -#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 +#: src/cryptsetup.c:3608 src/cryptsetup.c:3609 src/cryptsetup.c:3610 msgid "<device> [<key file>]" msgstr "" -#: src/cryptsetup.c:3168 +#: src/cryptsetup.c:3608 msgid "removes supplied key or key file from LUKS device" msgstr "" -#: src/cryptsetup.c:3169 +#: src/cryptsetup.c:3609 msgid "changes supplied key or key file of LUKS device" msgstr "" -#: src/cryptsetup.c:3170 +#: src/cryptsetup.c:3610 msgid "converts a key to new pbkdf parameters" msgstr "" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3611 msgid "<device> <key slot>" msgstr "" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3611 msgid "wipes key with number <key slot> from LUKS device" msgstr "" -#: src/cryptsetup.c:3172 +#: src/cryptsetup.c:3612 msgid "print UUID of LUKS device" msgstr "" -#: src/cryptsetup.c:3173 +#: src/cryptsetup.c:3613 msgid "tests <device> for LUKS partition header" msgstr "" -#: src/cryptsetup.c:3174 +#: src/cryptsetup.c:3614 msgid "dump LUKS partition information" msgstr "" -#: src/cryptsetup.c:3175 +#: src/cryptsetup.c:3615 msgid "dump TCRYPT device information" msgstr "" -#: src/cryptsetup.c:3176 +#: src/cryptsetup.c:3616 msgid "dump BITLK device information" msgstr "" -#: src/cryptsetup.c:3177 +#: src/cryptsetup.c:3617 msgid "dump FVAULT2 device information" msgstr "" -#: src/cryptsetup.c:3178 +#: src/cryptsetup.c:3618 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "" -#: src/cryptsetup.c:3179 +#: src/cryptsetup.c:3619 msgid "Resume suspended LUKS device" msgstr "" -#: src/cryptsetup.c:3180 +#: src/cryptsetup.c:3620 msgid "Backup LUKS device header and keyslots" msgstr "" -#: src/cryptsetup.c:3181 +#: src/cryptsetup.c:3621 msgid "Restore LUKS device header and keyslots" msgstr "" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3622 msgid "<add|remove|import|export> <device>" msgstr "" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3622 msgid "Manipulate LUKS2 tokens" msgstr "" -#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 +#: src/cryptsetup.c:3641 src/veritysetup.c:509 src/integritysetup.c:563 msgid "" "\n" "<action> is one of:\n" msgstr "" -#: src/cryptsetup.c:3207 +#: src/cryptsetup.c:3647 msgid "" "\n" "You can also use old <action> syntax aliases:\n" @@ -2653,7 +2933,7 @@ msgid "" "bitlkClose, fvault2Close\n" msgstr "" -#: src/cryptsetup.c:3211 +#: src/cryptsetup.c:3651 #, c-format msgid "" "\n" @@ -2663,34 +2943,31 @@ msgid "" "<key file> optional key file for the new key for luksAddKey action\n" msgstr "" -#: src/cryptsetup.c:3218 +#: src/cryptsetup.c:3658 #, c-format msgid "" "\n" "Default compiled-in metadata format is %s (for luksFormat action).\n" msgstr "" -#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 -#, c-format +#: src/cryptsetup.c:3663 msgid "" "\n" -"LUKS2 external token plugin support is %s.\n" -msgstr "" - -#: src/cryptsetup.c:3223 -msgid "compiled-in" +"LUKS2 external token plugin support is enabled.\n" msgstr "" -#: src/cryptsetup.c:3224 +#: src/cryptsetup.c:3664 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "" -#: src/cryptsetup.c:3226 -msgid "disabled" +#: src/cryptsetup.c:3666 +msgid "" +"\n" +"LUKS2 external token plugin support is disabled.\n" msgstr "" -#: src/cryptsetup.c:3230 +#: src/cryptsetup.c:3670 #, c-format msgid "" "\n" @@ -2702,7 +2979,7 @@ msgid "" "\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" msgstr "" -#: src/cryptsetup.c:3241 +#: src/cryptsetup.c:3681 #, c-format msgid "" "\n" @@ -2712,99 +2989,113 @@ msgid "" "\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" msgstr "" -#: src/cryptsetup.c:3250 +#: src/cryptsetup.c:3690 msgid "" "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "" -#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 +#: src/cryptsetup.c:3708 src/veritysetup.c:651 src/integritysetup.c:723 #, c-format msgid "%s: requires %s as arguments" msgstr "" -#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 +#: src/cryptsetup.c:3748 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "" -#: src/cryptsetup.c:3335 +#: src/cryptsetup.c:3776 msgid "Device size must be multiple of 512 bytes sector." msgstr "" -#: src/cryptsetup.c:3340 +#: src/cryptsetup.c:3781 msgid "Invalid max reencryption hotzone size specification." msgstr "" -#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 +#: src/cryptsetup.c:3795 src/cryptsetup.c:3807 msgid "Key size must be a multiple of 8 bits" msgstr "" -#: src/cryptsetup.c:3371 +#: src/cryptsetup.c:3814 +#, c-format +msgid "At most %d volume key specifications can be supplied." +msgstr "" + +#: src/cryptsetup.c:3826 +#, c-format +msgid "At most %d keyring link specifications can be supplied." +msgstr "" + +#: src/cryptsetup.c:3835 msgid "Maximum device reduce size is 1 GiB." msgstr "" -#: src/cryptsetup.c:3374 +#: src/cryptsetup.c:3838 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "" -#: src/cryptsetup.c:3391 +#: src/cryptsetup.c:3855 msgid "Option --priority can be only ignore/normal/prefer." msgstr "" -#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 +#: src/cryptsetup.c:3874 src/veritysetup.c:572 src/integritysetup.c:643 msgid "Show this help message" msgstr "" -#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 +#: src/cryptsetup.c:3875 src/veritysetup.c:573 src/integritysetup.c:644 msgid "Display brief usage" msgstr "" -#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 +#: src/cryptsetup.c:3876 src/veritysetup.c:574 src/integritysetup.c:645 msgid "Print package version" msgstr "" -#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 +#: src/cryptsetup.c:3887 src/veritysetup.c:585 src/integritysetup.c:656 msgid "Help options:" msgstr "" -#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 +#: src/cryptsetup.c:3910 src/veritysetup.c:606 src/integritysetup.c:676 msgid "[OPTION...] <action> <action-specific>" msgstr "" -#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 +#: src/cryptsetup.c:3919 src/veritysetup.c:615 src/integritysetup.c:687 msgid "Argument <action> missing." msgstr "" -#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 +#: src/cryptsetup.c:3998 src/veritysetup.c:646 src/integritysetup.c:718 msgid "Unknown action." msgstr "" -#: src/cryptsetup.c:3546 +#: src/cryptsetup.c:4016 msgid "Option --key-file takes precedence over specified key file argument." msgstr "" -#: src/cryptsetup.c:3552 +#: src/cryptsetup.c:4022 msgid "Only one --key-file argument is allowed." msgstr "" -#: src/cryptsetup.c:3557 +#: src/cryptsetup.c:4027 msgid "" "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/" "argon2id." msgstr "" -#: src/cryptsetup.c:3562 +#: src/cryptsetup.c:4032 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "" -#: src/cryptsetup.c:3573 +#: src/cryptsetup.c:4037 +msgid "Cannot link volume key to a keyring when keyring is disabled." +msgstr "" + +#: src/cryptsetup.c:4048 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "" -#: src/cryptsetup.c:3581 +#: src/cryptsetup.c:4056 msgid "No action taken. Invoked with --test-args option.\n" msgstr "" -#: src/cryptsetup.c:3594 +#: src/cryptsetup.c:4069 msgid "Cannot disable metadata locking." msgstr "" @@ -2869,7 +3160,7 @@ msgstr "" msgid "<data_device> <hash_device>" msgstr "" -#: src/veritysetup.c:489 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:543 msgid "format device" msgstr "" @@ -2885,7 +3176,7 @@ msgstr "" msgid "<data_device> <name> <hash_device> [<root_hash>]" msgstr "" -#: src/veritysetup.c:493 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:546 msgid "show active device status" msgstr "" @@ -2893,7 +3184,7 @@ msgstr "" msgid "<hash_device>" msgstr "" -#: src/veritysetup.c:494 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:547 msgid "show on-disk information" msgstr "" @@ -2916,13 +3207,13 @@ msgid "" "Hash format: %u\n" msgstr "" -#: src/veritysetup.c:658 +#: src/veritysetup.c:661 msgid "" "Option --ignore-corruption and --restart-on-corruption cannot be used " "together." msgstr "" -#: src/veritysetup.c:663 +#: src/veritysetup.c:666 msgid "" "Option --panic-on-corruption and --restart-on-corruption cannot be used " "together." @@ -2936,31 +3227,31 @@ msgid "" "integrity-recalculate)." msgstr "" -#: src/integritysetup.c:212 +#: src/integritysetup.c:217 #, c-format msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "" -#: src/integritysetup.c:289 +#: src/integritysetup.c:298 msgid "" "Setting recalculate flag is not supported, you may consider using --wipe " "instead." msgstr "" -#: src/integritysetup.c:364 src/integritysetup.c:521 +#: src/integritysetup.c:373 src/integritysetup.c:530 #, c-format msgid "Device %s is not a valid INTEGRITY device." msgstr "" -#: src/integritysetup.c:534 src/integritysetup.c:538 +#: src/integritysetup.c:543 src/integritysetup.c:547 msgid "<integrity_device>" msgstr "" -#: src/integritysetup.c:535 +#: src/integritysetup.c:544 msgid "<integrity_device> <name>" msgstr "" -#: src/integritysetup.c:558 +#: src/integritysetup.c:567 #, c-format msgid "" "\n" @@ -2968,7 +3259,7 @@ msgid "" "<integrity_device> is the device containing data with integrity tags\n" msgstr "" -#: src/integritysetup.c:563 +#: src/integritysetup.c:572 #, c-format msgid "" "\n" @@ -2977,45 +3268,45 @@ msgid "" "\tMaximum keyfile size: %dkB\n" msgstr "" -#: src/integritysetup.c:620 +#: src/integritysetup.c:629 #, c-format msgid "Invalid --%s size. Maximum is %u bytes." msgstr "" -#: src/integritysetup.c:720 +#: src/integritysetup.c:732 msgid "Both key file and key size options must be specified." msgstr "" -#: src/integritysetup.c:724 +#: src/integritysetup.c:736 msgid "Both journal integrity key file and key size options must be specified." msgstr "" -#: src/integritysetup.c:727 +#: src/integritysetup.c:739 msgid "" "Journal integrity algorithm must be specified if journal integrity key is " "used." msgstr "" -#: src/integritysetup.c:731 +#: src/integritysetup.c:743 msgid "" "Both journal encryption key file and key size options must be specified." msgstr "" -#: src/integritysetup.c:734 +#: src/integritysetup.c:746 msgid "" "Journal encryption algorithm must be specified if journal encryption key is " "used." msgstr "" -#: src/integritysetup.c:738 +#: src/integritysetup.c:750 msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "" -#: src/integritysetup.c:745 +#: src/integritysetup.c:757 msgid "Journal options cannot be used in bitmap mode." msgstr "" -#: src/integritysetup.c:750 +#: src/integritysetup.c:762 msgid "Bitmap options can be used only in bitmap mode." msgstr "" @@ -3220,75 +3511,75 @@ msgstr "" msgid "Password quality check failed: Bad passphrase (%s)" msgstr "" -#: src/utils_password.c:230 src/utils_password.c:244 +#: src/utils_password.c:231 src/utils_password.c:245 msgid "Error reading passphrase from terminal." msgstr "" -#: src/utils_password.c:242 +#: src/utils_password.c:243 msgid "Verify passphrase: " msgstr "" -#: src/utils_password.c:249 +#: src/utils_password.c:250 msgid "Passphrases do not match." msgstr "" -#: src/utils_password.c:287 +#: src/utils_password.c:288 msgid "Cannot use offset with terminal input." msgstr "" -#: src/utils_password.c:291 +#: src/utils_password.c:292 #, c-format msgid "Enter passphrase: " msgstr "" -#: src/utils_password.c:294 +#: src/utils_password.c:295 #, c-format msgid "Enter passphrase for %s: " msgstr "" -#: src/utils_password.c:328 +#: src/utils_password.c:329 msgid "No key available with this passphrase." msgstr "" -#: src/utils_password.c:330 +#: src/utils_password.c:331 msgid "No usable keyslot is available." msgstr "" -#: src/utils_luks.c:67 +#: src/utils_luks.c:68 msgid "Can't do passphrase verification on non-tty inputs." msgstr "" -#: src/utils_luks.c:182 +#: src/utils_luks.c:183 #, c-format msgid "Failed to open file %s in read-only mode." msgstr "" -#: src/utils_luks.c:195 +#: src/utils_luks.c:196 msgid "Provide valid LUKS2 token JSON:\n" msgstr "" -#: src/utils_luks.c:202 +#: src/utils_luks.c:203 msgid "Failed to read JSON file." msgstr "" -#: src/utils_luks.c:207 +#: src/utils_luks.c:208 msgid "" "\n" "Read interrupted." msgstr "" -#: src/utils_luks.c:248 +#: src/utils_luks.c:249 #, c-format msgid "Failed to open file %s in write mode." msgstr "" -#: src/utils_luks.c:257 +#: src/utils_luks.c:258 msgid "" "\n" "Write interrupted." msgstr "" -#: src/utils_luks.c:261 +#: src/utils_luks.c:262 msgid "Failed to write JSON file." msgstr "" @@ -3357,199 +3648,203 @@ msgid "" "initialised operation?" msgstr "" -#: src/utils_reencrypt.c:353 +#: src/utils_reencrypt.c:416 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "" -#: src/utils_reencrypt.c:418 +#: src/utils_reencrypt.c:421 +msgid "Can not reencrypt LUKS2 device configured to use OPAL." +msgstr "" + +#: src/utils_reencrypt.c:427 msgid "Reencryption of device with integrity profile is not supported." msgstr "" -#: src/utils_reencrypt.c:449 +#: src/utils_reencrypt.c:464 #, c-format msgid "" "Requested --sector-size %<PRIu32> is incompatible with %s superblock\n" "(block size: %<PRIu32> bytes) detected on device %s." msgstr "" -#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 +#: src/utils_reencrypt.c:533 src/utils_reencrypt.c:1412 msgid "" "Encryption without detached header (--header) is not possible without data " "device size reduction (--reduce-device-size)." msgstr "" -#: src/utils_reencrypt.c:525 +#: src/utils_reencrypt.c:540 msgid "" "Requested data offset must be less than or equal to half of --reduce-device-" "size parameter." msgstr "" -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:550 #, c-format msgid "" "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> " "(sectors).\n" msgstr "" -#: src/utils_reencrypt.c:565 +#: src/utils_reencrypt.c:580 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "" -#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 +#: src/utils_reencrypt.c:582 src/utils_reencrypt.c:589 #, c-format msgid "Cannot create temporary header file %s." msgstr "" -#: src/utils_reencrypt.c:599 +#: src/utils_reencrypt.c:614 msgid "LUKS2 metadata size is larger than data shift value." msgstr "" -#: src/utils_reencrypt.c:636 +#: src/utils_reencrypt.c:651 #, c-format msgid "Failed to place new header at head of device %s." msgstr "" -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:661 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "" -#: src/utils_reencrypt.c:682 +#: src/utils_reencrypt.c:697 #, c-format msgid "Active device %s is not LUKS2." msgstr "" -#: src/utils_reencrypt.c:710 +#: src/utils_reencrypt.c:725 msgid "Restoring original LUKS2 header." msgstr "" -#: src/utils_reencrypt.c:718 +#: src/utils_reencrypt.c:733 msgid "Original LUKS2 header restore failed." msgstr "" -#: src/utils_reencrypt.c:744 +#: src/utils_reencrypt.c:759 #, c-format msgid "" "Header file %s does not exist. Do you want to initialize LUKS2 decryption of " "device %s and export LUKS2 header to file %s?" msgstr "" -#: src/utils_reencrypt.c:792 +#: src/utils_reencrypt.c:807 msgid "Failed to add read/write permissions to exported header file." msgstr "" -#: src/utils_reencrypt.c:845 +#: src/utils_reencrypt.c:860 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "" -#: src/utils_reencrypt.c:873 +#: src/utils_reencrypt.c:888 msgid "" "LUKS2 decryption is supported with detached header device only (with data " "offset set to 0)." msgstr "" -#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 +#: src/utils_reencrypt.c:1023 src/utils_reencrypt.c:1032 msgid "Not enough free keyslots for reencryption." msgstr "" -#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1053 src/utils_reencrypt_luks1.c:1100 msgid "" "Key file can be used only with --key-slot or with exactly one key slot " "active." msgstr "" -#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1062 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "" -#: src/utils_reencrypt.c:1059 +#: src/utils_reencrypt.c:1074 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "" -#: src/utils_reencrypt.c:1111 +#: src/utils_reencrypt.c:1126 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "" -#: src/utils_reencrypt.c:1165 +#: src/utils_reencrypt.c:1180 msgid "No data segment parameters changed. Reencryption aborted." msgstr "" -#: src/utils_reencrypt.c:1267 +#: src/utils_reencrypt.c:1282 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option " "(dangerous!)." msgstr "" -#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1322 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" "Reencryption interrupted." msgstr "" -#: src/utils_reencrypt.c:1312 +#: src/utils_reencrypt.c:1327 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "" -#: src/utils_reencrypt.c:1329 +#: src/utils_reencrypt.c:1350 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "" -#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 +#: src/utils_reencrypt.c:1366 src/utils_reencrypt.c:1388 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "" -#: src/utils_reencrypt.c:1373 +#: src/utils_reencrypt.c:1394 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "" -#: src/utils_reencrypt.c:1453 +#: src/utils_reencrypt.c:1476 msgid "LUKS2 decryption requires --header option." msgstr "" -#: src/utils_reencrypt.c:1501 +#: src/utils_reencrypt.c:1524 msgid "Command requires device as argument." msgstr "" -#: src/utils_reencrypt.c:1514 +#: src/utils_reencrypt.c:1537 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "" -#: src/utils_reencrypt.c:1520 +#: src/utils_reencrypt.c:1543 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "" -#: src/utils_reencrypt.c:1526 +#: src/utils_reencrypt.c:1549 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "" -#: src/utils_reencrypt.c:1532 +#: src/utils_reencrypt.c:1555 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "" -#: src/utils_reencrypt.c:1538 +#: src/utils_reencrypt.c:1561 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "" -#: src/utils_reencrypt.c:1545 +#: src/utils_reencrypt.c:1568 msgid "Device reencryption not in progress." msgstr "" -#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:295 #, c-format msgid "Cannot exclusively open %s, device in use." msgstr "" @@ -3687,35 +3982,35 @@ msgstr "" msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" msgstr "" -#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 +#: src/utils_blockdev.c:219 src/utils_blockdev.c:302 src/utils_blockdev.c:354 msgid "Failed to initialize device signature probes." msgstr "" -#: src/utils_blockdev.c:274 +#: src/utils_blockdev.c:282 #, c-format msgid "Failed to stat device %s." msgstr "" -#: src/utils_blockdev.c:289 +#: src/utils_blockdev.c:297 #, c-format msgid "Failed to open file %s in read/write mode." msgstr "" -#: src/utils_blockdev.c:307 +#: src/utils_blockdev.c:317 #, c-format msgid "Existing '%s' partition signature on device %s will be wiped." msgstr "" -#: src/utils_blockdev.c:310 +#: src/utils_blockdev.c:320 #, c-format msgid "Existing '%s' superblock signature on device %s will be wiped." msgstr "" -#: src/utils_blockdev.c:313 +#: src/utils_blockdev.c:323 msgid "Failed to wipe device signature." msgstr "" -#: src/utils_blockdev.c:320 +#: src/utils_blockdev.c:330 #, c-format msgid "Failed to probe device %s for a signature." msgstr "" @@ -3730,11 +4025,11 @@ msgstr "" msgid "Option --%s is not allowed with %s action." msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:110 +#: tokens/ssh/cryptsetup-ssh.c:123 msgid "Failed to write ssh token json." msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:128 +#: tokens/ssh/cryptsetup-ssh.c:141 msgid "" "Experimental cryptsetup plugin for unlocking LUKS2 devices with token " "connected to an SSH server\vThis plugin currently allows only adding a token " @@ -3749,107 +4044,111 @@ msgid "" "user and paths) will be stored in the LUKS2 header in plaintext." msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:138 +#: tokens/ssh/cryptsetup-ssh.c:151 msgid "<action> <device>" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:141 +#: tokens/ssh/cryptsetup-ssh.c:154 msgid "Options for the 'add' action:" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:142 +#: tokens/ssh/cryptsetup-ssh.c:155 msgid "IP address/URL of the remote server for this token" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:143 +#: tokens/ssh/cryptsetup-ssh.c:156 msgid "Username used for the remote server" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:144 +#: tokens/ssh/cryptsetup-ssh.c:157 msgid "Path to the key file on the remote server" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:145 +#: tokens/ssh/cryptsetup-ssh.c:158 msgid "Path to the SSH key for connecting to the remote server" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:146 +#: tokens/ssh/cryptsetup-ssh.c:160 +msgid "Path to directory containinig libcryptsetup external tokens" +msgstr "" + +#: tokens/ssh/cryptsetup-ssh.c:161 msgid "" "Keyslot to assign the token to. If not specified, token will be assigned to " "the first keyslot matching provided passphrase." msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:148 +#: tokens/ssh/cryptsetup-ssh.c:163 msgid "Generic options:" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:149 +#: tokens/ssh/cryptsetup-ssh.c:164 msgid "Shows more detailed error messages" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:150 +#: tokens/ssh/cryptsetup-ssh.c:165 msgid "Show debug messages" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:151 +#: tokens/ssh/cryptsetup-ssh.c:166 msgid "Show debug messages including JSON metadata" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:262 +#: tokens/ssh/cryptsetup-ssh.c:281 msgid "Failed to open and import private key:\n" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:266 +#: tokens/ssh/cryptsetup-ssh.c:285 msgid "Failed to import private key (password protected?).\n" msgstr "" #. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " -#: tokens/ssh/cryptsetup-ssh.c:268 +#: tokens/ssh/cryptsetup-ssh.c:287 #, c-format msgid "%s@%s's password: " msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:357 +#: tokens/ssh/cryptsetup-ssh.c:376 #, c-format msgid "Failed to parse arguments.\n" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:368 +#: tokens/ssh/cryptsetup-ssh.c:387 #, c-format msgid "An action must be specified\n" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:374 +#: tokens/ssh/cryptsetup-ssh.c:393 #, c-format msgid "Device must be specified for '%s' action.\n" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:379 +#: tokens/ssh/cryptsetup-ssh.c:398 #, c-format msgid "SSH server must be specified for '%s' action.\n" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:384 +#: tokens/ssh/cryptsetup-ssh.c:403 #, c-format msgid "SSH user must be specified for '%s' action.\n" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:389 +#: tokens/ssh/cryptsetup-ssh.c:408 #, c-format msgid "SSH path must be specified for '%s' action.\n" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:394 +#: tokens/ssh/cryptsetup-ssh.c:413 #, c-format msgid "SSH key path must be specified for '%s' action.\n" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:401 +#: tokens/ssh/cryptsetup-ssh.c:420 #, c-format msgid "Failed open %s using provided credentials.\n" msgstr "" -#: tokens/ssh/cryptsetup-ssh.c:417 +#: tokens/ssh/cryptsetup-ssh.c:437 #, c-format msgid "Only 'add' action is currently supported by this plugin.\n" msgstr "" @@ -4,6 +4,7 @@ # Milan Broz <mbroz@redhat.com>, 2010. # Petr Pisar <petr.pisar@atlas.cz>, 2010, 2011, 2012, 2013, 2014, 2015, 2016. # Petr Pisar <petr.pisar@atlas.cz>, 2017, 2018, 2019, 2020, 2021, 2022, 2023. +# Petr Pisar <petr.pisar@atlas.cz>, 2024. # # See `LUKS On-Disk Format Specification' document to clarify some terms. # @@ -17,6 +18,7 @@ # key slot → pozice klÃÄe # keyring → klÃÄenka # online mode → (režim) za bÄ›hu +# OPAL → Opal (správný zápis je takto) # plain/LUKS1 crypt → Å¡ifra plain/LUKS1 („plain“ nepÅ™ekládat) # (reencryption) recover → obnova (jedná se o Äinnost pÅ™ed samotným navázánÃm # rozdÄ›laného pÅ™eÅ¡ifrovánÃ, obvykle po výpadku napájenÃ). @@ -29,10 +31,10 @@ # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.6.1-rc0\n" +"Project-Id-Version: cryptsetup 2.7.0-rc1\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2023-02-01 15:58+0100\n" -"PO-Revision-Date: 2023-02-02 18:11+01:00\n" +"POT-Creation-Date: 2023-12-20 15:16+0100\n" +"PO-Revision-Date: 2024-01-06 14:50+01:00\n" "Last-Translator: Petr Pisar <petr.pisar@atlas.cz>\n" "Language-Team: Czech <translation-team-cs@lists.sourceforge.net>\n" "Language: cs\n" @@ -50,58 +52,62 @@ msgstr "Nelze inicializovat device-mapper, nespuÅ¡tÄ›no superuživatelem." msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Nelze inicializovat device-mapper. Je jaderný modul dm_mod zaveden?" -#: lib/libdevmapper.c:1102 +#: lib/libdevmapper.c:1103 msgid "Requested deferred flag is not supported." msgstr "Požadovaný pÅ™Ãznak odloženà nenà podporován." -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1172 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "DM-UUID pro zaÅ™Ãzenà %s bylo zkráceno." -#: lib/libdevmapper.c:1501 +#: lib/libdevmapper.c:1510 msgid "Unknown dm target type." msgstr "Neznámý druh cÃle DM." -#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 -#: lib/libdevmapper.c:1727 +#: lib/libdevmapper.c:1629 lib/libdevmapper.c:1635 lib/libdevmapper.c:1738 +#: lib/libdevmapper.c:1741 msgid "Requested dm-crypt performance options are not supported." msgstr "Požadované výkonnostnà volby dm-cryptu nejsou podporovány." -#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 +#: lib/libdevmapper.c:1644 lib/libdevmapper.c:1656 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Požadované volby, jak zacházet s poÅ¡kozenÃm dat dm-verity, nejsou podporovány." -#: lib/libdevmapper.c:1641 +#: lib/libdevmapper.c:1650 msgid "Requested dm-verity tasklets option is not supported." msgstr "Požadovaná volba taskletu dm-cryptu nenà podporována." -#: lib/libdevmapper.c:1653 +#: lib/libdevmapper.c:1662 msgid "Requested dm-verity FEC options are not supported." msgstr "Požadované FEC volby dm-cryptu nejsou podporovány." -#: lib/libdevmapper.c:1659 +#: lib/libdevmapper.c:1668 msgid "Requested data integrity options are not supported." msgstr "Požadované volby integrity dat nejsou podporovány." -#: lib/libdevmapper.c:1663 +#: lib/libdevmapper.c:1672 msgid "Requested sector_size option is not supported." msgstr "Požadované volby sector_size nenà podporována." -#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 +#: lib/libdevmapper.c:1677 +msgid "The device size is not multiple of the requested sector size." +msgstr "Velikost zaÅ™Ãzenà nenà násobkem požadované velikosti sektoru." + +#: lib/libdevmapper.c:1684 lib/libdevmapper.c:1690 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Požadovaný automatický pÅ™epoÄet znaÄek integrity nenà podporován." -#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 -#: lib/luks2/luks2_json_metadata.c:2620 +#: lib/libdevmapper.c:1696 lib/libdevmapper.c:1744 lib/libdevmapper.c:1747 +#: lib/luks2/luks2_json_metadata.c:2754 msgid "Discard/TRIM is not supported." msgstr "Zahazovánà (TRIM) nenà podporováno." -#: lib/libdevmapper.c:1688 +#: lib/libdevmapper.c:1702 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Požadovaný režim bitmapy integrity DM nenà podporován." -#: lib/libdevmapper.c:2724 +#: lib/libdevmapper.c:2738 #, c-format msgid "Failed to query dm-%s segment." msgstr "Dotaz na Äást dm-%s selhal." @@ -136,657 +142,748 @@ msgstr "Požadována neznámá kvalita generátoru náhodných ÄÃsel." msgid "Error reading from RNG." msgstr "Chyba pÅ™i Ätenà z generátoru náhodných ÄÃsel." -#: lib/setup.c:231 +#: lib/setup.c:261 +msgid "OPAL support is disabled in libcryptsetup." +msgstr "Podpora pro Opal je v libcryptsetup vypnuta." + +#: lib/setup.c:263 +#, c-format +msgid "Device %s or kernel does not support OPAL encryption." +msgstr "ZaÅ™Ãzenà %s nebo jádro nepodporuje Å¡ifrovánà Opal." + +#: lib/setup.c:279 msgid "Cannot initialize crypto RNG backend." msgstr "Implementaci Å¡ifrovacÃho generátoru náhodných ÄÃsel nelze inicializovat." -#: lib/setup.c:237 +#: lib/setup.c:285 msgid "Cannot initialize crypto backend." msgstr "Implementaci Å¡ifrovánà nelze inicializovat." -#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 +#: lib/setup.c:317 lib/setup.c:2777 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "HaÅ¡ovacà algoritmus %s nenà podporován." -#: lib/setup.c:271 lib/loopaes/loopaes.c:90 +#: lib/setup.c:320 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Chyba zpracovánà klÃÄe (za použità haÅ¡e %s)." -#: lib/setup.c:342 lib/setup.c:369 +#: lib/setup.c:391 lib/setup.c:428 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Druh zaÅ™Ãzenà nelze urÄit. Nekompatibilnà aktivace zaÅ™ÃzenÃ?" -#: lib/setup.c:348 lib/setup.c:3320 +#: lib/setup.c:397 lib/setup.c:3971 msgid "This operation is supported only for LUKS device." msgstr "Tato operace je podporována jen u zaÅ™Ãzenà LUKS." -#: lib/setup.c:375 +#: lib/setup.c:434 msgid "This operation is supported only for LUKS2 device." msgstr "Tato operace je podporována jen u zaÅ™Ãzenà LUKS2." -#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 +#: lib/setup.c:491 lib/luks2/luks2_reencrypt.c:3056 msgid "All key slots full." msgstr "VÅ¡echny pozice klÃÄů jsou obsazeny." -#: lib/setup.c:438 +#: lib/setup.c:502 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Pozice klÃÄe %d nenà platná, prosÃm, vyberte ÄÃslo mezi 0 a %d." -#: lib/setup.c:444 +#: lib/setup.c:508 #, c-format msgid "Key slot %d is full, please select another one." msgstr "Pozice klÃÄe %d je obsazena, prosÃm, vyberte jinou." -#: lib/setup.c:529 lib/setup.c:3042 +#: lib/setup.c:619 lib/setup.c:3672 msgid "Device size is not aligned to device logical block size." msgstr "Velikost zaÅ™Ãzenà nenà zarovnaná na velikost logického sektoru zaÅ™ÃzenÃ." -#: lib/setup.c:627 +#: lib/setup.c:717 #, c-format msgid "Header detected but device %s is too small." msgstr "Nalezena hlaviÄka, ale zaÅ™Ãzenà %s je pÅ™ÃliÅ¡ malé." -#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 -#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 +#: lib/setup.c:758 lib/setup.c:3563 lib/setup.c:5163 +#: lib/luks2/luks2_reencrypt.c:3848 lib/luks2/luks2_reencrypt.c:4305 msgid "This operation is not supported for this device type." msgstr "Tato operace nenà na zaÅ™Ãzenà tohoto typu podporována." -#: lib/setup.c:673 +#: lib/setup.c:763 msgid "Illegal operation with reencryption in-progress." msgstr "Zakázaná operace spolu s probÃhajÃcÃm pÅ™eÅ¡ifrovánÃ." -#: lib/setup.c:802 +#: lib/setup.c:895 msgid "Failed to rollback LUKS2 metadata in memory." msgstr "Nahránà původnÃch metadat LUKS2 do pamÄ›ti selhalo." -#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 -#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 -#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 -#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 -#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 -#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:982 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1374 src/cryptsetup.c:1799 +#: src/cryptsetup.c:1962 src/cryptsetup.c:2017 src/cryptsetup.c:2222 +#: src/cryptsetup.c:2392 src/cryptsetup.c:2673 src/cryptsetup.c:2981 +#: src/cryptsetup.c:3049 src/utils_reencrypt.c:1488 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:85 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "ZaÅ™Ãzenà %s nenà platným zaÅ™ÃzenÃm LUKS." -#: lib/setup.c:892 lib/luks1/keymanage.c:530 +#: lib/setup.c:985 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "Nepodporovaná verze LUKS %d." -#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 -#: lib/setup.c:2952 lib/setup.c:4764 +#: lib/setup.c:1358 +#, c-format +msgid "No known cipher specification pattern detected for active device %s." +msgstr "Na aktivnÃm zaÅ™Ãzenà %s nebyl nalezen žádný známý vzorek urÄujÃcà šifrovánÃ." + +#: lib/setup.c:1604 lib/setup.c:3317 lib/setup.c:3399 lib/setup.c:3411 +#: lib/setup.c:3581 lib/setup.c:5755 #, c-format msgid "Device %s is not active." msgstr "ZaÅ™Ãzenà %s nenà aktivnÃ." -#: lib/setup.c:1508 +#: lib/setup.c:1621 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "ZaÅ™Ãzenà nižšà úrovnÄ› pod Å¡ifrovaným zaÅ™ÃzenÃm %s zmizelo." -#: lib/setup.c:1590 +#: lib/setup.c:1703 msgid "Invalid plain crypt parameters." msgstr "Neplatné parametry plain Å¡ifry." -#: lib/setup.c:1595 lib/setup.c:2054 +#: lib/setup.c:1708 lib/setup.c:2680 msgid "Invalid key size." msgstr "Neplatná velikost klÃÄe." -#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 +#: lib/setup.c:1713 lib/setup.c:2685 lib/setup.c:2888 msgid "UUID is not supported for this crypt type." msgstr "UUID nenà na Å¡ifÅ™e tohoto typu podporováno." -#: lib/setup.c:1605 lib/setup.c:2064 +#: lib/setup.c:1718 lib/setup.c:2690 msgid "Detached metadata device is not supported for this crypt type." msgstr "ZaÅ™Ãzenà s oddÄ›lenými metadaty nenà na Å¡ifÅ™e tohoto typu podporováno." -#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 -#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 +#: lib/setup.c:1728 lib/setup.c:1963 lib/luks2/luks2_reencrypt.c:3012 +#: src/cryptsetup.c:1467 src/cryptsetup.c:3726 msgid "Unsupported encryption sector size." msgstr "Nepodporovaná velikost Å¡ifrovaného sektoru." -#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 +#: lib/setup.c:1736 lib/setup.c:1992 lib/setup.c:3666 msgid "Device size is not aligned to requested sector size." msgstr "Velikost zaÅ™Ãzenà nenà zarovnaná na požadovanou velikost sektoru." -#: lib/setup.c:1675 lib/setup.c:1799 +#: lib/setup.c:1788 lib/setup.c:2025 lib/setup.c:2357 msgid "Can't format LUKS without device." msgstr "LUKS nelze bez zaÅ™Ãzenà naformátovat." -#: lib/setup.c:1681 lib/setup.c:1805 +#: lib/setup.c:1794 lib/setup.c:2031 lib/setup.c:2363 msgid "Requested data alignment is not compatible with data offset." msgstr "Požadované zarovnánà dat nenà sluÄitelné s polohou dat." -#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 +#: lib/setup.c:1834 lib/setup.c:2049 +msgid "WARNING: DAX device can corrupt data as it does not guarantee atomic sector updates.\n" +msgstr "POZOR: ZaÅ™Ãzené DAX může poÅ¡kodit data, protože nezaruÄuje atomické aktualizace sektorů.\n" + +#: lib/setup.c:1872 lib/setup.c:2144 lib/setup.c:2165 lib/setup.c:2541 +#: lib/setup.c:2587 lib/setup.c:2900 #, c-format msgid "Cannot wipe header on device %s." msgstr "Ze zaÅ™Ãzenà %s nelze odstranit hlaviÄku." -#: lib/setup.c:1769 lib/setup.c:2036 +#: lib/setup.c:1885 lib/setup.c:2204 #, c-format msgid "Device %s is too small for activation, there is no remaining space for data.\n" msgstr "ZaÅ™Ãzenà %s je na aktivaci pÅ™ÃliÅ¡ malé. Nezbývá žádné mÃsto pro data.\n" -#: lib/setup.c:1840 -msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" -msgstr "POZOR: Aktivace zaÅ™Ãzenà selže, dm-crypt nepodporuje požadovanou velikost Å¡ifrovaného sektoru.\n" - -#: lib/setup.c:1863 +#: lib/setup.c:1925 msgid "Volume key is too small for encryption with integrity extensions." msgstr "KlÃÄ svazku je pÅ™ÃliÅ¡ malý na Å¡ifrovanà s rozÅ¡ÃÅ™enÃmi pro integritu." -#: lib/setup.c:1923 +#: lib/setup.c:1934 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Å ifra %s-%s (velikost klÃÄe %zd bitů) nenà dostupná." -#: lib/setup.c:1949 -#, c-format -msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" -msgstr "POZOR: Metadata LUKS2 zmÄ›nila velikost na %<PRIu64> bajtů.\n" - -#: lib/setup.c:1953 -#, c-format -msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" -msgstr "POZOR: Oblast s pozicemi klÃÄů pro LUKS2 zmÄ›nila velikost na %<PRIu64> bajtů.\n" +#: lib/setup.c:1973 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "POZOR: Aktivace zaÅ™Ãzenà selže, dm-crypt nepodporuje požadovanou velikost Å¡ifrovaného sektoru.\n" -#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 +#: lib/setup.c:2147 lib/setup.c:2484 lib/setup.c:2544 lib/utils_device.c:917 +#: lib/luks1/keyencryption.c:255 lib/luks2/luks2_reencrypt.c:3080 +#: lib/luks2/luks2_reencrypt.c:4364 #, c-format msgid "Device %s is too small." msgstr "ZaÅ™Ãzenà %s je pÅ™ÃliÅ¡ malé." -#: lib/setup.c:1990 lib/setup.c:2016 +#: lib/setup.c:2158 lib/setup.c:2184 lib/setup.c:2580 lib/setup.c:2626 #, c-format msgid "Cannot format device %s in use." msgstr "ZaÅ™Ãzenà %s, které se použÃvá, nelze formátovat." -#: lib/setup.c:1993 lib/setup.c:2019 +#: lib/setup.c:2161 lib/setup.c:2187 lib/setup.c:2583 lib/setup.c:2629 #, c-format msgid "Cannot format device %s, permission denied." msgstr "ZaÅ™Ãzenà %s nelze formátovat, povolenà zamÃtnuto." # FIXME "format integrity" is nonsense -#: lib/setup.c:2005 lib/setup.c:2334 +#: lib/setup.c:2173 lib/setup.c:2600 lib/setup.c:2960 #, c-format msgid "Cannot format integrity for device %s." msgstr "ZaÅ™Ãzenà %s nenà možné formátovat integritu." -#: lib/setup.c:2023 +#: lib/setup.c:2191 lib/setup.c:2637 #, c-format msgid "Cannot format device %s." msgstr "ZaÅ™Ãzenà %s nelze formátovat." -#: lib/setup.c:2049 +#: lib/setup.c:2234 +msgid "Cannot get OPAL alignment parameters." +msgstr "Parametry zarovnánà Opal nelze zÃskat." + +#: lib/setup.c:2243 +msgid "Bogus OPAL logical block size." +msgstr "Chybná velikost logického bloku Opal." + +#: lib/setup.c:2249 +msgid "Requested data offset is not compatible with OPAL block size." +msgstr "Požadovaná poloha dat nenà sluÄitelná s velikostà bloku Opal." + +#: lib/setup.c:2256 +msgid "Requested data alignment is not compatible with OPAL alignment." +msgstr "Požadované zarovnánà dat nenà sluÄitelné se zarovnánÃm Opal." + +#: lib/setup.c:2276 +msgid "Data offset does not satisfy OPAL alignment requirements." +msgstr "Poloha dat nesplňuje požadavky Opal na zarovnánÃ." + +#: lib/setup.c:2289 +msgid "Requested data alignment does not satisfy locking range alignment requirements." +msgstr "Požadované zarovnánà dat nesplňuje požadavky na zarovnánà uzamykatelné oblasti." + +# TODO: Pluralize +#: lib/setup.c:2494 +#, c-format +msgid "Compensating device size by %<PRIu64> sectors to align it with OPAL alignment granularity." +msgstr "Velikost zaÅ™Ãzenà byla dorovnána %<PRIu64> sektory, aby lÃcovala s granularitou zarovnánà Opal." + +#: lib/setup.c:2552 lib/setup.c:4068 lib/setup.c:4223 lib/utils_wipe.c:368 +#: lib/luks2/luks2_json_metadata.c:2703 lib/luks2/luks2_json_metadata.c:2955 +#, c-format +msgid "Failed to acquire OPAL lock on device %s." +msgstr "ZÃskánà zámku Opal na zaÅ™Ãzenà %s selhalo." + +#: lib/setup.c:2561 +msgid "Incorrect OPAL Admin key." +msgstr "Nesprávný klÃÄ správce Opal." + +#: lib/setup.c:2563 +msgid "Cannot setup OPAL segment." +msgstr "Část Opal nelze nastavit." + +#: lib/setup.c:2633 +#, c-format +msgid "Cannot format device %s, OPAL device seems to be fully write-protected now." +msgstr "ZaÅ™Ãzenà %s nelze formátovat, zaÅ™Ãzenà Opal je asi zcela chránÄ›no proti zápisu." + +#: lib/setup.c:2635 +msgid "This is perhaps a bug in firmware. Run OPAL PSID reset and reconnect for recovery." +msgstr "Toto je snad chyba ve firmwaru. Resetujte Opal zaÅ™Ãzenà pomocà PSID a znovu jej zapojte." + +#: lib/setup.c:2655 +#, c-format +msgid "Locking range %d reset on device %s failed." +msgstr "Reset uzamykatelné oblasti %d na zaÅ™Ãzenà %s selhal." + +#: lib/setup.c:2675 msgid "Can't format LOOPAES without device." msgstr "LOOPAES nelze bez zaÅ™Ãzenà naformátovat." -#: lib/setup.c:2094 +#: lib/setup.c:2720 msgid "Can't format VERITY without device." msgstr "VERITY nelze bez zaÅ™Ãzenà naformátovat." -#: lib/setup.c:2105 lib/verity/verity.c:101 +#: lib/setup.c:2731 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Nepodporovaný druh VERITY haÅ¡e %d." -#: lib/setup.c:2111 lib/verity/verity.c:109 +#: lib/setup.c:2737 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Nepodporovaná velikost bloku VERITY." -#: lib/setup.c:2116 lib/verity/verity.c:74 +#: lib/setup.c:2742 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Nepodporovaná poloha haÅ¡e VERITY." -#: lib/setup.c:2121 +#: lib/setup.c:2747 msgid "Unsupported VERITY FEC offset." msgstr "Nepodporovaná poloha VERITY FEC." -#: lib/setup.c:2145 +#: lib/setup.c:2771 msgid "Data area overlaps with hash area." msgstr "Oblast dat se pÅ™ekrývá s oblastà haÅ¡e." -#: lib/setup.c:2170 +#: lib/setup.c:2796 msgid "Hash area overlaps with FEC area." msgstr "Oblast FEC se pÅ™ekrývá s oblastà haÅ¡e." -#: lib/setup.c:2177 +#: lib/setup.c:2803 msgid "Data area overlaps with FEC area." msgstr "Oblast dat se pÅ™ekrývá s oblastà FEC." -#: lib/setup.c:2313 +#: lib/setup.c:2939 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "POZOR: Požadovaná velikost znaÄky %d bajtů se liÅ¡Ã od výstupu velikosti %s (%d bajtů).\n" -#: lib/setup.c:2392 +#: lib/setup.c:3018 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Požadován neznámý typ Å¡ifrovaného zaÅ™Ãzenà %s." -#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 +#: lib/setup.c:3325 lib/setup.c:3404 lib/setup.c:3417 #, c-format msgid "Unsupported parameters on device %s." msgstr "Nepodporované parametry na zaÅ™Ãzenà %s." -#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 -#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 +#: lib/setup.c:3331 lib/setup.c:3424 lib/luks2/luks2_reencrypt.c:2908 +#: lib/luks2/luks2_reencrypt.c:3145 lib/luks2/luks2_reencrypt.c:3540 #, c-format msgid "Mismatching parameters on device %s." -msgstr "NeodpovÃdajÃcà parametry an za zaÅ™Ãzenà %s." +msgstr "NeodpovÃdajÃcà parametry na zaÅ™Ãzenà %s." -#: lib/setup.c:2822 +#: lib/setup.c:3448 msgid "Crypt devices mismatch." msgstr "ZaÅ™Ãzenà dmcryptu si neodpovÃdajÃ." -#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 -#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 +#: lib/setup.c:3485 lib/setup.c:3490 lib/luks2/luks2_reencrypt.c:2390 +#: lib/luks2/luks2_reencrypt.c:2924 lib/luks2/luks2_reencrypt.c:4109 #, c-format msgid "Failed to reload device %s." msgstr "ZaÅ™Ãzenà %s nebylo možné znovu zavést." -#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 -#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 +#: lib/setup.c:3496 lib/setup.c:3502 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2368 lib/luks2/luks2_reencrypt.c:2938 #, c-format msgid "Failed to suspend device %s." msgstr "ZaÅ™Ãzenà %s nebylo možné pozastavit." -#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 -#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 -#: lib/luks2/luks2_reencrypt.c:4036 +#: lib/setup.c:3508 lib/luks2/luks2_reencrypt.c:2375 +#: lib/luks2/luks2_reencrypt.c:2959 lib/luks2/luks2_reencrypt.c:4022 +#: lib/luks2/luks2_reencrypt.c:4113 #, c-format msgid "Failed to resume device %s." msgstr "ZaÅ™Ãzenà %s nebylo možné probudit." -#: lib/setup.c:2897 +#: lib/setup.c:3523 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "NepÅ™ekonatelná chyba pÅ™i zavádÄ›nà zaÅ™Ãzenà %s (nad zaÅ™ÃzenÃm %s)." -#: lib/setup.c:2900 lib/setup.c:2902 +#: lib/setup.c:3526 lib/setup.c:3528 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "ZaÅ™Ãzenà %s nebylo možné pÅ™epnout do dm-error." -#: lib/setup.c:2984 +#: lib/setup.c:3568 +msgid "Can not resize LUKS2 device with static size." +msgstr "ZaÅ™Ãzenà LUKS2 se statickou velikostà nelze zmÄ›nit velikost." + +#: lib/setup.c:3613 msgid "Cannot resize loop device." -msgstr "Nelze zmÄ›nit velikost zaÅ™Ãzenà zpÄ›tné smyÄky." +msgstr "ZaÅ™Ãzenà zpÄ›tné smyÄky nelze zmÄ›nit velikost." -#: lib/setup.c:3027 +#: lib/setup.c:3657 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "" "POZOR: Maximálnà velikost je již nastavena nebo zmÄ›na velikosti nenà jádrem\n" "podporována.\n" -#: lib/setup.c:3088 +#: lib/setup.c:3723 msgid "Resize failed, the kernel doesn't support it." msgstr "ZmÄ›na velikosti selhala, jádro ji nepodporuje." -#: lib/setup.c:3120 +#: lib/setup.c:3755 msgid "Do you really want to change UUID of device?" msgstr "Opravdu chcete zmÄ›nit UUID zaÅ™ÃzenÃ?" -#: lib/setup.c:3212 +#: lib/setup.c:3847 msgid "Header backup file does not contain compatible LUKS header." msgstr "Soubor se zálohou hlaviÄky neobsahuje kompatibilnà hlaviÄku LUKS." -#: lib/setup.c:3328 +#: lib/setup.c:3956 #, c-format msgid "Volume %s is not active." msgstr "Svazek %s nenà aktivnÃ." -#: lib/setup.c:3339 +#: lib/setup.c:4022 #, c-format msgid "Volume %s is already suspended." msgstr "Svazek %s je již uspán." -#: lib/setup.c:3352 +#: lib/setup.c:4050 #, c-format msgid "Suspend is not supported for device %s." msgstr "Uspánà nenà na zaÅ™Ãzenà %s podporováno." -#: lib/setup.c:3354 +#: lib/setup.c:4052 lib/setup.c:4060 #, c-format msgid "Error during suspending device %s." msgstr "Chyba pÅ™i uspávánà zaÅ™Ãzenà %s." -#: lib/setup.c:3389 +#: lib/setup.c:4074 +#, c-format +msgid "Device %s was suspended but hardware OPAL device cannot be locked." +msgstr "ZaÅ™Ãzenà %s bylo uspáno, ale hardwarové zaÅ™Ãzenà Opal nelze uzamknout." + +#: lib/setup.c:4106 lib/setup.c:4250 #, c-format msgid "Resume is not supported for device %s." msgstr "Probuzenà nenà na zaÅ™Ãzenà %s podporováno." -#: lib/setup.c:3391 +#: lib/setup.c:4108 lib/setup.c:4241 lib/setup.c:4252 #, c-format msgid "Error during resuming device %s." msgstr "Chyba pÅ™i probouzenà zaÅ™Ãzenà %s." -#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 -#: src/cryptsetup.c:2479 +#: lib/setup.c:4131 +msgid "Failed to link key to the specified keyring." +msgstr "Do zadané klÃÄenky se nepodaÅ™ilo pÅ™ipojit klÃÄ." + +#: lib/setup.c:4150 +msgid "Failed to unlink volume key from user specified keyring." +msgstr "Z klÃÄenky zadané uživatelem se nepodaÅ™ilo odpojit klÃÄ svazku." + +#: lib/setup.c:4213 lib/setup.c:4934 lib/setup.c:5549 +msgid "Failed to link volume key in user defined keyring." +msgstr "Do uživatelem zadané klÃÄenky se nepodaÅ™ilo pÅ™idat klÃÄ svazku." + +#: lib/setup.c:4313 src/cryptsetup.c:2755 #, c-format msgid "Volume %s is not suspended." msgstr "Svazek %s nenà uspán." -#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 -#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 -#: src/cryptsetup.c:2011 +#: lib/setup.c:4414 lib/setup.c:5310 lib/setup.c:5317 lib/setup.c:7176 +#: lib/setup.c:7198 lib/setup.c:7247 src/cryptsetup.c:2265 msgid "Volume key does not match the volume." msgstr "Heslo svazku neodpovÃdá svazku." -#: lib/setup.c:3737 +#: lib/setup.c:4568 msgid "Failed to swap new key slot." msgstr "ZámÄ›na novou pozicà klÃÄe se nezdaÅ™ila." -#: lib/setup.c:3835 +#: lib/setup.c:4666 #, c-format msgid "Key slot %d is invalid." msgstr "Pozice klÃÄe %d je neplatná." -#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 -#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 +#: lib/setup.c:4672 src/cryptsetup.c:1975 src/cryptsetup.c:2467 +#: src/cryptsetup.c:3149 src/cryptsetup.c:3209 #, c-format msgid "Keyslot %d is not active." msgstr "Pozice klÃÄe %d nenà aktivnÃ." -#: lib/setup.c:3860 +#: lib/setup.c:4691 msgid "Device header overlaps with data area." msgstr "HlaviÄka zaÅ™Ãzenà se pÅ™ekrývá s datovou oblastÃ." -#: lib/setup.c:4165 +#: lib/setup.c:5041 msgid "Reencryption in-progress. Cannot activate device." msgstr "PÅ™eÅ¡ifrovánà již probÃhá. ZaÅ™Ãzenà nelze aktivovat." -#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 -#: lib/luks2/luks2_reencrypt.c:3590 +#: lib/setup.c:5043 lib/luks2/luks2_json_metadata.c:2861 +#: lib/luks2/luks2_reencrypt.c:3646 msgid "Failed to get reencryption lock." msgstr "ZÃskánà zámku pro pÅ™eÅ¡ifrovánà selhalo." -#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 +#: lib/setup.c:5056 lib/luks2/luks2_reencrypt.c:3665 msgid "LUKS2 reencryption recovery failed." msgstr "Obnova pÅ™eÅ¡ifrovánà LUKS2 selhalo." -#: lib/setup.c:4352 lib/setup.c:4618 +#: lib/setup.c:5228 lib/setup.c:5328 lib/setup.c:5386 msgid "Device type is not properly initialized." msgstr "Typ zaÅ™Ãzenà nenà řádnÄ› inicializován." -#: lib/setup.c:4400 +#: lib/setup.c:5283 #, c-format msgid "Device %s already exists." msgstr "ZaÅ™Ãzenà %s již existuje." -#: lib/setup.c:4407 +#: lib/setup.c:5290 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "ZaÅ™Ãzenà %s nelze použÃt. Název nenà platný nebo zaÅ™Ãzenà se stále použÃvá." -#: lib/setup.c:4527 +#: lib/setup.c:5306 msgid "Incorrect volume key specified for plain device." msgstr "Byl zadán neplatný klÃÄ svazku." -#: lib/setup.c:4644 -msgid "Incorrect root hash specified for verity device." -msgstr "K zaÅ™Ãzenà VERITY byl zadán neplatný koÅ™enový haÅ¡." - -#: lib/setup.c:4654 -msgid "Root hash signature required." -msgstr "Je potÅ™eba podpis koÅ™enového otisku." +#: lib/setup.c:5424 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Jaderná klÃÄenka nenà jádrem podporována." -#: lib/setup.c:4663 +#: lib/setup.c:5428 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Jaderná klÃÄenka chybÃ: je potÅ™eba pro pÅ™edánà podpisu do jádra." -#: lib/setup.c:4680 lib/setup.c:6423 -msgid "Failed to load key in kernel keyring." -msgstr "KlÃÄ se nepodaÅ™ilo pÅ™idat do jaderné klÃÄenky." +#: lib/setup.c:5668 +msgid "Incorrect root hash specified for verity device." +msgstr "K zaÅ™Ãzenà VERITY byl zadán neplatný koÅ™enový haÅ¡." + +#: lib/setup.c:5711 +msgid "OPAL does not support deferred deactivation." +msgstr "Opal nepodporuje odloženou deaktivaci." -#: lib/setup.c:4736 +#: lib/setup.c:5727 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Odložené odebránà zaÅ™Ãzenà %s nebylo možné zruÅ¡it." -#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 +#: lib/setup.c:5734 lib/setup.c:5750 lib/luks2/luks2_json_metadata.c:2915 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "ZaÅ™Ãzenà %s se stále použÃvá." -#: lib/setup.c:4768 +#: lib/setup.c:5759 #, c-format msgid "Invalid device %s." msgstr "Neplatné zaÅ™Ãzenà %s." -#: lib/setup.c:4908 +#: lib/setup.c:5899 msgid "Volume key buffer too small." msgstr "Vyhrazená paměť pro klÃÄ svazku je pÅ™ÃliÅ¡ malá." -#: lib/setup.c:4925 +#: lib/setup.c:5916 msgid "Cannot retrieve volume key for LUKS2 device." msgstr "Nelze zÃskat klÃÄ svazku pro zaÅ™Ãzenà LUKS2." -#: lib/setup.c:4934 +#: lib/setup.c:5925 msgid "Cannot retrieve volume key for LUKS1 device." msgstr "Nelze zÃskat klÃÄ svazku pro zaÅ™Ãzenà LUKS1." -#: lib/setup.c:4944 +#: lib/setup.c:5935 msgid "Cannot retrieve volume key for plain device." msgstr "Nelze zÃskat klÃÄ svazku pro otevÅ™ené zaÅ™ÃzenÃ." -#: lib/setup.c:4952 +#: lib/setup.c:5943 msgid "Cannot retrieve root hash for verity device." msgstr "K zaÅ™Ãzenà VERITY nelze zÃskat koÅ™enový otisk." -#: lib/setup.c:4959 +#: lib/setup.c:5950 msgid "Cannot retrieve volume key for BITLK device." msgstr "Nelze zÃskat klÃÄ svazku pro zaÅ™Ãzenà BITLK." -#: lib/setup.c:4964 +#: lib/setup.c:5955 msgid "Cannot retrieve volume key for FVAULT2 device." msgstr "Nelze zÃskat klÃÄ svazku pro zaÅ™Ãzenà FVAULT2." -#: lib/setup.c:4966 +#: lib/setup.c:5957 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Na Å¡ifrovaném zaÅ™Ãzenà %s nenà tato operace podporována." -#: lib/setup.c:5147 lib/setup.c:5158 +#: lib/setup.c:6141 lib/setup.c:6152 msgid "Dump operation is not supported for this device type." msgstr "Operace výpisu nenà na zaÅ™Ãzenà tohoto typu podporována." -#: lib/setup.c:5500 +#: lib/setup.c:6511 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "PoÄátek dat nenà násobkem %u bajtů." -#: lib/setup.c:5788 +#: lib/setup.c:6819 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "ZaÅ™Ãzenà %s, které se stále použÃvá, nelze konvertovat." -#: lib/setup.c:6098 lib/setup.c:6237 +#: lib/setup.c:7117 lib/setup.c:7256 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "PÅ™iÅ™azenà pozice klÃÄe %u jakožto nového klÃÄe svazku se nezdaÅ™ilo." -#: lib/setup.c:6122 +#: lib/setup.c:7141 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Inicializace parametrů výchozà pozice klÃÄe LUKS2 selhala." -#: lib/setup.c:6128 +#: lib/setup.c:7147 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "PÅ™iÅ™azenà pozice klÃÄe %d k otisku se nezdaÅ™ilo." -#: lib/setup.c:6353 +#: lib/setup.c:7372 msgid "Cannot add key slot, all slots disabled and no volume key provided." msgstr "Nelze pÅ™idat pozici klÃÄe, vÅ¡echny pozice jsou zakázány a klÃÄ svazku nebyl poskytnut." -#: lib/setup.c:6490 -msgid "Kernel keyring is not supported by the kernel." -msgstr "Jaderná klÃÄenka nenà jádrem podporována." +#: lib/setup.c:7441 lib/verity/verity.c:343 +msgid "Failed to load key in kernel keyring." +msgstr "KlÃÄ se nepodaÅ™ilo pÅ™idat do jaderné klÃÄenky." + +#: lib/setup.c:7559 +msgid "Failed to unlink volume key from thread keyring." +msgstr "KlÃÄ se nepodaÅ™ilo odstranit z klÃÄenky vlákna." -#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 +#: lib/setup.c:7586 #, c-format -msgid "Failed to read passphrase from keyring (error %d)." -msgstr "ÄŒtenà hesla z klÃÄenky selhalo (chyba %d)." +msgid "Could not find keyring described by \"%s\"." +msgstr "KlÃÄenku zadanou jako „%s“ nebylo možné nalézt." -#: lib/setup.c:6523 +#: lib/setup.c:7645 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "ZÃskánà zámku pro tvrdý pÅ™Ãstup do globálnà pamÄ›ti selhalo." -#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 +#: lib/utils.c:205 lib/tcrypt/tcrypt.c:503 msgid "Failed to open key file." msgstr "Soubor s klÃÄem se nepodaÅ™ilo otevÅ™Ãt." -#: lib/utils.c:163 +#: lib/utils.c:210 msgid "Cannot read keyfile from a terminal." msgstr "Soubor s klÃÄem nelze z terminálu pÅ™eÄÃst." -#: lib/utils.c:179 +#: lib/utils.c:226 msgid "Failed to stat key file." msgstr "O souboru s klÃÄem nebylo možné zjistit údaje." -#: lib/utils.c:187 lib/utils.c:208 +#: lib/utils.c:234 lib/utils.c:255 msgid "Cannot seek to requested keyfile offset." msgstr "Nelze se pÅ™esunout na požadované mÃsto v souboru s klÃÄem." -#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 -#: src/utils_password.c:237 +#: lib/utils.c:249 lib/utils.c:264 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "PÅ™i Ätenà hesla doÅ¡la paměť." -#: lib/utils.c:237 +#: lib/utils.c:284 msgid "Error reading passphrase." msgstr "Chyba pÅ™i Ätenà hesla." -#: lib/utils.c:254 +#: lib/utils.c:301 msgid "Nothing to read on input." msgstr "Na vstupu nenà nic k pÅ™eÄtenÃ." -#: lib/utils.c:261 +#: lib/utils.c:308 msgid "Maximum keyfile size exceeded." msgstr "Maximálnà délka souboru s klÃÄem pÅ™ekroÄena." -#: lib/utils.c:266 +#: lib/utils.c:313 msgid "Cannot read requested amount of data." msgstr "Požadované množstvà dat nelze naÄÃst." -#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 +#: lib/utils_device.c:213 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1461 #, c-format msgid "Device %s does not exist or access denied." msgstr "ZaÅ™Ãzenà %s neexistuje nebo pÅ™Ãstup byl zamÃtnut." -#: lib/utils_device.c:217 +#: lib/utils_device.c:223 #, c-format msgid "Device %s is not compatible." msgstr "ZaÅ™Ãzenà %s nenà kompatibilnÃ." -#: lib/utils_device.c:561 +#: lib/utils_device.c:567 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "U zaÅ™Ãzenà s daty se ignoruje chybná optimálnà velikost I/O (%u bajtů)." # TODO: Pluralize -#: lib/utils_device.c:722 +#: lib/utils_device.c:728 #, c-format msgid "Device %s is too small. Need at least %<PRIu64> bytes." msgstr "ZaÅ™Ãzenà %s je pÅ™ÃliÅ¡ malé. Je tÅ™eba alespoň %<PRIu64> bajtů." -#: lib/utils_device.c:803 +#: lib/utils_device.c:809 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "ZaÅ™Ãzenà %s nelze použÃt, protože se již použÃvá (již namapováno nebo pÅ™ipojeno)." -#: lib/utils_device.c:807 +#: lib/utils_device.c:813 #, c-format msgid "Cannot use device %s, permission denied." msgstr "ZaÅ™Ãzenà %s nelze použÃt, povolenà zamÃtnuto." -#: lib/utils_device.c:810 +#: lib/utils_device.c:816 #, c-format msgid "Cannot get info about device %s." msgstr "O zaÅ™Ãzenà %s nelze zÃskat údaje." -#: lib/utils_device.c:833 +#: lib/utils_device.c:839 msgid "Cannot use a loopback device, running as non-root user." msgstr "ZaÅ™Ãzenà typu loopback nelze použÃt, nespuÅ¡tÄ›no superuživatelem." -#: lib/utils_device.c:844 +#: lib/utils_device.c:850 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "PÅ™ipojenà zaÅ™Ãzenà zpÄ›tné smyÄky selhalo (požadováno zaÅ™Ãzenà s pÅ™Ãznakem autoclear)." -#: lib/utils_device.c:892 +#: lib/utils_device.c:898 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Požadovaná poloha je za hranicà skuteÄné velikosti zaÅ™Ãzenà %s." -#: lib/utils_device.c:900 +#: lib/utils_device.c:906 #, c-format msgid "Device %s has zero size." msgstr "ZaÅ™Ãzenà %s má nulovou velikost." -#: lib/utils_pbkdf.c:100 +#: lib/utils_pbkdf.c:116 msgid "Requested PBKDF target time cannot be zero." msgstr "Požadovaný cÃlový Äas PBKDF nemůže být nula." -#: lib/utils_pbkdf.c:106 +#: lib/utils_pbkdf.c:122 #, c-format msgid "Unknown PBKDF type %s." msgstr "Neznámý druh PBKDF %s." -#: lib/utils_pbkdf.c:111 +#: lib/utils_pbkdf.c:127 #, c-format msgid "Requested hash %s is not supported." msgstr "Požadovaný haÅ¡ %s nenà podporován." -#: lib/utils_pbkdf.c:122 +#: lib/utils_pbkdf.c:138 msgid "Requested PBKDF type is not supported for LUKS1." msgstr "Požadovaný druh PBKDF nenà podporován formátem LUKS1." -#: lib/utils_pbkdf.c:128 +#: lib/utils_pbkdf.c:144 msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "PÅ™i PBKDF2 nesmà být nastavena maximálnà paměť pro PBKDF nebo poÄet souběžných vláken." -#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#: lib/utils_pbkdf.c:149 lib/utils_pbkdf.c:159 #, c-format msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "Vynucený poÄet opakovánà je pro %s pÅ™ÃliÅ¡ nÃzký (minimum je %u)." -#: lib/utils_pbkdf.c:148 +#: lib/utils_pbkdf.c:164 #, c-format msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." msgstr "Vynucená cena pamÄ›ti je pro %s pÅ™ÃliÅ¡ nÃzká (minimum je %u kilobajtů)." -#: lib/utils_pbkdf.c:155 +#: lib/utils_pbkdf.c:171 #, c-format msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." msgstr "Požadovaná maximálnà cena PBKDF pamÄ›ti je pÅ™ÃliÅ¡ vysoká (maximum je %d kilobajtů)." -#: lib/utils_pbkdf.c:160 +#: lib/utils_pbkdf.c:176 msgid "Requested maximum PBKDF memory cannot be zero." msgstr "Požadované maximum pamÄ›ti PBKDF nemůže být nula." -#: lib/utils_pbkdf.c:164 +#: lib/utils_pbkdf.c:180 msgid "Requested PBKDF parallel threads cannot be zero." msgstr "Požadovaný poÄet souběžných vláken PBKDF nemůže být nula." -#: lib/utils_pbkdf.c:184 +#: lib/utils_pbkdf.c:200 msgid "Only PBKDF2 is supported in FIPS mode." msgstr "V režimu FIPS je podporován jen PBKDF2." -#: lib/utils_benchmark.c:175 +#: lib/utils_benchmark.c:184 msgid "PBKDF benchmark disabled but iterations not set." msgstr "Porovnánà výkonu PBKDF je zakázáno, ale poÄet iteracà nenà nastaven." -#: lib/utils_benchmark.c:194 +#: lib/utils_benchmark.c:203 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "NesluÄitelné volby PBKDF2 (pÅ™i použità haÅ¡ovacÃho algoritmu %s)." -#: lib/utils_benchmark.c:214 +#: lib/utils_benchmark.c:223 msgid "Not compatible PBKDF options." msgstr "NesluÄitelné volby PBKDF." @@ -800,16 +897,24 @@ msgstr "Zamykánà zruÅ¡eno. Zamykacà cesta %s/%s je nepoužitelná (nenà adre msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Zamykánà zruÅ¡eno. Zamykacà cesta %s/%s je nepoužitelná (%s nenà adresářem)." -#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: lib/utils_wipe.c:156 lib/utils_wipe.c:227 src/utils_reencrypt_luks1.c:734 #: src/utils_reencrypt_luks1.c:832 msgid "Cannot seek to device offset." msgstr "Nelze se pÅ™esunout na požadované mÃsto v zaÅ™ÃzenÃ." -#: lib/utils_wipe.c:247 +#: lib/utils_wipe.c:249 #, c-format msgid "Device wipe error, offset %<PRIu64>." msgstr "Chyba pÅ™i ÄiÅ¡tÄ›nà zaÅ™Ãzenà na pozici %<PRIu64>." +#: lib/utils_wipe.c:344 +msgid "Incorrect OPAL PSID." +msgstr "Chybné PSID systému Opal." + +#: lib/utils_wipe.c:346 +msgid "Cannot erase OPAL device." +msgstr "ZaÅ™Ãzenà Opal nelze vymazat." + #: lib/luks1/keyencryption.c:39 #, c-format msgid "" @@ -829,7 +934,7 @@ msgstr "Zápis Å¡ifry by mÄ›l být ve tvaru [Å¡ifra]-[režim]-[iv]." #: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 #: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 -#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 +#: lib/luks2/luks2_json_metadata.c:1528 lib/luks2/luks2_keyslot.c:712 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Na zaÅ™Ãzenà %s nelze zapsat, povolenà zamÃtnuto." @@ -843,17 +948,17 @@ msgid "Failed to access temporary keystore device." msgstr "PÅ™Ãstup do doÄasného zaÅ™Ãzenà s úložiÅ¡tÄ›m klÃÄe selhal." #: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 -#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:197 msgid "IO error while encrypting keyslot." msgstr "Chyba vstupu/výstupu pÅ™i Å¡ifrovánà pozice klÃÄe." #: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 -#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:681 #: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 #: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 #: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 #: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 -#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: lib/luks2/luks2_json_metadata.c:1531 src/utils_reencrypt_luks1.c:121 #: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." @@ -875,32 +980,32 @@ msgstr "ZaÅ™Ãzenà %s je pÅ™ÃliÅ¡ malé. (LUKS1 vyžaduje alespoň %<PRIu64> b msgid "LUKS keyslot %u is invalid." msgstr "Pozice %u klÃÄe LUKS nenà platná." -#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1391 #, c-format msgid "Requested header backup file %s already exists." msgstr "Požadovaný soubor se zálohou hlaviÄky %s již existuje." -#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1393 #, c-format msgid "Cannot create header backup file %s." msgstr "Soubor se zálohou hlaviÄky %s nelze vytvoÅ™it." -#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1400 #, c-format msgid "Cannot write header backup file %s." msgstr "Nelze zapsat soubor %s se zálohou hlaviÄky." -#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1437 msgid "Backup file does not contain valid LUKS header." msgstr "Záložnà soubor neobsahuje platnou hlaviÄku LUKS." #: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 -#: lib/luks2/luks2_json_metadata.c:1420 +#: lib/luks2/luks2_json_metadata.c:1458 #, c-format msgid "Cannot open header backup file %s." msgstr "Nelze otevÅ™Ãt soubor se zálohou hlaviÄky %s." -#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1466 #, c-format msgid "Cannot read header backup file %s." msgstr "Soubor se zálohou hlaviÄky %s nelze naÄÃst." @@ -922,7 +1027,7 @@ msgstr "neobsahuje hlaviÄku LUKS. Nahrazenà hlaviÄky může zniÄit data na d msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "již obsahuje hlaviÄku LUKS. Nahrazenà hlaviÄky zniÄà existujÃcà pozice s klÃÄi." -#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1500 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -996,7 +1101,7 @@ msgstr "Režim LUKS Å¡ifry %s nenà platný." msgid "LUKS hash %s is invalid." msgstr "LUKS haÅ¡ %s nenà platný." -#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1352 msgid "No known problems detected for LUKS header." msgstr "V hlaviÄce LUKS nenalezen žádný známý problém." @@ -1016,8 +1121,8 @@ msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "Poloha dat u hlaviÄky LUKS musà být buÄ 0 nebo vÃce než velikost hlaviÄky." #: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 -#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 -#: src/utils_reencrypt.c:539 +#: lib/luks2/luks2_json_format.c:243 lib/luks2/luks2_json_metadata.c:1274 +#: src/utils_reencrypt.c:554 msgid "Wrong LUKS UUID format provided." msgstr "Poskytnut UUID LUKSu ve Å¡patném tvaru." @@ -1054,7 +1159,7 @@ msgstr "Pozici s klÃÄem nezle otevÅ™Ãt (za použità haÅ¡e %s)." msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Pozice klÃÄe %d nenà platná, prosÃm, vyberte pozici mezi 0 a %d." -#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:716 #, c-format msgid "Cannot wipe device %s." msgstr "ZaÅ™Ãzenà %s nenà možné smazat." @@ -1075,48 +1180,48 @@ msgstr "ZjiÅ¡tÄ›n nekompatibilnà soubor s klÃÄem loop-AES." msgid "Kernel does not support loop-AES compatible mapping." msgstr "Jádro nepodporuje mapovánà kompatibilnà s loop-AES." -#: lib/tcrypt/tcrypt.c:508 +#: lib/tcrypt/tcrypt.c:510 #, c-format msgid "Error reading keyfile %s." msgstr "Chyba pÅ™i Ätenà souboru s klÃÄem %s" -#: lib/tcrypt/tcrypt.c:558 +#: lib/tcrypt/tcrypt.c:560 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "PÅ™ekroÄena maximálnà délka hesla TCRYPT (%zu)." -#: lib/tcrypt/tcrypt.c:600 +#: lib/tcrypt/tcrypt.c:602 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "HaÅ¡ovacà algoritmus PBKDF2 %s nenà podporován, pÅ™eskakuje se." -#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1227 msgid "Required kernel crypto interface not available." msgstr "Požadované kryptografické rozhranà jádra nenà dostupné." -#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 +#: lib/tcrypt/tcrypt.c:623 src/cryptsetup.c:1229 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "UjistÄ›te se, že jaderný modul algif_skcipher je zaveden." -#: lib/tcrypt/tcrypt.c:762 +#: lib/tcrypt/tcrypt.c:764 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Aktivace nad sektory o velikosti %d nenà podporována." -#: lib/tcrypt/tcrypt.c:768 +#: lib/tcrypt/tcrypt.c:770 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Jádro nepodporuje aktivaci v tomto zastaralém režimu TCRYPT." -#: lib/tcrypt/tcrypt.c:799 +#: lib/tcrypt/tcrypt.c:801 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Aktivuje se systémové Å¡ifrovánà TCRYPT pro oddÃl %s." -#: lib/tcrypt/tcrypt.c:882 +#: lib/tcrypt/tcrypt.c:884 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Jádro nepodporuje mapovánà kompatibilnà s TCRYPT." -#: lib/tcrypt/tcrypt.c:1095 +#: lib/tcrypt/tcrypt.c:1097 msgid "This function is not supported without TCRYPT header load." msgstr "Bez dat s hlaviÄkou TCRYPT nenà tato funkce podporována." @@ -1175,74 +1280,74 @@ msgstr "Z %s nebylo možné naÄÃst položky metadat BITLK." msgid "Failed to convert BITLK volume description" msgstr "PÅ™evod popisu svazku BITLK se nezdaÅ™il" -#: lib/bitlk/bitlk.c:882 +#: lib/bitlk/bitlk.c:884 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "PÅ™i rozboru externÃho klÃÄe byla v metadatech nalezena položka neÄekaného typu „%u“." -#: lib/bitlk/bitlk.c:905 +#: lib/bitlk/bitlk.c:907 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "GUID „%s“ souboru BEK neodpovÃdá GUID svazku." -#: lib/bitlk/bitlk.c:909 +#: lib/bitlk/bitlk.c:911 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "PÅ™i rozboru externÃho klÃÄe byla v metadatech nalezena položka s neÄekanou hodnotou „%u“." -#: lib/bitlk/bitlk.c:948 +#: lib/bitlk/bitlk.c:950 #, c-format msgid "Unsupported BEK metadata version %<PRIu32>" msgstr "Nepodporovaná metadata BEK verze %<PRIu32>." -#: lib/bitlk/bitlk.c:953 +#: lib/bitlk/bitlk.c:955 #, c-format msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length" msgstr "NeÄekaná velikost metadat BEK %<PRIu32> neodpovÃdá délce souboru BEK" -#: lib/bitlk/bitlk.c:979 +#: lib/bitlk/bitlk.c:981 msgid "Unexpected metadata entry found when parsing startup key." msgstr "PÅ™i rozboru startovacÃho klÃÄe byla v metadatech nalezena neÄekaná položka." -#: lib/bitlk/bitlk.c:1075 +#: lib/bitlk/bitlk.c:1076 msgid "This operation is not supported." msgstr "Tato operace nenà podporována." -#: lib/bitlk/bitlk.c:1083 +#: lib/bitlk/bitlk.c:1084 msgid "Unexpected key data size." msgstr "NeÄekaná velikost údajů o klÃÄi." -#: lib/bitlk/bitlk.c:1209 +#: lib/bitlk/bitlk.c:1210 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Toto zaÅ™Ãzenà BITLK je v nepodporovaném stavu a nelze jej aktivovat." -#: lib/bitlk/bitlk.c:1214 +#: lib/bitlk/bitlk.c:1215 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "ZaÅ™Ãzenà BITLK s typem „%s“ nelze aktivovat." -#: lib/bitlk/bitlk.c:1221 +#: lib/bitlk/bitlk.c:1222 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Aktivace ÄásteÄnÄ› deÅ¡ifrovaného zaÅ™Ãzenà BITLK nenà podporována." -#: lib/bitlk/bitlk.c:1262 +#: lib/bitlk/bitlk.c:1263 #, c-format msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>" msgstr "POZOR: Velikost svazku BitLockeru %<PRIu64> neodpovÃdá velikosti zaÅ™Ãzenà ve zpod %<PRIu64>" -#: lib/bitlk/bitlk.c:1389 +#: lib/bitlk/bitlk.c:1390 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "ZaÅ™Ãzenà nelze aktivovat. Jaderný dm-crypt postrádá podporu inicializaÄnÃho vektoru BITLK." -#: lib/bitlk/bitlk.c:1393 +#: lib/bitlk/bitlk.c:1394 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "ZaÅ™Ãzenà nelze aktivovat. Jaderný dm-crypt postrádá podporu difuzéru Elephant BITLK." -#: lib/bitlk/bitlk.c:1397 +#: lib/bitlk/bitlk.c:1398 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "ZaÅ™Ãzenà nelze aktivovat. Jaderný dm-crypt postrádá podporu velikostà velkých sektorů." -#: lib/bitlk/bitlk.c:1401 +#: lib/bitlk/bitlk.c:1402 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "ZaÅ™Ãzenà nelze aktivovat. Chybà jaderný modul dm-zero." @@ -1281,29 +1386,33 @@ msgstr "Na zaÅ™Ãzenà %s poskytnuto UUID VERITY ve Å¡patném tvaru." msgid "Error during update of verity header on device %s." msgstr "Chyba pÅ™i aktualizaci hlaviÄky VERITY na zaÅ™Ãzenà %s." -#: lib/verity/verity.c:278 +#: lib/verity/verity.c:274 msgid "Root hash signature verification is not supported." msgstr "Ověřenà podpisu koÅ™enového otisku nenà podporováno." -#: lib/verity/verity.c:290 +#: lib/verity/verity.c:279 +msgid "Root hash signature required." +msgstr "Je potÅ™eba podpis koÅ™enového otisku." + +#: lib/verity/verity.c:294 msgid "Errors cannot be repaired with FEC device." msgstr "Chyby v zaÅ™Ãzenà FEC nelze opravit." # TODO: Pluralize -#: lib/verity/verity.c:292 +#: lib/verity/verity.c:296 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "Nalezeno %u opravitelných chyb v zaÅ™Ãzenà FEC." -#: lib/verity/verity.c:335 +#: lib/verity/verity.c:377 msgid "Kernel does not support dm-verity mapping." msgstr "Jádro nepodporuje mapovánà dm-verity." -#: lib/verity/verity.c:339 +#: lib/verity/verity.c:381 msgid "Kernel does not support dm-verity signature option." msgstr "Jádro nepodporuje volbu pro podpis dm-verity." -#: lib/verity/verity.c:350 +#: lib/verity/verity.c:392 msgid "Verity device detected corruption after activation." msgstr "Po aktivaci zjistilo zaÅ™Ãzenà VERITY poÅ¡kozenÃ." @@ -1397,7 +1506,7 @@ msgstr "Velikost zaÅ™Ãzenà %s se nepodaÅ™ilo urÄit." msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." msgstr "NesluÄitelná metadata jaderného dm-integrity (verze %u) byla nalezena na %s." -#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:454 msgid "Kernel does not support dm-integrity mapping." msgstr "Jádro nepodporuje mapovánà dm-integrity." @@ -1411,8 +1520,8 @@ msgstr "Jádro nepodporuje drobné zarovnánà metadat dm-integrity." msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Jádro odmÃtá aktivovat volbu nebezpeÄného pÅ™epoÄtu (pro pÅ™ebità vizte zastaralé volby aktivace)" -#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 -#: lib/luks2/luks2_json_metadata.c:1482 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1197 +#: lib/luks2/luks2_json_metadata.c:1520 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "ZÃskánà zámku pro zápis do zaÅ™Ãzenà %s selhalo." @@ -1429,50 +1538,60 @@ msgstr "" "ZaÅ™Ãzenà obsahuje nejednoznaÄný vzorec. LUKS2 nelze automaticky obnovit.\n" "ProsÃm, spusÅ¥te obnovu pÅ™Ãkazem „cryptsetup repair“." -#: lib/luks2/luks2_json_format.c:229 -msgid "Requested data offset is too small." -msgstr "Požadovaná poloha dat je pÅ™ÃliÅ¡ nÃzká." - # TODO: Pluralize -#: lib/luks2/luks2_json_format.c:274 +#: lib/luks2/luks2_json_format.c:231 #, c-format msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "POZOR: oblast s pozicemi klÃÄů (%<PRIu64> bajtů) je pÅ™ÃliÅ¡ malá, dostupný poÄet pozic klÃÄů LUKS2 je znaÄnÄ› omezen.\n" -#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 -#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_json_format.c:427 +msgid "Requested data offset is too small." +msgstr "Požadovaná poloha dat je pÅ™ÃliÅ¡ nÃzká." + +#: lib/luks2/luks2_json_format.c:468 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" +msgstr "POZOR: Metadata LUKS2 zmÄ›nila velikost na %<PRIu64> bajtů.\n" + +#: lib/luks2/luks2_json_format.c:472 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" +msgstr "POZOR: Oblast s pozicemi klÃÄů pro LUKS2 zmÄ›nila velikost na %<PRIu64> bajtů.\n" + +#: lib/luks2/luks2_json_metadata.c:1184 lib/luks2/luks2_json_metadata.c:1366 +#: lib/luks2/luks2_json_metadata.c:1426 lib/luks2/luks2_keyslot_luks2.c:94 #: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "ZÃskánà zámku pro Ätenà ze zaÅ™Ãzenà %s selhalo." -#: lib/luks2/luks2_json_metadata.c:1405 +#: lib/luks2/luks2_json_metadata.c:1443 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "V záloze %s byly zjiÅ¡tÄ›ny zakázané požadavky na LUKS2." -#: lib/luks2/luks2_json_metadata.c:1446 +#: lib/luks2/luks2_json_metadata.c:1484 msgid "Data offset differ on device and backup, restore failed." msgstr "PoÄátek dat se liÅ¡Ã mezi zaÅ™ÃzenÃm a zálohou, obnova se nezdaÅ™ila." -#: lib/luks2/luks2_json_metadata.c:1452 +#: lib/luks2/luks2_json_metadata.c:1490 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Velikost binárnà hlaviÄky s oblastà pro pozice klÃÄů se liÅ¡Ã mezi zaÅ™ÃzenÃm a zálohou, obnova se nezdaÅ™ila." -#: lib/luks2/luks2_json_metadata.c:1459 +#: lib/luks2/luks2_json_metadata.c:1497 #, c-format msgid "Device %s %s%s%s%s" msgstr "ZaÅ™Ãzenà %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1460 +#: lib/luks2/luks2_json_metadata.c:1498 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "neobsahuje hlaviÄku LUKS2. Nahrazenà hlaviÄky může zniÄit data na daném zaÅ™ÃzenÃ." -#: lib/luks2/luks2_json_metadata.c:1461 +#: lib/luks2/luks2_json_metadata.c:1499 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "již obsahuje hlaviÄku LUKS2. Nahrazenà hlaviÄky zniÄà existujÃcà pozice s klÃÄi." -#: lib/luks2/luks2_json_metadata.c:1463 +#: lib/luks2/luks2_json_metadata.c:1501 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1482,7 +1601,7 @@ msgstr "" "POZOR: Ve skuteÄné hlaviÄce zaÅ™Ãzenà byly objeveny neznámé požadavky na LUKS2!\n" "Nahrazenà hlaviÄky zálohou může zniÄit data na zaÅ™ÃzenÃ!" -#: lib/luks2/luks2_json_metadata.c:1465 +#: lib/luks2/luks2_json_metadata.c:1503 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1492,58 +1611,92 @@ msgstr "" "POZOR: Na zaÅ™Ãzenà bylo objeveno nedokonÄené offline pÅ™eÅ¡ifrovánÃ!\n" "Nahrazenà hlaviÄky zálohou může zniÄit data." -#: lib/luks2/luks2_json_metadata.c:1562 +#: lib/luks2/luks2_json_metadata.c:1600 #, c-format msgid "Ignored unknown flag %s." msgstr "Neznámý pÅ™Ãznak %s ignorován." -#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 +#: lib/luks2/luks2_json_metadata.c:2525 lib/luks2/luks2_reencrypt.c:2090 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Chybà klÃÄ pro dm-crypt Äást %u." -#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 +#: lib/luks2/luks2_json_metadata.c:2537 lib/luks2/luks2_reencrypt.c:2104 msgid "Failed to set dm-crypt segment." msgstr "Nastavenà Äásti dm-crypt selhalo." -#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 +#: lib/luks2/luks2_json_metadata.c:2543 lib/luks2/luks2_reencrypt.c:2110 msgid "Failed to set dm-linear segment." msgstr "Nastavenà Äásti dm-linear selhalo." -#: lib/luks2/luks2_json_metadata.c:2615 +#: lib/luks2/luks2_json_metadata.c:2662 src/utils_reencrypt.c:433 +msgid "No known cipher specification pattern detected in LUKS2 header." +msgstr "V hlaviÄce LUKS2 nebyl nalezen žádný známý vzorek urÄujÃcà šifru." + +#: lib/luks2/luks2_json_metadata.c:2670 +msgid "OPAL device must have static device size." +msgstr "ZaÅ™Ãzenà Opal musà mÃt statickou velikost zaÅ™ÃzenÃ." + +#: lib/luks2/luks2_json_metadata.c:2690 +msgid "Encrypted OPAL device with integrity must be smaller than locking range." +msgstr "Å ifrované zaÅ™Ãzenà Opal zajiÅ¡Å¥ujÃcà neporuÅ¡enost musà být menÅ¡Ã než uzamykatelná oblast." + +#: lib/luks2/luks2_json_metadata.c:2695 +msgid "OPAL device must have same size as locking range." +msgstr "ZaÅ™Ãzenà Opal musà mÃt stejnou velikost jako uzamykatelná oblast." + +#: lib/luks2/luks2_json_metadata.c:2715 +#, c-format +msgid "OPAL device is %s already unlocked.\n" +msgstr "Opal zaÅ™Ãzenà %s je již odemknuto.\n" + +#: lib/luks2/luks2_json_metadata.c:2748 msgid "Unsupported device integrity configuration." msgstr "Nepodporovaná konfigurace integrity zaÅ™ÃzenÃ." -#: lib/luks2/luks2_json_metadata.c:2701 +#: lib/luks2/luks2_json_metadata.c:2764 +msgid "Underlying dm-integrity device with unexpected provided data sectors." +msgstr "Dm-integrity zaÅ™Ãzenà nižšà úrovnÄ› poskytlo neÄekané datové sektory." + +#: lib/luks2/luks2_json_metadata.c:2859 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "ProbÃhá pÅ™eÅ¡ifrovánÃ. ZaÅ™Ãzenà nelze deaktivovat." -#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 +#: lib/luks2/luks2_json_metadata.c:2870 lib/luks2/luks2_reencrypt.c:4159 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "VýmÄ›na pozastaveného zaÅ™Ãzenà %s za cÃl dm-error selhala." -#: lib/luks2/luks2_json_metadata.c:2792 +#: lib/luks2/luks2_json_metadata.c:2939 lib/luks2/luks2_json_metadata.c:2961 +#, c-format +msgid "Device %s was deactivated but hardware OPAL device cannot be locked." +msgstr "ZaÅ™Ãzenà %s bylo deaktivováno, avÅ¡ak hardwarové zaÅ™Ãzené Opal nelze uzamknout." + +#: lib/luks2/luks2_json_metadata.c:2980 msgid "Failed to read LUKS2 requirements." msgstr "ÄŒtenà požadavků na LUKS2 selhalo." -#: lib/luks2/luks2_json_metadata.c:2799 +#: lib/luks2/luks2_json_metadata.c:2987 msgid "Unmet LUKS2 requirements detected." msgstr "ZjiÅ¡tÄ›ny nesplnÄ›né požadavky na LUKS2." -#: lib/luks2/luks2_json_metadata.c:2807 +#: lib/luks2/luks2_json_metadata.c:2995 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Operace se nesluÄuje se zaÅ™ÃzenÃm oznaÄeným pro zastaralé pÅ™eÅ¡ifrovánÃ. Operace se ruÅ¡Ã." -#: lib/luks2/luks2_json_metadata.c:2809 +#: lib/luks2/luks2_json_metadata.c:2997 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Operace se nesluÄuje se zaÅ™ÃzenÃm oznaÄeným pro pÅ™eÅ¡ifrovánà LUKS2. Operace se ruÅ¡Ã." -#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 +#: lib/luks2/luks2_json_metadata.c:2999 +msgid "Operation incompatible with device using OPAL. Aborting." +msgstr "Operace se nesluÄuje se zaÅ™ÃzenÃm použÃvajÃcÃm Opal. Operace se ruÅ¡Ã." + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:602 msgid "Not enough available memory to open a keyslot." msgstr "Nedostatek pamÄ›ti pro otevÅ™enà pozice s klÃÄem." -#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:604 msgid "Keyslot open failed." msgstr "OtevÅ™enà pozice s klÃÄem selhalo." @@ -1552,331 +1705,343 @@ msgstr "OtevÅ™enà pozice s klÃÄem selhalo." msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Å ifru %s-%s nelze použÃt pro pozici s klÃÄem." -#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:404 +#: lib/luks2/luks2_keyslot_reenc.c:447 lib/luks2/luks2_reencrypt.c:2714 #, c-format msgid "Hash algorithm %s is not available." msgstr "HaÅ¡ovacà algoritmus %s nenà dostupný." -#: lib/luks2/luks2_keyslot_luks2.c:510 +#: lib/luks2/luks2_keyslot_luks2.c:371 +msgid "Warning: keyslot operation could fail as it requires more than available memory.\n" +msgstr "Pozor: operace s pozicà klÃÄe by mohla selhat, protože potÅ™ebuje vÃce pamÄ›ti, než je k dispozici.\n" + +#: lib/luks2/luks2_keyslot_luks2.c:520 msgid "No space for new keyslot." msgstr "Pro novou pozicà klÃÄe nenà mÃsto." -#: lib/luks2/luks2_keyslot_reenc.c:593 +#: lib/luks2/luks2_keyslot_reenc.c:596 msgid "Invalid reencryption resilience mode change requested." msgstr "Požadována neplatná zmÄ›na režimu odolnosti pÅ™i pÅ™eÅ¡ifrovánÃ." -#: lib/luks2/luks2_keyslot_reenc.c:714 +#: lib/luks2/luks2_keyslot_reenc.c:717 #, c-format msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes." msgstr "Druh odolnosti nelze zaktualizovat. Nový druh poskytuje pouze %<PRIu64> bajtů, požadovaná velikost je %<PRIu64> bajtů." -#: lib/luks2/luks2_keyslot_reenc.c:724 +#: lib/luks2/luks2_keyslot_reenc.c:727 msgid "Failed to refresh reencryption verification digest." msgstr "Ověřovacà otisk pÅ™eÅ¡ifrovánà se nepodaÅ™ilo obnovit." -#: lib/luks2/luks2_luks1_convert.c:512 +#: lib/luks2/luks2_luks1_convert.c:545 #, c-format msgid "Cannot check status of device with uuid: %s." msgstr "Nelze zjistit stav zaÅ™Ãzenà s UUID: %s." -#: lib/luks2/luks2_luks1_convert.c:538 +#: lib/luks2/luks2_luks1_convert.c:571 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "HlaviÄky s dodateÄnými metadaty LUKSMETA nelze pÅ™evést." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 +#: lib/luks2/luks2_luks1_convert.c:602 lib/luks2/luks2_reencrypt.c:3795 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "LUKS2 neumožňuje použÃt Å¡ifru zadanou jako %s-%s." -#: lib/luks2/luks2_luks1_convert.c:584 +#: lib/luks2/luks2_luks1_convert.c:617 msgid "Unable to move keyslot area. Not enough space." msgstr "Oblast s pozicemi klÃÄů nelze pÅ™esunout. Nedostatek mÃsta." -#: lib/luks2/luks2_luks1_convert.c:619 +#: lib/luks2/luks2_luks1_convert.c:652 msgid "Cannot convert to LUKS2 format - invalid metadata." msgstr "Nelze pÅ™evést do formátu LUKS2 – neplatná metadata." -#: lib/luks2/luks2_luks1_convert.c:636 +#: lib/luks2/luks2_luks1_convert.c:669 msgid "Unable to move keyslot area. LUKS2 keyslots area too small." msgstr "Oblast s pozicemi klÃÄů nelze pÅ™esunout. Oblast s pozicemi klÃÄů LUKS2 je pÅ™ÃliÅ¡ malá." -#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 +#: lib/luks2/luks2_luks1_convert.c:675 lib/luks2/luks2_luks1_convert.c:969 msgid "Unable to move keyslot area." msgstr "Oblast s pozicemi klÃÄů nelze pÅ™esunout." -#: lib/luks2/luks2_luks1_convert.c:732 +#: lib/luks2/luks2_luks1_convert.c:765 msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." msgstr "Nelze pÅ™evést do formátu LUKS1 – výchozà velikost sektoru Å¡ifrovánà Äásti nenà 512 bajtů." -#: lib/luks2/luks2_luks1_convert.c:740 +#: lib/luks2/luks2_luks1_convert.c:773 msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "Nelze pÅ™evést do formátu LUKS1 – otisky v pozicÃch s klÃÄi nejsou sluÄitelné s LUKS1." -#: lib/luks2/luks2_luks1_convert.c:752 +#: lib/luks2/luks2_luks1_convert.c:785 #, c-format msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "Nelze pÅ™evést do formátu LUKS1 – zaÅ™Ãzenà použÃvá Å¡ifru se zabaleným klÃÄem %s." -#: lib/luks2/luks2_luks1_convert.c:757 +#: lib/luks2/luks2_luks1_convert.c:790 msgid "Cannot convert to LUKS1 format - device uses more segments." msgstr "Nelze pÅ™evést do formátu LUKS1 – zaÅ™Ãzenà použÃvá vÃce ÄástÃ." # TODO: Pluralize -#: lib/luks2/luks2_luks1_convert.c:765 +#: lib/luks2/luks2_luks1_convert.c:798 #, c-format msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "Nelze pÅ™evést do formátu LUKS1 – hlaviÄka LUKS2 obsahuje %u token(ů)." -#: lib/luks2/luks2_luks1_convert.c:779 +#: lib/luks2/luks2_luks1_convert.c:812 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "Nelze pÅ™evést do formátu LUKS1 – pozice s klÃÄe %u je v nesprávném stavu." -#: lib/luks2/luks2_luks1_convert.c:784 +#: lib/luks2/luks2_luks1_convert.c:817 #, c-format msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." msgstr "Nelze pÅ™evést do formátu LUKS1 – pozice s klÃÄem %u (nad maximem pozic) je stále aktivnÃ." -#: lib/luks2/luks2_luks1_convert.c:789 +#: lib/luks2/luks2_luks1_convert.c:822 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Nelze pÅ™evést do formátu LUKS1 – pozice s klÃÄe %u nenà sluÄitelná s LUKS1." -#: lib/luks2/luks2_reencrypt.c:1152 +#: lib/luks2/luks2_reencrypt.c:1181 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Velikost horké zóny musà být násobek vypoÄteného zarovnánà zóny (%zu bajtů)." -#: lib/luks2/luks2_reencrypt.c:1157 +#: lib/luks2/luks2_reencrypt.c:1186 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Velikost zaÅ™Ãzenà musà být násobek vypoÄteného zarovnánà zóny (%zu bajtů)." -#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 -#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 -#: lib/luks2/luks2_reencrypt.c:3877 +#: lib/luks2/luks2_reencrypt.c:1393 lib/luks2/luks2_reencrypt.c:1580 +#: lib/luks2/luks2_reencrypt.c:1663 lib/luks2/luks2_reencrypt.c:1705 +#: lib/luks2/luks2_reencrypt.c:3954 msgid "Failed to initialize old segment storage wrapper." msgstr "Obálku pro starou Äást úložiÅ¡tÄ› se nepodaÅ™ilo inicializovat." -#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 +#: lib/luks2/luks2_reencrypt.c:1407 lib/luks2/luks2_reencrypt.c:1558 msgid "Failed to initialize new segment storage wrapper." msgstr "Obálku pro novou Äást úložiÅ¡tÄ› se nepodaÅ™ilo inicializovat." -#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 +#: lib/luks2/luks2_reencrypt.c:1534 lib/luks2/luks2_reencrypt.c:3966 msgid "Failed to initialize hotzone protection." msgstr "Ochranu horké zóny se nepodaÅ™ilo inicializovat." -#: lib/luks2/luks2_reencrypt.c:1578 +#: lib/luks2/luks2_reencrypt.c:1607 msgid "Failed to read checksums for current hotzone." msgstr "Kontrolnà souÄty pro aktuálnà horkou zónu se nepodaÅ™ilo pÅ™eÄÃst." -#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:1614 lib/luks2/luks2_reencrypt.c:3980 #, c-format msgid "Failed to read hotzone area starting at %<PRIu64>." msgstr "ÄŒtenà oblasti s horkou zónou poÄÃnaje na %<PRIu64> selhalo." -#: lib/luks2/luks2_reencrypt.c:1604 +#: lib/luks2/luks2_reencrypt.c:1633 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Sektor %zu nebylo možné rozÅ¡ifrovat." -#: lib/luks2/luks2_reencrypt.c:1610 +#: lib/luks2/luks2_reencrypt.c:1639 #, c-format msgid "Failed to recover sector %zu." msgstr "Sektor %zu nebylo možné obnovit." -#: lib/luks2/luks2_reencrypt.c:2174 +#: lib/luks2/luks2_reencrypt.c:2203 #, c-format msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>." msgstr "Velikosti zdrojového a cÃlového zaÅ™Ãzenà se neshodujÃ. Zdroj %<PRIu64>, cÃl %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2272 +#: lib/luks2/luks2_reencrypt.c:2301 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Aktivace zaÅ™Ãzenà horké zóny %s selhala." -#: lib/luks2/luks2_reencrypt.c:2289 +#: lib/luks2/luks2_reencrypt.c:2318 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Aktivace pÅ™ekryvného zaÅ™Ãzenà %s se skuteÄnou tabulkou původu selhala." -#: lib/luks2/luks2_reencrypt.c:2296 +#: lib/luks2/luks2_reencrypt.c:2325 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Zavedenà nového mapovánà pro zaÅ™Ãzenà %s selhalo." -#: lib/luks2/luks2_reencrypt.c:2367 +#: lib/luks2/luks2_reencrypt.c:2396 msgid "Failed to refresh reencryption devices stack." msgstr "ZásobnÃk zaÅ™Ãzenà k pÅ™eÅ¡ifrovánà se nepodaÅ™ilo obnovit." -#: lib/luks2/luks2_reencrypt.c:2550 +#: lib/luks2/luks2_reencrypt.c:2596 msgid "Failed to set new keyslots area size." msgstr "Nastavenà velikosti nové oblasti s pozicemi klÃÄů selhalo." -#: lib/luks2/luks2_reencrypt.c:2686 +#: lib/luks2/luks2_reencrypt.c:2732 #, c-format msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "Hodnota posunu dat nenà zarovnána s velikostà šifrovaného sektoru (%<PRIu32> bajtů)." -#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 +#: lib/luks2/luks2_reencrypt.c:2769 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Nepodporovaný režim odolnosti %s" -#: lib/luks2/luks2_reencrypt.c:2760 +#: lib/luks2/luks2_reencrypt.c:2806 msgid "Moved segment size can not be greater than data shift value." msgstr "Velikost pÅ™esunované oblasti nemůže být vÄ›tÅ¡Ã než hodnota posunu dat." -#: lib/luks2/luks2_reencrypt.c:2802 +#: lib/luks2/luks2_reencrypt.c:2848 msgid "Invalid reencryption resilience parameters." msgstr "Neplatné parametry režimu odolnosti pÅ™i pÅ™eÅ¡ifrovánÃ." -#: lib/luks2/luks2_reencrypt.c:2824 +#: lib/luks2/luks2_reencrypt.c:2870 #, c-format msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>." msgstr "PÅ™esunovaná oblast je pÅ™ÃliÅ¡ velká. Požadovaná velikost %<PRIu64>, dostupné mÃsto %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2911 +#: lib/luks2/luks2_reencrypt.c:2957 msgid "Failed to clear table." msgstr "VyprázdnÄ›nà tabulky selhalo." -#: lib/luks2/luks2_reencrypt.c:2997 +#: lib/luks2/luks2_reencrypt.c:3043 msgid "Reduced data size is larger than real device size." msgstr "ZmenÅ¡ená velikost dat je vÄ›tÅ¡Ã než velikost skuteÄného zaÅ™ÃzenÃ" -#: lib/luks2/luks2_reencrypt.c:3004 +#: lib/luks2/luks2_reencrypt.c:3050 #, c-format msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "ZaÅ™Ãzenà s daty nenà zarovnáno na velikost Å¡ifrovaného sektoru (%<PRIu32> bajtů)." -#: lib/luks2/luks2_reencrypt.c:3038 +#: lib/luks2/luks2_reencrypt.c:3084 #, c-format msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)." msgstr "Posun dat (%<PRIu64> sektorů) je menÅ¡Ã než budoucà poloha dat (%<PRIu64> sektorů)." -#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 -#: lib/luks2/luks2_reencrypt.c:3554 +#: lib/luks2/luks2_reencrypt.c:3091 lib/luks2/luks2_reencrypt.c:3589 +#: lib/luks2/luks2_reencrypt.c:3610 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "ZaÅ™Ãzenà %s nebylo možné otevÅ™Ãt ve výluÄném režimu (již namapováno nebo pÅ™ipojeno)." -#: lib/luks2/luks2_reencrypt.c:3234 +#: lib/luks2/luks2_reencrypt.c:3280 msgid "Device not marked for LUKS2 reencryption." msgstr "ZaÅ™Ãzenà nenà oznaÄeno pro pÅ™eÅ¡ifrovánà LUKS2." -#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 +#: lib/luks2/luks2_reencrypt.c:3297 lib/luks2/luks2_reencrypt.c:4271 msgid "Failed to load LUKS2 reencryption context." msgstr "NaÄtenà kontextu pÅ™eÅ¡ifrovánà LUKS2 selhalo." -#: lib/luks2/luks2_reencrypt.c:3331 +#: lib/luks2/luks2_reencrypt.c:3387 msgid "Failed to get reencryption state." msgstr "Stavu pÅ™eÅ¡ifrovánà se nepodaÅ™ilo zjistit." -#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 +#: lib/luks2/luks2_reencrypt.c:3391 lib/luks2/luks2_reencrypt.c:3705 msgid "Device is not in reencryption." msgstr "ZaÅ™Ãzenà se nepÅ™eÅ¡ifrovává." -#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 +#: lib/luks2/luks2_reencrypt.c:3398 lib/luks2/luks2_reencrypt.c:3712 msgid "Reencryption process is already running." msgstr "Proces pÅ™eÅ¡ifrovánà již běžÃ." -#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 +#: lib/luks2/luks2_reencrypt.c:3400 lib/luks2/luks2_reencrypt.c:3714 msgid "Failed to acquire reencryption lock." msgstr "ZÃskánà zámku pro pÅ™eÅ¡ifrovánà selhalo." -#: lib/luks2/luks2_reencrypt.c:3362 +#: lib/luks2/luks2_reencrypt.c:3418 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "V pÅ™eÅ¡ifrovánà nelze pokraÄovat. SpusÅ¥te nejprve obnovu pÅ™eÅ¡ifrovánÃ." -#: lib/luks2/luks2_reencrypt.c:3497 +#: lib/luks2/luks2_reencrypt.c:3553 msgid "Active device size and requested reencryption size don't match." msgstr "Aktivnà velikost zaÅ™Ãzenà a velikost požadovaná k pÅ™eÅ¡ifrovánà si neodpovÃdajÃ." -#: lib/luks2/luks2_reencrypt.c:3511 +#: lib/luks2/luks2_reencrypt.c:3567 msgid "Illegal device size requested in reencryption parameters." msgstr "V parametrech pÅ™eÅ¡ifrovánà je požadována zakázaná velikost zaÅ™ÃzenÃ." -#: lib/luks2/luks2_reencrypt.c:3588 +#: lib/luks2/luks2_reencrypt.c:3644 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "ProbÃhá pÅ™eÅ¡ifrovánÃ. Obnovu nelze provést." -#: lib/luks2/luks2_reencrypt.c:3757 +#: lib/luks2/luks2_reencrypt.c:3812 msgid "LUKS2 reencryption already initialized in metadata." msgstr "V metadatech je pÅ™eÅ¡ifrovánà LUKS2 již inicializováno." -#: lib/luks2/luks2_reencrypt.c:3764 +#: lib/luks2/luks2_reencrypt.c:3819 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Inicializace pÅ™eÅ¡ifrovánà LUKS2 v metadatech selhala." -#: lib/luks2/luks2_reencrypt.c:3859 +#: lib/luks2/luks2_reencrypt.c:3872 lib/luks2/luks2_reencrypt.c:3907 +msgid "Reencryption is not supported for DAX (persistent memory) devices." +msgstr "Na zaÅ™ÃzenÃch DAX (trvalá paměť) nenà pÅ™eÅ¡ifrovánà podporováno." + +#: lib/luks2/luks2_reencrypt.c:3879 +msgid "Failed to read passphrase from keyring." +msgstr "ÄŒtenà hesla z klÃÄenky selhalo." + +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Nastavenà segmentů zaÅ™Ãzenà pro dalÅ¡Ã horkou zónu pÅ™eÅ¡ifrovánà selhalo." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3988 msgid "Failed to write reencryption resilience metadata." msgstr "Metadata pro odolnost pÅ™i pÅ™eÅ¡ifrovánà se nepodaÅ™ilo zapsat." -#: lib/luks2/luks2_reencrypt.c:3918 +#: lib/luks2/luks2_reencrypt.c:3995 msgid "Decryption failed." msgstr "RozÅ¡ifrovánà selhalo." -#: lib/luks2/luks2_reencrypt.c:3923 +#: lib/luks2/luks2_reencrypt.c:4000 #, c-format msgid "Failed to write hotzone area starting at %<PRIu64>." msgstr "Zápis oblasti s horkou zónou poÄÃnaje na %<PRIu64> selhal." -#: lib/luks2/luks2_reencrypt.c:3928 +#: lib/luks2/luks2_reencrypt.c:4005 msgid "Failed to sync data." msgstr "Synchronizace dat selhala." -#: lib/luks2/luks2_reencrypt.c:3936 +#: lib/luks2/luks2_reencrypt.c:4013 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Po dokonÄenà pÅ™eÅ¡ifrovánà aktuálnà horké zóny se nepodaÅ™ilo aktualizovat metadata." -#: lib/luks2/luks2_reencrypt.c:4025 +#: lib/luks2/luks2_reencrypt.c:4102 msgid "Failed to write LUKS2 metadata." msgstr "Zápis metadat LUKS2 selhal." -#: lib/luks2/luks2_reencrypt.c:4048 +#: lib/luks2/luks2_reencrypt.c:4125 msgid "Failed to wipe unused data device area." msgstr "VyÄiÅ¡tÄ›nà oblasti zaÅ™Ãzenà s nepoužÃvanými daty selhalo." -#: lib/luks2/luks2_reencrypt.c:4054 +#: lib/luks2/luks2_reencrypt.c:4131 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "OdstranÄ›nà nepoužÃvané (nepÅ™iÅ™azené) pozice s klÃÄem %d selhalo." -#: lib/luks2/luks2_reencrypt.c:4064 +#: lib/luks2/luks2_reencrypt.c:4141 msgid "Failed to remove reencryption keyslot." msgstr "OdstranÄ›nà pozice s klÃÄem pÅ™eÅ¡ifrovánà selhalo." -#: lib/luks2/luks2_reencrypt.c:4074 +#: lib/luks2/luks2_reencrypt.c:4151 #, c-format msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long." msgstr "NepÅ™ekonatelná chyba pÅ™i pÅ™eÅ¡ifrovánà bloku na pozici %<PRIu64> dlouhého %<PRIu64> sektorů." -#: lib/luks2/luks2_reencrypt.c:4078 +#: lib/luks2/luks2_reencrypt.c:4155 msgid "Online reencryption failed." msgstr "PÅ™eÅ¡ifrovánà za bÄ›hu selhalo." -#: lib/luks2/luks2_reencrypt.c:4083 +#: lib/luks2/luks2_reencrypt.c:4160 msgid "Do not resume the device unless replaced with error target manually." msgstr "ZaÅ™Ãzenà neprobouzejte, dokud jej ruÄnÄ› nenahradÃte chybovým cÃlem." -#: lib/luks2/luks2_reencrypt.c:4137 +#: lib/luks2/luks2_reencrypt.c:4212 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "V pÅ™eÅ¡ifrovánà nelze pokraÄovat. PÅ™eÅ¡ifrovánà se nacházà v neÄekaném stavu." -#: lib/luks2/luks2_reencrypt.c:4143 +#: lib/luks2/luks2_reencrypt.c:4218 msgid "Missing or invalid reencrypt context." msgstr "ChybÄ›jÃcà nebo neplatný kontext pÅ™eÅ¡ifrovánÃ." -#: lib/luks2/luks2_reencrypt.c:4150 +#: lib/luks2/luks2_reencrypt.c:4225 msgid "Failed to initialize reencryption device stack." msgstr "ZásobnÃk zaÅ™Ãzenà k pÅ™eÅ¡ifrovánà se nepodaÅ™ilo inicializovat." -#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 +#: lib/luks2/luks2_reencrypt.c:4247 lib/luks2/luks2_reencrypt.c:4284 msgid "Failed to update reencryption context." msgstr "Kontext pÅ™eÅ¡ifrovánà se nepodaÅ™ilo aktualizovat." @@ -1884,80 +2049,121 @@ msgstr "Kontext pÅ™eÅ¡ifrovánà se nepodaÅ™ilo aktualizovat." msgid "Reencryption metadata is invalid." msgstr "Metadata o pÅ™eÅ¡ifrovánà jsou neplatná." +#: lib/luks2/hw_opal/hw_opal.c:335 +#, c-format +msgid "OPAL range %d offset %<PRIu64> does not match expected values %<PRIu64>." +msgstr "Opal oblast %d na pozici %<PRIu64> neodpovÃdá oÄekávaným hodnotám %<PRIu64>." + +#: lib/luks2/hw_opal/hw_opal.c:344 +#, c-format +msgid "OPAL range %d length %<PRIu64> does not match device length %<PRIu64>." +msgstr "Délka %2$<PRIu64> Opal oblasti %1$d neodpovÃdá velikosti zaÅ™Ãzenà %3$<PRIu64>" + +#: lib/luks2/hw_opal/hw_opal.c:351 +#, c-format +msgid "OPAL range %d locking is disabled." +msgstr "Uzamykanà Opal oblasti %d je vypnuto." + +#: lib/luks2/hw_opal/hw_opal.c:361 lib/luks2/hw_opal/hw_opal.c:368 +#, c-format +msgid "Unexpected OPAL range %d lock state." +msgstr "NeÄekaný status uzamykánà Opal oblasti %d" + #: src/cryptsetup.c:85 msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Parametry pro Å¡ifrovánà pozice s klÃÄem lze nastavit jen u zaÅ™Ãzenà LUKS2." -#: src/cryptsetup.c:108 src/cryptsetup.c:1901 +#: src/cryptsetup.c:128 src/cryptsetup.c:2145 #, c-format msgid "Enter token PIN: " msgstr "Zadejte PIN k tokenu: " -#: src/cryptsetup.c:110 src/cryptsetup.c:1903 +#: src/cryptsetup.c:130 src/cryptsetup.c:2147 #, c-format msgid "Enter token %d PIN: " msgstr "Zadejte PIN k tokenu %d: " -#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 -#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:188 src/cryptsetup.c:1174 src/cryptsetup.c:1515 +#: src/utils_reencrypt.c:1137 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Nelze najÃt žádný známý vzorek se specifikaci Å¡ifry." -#: src/cryptsetup.c:167 +#: src/cryptsetup.c:198 +#, c-format +msgid "WARNING: Using default options for cipher (%s-%s, key size %u bits) that could be incompatible with older versions." +msgstr "POZOR: Pro Å¡ifru se použijà výchozà volby (%s-%s, velikost klÃÄe %u bitů), což může být nesluÄitelné se starÅ¡Ãmi verzemi." + +#: src/cryptsetup.c:203 +#, c-format +msgid "WARNING: Using default options for hash (%s) that could be incompatible with older versions." +msgstr "POZOR: Pro haÅ¡ se použijà výchozà volby (%s), což by mohlo být nesluÄitelné se starÅ¡Ãmi verzemi." + +#: src/cryptsetup.c:207 +msgid "For plain mode, always use options --cipher, --key-size and if no keyfile is used, then also --hash." +msgstr "Pro režim plain vždy použijte volby --cipher a --key-size a nenÃ-li zadán soubor s klÃÄem, rovněž --hash." + +#: src/cryptsetup.c:213 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" msgstr "POZOR: Jedná-li se o režim plain a je-li urÄen soubor s klÃÄem, parametr --hash se ignoruje.\n" -#: src/cryptsetup.c:175 +#: src/cryptsetup.c:221 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" msgstr "POZOR: PÅ™epÃnaÄ --keyfile-size se ignoruje, velikost pro Ätenà je stejná jako velikosti Å¡ifrovacÃho klÃÄe.\n" -#: src/cryptsetup.c:215 +#: src/cryptsetup.c:258 src/cryptsetup.c:1360 src/cryptsetup.c:1558 +#: src/integritysetup.c:197 src/utils_reencrypt.c:1346 +#, c-format +msgid "Blkid scan failed for %s." +msgstr "Prohledávánà blkid selhalo u %s." + +#: src/cryptsetup.c:264 #, c-format msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Na %s byla nalezen vzorec zaÅ™ÃzenÃ. PokraÄovánà může poÅ¡kodit existujÃcà data." -#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 -#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 -#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 +#: src/cryptsetup.c:270 src/cryptsetup.c:1248 src/cryptsetup.c:1296 +#: src/cryptsetup.c:1367 src/cryptsetup.c:1492 src/cryptsetup.c:1570 +#: src/cryptsetup.c:2525 src/cryptsetup.c:2952 src/integritysetup.c:187 +#: src/utils_reencrypt.c:138 src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:764 msgid "Operation aborted.\n" msgstr "Operace zruÅ¡ena.\n" -#: src/cryptsetup.c:294 +#: src/cryptsetup.c:343 msgid "Option --key-file is required." msgstr "Je vyžadován pÅ™epÃnaÄ --key-file." -#: src/cryptsetup.c:345 +#: src/cryptsetup.c:394 msgid "Enter VeraCrypt PIM: " msgstr "Zadejte PIM VeraCryptu: " -#: src/cryptsetup.c:354 +#: src/cryptsetup.c:403 msgid "Invalid PIM value: parse error." msgstr "Neplatná hodnota VIM: chyba rozboru" -#: src/cryptsetup.c:357 +#: src/cryptsetup.c:406 msgid "Invalid PIM value: 0." msgstr "Neplatná hodnota PIM: 0" -#: src/cryptsetup.c:360 +#: src/cryptsetup.c:409 msgid "Invalid PIM value: outside of range." msgstr "Neplatná hodnota PIM: mimo rozsah" -#: src/cryptsetup.c:383 +#: src/cryptsetup.c:432 msgid "No device header detected with this passphrase." msgstr "S tÃmto heslem nenà rozpoznatelná žádná hlaviÄka zaÅ™ÃzenÃ." -#: src/cryptsetup.c:456 src/cryptsetup.c:632 +#: src/cryptsetup.c:505 src/cryptsetup.c:681 #, c-format msgid "Device %s is not a valid BITLK device." msgstr "ZaÅ™Ãzenà %s nenà platným zaÅ™ÃzenÃm BITLK." -#: src/cryptsetup.c:464 +#: src/cryptsetup.c:513 msgid "Cannot determine volume key size for BITLK, please use --key-size option." msgstr "Nelze urÄit velikost BITLK klÃÄe svazku. ProsÃm, použijte pÅ™epÃnaÄ --key-size." -#: src/cryptsetup.c:506 +#: src/cryptsetup.c:555 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" @@ -1967,7 +2173,7 @@ msgstr "" "který umožňuje pÅ™Ãstup k šifrovanému oddÃlu bez znalosti hesla.\n" "Tento výpis by mÄ›l být vždy uložen na bezpeÄném mÃstÄ› a v zaÅ¡ifrované podobÄ›." -#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 +#: src/cryptsetup.c:622 src/cryptsetup.c:703 src/cryptsetup.c:2550 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1977,78 +2183,85 @@ msgstr "" "který umožňuje pÅ™Ãstup k šifrovanému oddÃlu bez znalosti hesla.\n" "Tento výpis by mÄ›l být uložen na bezpeÄném mÃstÄ› a v zaÅ¡ifrované podobÄ›." -#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#: src/cryptsetup.c:758 src/cryptsetup.c:788 #, c-format msgid "Device %s is not a valid FVAULT2 device." msgstr "ZaÅ™Ãzenà %s nenà platným zaÅ™ÃzenÃm FVAULT2." -#: src/cryptsetup.c:747 +#: src/cryptsetup.c:796 msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." msgstr "Nelze urÄit velikost klÃÄe svazku pro FVAULT2. ProsÃm, použijte pÅ™epÃnaÄ --key-size." -#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 +#: src/cryptsetup.c:850 src/veritysetup.c:323 src/integritysetup.c:409 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "ZaÅ™Ãzenà %s je stále aktivnà a naplánováno pro odložené odstranÄ›nÃ.\n" -#: src/cryptsetup.c:835 +#: src/cryptsetup.c:884 src/cryptsetup.c:1824 src/cryptsetup.c:2080 +#: src/cryptsetup.c:2234 src/cryptsetup.c:2681 src/cryptsetup.c:2763 +#: src/cryptsetup.c:3290 +#, c-format +msgid "Failed to set external tokens path %s." +msgstr "Cestu k externÃm tokenům %s se nepodaÅ™ilo nastavit." + +#: src/cryptsetup.c:893 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "ZmÄ›na velikosti aktivnÃho zaÅ™Ãzenà vyžaduje klÃÄ svazku v klÃÄence. Byl vÅ¡ak použit pÅ™epÃnaÄ --disable-keyring." -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1053 msgid "Benchmark interrupted." msgstr "Hodnocenà výkonu pÅ™eruÅ¡eno." -#: src/cryptsetup.c:1003 +#: src/cryptsetup.c:1074 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s –\n" -#: src/cryptsetup.c:1005 +#: src/cryptsetup.c:1076 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u iteracà za sekundu pro %zubitový klÃÄ\n" -#: src/cryptsetup.c:1019 +#: src/cryptsetup.c:1090 #, c-format msgid "%-10s N/A\n" msgstr "%-10s –\n" -#: src/cryptsetup.c:1021 +#: src/cryptsetup.c:1092 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u iteracÃ, %5u pamÄ›ti, %1u souběžných vláken (procesorů) pro %zubitový klÃÄ (požadován Äas %u ms)\n" -#: src/cryptsetup.c:1045 +#: src/cryptsetup.c:1116 msgid "Result of benchmark is not reliable." msgstr "Výsledek hodnocenà výkonu nenà spolehlivý." # ???: are aproximated? -#: src/cryptsetup.c:1095 +#: src/cryptsetup.c:1166 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Testy jsou poÄÃtány jen z práce s pamÄ›tà (žádné I/O úložiÅ¡tÄ›).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1115 +#: src/cryptsetup.c:1186 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*sAlgoritmus | KlÃÄ | Å ifrovánà | DeÅ¡ifrovánÃ\n" -#: src/cryptsetup.c:1119 +#: src/cryptsetup.c:1190 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Å ifra %s (s %ibitovým klÃÄem) nenà dostupná." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1138 +#: src/cryptsetup.c:1209 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algoritmus | KlÃÄ | Å ifrovánà | DeÅ¡ifrovánÃ\n" -#: src/cryptsetup.c:1149 +#: src/cryptsetup.c:1220 msgid "N/A" msgstr "–" -#: src/cryptsetup.c:1174 +#: src/cryptsetup.c:1245 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -2057,27 +2270,27 @@ msgstr "" "pÅ™eÅ¡ifrovánà je žádoucà (vizte výstup luksDump) a pokraÄujte (zvýšenà verze\n" "metadat) pouze, když poznáte, že operace je chtÄ›ná." -#: src/cryptsetup.c:1180 +#: src/cryptsetup.c:1251 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "Zadejte heslo pro ochránÄ›nà metadat o pÅ™eÅ¡ifrovánà a pro zvýšenà jejich verze: " -#: src/cryptsetup.c:1224 +#: src/cryptsetup.c:1295 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Opravdu pokraÄovat s obnovou pÅ™eÅ¡ifrovánà LUKS2?" -#: src/cryptsetup.c:1233 +#: src/cryptsetup.c:1304 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "Zadejte heslo pro ověřenà otisku metadat o pÅ™eÅ¡ifrovánÃ: " -#: src/cryptsetup.c:1235 +#: src/cryptsetup.c:1306 msgid "Enter passphrase for reencryption recovery: " msgstr "Zadejte heslo pro obnovenà pÅ™eÅ¡ifrovánÃ: " -#: src/cryptsetup.c:1290 +#: src/cryptsetup.c:1366 msgid "Really try to repair LUKS device header?" msgstr "Opravdu se pokusit opravit hlaviÄku zaÅ™Ãzenà LUKS?" -#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1390 src/integritysetup.c:89 src/integritysetup.c:247 msgid "" "\n" "Wipe interrupted." @@ -2085,7 +2298,7 @@ msgstr "" "\n" "Výmaz pÅ™eruÅ¡en." -#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1395 src/integritysetup.c:94 src/integritysetup.c:284 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2094,130 +2307,146 @@ msgstr "" "Lze pÅ™eruÅ¡it pomocà Ctrl+C (zbytek nesmazaného zaÅ™Ãzenà bude obsahovat\n" "neplatné souÄty).\n" -#: src/cryptsetup.c:1341 src/integritysetup.c:116 +#: src/cryptsetup.c:1417 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "DoÄasné zaÅ™Ãzenà %s nelze deaktivovat." -#: src/cryptsetup.c:1392 +#: src/cryptsetup.c:1472 msgid "Integrity option can be used only for LUKS2 format." msgstr "Volby integrity lze použÃt jen pÅ™i formátu LUKS2." -#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 +#: src/cryptsetup.c:1477 src/cryptsetup.c:1542 msgid "Unsupported LUKS2 metadata size options." msgstr "Nepodporované volby velikosti metadat LUKS2." -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:1482 +msgid "OPAL is supported only for LUKS2 format." +msgstr "Opal je podporován jen s formátem LUKS2." + +#: src/cryptsetup.c:1491 msgid "Header file does not exist, do you want to create it?" msgstr "Soubor s hlaviÄkou neexistuje. Chcete jej vytvoÅ™it?" -#: src/cryptsetup.c:1414 +#: src/cryptsetup.c:1499 #, c-format msgid "Cannot create header file %s." msgstr "Soubor s hlaviÄkou %s nelze vytvoÅ™it." -#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 -#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 -#: src/integritysetup.c:333 +#: src/cryptsetup.c:1522 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:324 src/integritysetup.c:332 +#: src/integritysetup.c:342 msgid "No known integrity specification pattern detected." msgstr "Nelze najÃt žádný známý vzorek se specifikacà integrity." -#: src/cryptsetup.c:1450 +#: src/cryptsetup.c:1535 #, c-format msgid "Cannot use %s as on-disk header." msgstr "%s nelze použÃt pro hlaviÄku uvnitř disku." -#: src/cryptsetup.c:1474 src/integritysetup.c:181 +#: src/cryptsetup.c:1564 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Toto nevratnÄ› pÅ™epÃÅ¡e data na %s." -#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 -#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1601 +msgid "OPAL Admin password cannot be empty." +msgstr "Heslo správce Opal nemůže být prázdné." + +#: src/cryptsetup.c:1615 src/cryptsetup.c:2097 src/cryptsetup.c:2247 +#: src/cryptsetup.c:2407 src/cryptsetup.c:2473 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Nastavenà parametrů PBKDF selhalo." -#: src/cryptsetup.c:1593 +#: src/cryptsetup.c:1745 +msgid "Type specification in --link-vk-to-keyring keyring specification is ignored." +msgstr "UrÄenà typu v pÅ™epÃnaÄi --link-vk-to-keyring pro zadánà klÃÄenky se ignoruje." + +#: src/cryptsetup.c:1765 +msgid "Invalid --link-vk-to-keyring value." +msgstr "Neplatná hodnota --link-vk-to-keyring." + +#: src/cryptsetup.c:1805 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "ZmenÅ¡ená poloha dat je dovolena jen u oddÄ›lené hlaviÄky LUKS." -#: src/cryptsetup.c:1600 +#: src/cryptsetup.c:1812 #, c-format msgid "LUKS file container %s is too small for activation, there is no remaining space for data." msgstr "Souborový kontejner LUKS %s je na aktivaci pÅ™ÃliÅ¡ malý. Nezbývá žádné mÃsto pro data." -#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 +#: src/cryptsetup.c:1839 src/cryptsetup.c:2253 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Bez pozic pro klÃÄe nelze urÄit velikost LUKS klÃÄe svazku. ProsÃm, použijte pÅ™epÃnaÄ --key-size." -#: src/cryptsetup.c:1658 +#: src/cryptsetup.c:1890 msgid "Device activated but cannot make flags persistent." msgstr "ZaÅ™Ãzenà aktivováno, ale pÅ™Ãznaky nelze uÄinit trvalými." -#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 +#: src/cryptsetup.c:1972 src/cryptsetup.c:2040 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Ke smazánà vybrán klÃÄ na pozici %d." -#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 +#: src/cryptsetup.c:1984 src/cryptsetup.c:2044 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "" "Toto je poslednà pozice klÃÄe. SmazánÃm tohoto klÃÄe pÅ™ijdete o možnost\n" "zaÅ™Ãzenà použÃt." -#: src/cryptsetup.c:1750 +#: src/cryptsetup.c:1985 msgid "Enter any remaining passphrase: " msgstr "Zadejte jakékoliv jiné heslo: " -#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 +#: src/cryptsetup.c:1986 src/cryptsetup.c:2046 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Operace zruÅ¡ena, pozice klÃÄe NEBYLA vymazána.\n" -#: src/cryptsetup.c:1787 +#: src/cryptsetup.c:2022 msgid "Enter passphrase to be deleted: " msgstr "Zadejte heslo, které se má smazat: " -#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 -#: src/cryptsetup.c:2948 +#: src/cryptsetup.c:2072 src/cryptsetup.c:2456 src/cryptsetup.c:3114 +#: src/cryptsetup.c:3281 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "ZaÅ™Ãzenà %s nenà platným zaÅ™ÃzenÃm LUKS2." -#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 +#: src/cryptsetup.c:2111 src/cryptsetup.c:2330 msgid "Enter new passphrase for key slot: " msgstr "Zadejte nové heslo pro pozici klÃÄe: " -#: src/cryptsetup.c:1968 +#: src/cryptsetup.c:2213 msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" msgstr "POZOR: Parametr --key-slot se použije pro ÄÃslo nové pozice klÃÄe.\n" -#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:2286 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Zadejte jakékoliv existujÃcà heslo: " -#: src/cryptsetup.c:2152 +#: src/cryptsetup.c:2411 msgid "Enter passphrase to be changed: " msgstr "Zadejte heslo, které má být zmÄ›nÄ›no: " -#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2427 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Zadejte nové heslo: " -#: src/cryptsetup.c:2218 +#: src/cryptsetup.c:2477 msgid "Enter passphrase for keyslot to be converted: " msgstr "Zadejte heslo pro pozici klÃÄe, který má být pÅ™eveden: " -#: src/cryptsetup.c:2242 +#: src/cryptsetup.c:2501 msgid "Only one device argument for isLuks operation is supported." msgstr "U operace isLuks je podporován pouze jeden argument se zaÅ™ÃzenÃm." -#: src/cryptsetup.c:2350 +#: src/cryptsetup.c:2609 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Pozice klÃÄe %d neobsahuje nepÅ™iÅ™azený klÃÄ." -#: src/cryptsetup.c:2355 +#: src/cryptsetup.c:2614 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2225,40 +2454,52 @@ msgstr "" "Výpis hlaviÄky s nepÅ™iÅ™azeným klÃÄem je citlivý údaj.\n" "Tento výpis by mÄ›l být uložen na bezpeÄném mÃstÄ› a v zaÅ¡ifrované podobÄ›." -#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 +#: src/cryptsetup.c:2709 src/cryptsetup.c:2746 #, c-format msgid "%s is not active %s device name." msgstr "%s nenà název aktivnÃho zaÅ™Ãzenà %s." -#: src/cryptsetup.c:2465 +#: src/cryptsetup.c:2741 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s nenà název aktivnÃho zaÅ™Ãzenà LUKS nebo mu chybà hlaviÄka." -#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 +#: src/cryptsetup.c:2819 src/cryptsetup.c:2838 msgid "Option --header-backup-file is required." msgstr "Je vyžadován pÅ™epÃnaÄ --header-backup-file." -#: src/cryptsetup.c:2577 +#: src/cryptsetup.c:2869 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s nenà zaÅ™Ãzenà spravované nástrojem cryptsetup." -#: src/cryptsetup.c:2588 +#: src/cryptsetup.c:2880 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Reaktivace nenà na zaÅ™Ãzenà typu %s podporována" -#: src/cryptsetup.c:2638 +#: src/cryptsetup.c:2930 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Nerozpoznaná metadata druhu zaÅ™Ãzenà %s." -#: src/cryptsetup.c:2640 +#: src/cryptsetup.c:2932 msgid "Command requires device and mapped name as arguments." msgstr "PÅ™Ãkaz vyžaduje jako argumenty zaÅ™Ãzenà a mapovaný název." -#: src/cryptsetup.c:2661 +#: src/cryptsetup.c:2942 +msgid "Enter OPAL PSID: " +msgstr "Zadejte Opal PSID: " + +#: src/cryptsetup.c:2942 +msgid "Enter OPAL Admin password: " +msgstr "Zadejte heslo správce Opal: " + +#: src/cryptsetup.c:2951 +msgid "WARNING: WHOLE disk will be factory reset and all data will be lost! Continue?" +msgstr "POZOR: CELà disk bude uveden do továrnÃho nastavenà a vÅ¡echna data budou ztracena! PokraÄovat?" + +#: src/cryptsetup.c:2994 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2267,356 +2508,356 @@ msgstr "" "Tento úkon smaže vÅ¡echny pozice s klÃÄi na zaÅ™Ãzenà %s.\n" "Po jeho dokonÄenà zaÅ™Ãzenà bude nepoužitelné." -#: src/cryptsetup.c:2668 +#: src/cryptsetup.c:3001 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Operace zruÅ¡ena, pozice s klÃÄi NEBYLY smazány.\n" -#: src/cryptsetup.c:2707 +#: src/cryptsetup.c:3040 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Neplatný druh formátu LUKS. Podporován je pouze LUKS1 a LUKS2." -#: src/cryptsetup.c:2723 +#: src/cryptsetup.c:3056 #, c-format msgid "Device is already %s type." msgstr "ZaÅ™Ãzenà je již druhu %s." -#: src/cryptsetup.c:2730 +#: src/cryptsetup.c:3063 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Tato operace pÅ™evede formát %s na %s.\n" -#: src/cryptsetup.c:2733 +#: src/cryptsetup.c:3066 msgid "Operation aborted, device was NOT converted.\n" msgstr "Operace zruÅ¡ena, zaÅ™Ãzenà NEBYLO pÅ™evedeno.\n" -#: src/cryptsetup.c:2773 +#: src/cryptsetup.c:3106 msgid "Option --priority, --label or --subsystem is missing." msgstr "Chybà pÅ™epÃnaÄ --priority, --label nebo --subsystem." -#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 +#: src/cryptsetup.c:3140 src/cryptsetup.c:3180 src/cryptsetup.c:3200 #, c-format msgid "Token %d is invalid." msgstr "Token %d je neplatný." -#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 +#: src/cryptsetup.c:3143 src/cryptsetup.c:3203 #, c-format msgid "Token %d in use." msgstr "Token %d se použÃvá." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3155 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "PÅ™idánà tokenu %d klÃÄenky LUKS2 selhalo." -#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3229 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "PÅ™iÅ™azenà tokenu %d do pozice s klÃÄem %d selhalo." -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3183 #, c-format msgid "Token %d is not in use." msgstr "Token %d se nepoužÃvá." -#: src/cryptsetup.c:2887 +#: src/cryptsetup.c:3220 msgid "Failed to import token from file." msgstr "Import tokenu ze souboru selhal." -#: src/cryptsetup.c:2912 +#: src/cryptsetup.c:3245 #, c-format msgid "Failed to get token %d for export." msgstr "ZÃskánà tokenu %d za úÄelem exportu selhalo." -#: src/cryptsetup.c:2925 +#: src/cryptsetup.c:3258 #, c-format msgid "Token %d is not assigned to keyslot %d." msgstr "Token %d nenà pÅ™iÅ™azen pozici s klÃÄem %d." -#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#: src/cryptsetup.c:3260 src/cryptsetup.c:3267 #, c-format msgid "Failed to unassign token %d from keyslot %d." msgstr "ZruÅ¡enà pÅ™iÅ™azenà tokenu %d k pozici s klÃÄem %d selhalo." -#: src/cryptsetup.c:2983 +#: src/cryptsetup.c:3326 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "PÅ™epÃnaÄ --tcrypt-hidden, --tcrypt-system nebo --tcrypt-backup je podporován jen u zaÅ™Ãzenà TCRYPT." -#: src/cryptsetup.c:2986 +#: src/cryptsetup.c:3329 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "PÅ™epÃnaÄe --veracrypt a --disable-veracrypt jsou podporovány jen u typu zaÅ™Ãzenà TCRYPT." -#: src/cryptsetup.c:2989 +#: src/cryptsetup.c:3332 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "PÅ™epÃnaÄ --veracrypt-pim je podporován jen u zaÅ™Ãzenà kompatibilnÃm s VeraCrypt." -#: src/cryptsetup.c:2993 +#: src/cryptsetup.c:3336 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "PÅ™epÃnaÄ --veracrypt-query-pim je podporován jen u zaÅ™Ãzenà kompatibilnÃm s VeraCrypt." -#: src/cryptsetup.c:2995 +#: src/cryptsetup.c:3338 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "PÅ™epÃnaÄe --veracrypt-pim a --veracrypt-query-pim se vzájemnÄ› vyluÄujÃ." -#: src/cryptsetup.c:3004 +#: src/cryptsetup.c:3347 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "PÅ™epÃnaÄ --persistent nenà dovolen souÄasnÄ› s --test-passphrase." -#: src/cryptsetup.c:3007 +#: src/cryptsetup.c:3350 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "PÅ™epÃnaÄe --refresh a --test-passphrase se vzájemnÄ› vyluÄujÃ." -#: src/cryptsetup.c:3010 +#: src/cryptsetup.c:3353 msgid "Option --shared is allowed only for open of plain device." msgstr "PÅ™epÃnaÄ --shared je dovolen jen pÅ™i úkonu otevÃránà zaÅ™Ãzenà plain." -#: src/cryptsetup.c:3013 +#: src/cryptsetup.c:3356 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "PÅ™epÃnaÄ --skip je podporován jen pÅ™i otevÃránà zaÅ™Ãzenà plain a loopaes." -#: src/cryptsetup.c:3016 +#: src/cryptsetup.c:3359 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "PÅ™i otevÃránà je pÅ™epÃnaÄ --offset podporován jen u zaÅ™Ãzenà plain a loopaes." -#: src/cryptsetup.c:3019 +#: src/cryptsetup.c:3362 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "PÅ™epÃnaÄ --tcrypt-hidden nelze použÃt s pÅ™epÃnaÄem --allow-discards." -#: src/cryptsetup.c:3023 +#: src/cryptsetup.c:3366 msgid "Sector size option with open action is supported only for plain devices." msgstr "OtevÃránà s pÅ™epÃnaÄem velikosti sektoru je podporován jen u zaÅ™Ãzenà plain." # FIXME: "Large IV sectors" should read "IV large sectors". -#: src/cryptsetup.c:3027 +#: src/cryptsetup.c:3370 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "Volba inicializaÄnÃho vektoru s velkými sektory je podporována jen pÅ™i otevÃránà zaÅ™Ãzenà typu plain s velikostà sektoru vÄ›tÅ¡Ã než 512 bajtů." -#: src/cryptsetup.c:3032 +#: src/cryptsetup.c:3375 msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." msgstr "PÅ™epÃnaÄ --test-passphrase je dovolen pouze pÅ™i otevÃránà zaÅ™Ãzenà LUKS, TCRYPT, BITLK a FVAULT2." -#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 +#: src/cryptsetup.c:3378 src/cryptsetup.c:3401 msgid "Options --device-size and --size cannot be combined." msgstr "PÅ™epÃnaÄe --device-size a --size nelze kombinovat." -#: src/cryptsetup.c:3038 +#: src/cryptsetup.c:3381 msgid "Option --unbound is allowed only for open of luks device." msgstr "PÅ™epÃnaÄ --unbound je dovolen jen pÅ™i otevÃránà zaÅ™Ãzenà LUKS." -#: src/cryptsetup.c:3041 +#: src/cryptsetup.c:3384 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "PÅ™epÃnaÄ --unbound nenà dovolen souÄasnÄ› s --test-passphrase." -#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 +#: src/cryptsetup.c:3393 src/veritysetup.c:671 src/integritysetup.c:767 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "PÅ™epÃnaÄe --cancel-deferred a --deferred se vzájemnÄ› vyluÄujÃ." -#: src/cryptsetup.c:3066 -msgid "Options --reduce-device-size and --data-size cannot be combined." -msgstr "PÅ™epÃnaÄe --reduce-device-size a --data-size nelze kombinovat." +#: src/cryptsetup.c:3409 +msgid "Options --reduce-device-size and --device-size cannot be combined." +msgstr "PÅ™epÃnaÄe --reduce-device-size a --device-size nelze kombinovat." -#: src/cryptsetup.c:3069 +#: src/cryptsetup.c:3412 msgid "Option --active-name can be set only for LUKS2 device." msgstr "PÅ™epÃnaÄ --active-name lze použÃt jen u zaÅ™Ãzenà LUKS2." -#: src/cryptsetup.c:3072 +#: src/cryptsetup.c:3415 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "PÅ™epÃnaÄe --active-name a --force-offline-reencrypt nelze kombinovat." -#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 +#: src/cryptsetup.c:3423 src/cryptsetup.c:3453 msgid "Keyslot specification is required." msgstr "Je nutné urÄit pozici s klÃÄem." -#: src/cryptsetup.c:3088 +#: src/cryptsetup.c:3431 msgid "Options --align-payload and --offset cannot be combined." msgstr "PÅ™epÃnaÄe --align-payload a --offset nelze kombinovat." -#: src/cryptsetup.c:3091 +#: src/cryptsetup.c:3434 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "PÅ™epÃnaÄ --integrity-no-wipe smà být použit jen pÅ™i formátovánà s rozÅ¡ÃÅ™enÃm integrity." -#: src/cryptsetup.c:3094 +#: src/cryptsetup.c:3437 msgid "Only one of --use-[u]random options is allowed." msgstr "Je dovolen pouze jeden z pÅ™epÃnaÄů --use-[u]random." -#: src/cryptsetup.c:3102 +#: src/cryptsetup.c:3445 msgid "Key size is required with --unbound option." msgstr "PÅ™epÃnaÄ --unbound vyžaduje velikost klÃÄe." -#: src/cryptsetup.c:3122 +#: src/cryptsetup.c:3465 msgid "Invalid token action." msgstr "Neplatná operace tokenu." -#: src/cryptsetup.c:3125 +#: src/cryptsetup.c:3468 msgid "--key-description parameter is mandatory for token add action." msgstr "Parametr --key-description je pÅ™i pÅ™idávánà tokenu povinný." -#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 +#: src/cryptsetup.c:3472 src/cryptsetup.c:3485 msgid "Action requires specific token. Use --token-id parameter." msgstr "Akce vyžaduje urÄitý token. Použijte parametr --token-id." -#: src/cryptsetup.c:3133 +#: src/cryptsetup.c:3476 msgid "Option --unbound is valid only with token add action." msgstr "PÅ™epÃnaÄ --unbound lze použÃt pouze s akcà pÅ™idánÃ." -#: src/cryptsetup.c:3135 +#: src/cryptsetup.c:3478 msgid "Options --key-slot and --unbound cannot be combined." msgstr "PÅ™epÃnaÄe --key-slot a --unbound nelze kombinovat." -#: src/cryptsetup.c:3140 +#: src/cryptsetup.c:3483 msgid "Action requires specific keyslot. Use --key-slot parameter." msgstr "Akce vyžaduje urÄitou pozici klÃÄe. Použijte parametr --key-slot." -#: src/cryptsetup.c:3156 +#: src/cryptsetup.c:3499 msgid "<device> [--type <type>] [<name>]" msgstr "<zaÅ™ÃzenÃ> [--type <druh>] [<název>]" -#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 +#: src/cryptsetup.c:3499 src/veritysetup.c:491 src/integritysetup.c:544 msgid "open device as <name>" msgstr "otevÅ™e zaÅ™Ãzenà jako <název>" -#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 -#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 -#: src/integritysetup.c:537 src/integritysetup.c:539 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3501 src/cryptsetup.c:3502 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:545 +#: src/integritysetup.c:546 src/integritysetup.c:548 msgid "<name>" msgstr "<název>" -#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 +#: src/cryptsetup.c:3500 src/veritysetup.c:492 src/integritysetup.c:545 msgid "close device (remove mapping)" msgstr "zavÅ™e zaÅ™Ãzenà (odstranà mapovánÃ)" -#: src/cryptsetup.c:3158 src/integritysetup.c:539 +#: src/cryptsetup.c:3501 src/integritysetup.c:548 msgid "resize active device" msgstr "zmÄ›nà velikost aktivnÃho zaÅ™ÃzenÃ" -#: src/cryptsetup.c:3159 +#: src/cryptsetup.c:3502 msgid "show device status" msgstr "zobrazà stav zaÅ™ÃzenÃ" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "[--cipher <cipher>]" msgstr "[--cipher <Å¡ifra>]" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "benchmark cipher" msgstr "zhodnotà výkon Å¡ifry" -#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 -#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 -#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 -#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 -#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 +#: src/cryptsetup.c:3504 src/cryptsetup.c:3505 src/cryptsetup.c:3506 +#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3515 +#: src/cryptsetup.c:3516 src/cryptsetup.c:3517 src/cryptsetup.c:3518 +#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521 +#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524 msgid "<device>" msgstr "<zaÅ™ÃzenÃ>" -#: src/cryptsetup.c:3161 +#: src/cryptsetup.c:3504 msgid "try to repair on-disk metadata" msgstr "pokusà se opravit metadata uložená na disku" -#: src/cryptsetup.c:3162 +#: src/cryptsetup.c:3505 msgid "reencrypt LUKS2 device" msgstr "pÅ™eÅ¡ifruje zaÅ™Ãzenà LUKS2" -#: src/cryptsetup.c:3163 +#: src/cryptsetup.c:3506 msgid "erase all keyslots (remove encryption key)" msgstr "smaže vÅ¡echny pozice s klÃÄi (odstranà šifrovacà klÃÄ)" -#: src/cryptsetup.c:3164 +#: src/cryptsetup.c:3507 msgid "convert LUKS from/to LUKS2 format" msgstr "pÅ™evede formát LUKS do/z formátu LUKS2" -#: src/cryptsetup.c:3165 +#: src/cryptsetup.c:3508 msgid "set permanent configuration options for LUKS2" msgstr "nastavà trvalé volby konfigurace pro LUKS2" -#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 +#: src/cryptsetup.c:3509 src/cryptsetup.c:3510 msgid "<device> [<new key file>]" msgstr "<zaÅ™ÃzenÃ> [<soubor_s_novým_klÃÄem>]" -#: src/cryptsetup.c:3166 +#: src/cryptsetup.c:3509 msgid "formats a LUKS device" msgstr "naformátuje zaÅ™Ãzenà LUKS" -#: src/cryptsetup.c:3167 +#: src/cryptsetup.c:3510 msgid "add key to LUKS device" msgstr "do zaÅ™Ãzenà LUKS pÅ™idá klÃÄ" -#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 +#: src/cryptsetup.c:3511 src/cryptsetup.c:3512 src/cryptsetup.c:3513 msgid "<device> [<key file>]" msgstr "<zaÅ™ÃzenÃ> [<soubor_s_klÃÄem>]" -#: src/cryptsetup.c:3168 +#: src/cryptsetup.c:3511 msgid "removes supplied key or key file from LUKS device" msgstr "odstranà zadaný klÃÄ nebo soubor s klÃÄem ze zaÅ™Ãzenà LUKS" -#: src/cryptsetup.c:3169 +#: src/cryptsetup.c:3512 msgid "changes supplied key or key file of LUKS device" msgstr "zmÄ›nà zadaný klÃÄ nebo soubor s klÃÄem u zaÅ™Ãzenà LUKS" -#: src/cryptsetup.c:3170 +#: src/cryptsetup.c:3513 msgid "converts a key to new pbkdf parameters" msgstr "pÅ™evede klÃÄ do nových parametrů PBKDF" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "<device> <key slot>" msgstr "<zaÅ™ÃzenÃ> <pozice_klÃÄe>" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "wipes key with number <key slot> from LUKS device" msgstr "smaže klÃÄ s ÄÃslem <pozice_klÃÄe> ze zaÅ™Ãzenà LUKS" -#: src/cryptsetup.c:3172 +#: src/cryptsetup.c:3515 msgid "print UUID of LUKS device" msgstr "zobrazà UUID zaÅ™Ãzenà LUKS" -#: src/cryptsetup.c:3173 +#: src/cryptsetup.c:3516 msgid "tests <device> for LUKS partition header" msgstr "otestuje <zaÅ™ÃzenÃ> na hlaviÄku oddÃlu LUKS" -#: src/cryptsetup.c:3174 +#: src/cryptsetup.c:3517 msgid "dump LUKS partition information" msgstr "vypÃÅ¡e údaje o oddÃlu LUKS" -#: src/cryptsetup.c:3175 +#: src/cryptsetup.c:3518 msgid "dump TCRYPT device information" msgstr "vypÃÅ¡e údaje o oddÃlu TCRYPT" -#: src/cryptsetup.c:3176 +#: src/cryptsetup.c:3519 msgid "dump BITLK device information" msgstr "vypÃÅ¡e údaje o zaÅ™Ãzenà BITLK" -#: src/cryptsetup.c:3177 +#: src/cryptsetup.c:3520 msgid "dump FVAULT2 device information" msgstr "vypÃÅ¡e údaje o zaÅ™Ãzenà FVAULT2" # TODO: not consistent with previous line -#: src/cryptsetup.c:3178 +#: src/cryptsetup.c:3521 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Uspà zaÅ™Ãzenà LUKS a smaže klÃÄ (vÅ¡echny operace budou zmrazeny)" # TODO: not consistent with previous line -#: src/cryptsetup.c:3179 +#: src/cryptsetup.c:3522 msgid "Resume suspended LUKS device" msgstr "Probudà uspané zaÅ™Ãzenà LUKS" # TODO: not consistent with previous line -#: src/cryptsetup.c:3180 +#: src/cryptsetup.c:3523 msgid "Backup LUKS device header and keyslots" msgstr "Zálohuje hlaviÄku zaÅ™Ãzenà LUKS a jeho pozice s klÃÄi" # TODO: not consistent with previous line -#: src/cryptsetup.c:3181 +#: src/cryptsetup.c:3524 msgid "Restore LUKS device header and keyslots" msgstr "Obnovà hlaviÄku zaÅ™Ãzenà LUKS a jeho pozice s klÃÄi" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "<add|remove|import|export> <device>" msgstr "<add|remove|import|export> <zaÅ™ÃzenÃ>" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "Manipulate LUKS2 tokens" msgstr "Zacházà s tokeny LUKS2" -#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 +#: src/cryptsetup.c:3544 src/veritysetup.c:509 src/integritysetup.c:563 msgid "" "\n" "<action> is one of:\n" @@ -2624,7 +2865,7 @@ msgstr "" "\n" "<akce> je jedna z:\n" -#: src/cryptsetup.c:3207 +#: src/cryptsetup.c:3550 msgid "" "\n" "You can also use old <action> syntax aliases:\n" @@ -2636,7 +2877,7 @@ msgstr "" "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:3211 +#: src/cryptsetup.c:3554 #, c-format msgid "" "\n" @@ -2651,7 +2892,7 @@ msgstr "" "<pozice_klÃÄe> je ÄÃslo pozice klÃÄe LUKS, který se má upravit\n" "<soubor_s_klÃÄem> je volitelný soubor s novým klÃÄem pro akci luksAddKey\n" -#: src/cryptsetup.c:3218 +#: src/cryptsetup.c:3561 #, c-format msgid "" "\n" @@ -2660,30 +2901,28 @@ msgstr "" "\n" "Výchozà zakompilovaný formát metadat (pro akci luksFormat) je %s.\n" -#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 -#, c-format +#: src/cryptsetup.c:3566 msgid "" "\n" -"LUKS2 external token plugin support is %s.\n" +"LUKS2 external token plugin support is enabled.\n" msgstr "" "\n" -"Podpora pro zásuvný modul externÃho tokenu LUKS2 je %s.\n" +"Podpora pro zásuvný modul externÃho tokenu LUKS2 je zapnuta.\n" -#: src/cryptsetup.c:3223 -msgid "compiled-in" -msgstr "zakompilována" - -#: src/cryptsetup.c:3224 +#: src/cryptsetup.c:3567 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Cesta k zásuvnému modulu externÃho tokenu LUKS2: %s.\n" -# Support is %s -#: src/cryptsetup.c:3226 -msgid "disabled" -msgstr "vypnuta" +#: src/cryptsetup.c:3569 +msgid "" +"\n" +"LUKS2 external token plugin support is disabled.\n" +msgstr "" +"\n" +"Podpora pro zásuvný modul externÃho tokenu LUKS2 je vypnuta.\n" -#: src/cryptsetup.c:3230 +#: src/cryptsetup.c:3573 #, c-format msgid "" "\n" @@ -2700,7 +2939,7 @@ msgstr "" "Výchozà PBKDF pro LUKS2: %s\n" "\tDoba iteracÃ: %d, nutná paměť: %d kB, souběžná vlákna: %d\n" -#: src/cryptsetup.c:3241 +#: src/cryptsetup.c:3584 #, c-format msgid "" "\n" @@ -2715,96 +2954,100 @@ msgstr "" "\tplain: %s, KlÃÄ: %d bitů, HaÅ¡ hesla: %s\n" "\tLUKS: %s, KlÃÄ: %d bitů, HaÅ¡ hlaviÄky LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:3250 +#: src/cryptsetup.c:3593 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: V režimu XTS (dva vnitÅ™nà klÃÄe) bude výchozà velikost klÃÄe zdvojnásobena.\n" -#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 +#: src/cryptsetup.c:3611 src/veritysetup.c:651 src/integritysetup.c:723 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: vyžaduje %s jako argumenty" -#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 +#: src/cryptsetup.c:3651 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Pozice klÃÄe nenà platná." -#: src/cryptsetup.c:3335 +#: src/cryptsetup.c:3678 msgid "Device size must be multiple of 512 bytes sector." msgstr "Velikost zaÅ™Ãzenà musà být násobkem 512bajtových sektorů." -#: src/cryptsetup.c:3340 +#: src/cryptsetup.c:3683 msgid "Invalid max reencryption hotzone size specification." msgstr "Zadána neplatná maximálnà velikost horké zóny pÅ™i pÅ™eÅ¡ifrovánÃ." -#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 +#: src/cryptsetup.c:3697 src/cryptsetup.c:3709 msgid "Key size must be a multiple of 8 bits" msgstr "Velikost klÃÄe musà být násobkem 8 bitů." -#: src/cryptsetup.c:3371 +#: src/cryptsetup.c:3714 msgid "Maximum device reduce size is 1 GiB." msgstr "Maximálnà velikost zmenÅ¡enà zaÅ™Ãzenà je 1 GiB." -#: src/cryptsetup.c:3374 +#: src/cryptsetup.c:3717 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Velikost zmenÅ¡enà musà být násobkem 512bajtových sektorů." -#: src/cryptsetup.c:3391 +#: src/cryptsetup.c:3734 msgid "Option --priority can be only ignore/normal/prefer." msgstr "PÅ™epÃnaÄ --priority smà mÃt pouze argument ignore, normal a prefer." -#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 +#: src/cryptsetup.c:3753 src/veritysetup.c:572 src/integritysetup.c:643 msgid "Show this help message" msgstr "Zobrazà tuto nápovÄ›du" -#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 +#: src/cryptsetup.c:3754 src/veritysetup.c:573 src/integritysetup.c:644 msgid "Display brief usage" msgstr "Zobrazà struÄný návod na použitÃ" -#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 +#: src/cryptsetup.c:3755 src/veritysetup.c:574 src/integritysetup.c:645 msgid "Print package version" msgstr "VypÃÅ¡e verzi balÃku" -#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 +#: src/cryptsetup.c:3766 src/veritysetup.c:585 src/integritysetup.c:656 msgid "Help options:" msgstr "PÅ™epÃnaÄe nápovÄ›dy:" -#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 +#: src/cryptsetup.c:3789 src/veritysetup.c:606 src/integritysetup.c:676 msgid "[OPTION...] <action> <action-specific>" msgstr "[PŘEPÃNAČ…] <akce> <pÅ™epÃnaÄe_akce>" -#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 +#: src/cryptsetup.c:3798 src/veritysetup.c:615 src/integritysetup.c:687 msgid "Argument <action> missing." msgstr "Chybà argument <akce>." -#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 +#: src/cryptsetup.c:3877 src/veritysetup.c:646 src/integritysetup.c:718 msgid "Unknown action." msgstr "Neznámá akce." -#: src/cryptsetup.c:3546 +#: src/cryptsetup.c:3895 msgid "Option --key-file takes precedence over specified key file argument." msgstr "PÅ™epÃnaÄ --key-file má pÅ™ednost pÅ™ed zadaným argumentem souboru s klÃÄem." -#: src/cryptsetup.c:3552 +#: src/cryptsetup.c:3901 msgid "Only one --key-file argument is allowed." msgstr "Je dovolen pouze jeden argument pÅ™epÃnaÄe --key-file." -#: src/cryptsetup.c:3557 +#: src/cryptsetup.c:3906 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "Funkce pro odvozenà klÃÄe na základÄ› hesla (PBKDF) smà být pouze pbkdf2 nebo argon2i/argon2id." -#: src/cryptsetup.c:3562 +#: src/cryptsetup.c:3911 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "Vynucené iterace PBKDF nelze kombinovat s volnou doby iteracÃ." -#: src/cryptsetup.c:3573 +#: src/cryptsetup.c:3916 +msgid "Cannot link volume key to a keyring when keyring is disabled." +msgstr "Je-li klÃÄenka vypnuta, klÃÄ svazku nelze do klÃÄenky pÅ™idat." + +#: src/cryptsetup.c:3927 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "PÅ™epÃnaÄe --keyslot-cipher a --keyslot-key-size musà být použity spolu." -#: src/cryptsetup.c:3581 +#: src/cryptsetup.c:3935 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Žádný úkon nebude proveden. Zavoláno s pÅ™epÃnaÄem --test-args.\n" -#: src/cryptsetup.c:3594 +#: src/cryptsetup.c:3948 msgid "Cannot disable metadata locking." msgstr "Zamykánà metadata nelze vypnout." @@ -2869,7 +3112,7 @@ msgstr "PÅ™Ãkaz vyžaduje argument <koÅ™enový_haÅ¡> nebo pÅ™epÃnaÄ --root-ha msgid "<data_device> <hash_device>" msgstr "<zaÅ™ÃzenÃ_dat> <zaÅ™ÃzenÃ_hašů>" -#: src/veritysetup.c:489 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:543 msgid "format device" msgstr "naformátuje zaÅ™ÃzenÃ" @@ -2885,7 +3128,7 @@ msgstr "ověřà zaÅ™ÃzenÃ" msgid "<data_device> <name> <hash_device> [<root_hash>]" msgstr "<zaÅ™ÃzenÃ_dat> <název> <zaÅ™ÃzenÃ_hašů> [<koÅ™enový_haÅ¡>]" -#: src/veritysetup.c:493 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:546 msgid "show active device status" msgstr "zobrazà stav aktivnÃho zaÅ™ÃzenÃ" @@ -2893,7 +3136,7 @@ msgstr "zobrazà stav aktivnÃho zaÅ™ÃzenÃ" msgid "<hash_device>" msgstr "<zaÅ™ÃzenÃ_hašů>" -#: src/veritysetup.c:494 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:547 msgid "show on-disk information" msgstr "zobrazà údaje z disku" @@ -2923,11 +3166,11 @@ msgstr "" "Výchozà zakompilované parametry dm-verity:\n" "\tHaÅ¡: %s, Datový blok (bajty): %u, Blok hašů (bajty): %u, Velikost soli: %u, Formát haÅ¡e: %u\n" -#: src/veritysetup.c:658 +#: src/veritysetup.c:661 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "PÅ™epÃnaÄe --ignore-corruption a --restart-on-corruption nelze použÃt najednou." -#: src/veritysetup.c:663 +#: src/veritysetup.c:666 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "PÅ™epÃnaÄ --panic-on-corruption a --restart-on-corruption nelze použÃt najednou." @@ -2941,29 +3184,29 @@ msgstr "" "Pro zachovánà datového zaÅ™Ãzenà použije pÅ™epÃnaÄ --no-wipe (a pak jej\n" "aktivujte pomocà --integrity-recalculate)." -#: src/integritysetup.c:212 +#: src/integritysetup.c:217 #, c-format msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "Formátováno s velikostà znaÄky %u, vnitÅ™nà integrita %s.\n" -#: src/integritysetup.c:289 +#: src/integritysetup.c:298 msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." msgstr "Nastavenà pÅ™Ãznaku pÅ™epoÄtu nenà podporováno, mÃsto toho zvažte použità --wipe." -#: src/integritysetup.c:364 src/integritysetup.c:521 +#: src/integritysetup.c:373 src/integritysetup.c:530 #, c-format msgid "Device %s is not a valid INTEGRITY device." msgstr "ZaÅ™Ãzenà %s nenà platným zaÅ™ÃzenÃm INTEGRITY." -#: src/integritysetup.c:534 src/integritysetup.c:538 +#: src/integritysetup.c:543 src/integritysetup.c:547 msgid "<integrity_device>" msgstr "<zaÅ™ÃzenÃ_s_daty_integrity>" -#: src/integritysetup.c:535 +#: src/integritysetup.c:544 msgid "<integrity_device> <name>" msgstr "<zaÅ™ÃzenÃ_s_daty_integrity> <název>" -#: src/integritysetup.c:558 +#: src/integritysetup.c:567 #, c-format msgid "" "\n" @@ -2974,7 +3217,7 @@ msgstr "" "<název> je zaÅ™ÃzenÃ, které bude vytvoÅ™eno pod %s\n" "<zaÅ™ÃzenÃ_s_daty_integrity> je zaÅ™Ãzenà obsahujÃcà data se znaÄkami integrity\n" -#: src/integritysetup.c:563 +#: src/integritysetup.c:572 #, c-format msgid "" "\n" @@ -2988,40 +3231,40 @@ msgstr "" "\tMaximálnà velikost souboru s klÃÄem: %d kB\n" # TODO: Pluralize -#: src/integritysetup.c:620 +#: src/integritysetup.c:629 #, c-format msgid "Invalid --%s size. Maximum is %u bytes." msgstr "Neplatná velikost --%s. Maximálnà je %u bajtů." -#: src/integritysetup.c:720 +#: src/integritysetup.c:732 msgid "Both key file and key size options must be specified." msgstr "Musà být zadány oba pÅ™epÃnaÄe pro soubor s klÃÄem a velikostà klÃÄe." -#: src/integritysetup.c:724 +#: src/integritysetup.c:736 msgid "Both journal integrity key file and key size options must be specified." msgstr "Musà být zadány oba pÅ™epÃnaÄe pro soubor s klÃÄem žurnálu a velikostà klÃÄe." -#: src/integritysetup.c:727 +#: src/integritysetup.c:739 msgid "Journal integrity algorithm must be specified if journal integrity key is used." msgstr "Je-li použit klÃÄ integrity žurnálu, musà být zadán algoritmus integrity žurnálu." -#: src/integritysetup.c:731 +#: src/integritysetup.c:743 msgid "Both journal encryption key file and key size options must be specified." msgstr "Musà být zadány oba pÅ™epÃnaÄe pro soubor s šifrovacÃm klÃÄem žurnálu a velikostà klÃÄe." -#: src/integritysetup.c:734 +#: src/integritysetup.c:746 msgid "Journal encryption algorithm must be specified if journal encryption key is used." msgstr "Je-li použit Å¡ifrovacà klÃÄ Å¾urnálu, musà být zadán algoritmus Å¡ifrovánà žurnálu." -#: src/integritysetup.c:738 +#: src/integritysetup.c:750 msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "PÅ™epÃnaÄe režimu bitmapy a obnovenà se vzájemnÄ› vyluÄujÃ." -#: src/integritysetup.c:745 +#: src/integritysetup.c:757 msgid "Journal options cannot be used in bitmap mode." msgstr "PÅ™epÃnaÄe žurnálu nelze použità spolu s režimem bitmapy." -#: src/integritysetup.c:750 +#: src/integritysetup.c:762 msgid "Bitmap options can be used only in bitmap mode." msgstr "PÅ™epÃnaÄe bitmapy lze použÃt jen pÅ™i režimu bitmapy." @@ -3235,58 +3478,58 @@ msgstr "" msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Kontrola odolnosti hesla selhala: Å patné heslo (%s)" -#: src/utils_password.c:230 src/utils_password.c:244 +#: src/utils_password.c:231 src/utils_password.c:245 msgid "Error reading passphrase from terminal." msgstr "Chyba pÅ™i Ätenà hesla z terminálu." -#: src/utils_password.c:242 +#: src/utils_password.c:243 msgid "Verify passphrase: " msgstr "Ověřte heslo: " -#: src/utils_password.c:249 +#: src/utils_password.c:250 msgid "Passphrases do not match." msgstr "Hesla se neshodujÃ." -#: src/utils_password.c:287 +#: src/utils_password.c:288 msgid "Cannot use offset with terminal input." msgstr "Ve vstupu z terminálu nelze mÄ›nit polohu." -#: src/utils_password.c:291 +#: src/utils_password.c:292 #, c-format msgid "Enter passphrase: " msgstr "Zadejte heslo: " -#: src/utils_password.c:294 +#: src/utils_password.c:295 #, c-format msgid "Enter passphrase for %s: " msgstr "Zadejte heslo pro %s: " -#: src/utils_password.c:328 +#: src/utils_password.c:329 msgid "No key available with this passphrase." msgstr "S tÃmto heslem nenà dostupný žádný klÃÄ." -#: src/utils_password.c:330 +#: src/utils_password.c:331 msgid "No usable keyslot is available." msgstr "Nejsou dostupné žádné použitelné pozice s klÃÄi." -#: src/utils_luks.c:67 +#: src/utils_luks.c:68 msgid "Can't do passphrase verification on non-tty inputs." msgstr "Se vstupem mimo terminál nelze ověřit heslo." -#: src/utils_luks.c:182 +#: src/utils_luks.c:183 #, c-format msgid "Failed to open file %s in read-only mode." msgstr "Soubor %s se nepodaÅ™ilo otevÅ™Ãt pouze pro ÄtenÃ." -#: src/utils_luks.c:195 +#: src/utils_luks.c:196 msgid "Provide valid LUKS2 token JSON:\n" msgstr "PoskytnÄ›te JSON s platným tokenem LUKS2:\n" -#: src/utils_luks.c:202 +#: src/utils_luks.c:203 msgid "Failed to read JSON file." msgstr "Soubor s dokumentem JSON se nepodaÅ™ilo pÅ™eÄÃst." -#: src/utils_luks.c:207 +#: src/utils_luks.c:208 msgid "" "\n" "Read interrupted." @@ -3294,12 +3537,12 @@ msgstr "" "\n" "ÄŒtenà pÅ™eruÅ¡eno." -#: src/utils_luks.c:248 +#: src/utils_luks.c:249 #, c-format msgid "Failed to open file %s in write mode." msgstr "OtevÅ™enà souboru %s pro zápis selhalo." -#: src/utils_luks.c:257 +#: src/utils_luks.c:258 msgid "" "\n" "Write interrupted." @@ -3307,7 +3550,7 @@ msgstr "" "\n" "Zápis pÅ™eruÅ¡en." -#: src/utils_luks.c:261 +#: src/utils_luks.c:262 msgid "Failed to write JSON file." msgstr "Zapsanà souboru s dokumentem JSON selhalo." @@ -3375,15 +3618,19 @@ msgstr "ZaÅ™Ãzenà vyžaduje obnovu pÅ™eÅ¡ifrovánÃ. SpusÅ¥te nejprve opravu." msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "ZaÅ™Ãzenà %s je již ve stavu pÅ™eÅ¡ifrovánà LUKS2. PÅ™ejete si dokonÄit dÅ™Ãve zahájenou operaci?" -#: src/utils_reencrypt.c:353 +#: src/utils_reencrypt.c:416 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Zastaralé pÅ™eÅ¡ifrovánà LUKS2 již nenà podporováno." -#: src/utils_reencrypt.c:418 +#: src/utils_reencrypt.c:421 +msgid "Can not reencrypt LUKS2 device configured to use OPAL." +msgstr "ZaÅ™Ãzenà LUKS2 nastavené k použÃvánà Opal nelze pÅ™eÅ¡ifrovat." + +#: src/utils_reencrypt.c:427 msgid "Reencryption of device with integrity profile is not supported." msgstr "PÅ™eÅ¡ifrovánà zaÅ™Ãzenà s profilem integrity nenà podporováno." -#: src/utils_reencrypt.c:449 +#: src/utils_reencrypt.c:464 #, c-format msgid "" "Requested --sector-size %<PRIu32> is incompatible with %s superblock\n" @@ -3392,103 +3639,103 @@ msgstr "" "Požadovaný --sector-size %<PRIu32> nenà sluÄitelný se superblokem %s\n" "(velikost bloku %<PRIu32> bajtů) nalezeném na zaÅ™Ãzenà %s." -#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 +#: src/utils_reencrypt.c:533 src/utils_reencrypt.c:1412 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "PÅ™eÅ¡ifrovánà bez oddÄ›lené hlaviÄky (--header) nenà možné bez zmenÅ¡enà velikosti datového zaÅ™Ãzenà (--reduce-device-size)." -#: src/utils_reencrypt.c:525 +#: src/utils_reencrypt.c:540 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Požadovaný poÄátek dat musà být menÅ¡Ã nebo roven polovinÄ› parametru --reduce-device-size" -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:550 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n" msgstr "Upravuje se hodnota --reduce-device-size na dvojnásobek --offset %<PRIu64> (v sektorech).\n" -#: src/utils_reencrypt.c:565 +#: src/utils_reencrypt.c:580 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "DoÄasný soubor s hlaviÄkou %s již existuje. Operace se ruÅ¡Ã." -#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 +#: src/utils_reencrypt.c:582 src/utils_reencrypt.c:589 #, c-format msgid "Cannot create temporary header file %s." msgstr "DoÄasný soubor s hlaviÄkou %s nelze vytvoÅ™it." -#: src/utils_reencrypt.c:599 +#: src/utils_reencrypt.c:614 msgid "LUKS2 metadata size is larger than data shift value." msgstr "Velikost metadat LUKS2 je vÄ›tÅ¡Ã než hodnota posunu dat." -#: src/utils_reencrypt.c:636 +#: src/utils_reencrypt.c:651 #, c-format msgid "Failed to place new header at head of device %s." msgstr "UmÃstÄ›nà nové hlaviÄky na zaÄátek zaÅ™Ãzenà %s selhalo." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:661 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s je nynà aktivnà a pÅ™ipraveno pro pÅ™eÅ¡ifrovánà za bÄ›hu.\n" -#: src/utils_reencrypt.c:682 +#: src/utils_reencrypt.c:697 #, c-format msgid "Active device %s is not LUKS2." msgstr "Aktivnà zaÅ™Ãzenà %s nenà LUKS2." -#: src/utils_reencrypt.c:710 +#: src/utils_reencrypt.c:725 msgid "Restoring original LUKS2 header." msgstr "Obnovuje se původnà hlaviÄka LUKS2." -#: src/utils_reencrypt.c:718 +#: src/utils_reencrypt.c:733 msgid "Original LUKS2 header restore failed." msgstr "Obnovenà původnà hlaviÄky LUKS2 selhalo." -#: src/utils_reencrypt.c:744 +#: src/utils_reencrypt.c:759 #, c-format msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" msgstr "Soubor s hlaviÄkou %s neexistuje. PÅ™ejete si zahájit deÅ¡ifrovánà LUKS2 zaÅ™Ãzenà %s a export hlaviÄku LUKS2 do souboru %s?" -#: src/utils_reencrypt.c:792 +#: src/utils_reencrypt.c:807 msgid "Failed to add read/write permissions to exported header file." msgstr "PÅ™idánà práv na ÄtenÃ/zápis souboru s hlaviÄkou selhalo." -#: src/utils_reencrypt.c:845 +#: src/utils_reencrypt.c:860 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "Inicializace pÅ™eÅ¡ifrovánà selhala. Záloha hlaviÄky je dostupná v %s." -#: src/utils_reencrypt.c:873 +#: src/utils_reencrypt.c:888 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "DeÅ¡ifrovánà LUKS2 je podporováno jen u zaÅ™Ãzenà s oddÄ›lenou hlaviÄkou (poÄátek dat na 0)." -#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 +#: src/utils_reencrypt.c:1023 src/utils_reencrypt.c:1032 msgid "Not enough free keyslots for reencryption." msgstr "Nedostatek pozic s klÃÄi pro pÅ™eÅ¡ifrovánÃ." -#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1053 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Soubor s klÃÄem lze použÃt jen s pÅ™epÃnaÄem --key-slot nebo s právÄ› jednou aktivnà pozicà klÃÄe." -#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1062 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "Zadejte heslo pro pozici klÃÄe %d: " -#: src/utils_reencrypt.c:1059 +#: src/utils_reencrypt.c:1074 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "Zadejte heslo pro pozici klÃÄe %u: " -#: src/utils_reencrypt.c:1111 +#: src/utils_reencrypt.c:1126 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "PÅ™epÃná se algoritmus Å¡ifrovánà dat na %s.\n" -#: src/utils_reencrypt.c:1165 +#: src/utils_reencrypt.c:1180 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Žádné parametry oblasti s daty nebyly zmÄ›nÄ›ny. PÅ™eÅ¡ifrovánà zruÅ¡eno." -#: src/utils_reencrypt.c:1267 +#: src/utils_reencrypt.c:1282 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3497,7 +3744,7 @@ msgstr "" "podporováno. Nejprve zaÅ™Ãzenà aktivujte, nebo použijte pÅ™epÃnaÄ\n" "--force-offline-reencrypt (nebezpeÄné!)." -#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1322 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3506,62 +3753,62 @@ msgstr "" "\n" "PÅ™eÅ¡ifrovánà pÅ™eruÅ¡eno." -#: src/utils_reencrypt.c:1312 +#: src/utils_reencrypt.c:1327 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "DokonÄuje se pÅ™eÅ¡ifrovánà LUKS ve vynuceném režimu offline.\n" -#: src/utils_reencrypt.c:1329 +#: src/utils_reencrypt.c:1350 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "ZaÅ™Ãzenà %s obsahuje poruÅ¡ená metadata LUKS. Operace se ruÅ¡Ã." -#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 +#: src/utils_reencrypt.c:1366 src/utils_reencrypt.c:1388 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "ZaÅ™Ãzenà %s je již zaÅ™ÃzenÃm LUKS. Operace se ruÅ¡Ã." -#: src/utils_reencrypt.c:1373 +#: src/utils_reencrypt.c:1394 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "ZaÅ™Ãzenà %s je již ve stavu pÅ™eÅ¡ifrovánà LUKS. Operace se ruÅ¡Ã." -#: src/utils_reencrypt.c:1453 +#: src/utils_reencrypt.c:1476 msgid "LUKS2 decryption requires --header option." msgstr "DeÅ¡ifrovánà LUKS2 vyžaduje pÅ™epÃnaÄ --header." -#: src/utils_reencrypt.c:1501 +#: src/utils_reencrypt.c:1524 msgid "Command requires device as argument." msgstr "PÅ™Ãkaz vyžaduje jako argument zaÅ™ÃzenÃ." -#: src/utils_reencrypt.c:1514 +#: src/utils_reencrypt.c:1537 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "NesluÄitelné verze. ZaÅ™Ãzenà %s je LUKS1." -#: src/utils_reencrypt.c:1520 +#: src/utils_reencrypt.c:1543 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "NesluÄitelné verze. ZaÅ™Ãzenà %s je ve stavu pÅ™eÅ¡ifrovánà LUKS1." -#: src/utils_reencrypt.c:1526 +#: src/utils_reencrypt.c:1549 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "NesluÄitelné verze. ZaÅ™Ãzenà %s je LUKS2." -#: src/utils_reencrypt.c:1532 +#: src/utils_reencrypt.c:1555 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "NesluÄitelné verze. ZaÅ™Ãzenà %s je ve stavu pÅ™eÅ¡ifrovánà LUKS2." -#: src/utils_reencrypt.c:1538 +#: src/utils_reencrypt.c:1561 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "PÅ™eÅ¡ifrovánà LUKS2 je již inicializováno. Operace se ruÅ¡Ã." -#: src/utils_reencrypt.c:1545 +#: src/utils_reencrypt.c:1568 msgid "Device reencryption not in progress." msgstr "NeprobÃhá žádné pÅ™eÅ¡ifrovánà zaÅ™ÃzenÃ." -#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:295 #, c-format msgid "Cannot exclusively open %s, device in use." msgstr "ZaÅ™Ãzenà %s nelze výluÄnÄ› otevÅ™Ãt. ZaÅ™Ãzenà se použÃvá." @@ -3697,35 +3944,35 @@ msgstr "POZOR: ZaÅ™Ãzenà %s již obsahuje vzorec oddÃlu „%s“.\n" msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" msgstr "POZOR: ZaÅ™Ãzenà %s již obsahuje vzorec superbloku „%s“.\n" -#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 +#: src/utils_blockdev.c:219 src/utils_blockdev.c:302 src/utils_blockdev.c:354 msgid "Failed to initialize device signature probes." msgstr "Sondu vzorců zaÅ™Ãzenà se nepodaÅ™ilo inicializovat." -#: src/utils_blockdev.c:274 +#: src/utils_blockdev.c:282 #, c-format msgid "Failed to stat device %s." msgstr "O zaÅ™Ãzenà %s nebylo možné zjistit údaje." -#: src/utils_blockdev.c:289 +#: src/utils_blockdev.c:297 #, c-format msgid "Failed to open file %s in read/write mode." msgstr "Soubor %s nebylo možné otevÅ™Ãt pro Ätenà i zápis." -#: src/utils_blockdev.c:307 +#: src/utils_blockdev.c:317 #, c-format msgid "Existing '%s' partition signature on device %s will be wiped." msgstr "ExistujÃcà vzorec oddÃlu „%s“ na zaÅ™Ãzenà %s bude vymazán." -#: src/utils_blockdev.c:310 +#: src/utils_blockdev.c:320 #, c-format msgid "Existing '%s' superblock signature on device %s will be wiped." msgstr "ExistujÃcà vzorec superbloku „%s“ na zaÅ™Ãzenà %s bude vymazán." -#: src/utils_blockdev.c:313 +#: src/utils_blockdev.c:323 msgid "Failed to wipe device signature." msgstr "OdstranÄ›nà vzorce ze zaÅ™Ãzenà selhalo." -#: src/utils_blockdev.c:320 +#: src/utils_blockdev.c:330 #, c-format msgid "Failed to probe device %s for a signature." msgstr "Otestovánà zaÅ™Ãzenà %s na vzorce selhalo." @@ -3740,11 +3987,11 @@ msgstr "Zadána neplatná velikost v parametru --%s." msgid "Option --%s is not allowed with %s action." msgstr "PÅ™epÃnaÄ --%s nenà dovolen s akcà %s." -#: tokens/ssh/cryptsetup-ssh.c:110 +#: tokens/ssh/cryptsetup-ssh.c:123 msgid "Failed to write ssh token json." msgstr "Zapsanà dokumentu JSON pro token SSH selhalo." -#: tokens/ssh/cryptsetup-ssh.c:128 +#: tokens/ssh/cryptsetup-ssh.c:141 msgid "" "Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" "\n" @@ -3760,105 +4007,109 @@ msgstr "" "\n" "Poznámka: Údaje poskytnuté pÅ™i pÅ™idávánà tokenu (adresa SSH serveru, uživatel a cesta) budou uloženy do hlaviÄky LUKS2 v neÅ¡ifrované podobÄ›." -#: tokens/ssh/cryptsetup-ssh.c:138 +#: tokens/ssh/cryptsetup-ssh.c:151 msgid "<action> <device>" msgstr "<akce> <zaÅ™ÃzenÃ>" -#: tokens/ssh/cryptsetup-ssh.c:141 +#: tokens/ssh/cryptsetup-ssh.c:154 msgid "Options for the 'add' action:" msgstr "PÅ™epÃnaÄe pro akci „add“:" -#: tokens/ssh/cryptsetup-ssh.c:142 +#: tokens/ssh/cryptsetup-ssh.c:155 msgid "IP address/URL of the remote server for this token" msgstr "IP adresa / URL vzdáleného serveru pro tento token" -#: tokens/ssh/cryptsetup-ssh.c:143 +#: tokens/ssh/cryptsetup-ssh.c:156 msgid "Username used for the remote server" msgstr "Uživatelské jméno ke vzdálenému serveru" -#: tokens/ssh/cryptsetup-ssh.c:144 +#: tokens/ssh/cryptsetup-ssh.c:157 msgid "Path to the key file on the remote server" msgstr "Cesta k souboru s klÃÄem na vzdáleném serveru" -#: tokens/ssh/cryptsetup-ssh.c:145 +#: tokens/ssh/cryptsetup-ssh.c:158 msgid "Path to the SSH key for connecting to the remote server" msgstr "Cesta ke klÃÄi SSH pro pÅ™ipojenà ke vzdálenému serveru" -#: tokens/ssh/cryptsetup-ssh.c:146 +#: tokens/ssh/cryptsetup-ssh.c:160 +msgid "Path to directory containinig libcryptsetup external tokens" +msgstr "Cesta k adresáři obsahujÃcÃmu externà tokeny pro libcryptsetup" + +#: tokens/ssh/cryptsetup-ssh.c:161 msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." msgstr "Pozice klÃÄe, ke které se má pÅ™iÅ™adit token. Nebude-li urÄeno, token bude pÅ™iÅ™azen k prvnà pozici odpovÃdajÃcà poskytnutému heslu." -#: tokens/ssh/cryptsetup-ssh.c:148 +#: tokens/ssh/cryptsetup-ssh.c:163 msgid "Generic options:" msgstr "Obecné pÅ™epÃnaÄe:" -#: tokens/ssh/cryptsetup-ssh.c:149 +#: tokens/ssh/cryptsetup-ssh.c:164 msgid "Shows more detailed error messages" msgstr "Zobrazuje podrobnÄ›jÅ¡Ã chybové hlášky" -#: tokens/ssh/cryptsetup-ssh.c:150 +#: tokens/ssh/cryptsetup-ssh.c:165 msgid "Show debug messages" msgstr "Zobrazuje ladicà hlášky" -#: tokens/ssh/cryptsetup-ssh.c:151 +#: tokens/ssh/cryptsetup-ssh.c:166 msgid "Show debug messages including JSON metadata" msgstr "Zobrazuje ladicà hlášky vÄetnÄ› metadat JSON" -#: tokens/ssh/cryptsetup-ssh.c:262 +#: tokens/ssh/cryptsetup-ssh.c:281 msgid "Failed to open and import private key:\n" msgstr "OtevÅ™enà a import soukromého klÃÄe selhalo:\n" -#: tokens/ssh/cryptsetup-ssh.c:266 +#: tokens/ssh/cryptsetup-ssh.c:285 msgid "Failed to import private key (password protected?).\n" msgstr "Import soukromého klÃÄe selhal (chránÄ›ný heslem?).\n" #. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " -#: tokens/ssh/cryptsetup-ssh.c:268 +#: tokens/ssh/cryptsetup-ssh.c:287 #, c-format msgid "%s@%s's password: " msgstr "Heslo pro %s@%s: " -#: tokens/ssh/cryptsetup-ssh.c:357 +#: tokens/ssh/cryptsetup-ssh.c:376 #, c-format msgid "Failed to parse arguments.\n" msgstr "Rozbor argumentů selhal.\n" -#: tokens/ssh/cryptsetup-ssh.c:368 +#: tokens/ssh/cryptsetup-ssh.c:387 #, c-format msgid "An action must be specified\n" msgstr "Je tÅ™eba zadat akci\n" -#: tokens/ssh/cryptsetup-ssh.c:374 +#: tokens/ssh/cryptsetup-ssh.c:393 #, c-format msgid "Device must be specified for '%s' action.\n" msgstr "Pro akci „%s“ je tÅ™eba zadat zaÅ™ÃzenÃ.\n" -#: tokens/ssh/cryptsetup-ssh.c:379 +#: tokens/ssh/cryptsetup-ssh.c:398 #, c-format msgid "SSH server must be specified for '%s' action.\n" msgstr "Pro akci „%s“ je tÅ™eba zadat SSH server.\n" -#: tokens/ssh/cryptsetup-ssh.c:384 +#: tokens/ssh/cryptsetup-ssh.c:403 #, c-format msgid "SSH user must be specified for '%s' action.\n" msgstr "Pro akci „%s“ je tÅ™eba zadat uživatele SSH.\n" -#: tokens/ssh/cryptsetup-ssh.c:389 +#: tokens/ssh/cryptsetup-ssh.c:408 #, c-format msgid "SSH path must be specified for '%s' action.\n" msgstr "Pro akci „%s“ je tÅ™eba zadat SSH cestu.\n" -#: tokens/ssh/cryptsetup-ssh.c:394 +#: tokens/ssh/cryptsetup-ssh.c:413 #, c-format msgid "SSH key path must be specified for '%s' action.\n" msgstr "Pro akci „%s“ je tÅ™eba zadat cestu ke klÃÄi SSH.\n" -#: tokens/ssh/cryptsetup-ssh.c:401 +#: tokens/ssh/cryptsetup-ssh.c:420 #, c-format msgid "Failed open %s using provided credentials.\n" msgstr "OtevÅ™enà %s pomocà zadaných pÅ™ihlaÅ¡ovacÃch údajů selhalo.\n" -#: tokens/ssh/cryptsetup-ssh.c:417 +#: tokens/ssh/cryptsetup-ssh.c:437 #, c-format msgid "Only 'add' action is currently supported by this plugin.\n" msgstr "V souÄasnosti je tÃmto modulem podporována pouze akce „add“.\n" @@ -3903,6 +4154,13 @@ msgstr "Na stroji nenà povolena autentizace veÅ™ejným klÃÄem.\n" msgid "Public key authentication error: " msgstr "Chyba pÅ™i autentizaci veÅ™ejným klÃÄem: " +#~ msgid "compiled-in" +#~ msgstr "zakompilována" + +# Support is %s +#~ msgid "disabled" +#~ msgstr "vypnuta" + #~ msgid "WARNING: Data offset is outside of currently available data device.\n" #~ msgstr "POZOR: Poloha dat je mimo nynà dostupné zaÅ™Ãzenà s daty.\n" @@ -3927,9 +4185,6 @@ msgstr "Chyba pÅ™i autentizaci veÅ™ejným klÃÄem: " #~ msgid "Failed to disable reencryption requirement flag." #~ msgstr "Vypnutà pÅ™Ãznaku požadavku na pÅ™eÅ¡ifrovánà selhalo." -#~ msgid "Encryption is supported only for LUKS2 format." -#~ msgstr "Å ifrovánà je podporováno jen s formátem LUKS2." - #~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" #~ msgstr "Na %s zjiÅ¡tÄ›no zaÅ™Ãzeno LUKS. PÅ™ejete si toto zaÅ™Ãzenà LUKS znovu zaÅ¡ifrovat?" @@ -3996,9 +4251,6 @@ msgstr "Chyba pÅ™i autentizaci veÅ™ejným klÃÄem: " #~ msgid "No free token slot." #~ msgstr "Žádná volná pozice s tokenem" -#~ msgid "Failed to create builtin token %s." -#~ msgstr "VestavÄ›ný token %s nebylo možné vytvoÅ™it" - #~ msgid "Invalid LUKS device type." #~ msgstr "Neplatný druh zaÅ™Ãzenà LUKS." @@ -5,10 +5,10 @@ # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.6.1-rc0\n" +"Project-Id-Version: cryptsetup 2.7.0-rc1\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2023-02-01 15:58+0100\n" -"PO-Revision-Date: 2023-02-02 22:57+0100\n" +"POT-Creation-Date: 2023-12-20 15:16+0100\n" +"PO-Revision-Date: 2023-12-29 00:11+0100\n" "Last-Translator: Roland Illig <roland.illig@gmx.de>\n" "Language-Team: German <translation-team-de@lists.sourceforge.net>\n" "Language: de\n" @@ -17,7 +17,7 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -"X-Generator: Poedit 3.2.2\n" +"X-Generator: Poedit 3.4.2\n" #: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." @@ -27,58 +27,62 @@ msgstr "Das Kernelmodul »device-mapper« kann nicht initialisiert werden, da da msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Das Kernelmodul »device-mapper« kann nicht initialisiert werden. Ist das Kernelmodul »dm_mod« geladen?" -#: lib/libdevmapper.c:1102 +#: lib/libdevmapper.c:1103 msgid "Requested deferred flag is not supported." msgstr "Verlangter »deferred«-Schalter wird nicht unterstützt." -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1172 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "DM-UUID für Gerät »%s« wurde verkürzt." -#: lib/libdevmapper.c:1501 +#: lib/libdevmapper.c:1510 msgid "Unknown dm target type." msgstr "Unbekannte Art des dm-Ziels." -#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 -#: lib/libdevmapper.c:1727 +#: lib/libdevmapper.c:1629 lib/libdevmapper.c:1635 lib/libdevmapper.c:1738 +#: lib/libdevmapper.c:1741 msgid "Requested dm-crypt performance options are not supported." msgstr "Die verlangten dm-crypt-Performance-Optionen werden nicht unterstützt." -#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 +#: lib/libdevmapper.c:1644 lib/libdevmapper.c:1656 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Die verlangten dm-verity-Datenbeschädigungs-Optionen werden nicht unterstützt." -#: lib/libdevmapper.c:1641 +#: lib/libdevmapper.c:1650 msgid "Requested dm-verity tasklets option is not supported." msgstr "Die verlangte dm-verity-Tasklet-Option wird nicht unterstützt." -#: lib/libdevmapper.c:1653 +#: lib/libdevmapper.c:1662 msgid "Requested dm-verity FEC options are not supported." msgstr "Die verlangten dm-verity-FEC-Optionen werden nicht unterstützt." -#: lib/libdevmapper.c:1659 +#: lib/libdevmapper.c:1668 msgid "Requested data integrity options are not supported." msgstr "Die verlangten Datenintegritäts-Optionen werden nicht unterstützt." -#: lib/libdevmapper.c:1663 +#: lib/libdevmapper.c:1672 msgid "Requested sector_size option is not supported." msgstr "Die verlangte sector_size-Option wird nicht unterstützt." -#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 +#: lib/libdevmapper.c:1677 +msgid "The device size is not multiple of the requested sector size." +msgstr "Gerätegröße ist kein Vielfaches der gewünschten Sektorgröße." + +#: lib/libdevmapper.c:1684 lib/libdevmapper.c:1690 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Die verlangte automatische Berechnung der Integritätsangaben wird nicht unterstützt." -#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 -#: lib/luks2/luks2_json_metadata.c:2620 +#: lib/libdevmapper.c:1696 lib/libdevmapper.c:1744 lib/libdevmapper.c:1747 +#: lib/luks2/luks2_json_metadata.c:2754 msgid "Discard/TRIM is not supported." msgstr "»Discard/TRIM« wird nicht unterstützt." -#: lib/libdevmapper.c:1688 +#: lib/libdevmapper.c:1702 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Der verlangte Bitmap-Modus für dm-Integrität wird nicht unterstützt." -#: lib/libdevmapper.c:2724 +#: lib/libdevmapper.c:2738 #, c-format msgid "Failed to query dm-%s segment." msgstr "Fehler beim Abfragen des »dm-%s«-Segments." @@ -112,653 +116,743 @@ msgstr "Unbekannte Qualität des Zufallszahlengenerators verlangt." msgid "Error reading from RNG." msgstr "Fehler beim Einlesen vom Zufallszahlengenerator." -#: lib/setup.c:231 +#: lib/setup.c:261 +msgid "OPAL support is disabled in libcryptsetup." +msgstr "OPAL-Unterstützung ist in libcryptsetup deaktiviert." + +#: lib/setup.c:263 +#, c-format +msgid "Device %s or kernel does not support OPAL encryption." +msgstr "Gerät »%s« oder Kernel unterstützt OPAL-Verschlüsselung nicht." + +#: lib/setup.c:279 msgid "Cannot initialize crypto RNG backend." msgstr "Fehler beim Initialisieren des Krypto-Zufallszahlengenerator-Backends." -#: lib/setup.c:237 +#: lib/setup.c:285 msgid "Cannot initialize crypto backend." msgstr "Fehler beim Initialisieren des Krypto-Backends." -#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 +#: lib/setup.c:317 lib/setup.c:2777 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Hash-Algorithmus »%s« wird nicht unterstützt." -#: lib/setup.c:271 lib/loopaes/loopaes.c:90 +#: lib/setup.c:320 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Fehler beim Verarbeiten des Schlüssels (mit Hash-Algorithmus »%s«)." -#: lib/setup.c:342 lib/setup.c:369 +#: lib/setup.c:391 lib/setup.c:428 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Geräte-Art kann nicht bestimmt werden. Inkompatible Aktivierung des Geräts?" -#: lib/setup.c:348 lib/setup.c:3320 +#: lib/setup.c:397 lib/setup.c:3971 msgid "This operation is supported only for LUKS device." msgstr "Diese Operation wird nur für LUKS-Geräte unterstützt." -#: lib/setup.c:375 +#: lib/setup.c:434 msgid "This operation is supported only for LUKS2 device." msgstr "Diese Operation wird nur für LUKS2-Geräte unterstützt." -#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 +#: lib/setup.c:491 lib/luks2/luks2_reencrypt.c:3056 msgid "All key slots full." msgstr "Alle Schlüsselfächer sind voll." -#: lib/setup.c:438 +#: lib/setup.c:502 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Schlüsselfach %d ist ungültig, bitte wählen Sie eins zwischen 0 und %d." -#: lib/setup.c:444 +#: lib/setup.c:508 #, c-format msgid "Key slot %d is full, please select another one." msgstr "Schlüsselfach %d ist voll, bitte wählen Sie ein anderes." -#: lib/setup.c:529 lib/setup.c:3042 +#: lib/setup.c:619 lib/setup.c:3672 msgid "Device size is not aligned to device logical block size." msgstr "Gerätegröße ist nicht an logischer Sektorgröße ausgerichtet." -#: lib/setup.c:627 +#: lib/setup.c:717 #, c-format msgid "Header detected but device %s is too small." msgstr "Header gefunden, aber Gerät »%s« ist zu klein." -#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 -#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 +#: lib/setup.c:758 lib/setup.c:3563 lib/setup.c:5163 +#: lib/luks2/luks2_reencrypt.c:3848 lib/luks2/luks2_reencrypt.c:4305 msgid "This operation is not supported for this device type." msgstr "Diese Operation wird für diese Geräteart nicht unterstützt." -#: lib/setup.c:673 +#: lib/setup.c:763 msgid "Illegal operation with reencryption in-progress." msgstr "Ungültige Operation, während die Wiederverschlüsselung läuft." -#: lib/setup.c:802 +#: lib/setup.c:895 msgid "Failed to rollback LUKS2 metadata in memory." msgstr "Fehler beim Rückabwickeln der LUKS2-Metadaten im Speicher." -#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 -#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 -#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 -#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 -#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 -#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:982 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1374 src/cryptsetup.c:1799 +#: src/cryptsetup.c:1962 src/cryptsetup.c:2017 src/cryptsetup.c:2222 +#: src/cryptsetup.c:2392 src/cryptsetup.c:2673 src/cryptsetup.c:2981 +#: src/cryptsetup.c:3049 src/utils_reencrypt.c:1488 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:85 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "Gerät »%s« ist kein gültiges LUKS-Gerät." -#: lib/setup.c:892 lib/luks1/keymanage.c:530 +#: lib/setup.c:985 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "Nicht unterstützte LUKS-Version %d." -#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 -#: lib/setup.c:2952 lib/setup.c:4764 +#: lib/setup.c:1358 +#, c-format +msgid "No known cipher specification pattern detected for active device %s." +msgstr "Kein bekanntes Verschlüsselungsmuster für aktives Gerät »%s« entdeckt." + +#: lib/setup.c:1604 lib/setup.c:3317 lib/setup.c:3399 lib/setup.c:3411 +#: lib/setup.c:3581 lib/setup.c:5755 #, c-format msgid "Device %s is not active." msgstr "Gerät »%s« ist nicht aktiv." -#: lib/setup.c:1508 +#: lib/setup.c:1621 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Zugrundeliegendes Gerät für das Kryptogerät »%s« ist verschwunden." -#: lib/setup.c:1590 +#: lib/setup.c:1703 msgid "Invalid plain crypt parameters." msgstr "Ungültige Parameter für Plain-Verschlüsselung." -#: lib/setup.c:1595 lib/setup.c:2054 +#: lib/setup.c:1708 lib/setup.c:2680 msgid "Invalid key size." msgstr "Ungültige Schlüsselgröße." -#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 +#: lib/setup.c:1713 lib/setup.c:2685 lib/setup.c:2888 msgid "UUID is not supported for this crypt type." msgstr "UUID wird für diese Verschlüsselungsart nicht unterstützt." -#: lib/setup.c:1605 lib/setup.c:2064 +#: lib/setup.c:1718 lib/setup.c:2690 msgid "Detached metadata device is not supported for this crypt type." msgstr "Gerät für separierte Metadaten wird für diese Verschlüsselungsart nicht unterstützt." -#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 -#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 +#: lib/setup.c:1728 lib/setup.c:1963 lib/luks2/luks2_reencrypt.c:3012 +#: src/cryptsetup.c:1467 src/cryptsetup.c:3726 msgid "Unsupported encryption sector size." msgstr "Nicht unterstützte Sektorengröße für Verschlüsselung." -#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 +#: lib/setup.c:1736 lib/setup.c:1992 lib/setup.c:3666 msgid "Device size is not aligned to requested sector size." msgstr "Gerätegröße ist nicht an verlangter Sektorgröße ausgerichtet." -#: lib/setup.c:1675 lib/setup.c:1799 +#: lib/setup.c:1788 lib/setup.c:2025 lib/setup.c:2357 msgid "Can't format LUKS without device." msgstr "Ohne Gerät kann LUKS nicht formatiert werden." -#: lib/setup.c:1681 lib/setup.c:1805 +#: lib/setup.c:1794 lib/setup.c:2031 lib/setup.c:2363 msgid "Requested data alignment is not compatible with data offset." msgstr "Die angeforderte Datenausrichtung ist nicht mit dem Datenoffset kompatibel." -#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 +#: lib/setup.c:1834 lib/setup.c:2049 +msgid "WARNING: DAX device can corrupt data as it does not guarantee atomic sector updates.\n" +msgstr "Warnung: DAX-Gerät kann Daten beschädigen, da es nicht garantiert, dass Sektoren atomar aktualisiert werden.\n" + +#: lib/setup.c:1872 lib/setup.c:2144 lib/setup.c:2165 lib/setup.c:2541 +#: lib/setup.c:2587 lib/setup.c:2900 #, c-format msgid "Cannot wipe header on device %s." msgstr "Fehler beim Auslöschen des Headers auf Gerät »%s«." -#: lib/setup.c:1769 lib/setup.c:2036 +#: lib/setup.c:1885 lib/setup.c:2204 #, c-format msgid "Device %s is too small for activation, there is no remaining space for data.\n" msgstr "Gerät %s ist zu klein für die Aktivierung, es ist kein Platz mehr für Daten vorhanden.\n" -#: lib/setup.c:1840 -msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" -msgstr "WARNUNG: Die Geräteaktivierung wird fehlschlagen, dm-crypt fehlt die Unterstützung für die angeforderte Verschlüsselungsgröße.\n" - -#: lib/setup.c:1863 +#: lib/setup.c:1925 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Laufwerksschlüssel ist zu klein für die Verschlüsselung mit Integritätserweiterungen." -#: lib/setup.c:1923 +#: lib/setup.c:1934 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Verschlüsselung »%s-%s« (Schlüsselgröße %zd Bits) ist nicht verfügbar." -#: lib/setup.c:1949 -#, c-format -msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" -msgstr "Warnung: Größe der LUKS2-Metadaten wurde auf %<PRIu64> geändert.\n" - -#: lib/setup.c:1953 -#, c-format -msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" -msgstr "Warnung: Größe des LUKS2-Schlüsselfachbereichs wurde auf %<PRIu64> Bytes geändert.\n" +#: lib/setup.c:1973 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "WARNUNG: Die Geräteaktivierung wird fehlschlagen, dm-crypt fehlt die Unterstützung für die angeforderte Verschlüsselungsgröße.\n" -#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 +#: lib/setup.c:2147 lib/setup.c:2484 lib/setup.c:2544 lib/utils_device.c:917 +#: lib/luks1/keyencryption.c:255 lib/luks2/luks2_reencrypt.c:3080 +#: lib/luks2/luks2_reencrypt.c:4364 #, c-format msgid "Device %s is too small." msgstr "Gerät »%s« ist zu klein." -#: lib/setup.c:1990 lib/setup.c:2016 +#: lib/setup.c:2158 lib/setup.c:2184 lib/setup.c:2580 lib/setup.c:2626 #, c-format msgid "Cannot format device %s in use." msgstr "Gerät »%s« kann nicht formatiert werden, da es gerade benutzt wird." -#: lib/setup.c:1993 lib/setup.c:2019 +#: lib/setup.c:2161 lib/setup.c:2187 lib/setup.c:2583 lib/setup.c:2629 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Gerät »%s« kann nicht formatiert werden, Zugriff verweigert." -#: lib/setup.c:2005 lib/setup.c:2334 +#: lib/setup.c:2173 lib/setup.c:2600 lib/setup.c:2960 #, c-format msgid "Cannot format integrity for device %s." msgstr "Fehler beim Formatieren der Integrität auf Gerät »%s«." -#: lib/setup.c:2023 +#: lib/setup.c:2191 lib/setup.c:2637 #, c-format msgid "Cannot format device %s." msgstr "Gerät »%s« kann nicht formatiert werden." -#: lib/setup.c:2049 +#: lib/setup.c:2234 +msgid "Cannot get OPAL alignment parameters." +msgstr "Fehler beim Ermitteln der OPAL-Ausrichtungs-Parameter." + +#: lib/setup.c:2243 +msgid "Bogus OPAL logical block size." +msgstr "Falsche Größe für logischen OPAL-Block." + +#: lib/setup.c:2249 +msgid "Requested data offset is not compatible with OPAL block size." +msgstr "Der gewünschte Datenoffset ist nicht mit der OPAL-Blockgröße kompatibel." + +#: lib/setup.c:2256 +msgid "Requested data alignment is not compatible with OPAL alignment." +msgstr "Die gewünschte Datenausrichtung ist nicht mit der OPAL-Ausrichtung kompatibel." + +#: lib/setup.c:2276 +msgid "Data offset does not satisfy OPAL alignment requirements." +msgstr "Der Datenoffset erfüllt die OPAL-Ausrichtungsbedingungen nicht." + +#: lib/setup.c:2289 +msgid "Requested data alignment does not satisfy locking range alignment requirements." +msgstr "Die gewünschte Datenausrichtung erfüllt die Anforderungen an die Ausrichtung des Sperrbereichs nicht." + +#: lib/setup.c:2494 +#, c-format +msgid "Compensating device size by %<PRIu64> sectors to align it with OPAL alignment granularity." +msgstr "Gerätegröße wird um %<PRIu64> Sektoren angepasst, um zur Granularität der OPAL-Ausrichtung zu passen." + +#: lib/setup.c:2552 lib/setup.c:4068 lib/setup.c:4223 lib/utils_wipe.c:368 +#: lib/luks2/luks2_json_metadata.c:2703 lib/luks2/luks2_json_metadata.c:2955 +#, c-format +msgid "Failed to acquire OPAL lock on device %s." +msgstr "Fehler beim Zugriff auf die OPAL-Sperre für das Gerät »%s«." + +#: lib/setup.c:2561 +msgid "Incorrect OPAL Admin key." +msgstr "Falscher OPAL-Admin-Schlüssel." + +#: lib/setup.c:2563 +msgid "Cannot setup OPAL segment." +msgstr "Fehler beim Einrichten des OPAL-Segments." + +#: lib/setup.c:2633 +#, c-format +msgid "Cannot format device %s, OPAL device seems to be fully write-protected now." +msgstr "Gerät »%s« kann nicht formatiert werden, OPAL-Gerät scheint jetzt komplett schreibgeschützt zu sein." + +#: lib/setup.c:2635 +msgid "This is perhaps a bug in firmware. Run OPAL PSID reset and reconnect for recovery." +msgstr "Das könnte ein Fehler in der Firmware sein. Lassen Sie »OPAL PSID reset und reconnect« zur Wiederherstellung." + +#: lib/setup.c:2655 +#, c-format +msgid "Locking range %d reset on device %s failed." +msgstr "Fehler beim Zurücksetzen des Sperrbereichs %d auf Gerät »%s«." + +#: lib/setup.c:2675 msgid "Can't format LOOPAES without device." msgstr "Ohne Gerät kann LOOPAES nicht formatiert werden." -#: lib/setup.c:2094 +#: lib/setup.c:2720 msgid "Can't format VERITY without device." msgstr "Ohne Gerät kann VERITY nicht formatiert werden." -#: lib/setup.c:2105 lib/verity/verity.c:101 +#: lib/setup.c:2731 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Nicht unterstützte VERITY-Hash-Art %d." -#: lib/setup.c:2111 lib/verity/verity.c:109 +#: lib/setup.c:2737 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Nicht unterstützte VERITY-Blockgröße." -#: lib/setup.c:2116 lib/verity/verity.c:74 +#: lib/setup.c:2742 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Nicht unterstützter VERITY-Hash-Offset." -#: lib/setup.c:2121 +#: lib/setup.c:2747 msgid "Unsupported VERITY FEC offset." msgstr "Nicht unterstützter VERITY-FEC-Offset." -#: lib/setup.c:2145 +#: lib/setup.c:2771 msgid "Data area overlaps with hash area." msgstr "Datenbereich und Hashbereich überlappen sich." -#: lib/setup.c:2170 +#: lib/setup.c:2796 msgid "Hash area overlaps with FEC area." msgstr "Hashbereich und FEC-Bereich überlappen sich." -#: lib/setup.c:2177 +#: lib/setup.c:2803 msgid "Data area overlaps with FEC area." msgstr "Datenbereich und FEC-Bereich überlappen sich." -#: lib/setup.c:2313 +#: lib/setup.c:2939 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "WARNUNG: Angeforderte Taggröße mit %d Bytes unterscheidet sich von der Ausgabe der Größe %s (%d Bytes).\n" -#: lib/setup.c:2392 +#: lib/setup.c:3018 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Unbekannte Art des Verschlüsselungsgeräts »%s« verlangt." -#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 +#: lib/setup.c:3325 lib/setup.c:3404 lib/setup.c:3417 #, c-format msgid "Unsupported parameters on device %s." msgstr "Nicht unterstützte Parameter für Gerät %s." -#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 -#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 +#: lib/setup.c:3331 lib/setup.c:3424 lib/luks2/luks2_reencrypt.c:2908 +#: lib/luks2/luks2_reencrypt.c:3145 lib/luks2/luks2_reencrypt.c:3540 #, c-format msgid "Mismatching parameters on device %s." msgstr "Parameter für Gerät %s sind durcheinander." -#: lib/setup.c:2822 +#: lib/setup.c:3448 msgid "Crypt devices mismatch." msgstr "Verschlüsselungsgeräte passen nicht zusammen." -#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 -#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 +#: lib/setup.c:3485 lib/setup.c:3490 lib/luks2/luks2_reencrypt.c:2390 +#: lib/luks2/luks2_reencrypt.c:2924 lib/luks2/luks2_reencrypt.c:4109 #, c-format msgid "Failed to reload device %s." msgstr "Gerät »%s« konnte nicht neugeladen werden." -#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 -#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 +#: lib/setup.c:3496 lib/setup.c:3502 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2368 lib/luks2/luks2_reencrypt.c:2938 #, c-format msgid "Failed to suspend device %s." msgstr "Gerät »%s« konnte nicht stillgelegt werden." -#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 -#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 -#: lib/luks2/luks2_reencrypt.c:4036 +#: lib/setup.c:3508 lib/luks2/luks2_reencrypt.c:2375 +#: lib/luks2/luks2_reencrypt.c:2959 lib/luks2/luks2_reencrypt.c:4022 +#: lib/luks2/luks2_reencrypt.c:4113 #, c-format msgid "Failed to resume device %s." msgstr "Gerät »%s« konnte nicht fortgesetzt werden." -#: lib/setup.c:2897 +#: lib/setup.c:3523 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Schwerwiegender Fehler beim Neuladen von Gerät »%s« (über Gerät »%s«)." -#: lib/setup.c:2900 lib/setup.c:2902 +#: lib/setup.c:3526 lib/setup.c:3528 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Gerät »%s« konnte nicht auf dm-error umgeschaltet werden." -#: lib/setup.c:2984 +#: lib/setup.c:3568 +msgid "Can not resize LUKS2 device with static size." +msgstr "Größe des LUKS2-Geräts kann nicht geändert werden, da sie statisch ist." + +#: lib/setup.c:3613 msgid "Cannot resize loop device." msgstr "Fehler beim Ändern der Größe des Loopback-Geräts." -#: lib/setup.c:3027 +#: lib/setup.c:3657 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "WARNUNG: Die maximale Größe ist bereits eingestellt oder der Kernel unterstützt die Größenänderung nicht.\n" -#: lib/setup.c:3088 +#: lib/setup.c:3723 msgid "Resize failed, the kernel doesn't support it." msgstr "Fehler bei Größenänderung, der Kernel unterstützt sie nicht." -#: lib/setup.c:3120 +#: lib/setup.c:3755 msgid "Do you really want to change UUID of device?" msgstr "Wollen Sie wirklich die UUID des Geräts ändern?" -#: lib/setup.c:3212 +#: lib/setup.c:3847 msgid "Header backup file does not contain compatible LUKS header." msgstr "Header-Backupdatei enthält keinen kompatiblen LUKS-Header." -#: lib/setup.c:3328 +#: lib/setup.c:3956 #, c-format msgid "Volume %s is not active." msgstr "Laufwerk »%s« ist nicht aktiv." -#: lib/setup.c:3339 +#: lib/setup.c:4022 #, c-format msgid "Volume %s is already suspended." msgstr "Laufwerk »%s« ist bereits im Ruhezustand." -#: lib/setup.c:3352 +#: lib/setup.c:4050 #, c-format msgid "Suspend is not supported for device %s." msgstr "Das Gerät »%s« unterstützt keinen Ruhezustand." -#: lib/setup.c:3354 +#: lib/setup.c:4052 lib/setup.c:4060 #, c-format msgid "Error during suspending device %s." msgstr "Das Gerät »%s« kann nicht in den Ruhezustand versetzt werden." -#: lib/setup.c:3389 +#: lib/setup.c:4074 +#, c-format +msgid "Device %s was suspended but hardware OPAL device cannot be locked." +msgstr "Gerät »%s« ist im Ruhezustand, aber das Hardware-OPAL-Gerät kann nicht gesperrt werden." + +#: lib/setup.c:4106 lib/setup.c:4250 #, c-format msgid "Resume is not supported for device %s." msgstr "Das Gerät »%s« kann nicht aus dem Ruhezustand aufgeweckt werden." -#: lib/setup.c:3391 +#: lib/setup.c:4108 lib/setup.c:4241 lib/setup.c:4252 #, c-format msgid "Error during resuming device %s." msgstr "Fehler beim Aufwecken von Gerät »%s« aus dem Ruhezustand." -#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 -#: src/cryptsetup.c:2479 +#: lib/setup.c:4131 +msgid "Failed to link key to the specified keyring." +msgstr "Fehler beim Verknüpfen des Schlüssels zum angegebenen Schlüsselbund." + +#: lib/setup.c:4150 +msgid "Failed to unlink volume key from user specified keyring." +msgstr "Fehler beim Ablösen des Laufwerkschlüssels vom benutzerspezifischen Schlüsselbund." + +#: lib/setup.c:4213 lib/setup.c:4934 lib/setup.c:5549 +msgid "Failed to link volume key in user defined keyring." +msgstr "Fehler beim Verknüpfen des Laufwerkschlüssels im benutzerspezifischen Schlüsselbund." + +#: lib/setup.c:4313 src/cryptsetup.c:2755 #, c-format msgid "Volume %s is not suspended." msgstr "Laufwerk »%s« ist nicht im Ruhezustand." -#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 -#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 -#: src/cryptsetup.c:2011 +#: lib/setup.c:4414 lib/setup.c:5310 lib/setup.c:5317 lib/setup.c:7176 +#: lib/setup.c:7198 lib/setup.c:7247 src/cryptsetup.c:2265 msgid "Volume key does not match the volume." msgstr "Der Laufwerksschlüssel passt nicht zum Laufwerk." -#: lib/setup.c:3737 +#: lib/setup.c:4568 msgid "Failed to swap new key slot." msgstr "Neues Schlüsselfach konnte nicht ausgewechselt werden." -#: lib/setup.c:3835 +#: lib/setup.c:4666 #, c-format msgid "Key slot %d is invalid." msgstr "Schlüsselfach %d ist ungültig." -#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 -#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 +#: lib/setup.c:4672 src/cryptsetup.c:1975 src/cryptsetup.c:2467 +#: src/cryptsetup.c:3149 src/cryptsetup.c:3209 #, c-format msgid "Keyslot %d is not active." msgstr "Schlüsselfach %d ist nicht aktiv." -#: lib/setup.c:3860 +#: lib/setup.c:4691 msgid "Device header overlaps with data area." msgstr "Geräteheader und Datenbereich überlappen sich." -#: lib/setup.c:4165 +#: lib/setup.c:5041 msgid "Reencryption in-progress. Cannot activate device." msgstr "Wiederverschlüsselung läuft bereits. Das Gerät kann nicht aktiviert werden." -#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 -#: lib/luks2/luks2_reencrypt.c:3590 +#: lib/setup.c:5043 lib/luks2/luks2_json_metadata.c:2861 +#: lib/luks2/luks2_reencrypt.c:3646 msgid "Failed to get reencryption lock." msgstr "Fehler beim Zugriff auf die Sperre zur Wiederverschlüsselung." -#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 +#: lib/setup.c:5056 lib/luks2/luks2_reencrypt.c:3665 msgid "LUKS2 reencryption recovery failed." msgstr "Fehler beim Wiederherstellen der LUKS2-Wiederverschlüsselung." -#: lib/setup.c:4352 lib/setup.c:4618 +#: lib/setup.c:5228 lib/setup.c:5328 lib/setup.c:5386 msgid "Device type is not properly initialized." msgstr "Geräteart ist nicht richtig initialisiert." -#: lib/setup.c:4400 +#: lib/setup.c:5283 #, c-format msgid "Device %s already exists." msgstr "Das Gerät »%s« existiert bereits." -#: lib/setup.c:4407 +#: lib/setup.c:5290 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Gerät »%s« kann nicht verwendet werden, da es gerade benutzt wird oder der Name ungültig ist." -#: lib/setup.c:4527 +#: lib/setup.c:5306 msgid "Incorrect volume key specified for plain device." msgstr "Falscher Laufwerksschlüssel für Plain-Gerät angegeben." -#: lib/setup.c:4644 -msgid "Incorrect root hash specified for verity device." -msgstr "Falscher Root-Hash-Schlüssel für VERITY-Gerät angegeben." - -#: lib/setup.c:4654 -msgid "Root hash signature required." -msgstr "Signatur des Stammhashes erforderlich." +#: lib/setup.c:5424 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Der Kernel-Schlüsselbund wird vom Kernel nicht unterstützt." -#: lib/setup.c:4663 +#: lib/setup.c:5428 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Der Kernel-Schlüsselbund fehlt. Wird benötigt, um die Signatur zum Kernel zu übergeben." -#: lib/setup.c:4680 lib/setup.c:6423 -msgid "Failed to load key in kernel keyring." -msgstr "Fehler beim Laden des Schlüssels im Kernel-Schlüsselbund." +#: lib/setup.c:5668 +msgid "Incorrect root hash specified for verity device." +msgstr "Falscher Root-Hash-Schlüssel für VERITY-Gerät angegeben." + +#: lib/setup.c:5711 +msgid "OPAL does not support deferred deactivation." +msgstr "OPAL unterstützt verzögertes Deaktivieren nicht." -#: lib/setup.c:4736 +#: lib/setup.c:5727 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Fehler beim Abbrechen des verzögerten Löschens von Gerät »%s«." -#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 +#: lib/setup.c:5734 lib/setup.c:5750 lib/luks2/luks2_json_metadata.c:2915 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Gerät »%s« wird gerade benutzt." -#: lib/setup.c:4768 +#: lib/setup.c:5759 #, c-format msgid "Invalid device %s." msgstr "Ungültiges Gerät »%s«." -#: lib/setup.c:4908 +#: lib/setup.c:5899 msgid "Volume key buffer too small." msgstr "Laufwerks-Schlüsselpuffer zu klein." -#: lib/setup.c:4925 +#: lib/setup.c:5916 msgid "Cannot retrieve volume key for LUKS2 device." msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für LUKS2-Gerät." -#: lib/setup.c:4934 +#: lib/setup.c:5925 msgid "Cannot retrieve volume key for LUKS1 device." msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für LUKS1-Gerät." -#: lib/setup.c:4944 +#: lib/setup.c:5935 msgid "Cannot retrieve volume key for plain device." msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für Plain-Gerät." -#: lib/setup.c:4952 +#: lib/setup.c:5943 msgid "Cannot retrieve root hash for verity device." msgstr "Root-Hash für Verity-Gerät kann nicht ermittelt werden." -#: lib/setup.c:4959 +#: lib/setup.c:5950 msgid "Cannot retrieve volume key for BITLK device." msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für BITLK-Gerät." -#: lib/setup.c:4964 +#: lib/setup.c:5955 msgid "Cannot retrieve volume key for FVAULT2 device." msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für FVAULT2-Gerät." -#: lib/setup.c:4966 +#: lib/setup.c:5957 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Diese Operation wird für Kryptogerät »%s« nicht unterstützt." -#: lib/setup.c:5147 lib/setup.c:5158 +#: lib/setup.c:6141 lib/setup.c:6152 msgid "Dump operation is not supported for this device type." msgstr "Die Dump-Operation wird für diese Geräteart nicht unterstützt." -#: lib/setup.c:5500 +#: lib/setup.c:6511 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Datenoffset ist kein Vielfaches von %u Bytes." -#: lib/setup.c:5788 +#: lib/setup.c:6819 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Gerät »%s« kann nicht konvertiert werden, da es gerade benutzt wird." -#: lib/setup.c:6098 lib/setup.c:6237 +#: lib/setup.c:7117 lib/setup.c:7256 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Schlüsselfach %u konnte nicht dem Laufwerksschlüssel zugeordnet werden." -#: lib/setup.c:6122 +#: lib/setup.c:7141 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Fehler beim Initialisieren der LUKS2-Schlüsselfach-Parameter." -#: lib/setup.c:6128 +#: lib/setup.c:7147 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Schlüsselfach %d konnte nicht dem Digest zugeordnet werden." -#: lib/setup.c:6353 +#: lib/setup.c:7372 msgid "Cannot add key slot, all slots disabled and no volume key provided." msgstr "Schlüsselfach kann nicht hinzugefügt werden, da alle Fächer deaktiviert sind und kein Laufwerksschlüssel angegeben wurde." -#: lib/setup.c:6490 -msgid "Kernel keyring is not supported by the kernel." -msgstr "Der Kernel-Schlüsselbund wird vom Kernel nicht unterstützt." +#: lib/setup.c:7441 lib/verity/verity.c:343 +msgid "Failed to load key in kernel keyring." +msgstr "Fehler beim Laden des Schlüssels im Kernel-Schlüsselbund." + +#: lib/setup.c:7559 +msgid "Failed to unlink volume key from thread keyring." +msgstr "Fehler beim Loslösen des Laufwerkschlüssels vom Thread-Schlüsselbund." -#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 +#: lib/setup.c:7586 #, c-format -msgid "Failed to read passphrase from keyring (error %d)." -msgstr "Fehler beim Lesen der Passphrase vom Schlüsselbund (Fehler %d)." +msgid "Could not find keyring described by \"%s\"." +msgstr "Schlüsselbund mit der Beschreibung »%s« nicht gefunden." -#: lib/setup.c:6523 +#: lib/setup.c:7645 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Globale Speicherzugriffsserialisierungssperre konnte nicht angefordert werden." -#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 +#: lib/utils.c:205 lib/tcrypt/tcrypt.c:503 msgid "Failed to open key file." msgstr "Fehler beim Öffnen der Schlüsseldatei." -#: lib/utils.c:163 +#: lib/utils.c:210 msgid "Cannot read keyfile from a terminal." msgstr "Fehler beim Einlesen der Schlüsseldatei »%s« vom Terminal." -#: lib/utils.c:179 +#: lib/utils.c:226 msgid "Failed to stat key file." msgstr "Fehler beim Öffnen der Schlüsseldatei." -#: lib/utils.c:187 lib/utils.c:208 +#: lib/utils.c:234 lib/utils.c:255 msgid "Cannot seek to requested keyfile offset." msgstr "Fehler beim Zugriff auf die Schlüsseldatei." -#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 -#: src/utils_password.c:237 +#: lib/utils.c:249 lib/utils.c:264 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "Zu wenig Speicher zum Einlesen der Passphrase." -#: lib/utils.c:237 +#: lib/utils.c:284 msgid "Error reading passphrase." msgstr "Fehler beim Einlesen der Passphrase." -#: lib/utils.c:254 +#: lib/utils.c:301 msgid "Nothing to read on input." msgstr "Nichts zu lesen in der Eingabe." -#: lib/utils.c:261 +#: lib/utils.c:308 msgid "Maximum keyfile size exceeded." msgstr "Größenbegrenzung für die Schlüsseldatei überschritten." -#: lib/utils.c:266 +#: lib/utils.c:313 msgid "Cannot read requested amount of data." msgstr "Die gewünschte Menge an Daten kann nicht eingelesen werden." -#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 +#: lib/utils_device.c:213 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1461 #, c-format msgid "Device %s does not exist or access denied." msgstr "Gerät »%s« existiert nicht oder Zugriff verweigert." -#: lib/utils_device.c:217 +#: lib/utils_device.c:223 #, c-format msgid "Device %s is not compatible." msgstr "Gerät »%s« ist nicht kompatibel." -#: lib/utils_device.c:561 +#: lib/utils_device.c:567 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "Merkwürdige Optimale-Datenübertragungs-Größe für Datengerät (%u Bytes) wird ignoriert." -#: lib/utils_device.c:722 +#: lib/utils_device.c:728 #, c-format msgid "Device %s is too small. Need at least %<PRIu64> bytes." msgstr "Gerät »%s« ist zu klein. Mindestens %<PRIu64> Bytes erforderlich." -#: lib/utils_device.c:803 +#: lib/utils_device.c:809 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Gerät »%s« kann nicht benutzt werden, da es bereits anderweitig benutzt wird." -#: lib/utils_device.c:807 +#: lib/utils_device.c:813 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Gerät »%s« kann nicht verwendet werden, Zugriff verweigert." -#: lib/utils_device.c:810 +#: lib/utils_device.c:816 #, c-format msgid "Cannot get info about device %s." msgstr "Fehler beim Abrufen der Infos über Gerät »%s«." -#: lib/utils_device.c:833 +#: lib/utils_device.c:839 msgid "Cannot use a loopback device, running as non-root user." msgstr "Das Loopback-Gerät kann nicht benutzt werden, da das Programm nicht mit Root-Rechten läuft." -#: lib/utils_device.c:844 +#: lib/utils_device.c:850 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "Anklemmen des Loopback-Geräts fehlgeschlagen (das Loopback-Gerät benötigt den »autoclear«-Schalter)." -#: lib/utils_device.c:892 +#: lib/utils_device.c:898 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Der angeforderte Offset ist jenseits der wirklichen Größe des Geräts »%s«." -#: lib/utils_device.c:900 +#: lib/utils_device.c:906 #, c-format msgid "Device %s has zero size." msgstr "Gerät »%s« hat die Größe 0." -#: lib/utils_pbkdf.c:100 +#: lib/utils_pbkdf.c:116 msgid "Requested PBKDF target time cannot be zero." msgstr "Verlangte Vorgabezeit für PBKDF darf nicht 0 sein." -#: lib/utils_pbkdf.c:106 +#: lib/utils_pbkdf.c:122 #, c-format msgid "Unknown PBKDF type %s." msgstr "Unbekannte PBKDF, Typ »%s«." -#: lib/utils_pbkdf.c:111 +#: lib/utils_pbkdf.c:127 #, c-format msgid "Requested hash %s is not supported." msgstr "Verlangter Hash »%s« wird nicht unterstützt." -#: lib/utils_pbkdf.c:122 +#: lib/utils_pbkdf.c:138 msgid "Requested PBKDF type is not supported for LUKS1." msgstr "Verlangter PBKDF-Typ wird von LUKS1 nicht unterstützt." -#: lib/utils_pbkdf.c:128 +#: lib/utils_pbkdf.c:144 msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "Für pbkdf2 dürfen weder das Speichermaximum noch die Anzahl der Threads angegeben werden." -#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#: lib/utils_pbkdf.c:149 lib/utils_pbkdf.c:159 #, c-format msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "Anzahl der verlangten Durchläufe ist zu gering für %s (Minimum ist %u)." -#: lib/utils_pbkdf.c:148 +#: lib/utils_pbkdf.c:164 #, c-format msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." msgstr "Verlangte Speicherkosten sind zu gering für %s (Minimum sind %u Kilobyte)." -#: lib/utils_pbkdf.c:155 +#: lib/utils_pbkdf.c:171 #, c-format msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." msgstr "Das verlangte Speicherkosten-Maximum ist zu hoch (maximal %d Kilobyte)." -#: lib/utils_pbkdf.c:160 +#: lib/utils_pbkdf.c:176 msgid "Requested maximum PBKDF memory cannot be zero." msgstr "Der verlangte PBKDF-Speicherbedarf darf nicht 0 sein." -#: lib/utils_pbkdf.c:164 +#: lib/utils_pbkdf.c:180 msgid "Requested PBKDF parallel threads cannot be zero." msgstr "Die Anzahl der verlangten parallelen Threads für PBKDF darf nicht 0 sein." -#: lib/utils_pbkdf.c:184 +#: lib/utils_pbkdf.c:200 msgid "Only PBKDF2 is supported in FIPS mode." msgstr "Im FIPS-Modus wird ausschließlich PBKDF2 unterstützt." -#: lib/utils_benchmark.c:175 +#: lib/utils_benchmark.c:184 msgid "PBKDF benchmark disabled but iterations not set." msgstr "PBKDF-Benchmark deaktiviert, aber Anzahl der Iterationen nicht angegeben." -#: lib/utils_benchmark.c:194 +#: lib/utils_benchmark.c:203 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "Inkompatible PBKDF2-Optionen (mit Hash-Algorithmus »%s«)." -#: lib/utils_benchmark.c:214 +#: lib/utils_benchmark.c:223 msgid "Not compatible PBKDF options." msgstr "Inkompatible PBKDF2-Optionen." @@ -772,16 +866,24 @@ msgstr "Sperren abgebrochen. Der Sperrpfad %s/%s ist unbenutzbar (kein Verzeichn msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Sperren abgebrochen. Der Sperrpfad %s/%s ist unbenutzbar (%s ist kein Verzeichnis)." -#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: lib/utils_wipe.c:156 lib/utils_wipe.c:227 src/utils_reencrypt_luks1.c:734 #: src/utils_reencrypt_luks1.c:832 msgid "Cannot seek to device offset." msgstr "Fehler beim Springen zum Gerät-Offset." -#: lib/utils_wipe.c:247 +#: lib/utils_wipe.c:249 #, c-format msgid "Device wipe error, offset %<PRIu64>." msgstr "Fehler beim gründlichen Löschen des Geräts, an Offset %<PRIu64>." +#: lib/utils_wipe.c:344 +msgid "Incorrect OPAL PSID." +msgstr "Falsche OPAL-PSID." + +#: lib/utils_wipe.c:346 +msgid "Cannot erase OPAL device." +msgstr "Fehler beim Leeren des OPAL-Geräts." + #: lib/luks1/keyencryption.c:39 #, c-format msgid "" @@ -802,7 +904,7 @@ msgstr "Verschlüsselungsverfahren sollte im Format [Verfahren]-[Modus]-[IV] sei #: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 #: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 -#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 +#: lib/luks2/luks2_json_metadata.c:1528 lib/luks2/luks2_keyslot.c:712 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Fehler beim Schreiben auf Gerät »%s«, Zugriff verweigert." @@ -816,17 +918,17 @@ msgid "Failed to access temporary keystore device." msgstr "Fehler beim Zugriff auf das temporäre Schlüsselspeichergerät." #: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 -#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:197 msgid "IO error while encrypting keyslot." msgstr "E/A-Fehler beim Verschlüsseln des Schlüsselfachs." #: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 -#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:681 #: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 #: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 #: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 #: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 -#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: lib/luks2/luks2_json_metadata.c:1531 src/utils_reencrypt_luks1.c:121 #: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." @@ -848,32 +950,32 @@ msgstr "Gerät »%s« ist zu klein. (LUKS1 benötigt mindestens %<PRIu64> Bytes. msgid "LUKS keyslot %u is invalid." msgstr "LUKS-Schlüsselfach %u ist ungültig." -#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1391 #, c-format msgid "Requested header backup file %s already exists." msgstr "Angeforderte Header-Backupdatei »%s« existiert bereits." -#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1393 #, c-format msgid "Cannot create header backup file %s." msgstr "Fehler beim Anlegen der Header-Backupdatei »%s«." -#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1400 #, c-format msgid "Cannot write header backup file %s." msgstr "Fehler beim Speichern der Header-Backupdatei »%s«." -#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1437 msgid "Backup file does not contain valid LUKS header." msgstr "Backupdatei enthält keinen gültigen LUKS-Header." #: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 -#: lib/luks2/luks2_json_metadata.c:1420 +#: lib/luks2/luks2_json_metadata.c:1458 #, c-format msgid "Cannot open header backup file %s." msgstr "Fehler beim Öffnen der Header-Backupdatei »%s«." -#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1466 #, c-format msgid "Cannot read header backup file %s." msgstr "Fehler beim Einlesen der Header-Backupdatei »%s«." @@ -895,7 +997,7 @@ msgstr "enthält keinen LUKS-Header. Das Ersetzen des Headers kann Daten auf dem msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "enthält bereits einen LUKS-Header. Das Ersetzen des Headers wird bestehende Schlüsselfächer zerstören." -#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1500 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -970,7 +1072,7 @@ msgstr "LUKS-Verschlüsselungsmodus %s ist ungültig." msgid "LUKS hash %s is invalid." msgstr "LUKS-Hash %s ist ungültig." -#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1352 msgid "No known problems detected for LUKS header." msgstr "Keine bekannten Probleme im LUKS-Header erkannt." @@ -989,8 +1091,8 @@ msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "Daten-Offset für LUKS-Header muss entweder 0 sein oder mehr als die Headergröße." #: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 -#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 -#: src/utils_reencrypt.c:539 +#: lib/luks2/luks2_json_format.c:243 lib/luks2/luks2_json_metadata.c:1274 +#: src/utils_reencrypt.c:554 msgid "Wrong LUKS UUID format provided." msgstr "Falsches LUKS-UUID-Format angegeben." @@ -1028,7 +1130,7 @@ msgstr "Schlüsselfach kann nicht geöffnet werden (mit Hash-Algorithmus »%s«) msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Schlüsselfach %d ist ungültig, bitte wählen Sie ein Schlüsselfach zwischen 0 und %d." -#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:716 #, c-format msgid "Cannot wipe device %s." msgstr "Gerät »%s« kann nicht ausgelöscht werden." @@ -1049,48 +1151,48 @@ msgstr "Inkompatible Loop-AES-Schlüsseldatei erkannt." msgid "Kernel does not support loop-AES compatible mapping." msgstr "Kernel unterstützt Loop-AES-kompatibles Mapping nicht." -#: lib/tcrypt/tcrypt.c:508 +#: lib/tcrypt/tcrypt.c:510 #, c-format msgid "Error reading keyfile %s." msgstr "Fehler beim Einlesen der Schlüsseldatei »%s«." -#: lib/tcrypt/tcrypt.c:558 +#: lib/tcrypt/tcrypt.c:560 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Maximale Länge der TCRYPT-Passphrase (%zu) überschritten." -#: lib/tcrypt/tcrypt.c:600 +#: lib/tcrypt/tcrypt.c:602 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "Der Hash-Algorithmus »%s« für PBKDF2 wird nicht unterstützt, überspringe diesen Teil." -#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1227 msgid "Required kernel crypto interface not available." msgstr "Die benötigte Crypto-Kernel-Schnittstelle ist nicht verfügbar." -#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 +#: lib/tcrypt/tcrypt.c:623 src/cryptsetup.c:1229 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Stellen Sie sicher, dass das Kernelmodul »algif_skcipher« geladen ist." -#: lib/tcrypt/tcrypt.c:762 +#: lib/tcrypt/tcrypt.c:764 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Aktivierung wird für die Sektorengröße %d nicht unterstützt." -#: lib/tcrypt/tcrypt.c:768 +#: lib/tcrypt/tcrypt.c:770 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Der Kernel unterstützt die Aktivierung für diesen TCRYPT-Legacymodus nicht." -#: lib/tcrypt/tcrypt.c:799 +#: lib/tcrypt/tcrypt.c:801 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "TCRYPT-Systemverschlüsselung für Partition »%s« wird aktiviert." -#: lib/tcrypt/tcrypt.c:882 +#: lib/tcrypt/tcrypt.c:884 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Kernel unterstützt TCRYPT-kompatibles Mapping nicht." -#: lib/tcrypt/tcrypt.c:1095 +#: lib/tcrypt/tcrypt.c:1097 msgid "This function is not supported without TCRYPT header load." msgstr "Diese Funktionalität braucht einen geladenen TCRYPT-Header." @@ -1149,74 +1251,74 @@ msgstr "Fehler beim Lesen der BITLK-Metadaten von »%s«." msgid "Failed to convert BITLK volume description" msgstr "Fehler beim Konvertieren der BITLK-Volumenbeschreibung" -#: lib/bitlk/bitlk.c:882 +#: lib/bitlk/bitlk.c:884 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Unerwartete Art »%u« des Metadaten-Eintrags beim Parsen des externen Schlüssels gefunden." -#: lib/bitlk/bitlk.c:905 +#: lib/bitlk/bitlk.c:907 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "Die GUID der BEK-Datei »%s« stimmt nicht mit der GUID des Laufwerks überein." -#: lib/bitlk/bitlk.c:909 +#: lib/bitlk/bitlk.c:911 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "Unerwarteter Metadaten-Eintrag »%u« beim Einlesen des externen Schlüssels gefunden." -#: lib/bitlk/bitlk.c:948 +#: lib/bitlk/bitlk.c:950 #, c-format msgid "Unsupported BEK metadata version %<PRIu32>" msgstr "Nicht unterstützte BEK-Metadatenversion %<PRIu32>" -#: lib/bitlk/bitlk.c:953 +#: lib/bitlk/bitlk.c:955 #, c-format msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length" msgstr "Unerwartete BEK-Metadatengröße %<PRIu32> stimmt nicht mit BEK-Dateilänge überein" -#: lib/bitlk/bitlk.c:979 +#: lib/bitlk/bitlk.c:981 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Unerwartete Art »%u« des Metadaten-Eintrags beim Einlesen des Startschlüssels gefunden." -#: lib/bitlk/bitlk.c:1075 +#: lib/bitlk/bitlk.c:1076 msgid "This operation is not supported." msgstr "Diese Operation wird nicht unterstützt." -#: lib/bitlk/bitlk.c:1083 +#: lib/bitlk/bitlk.c:1084 msgid "Unexpected key data size." msgstr "Unerwartete Größe des Datenschlüssels." -#: lib/bitlk/bitlk.c:1209 +#: lib/bitlk/bitlk.c:1210 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Dieses BITLK-Gerät ist in einem nicht unterstützten Zustand und kann daher nicht aktiviert werden." -#: lib/bitlk/bitlk.c:1214 +#: lib/bitlk/bitlk.c:1215 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "BITLK-Geräte der Art »%s« können nicht aktiviert werden." -#: lib/bitlk/bitlk.c:1221 +#: lib/bitlk/bitlk.c:1222 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Aktivieren eines teilweise entschlüsselten BITLK-Geräts wird nicht unterstützt." -#: lib/bitlk/bitlk.c:1262 +#: lib/bitlk/bitlk.c:1263 #, c-format msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>" msgstr "WARNUNG: BitLocker-Datenträgergröße %<PRIu64> stimmt nicht mit der zugrunde liegenden Gerätegröße %<PRIu64> überein" -#: lib/bitlk/bitlk.c:1389 +#: lib/bitlk/bitlk.c:1390 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Gerät kann nicht aktiviert werden, dem Kernelmodul dm-crypt fehlt die Unterstützung für BITLK-IV." -#: lib/bitlk/bitlk.c:1393 +#: lib/bitlk/bitlk.c:1394 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Gerät kann nicht aktiviert werden, da dem Kernelmodul dm-crypt die Unterstützung für BITLK-Elephant-Verschleierer fehlt." -#: lib/bitlk/bitlk.c:1397 +#: lib/bitlk/bitlk.c:1398 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "Gerät kann nicht aktiviert werden, dem Kernelmodul dm-crypt fehlt die Unterstützung für große Sektoren." -#: lib/bitlk/bitlk.c:1401 +#: lib/bitlk/bitlk.c:1402 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Gerät kann nicht aktiviert werden, das Kernelmodul dm-crypt existiert nicht." @@ -1254,28 +1356,32 @@ msgstr "Falsches VERITY-UUID-Format über Gerät »%s« angegeben." msgid "Error during update of verity header on device %s." msgstr "Fehler beim Aktualisieren des VERITY-Headers auf Gerät »%s«." -#: lib/verity/verity.c:278 +#: lib/verity/verity.c:274 msgid "Root hash signature verification is not supported." msgstr "Verifikation der Stammhash-Signatur wird nicht unterstützt." -#: lib/verity/verity.c:290 +#: lib/verity/verity.c:279 +msgid "Root hash signature required." +msgstr "Signatur des Stammhashes erforderlich." + +#: lib/verity/verity.c:294 msgid "Errors cannot be repaired with FEC device." msgstr "Fehler können mit einem FEC-Gerät nicht repariert werden." -#: lib/verity/verity.c:292 +#: lib/verity/verity.c:296 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "%u reparierbare Fehler mit FEC-Gerät gefunden." -#: lib/verity/verity.c:335 +#: lib/verity/verity.c:377 msgid "Kernel does not support dm-verity mapping." msgstr "Kernel unterstützt dm-verity-Zuordnung nicht." -#: lib/verity/verity.c:339 +#: lib/verity/verity.c:381 msgid "Kernel does not support dm-verity signature option." msgstr "Kernel unterstützt Signatur-Option für dm-verity nicht." -#: lib/verity/verity.c:350 +#: lib/verity/verity.c:392 msgid "Verity device detected corruption after activation." msgstr "Verity-Gerät hat eine Verfälschung nach der Aktivierung festgestellt." @@ -1369,7 +1475,7 @@ msgstr "Fehler beim Ermitteln der Größe von Gerät »%s«." msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." msgstr "Inkompatible Metadaten des Kernelmoduls dm-integrity (Version %u) auf %s entdeckt." -#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:454 msgid "Kernel does not support dm-integrity mapping." msgstr "Kernel unterstützt dm-integrity-Zuordnung nicht." @@ -1381,8 +1487,8 @@ msgstr "Kernel unterstützt feste Ausrichtung der Metadaten für dm-integrity ni msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Der Kernel weigert sich, die unsichere Neuberechnungs-Option zu aktivieren. Um dies zu übersteuern, können Sie die veralteten Aktivierungsoptionen nutzen." -#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 -#: lib/luks2/luks2_json_metadata.c:1482 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1197 +#: lib/luks2/luks2_json_metadata.c:1520 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Fehler beim exklusiven Schreibzugriff auf Gerät »%s«." @@ -1399,49 +1505,59 @@ msgstr "" "Gerät enthält mehrdeutige Signaturen, LUKS2 kann nicht automatisch wiederhergestellt werden.\n" "Bitte führen Sie \"cryptsetup repair\" zur Wiederherstellung aus." -#: lib/luks2/luks2_json_format.c:229 +#: lib/luks2/luks2_json_format.c:231 +#, c-format +msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "WARNING: Der Schlüsselfach-Bereich (%<PRIu64> Bytes) ist sehr klein, die LUKS2-Schlüsselfachanzahl ist sehr begrenzt.\n" + +#: lib/luks2/luks2_json_format.c:427 msgid "Requested data offset is too small." msgstr "Verlangter Daten-Offset ist zu klein." -#: lib/luks2/luks2_json_format.c:274 +#: lib/luks2/luks2_json_format.c:468 #, c-format -msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" -msgstr "WARNING: Der Schlüsselfach-Bereich (%<PRIu64> Bytes) ist sehr klein, die LUKS2-Schlüsselfachanzahl ist sehr begrenzt.\n" +msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" +msgstr "Warnung: Größe der LUKS2-Metadaten wurde auf %<PRIu64> geändert.\n" + +#: lib/luks2/luks2_json_format.c:472 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" +msgstr "Warnung: Größe des LUKS2-Schlüsselfachbereichs wurde auf %<PRIu64> Bytes geändert.\n" -#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 -#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_json_metadata.c:1184 lib/luks2/luks2_json_metadata.c:1366 +#: lib/luks2/luks2_json_metadata.c:1426 lib/luks2/luks2_keyslot_luks2.c:94 #: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Fehler beim Zugriff auf die Lesesperre für das Gerät »%s«." -#: lib/luks2/luks2_json_metadata.c:1405 +#: lib/luks2/luks2_json_metadata.c:1443 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "Verbotene LUKS2-Anforderungen in Backup »%s« entdeckt." -#: lib/luks2/luks2_json_metadata.c:1446 +#: lib/luks2/luks2_json_metadata.c:1484 msgid "Data offset differ on device and backup, restore failed." msgstr "Unterschiedliche Datenoffsets auf Gerät und Backup. Wiederherstellung fehlgeschlagen." -#: lib/luks2/luks2_json_metadata.c:1452 +#: lib/luks2/luks2_json_metadata.c:1490 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Unterschiedliche Größe der Binärheader mit Schlüsselfach-Bereichen zwischen Gerät und Backup. Wiederherstellung fehlgeschlagen." -#: lib/luks2/luks2_json_metadata.c:1459 +#: lib/luks2/luks2_json_metadata.c:1497 #, c-format msgid "Device %s %s%s%s%s" msgstr "Gerät »%s« %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1460 +#: lib/luks2/luks2_json_metadata.c:1498 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "enthält keinen LUKS2-Header. Das Ersetzen des Headers kann Daten auf dem Gerät zerstören." -#: lib/luks2/luks2_json_metadata.c:1461 +#: lib/luks2/luks2_json_metadata.c:1499 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "enthält bereits einen LUKS2-Header. Das Ersetzen des Headers wird bestehende Schlüsselfächer zerstören." -#: lib/luks2/luks2_json_metadata.c:1463 +#: lib/luks2/luks2_json_metadata.c:1501 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1451,7 +1567,7 @@ msgstr "" "WARNUNG: Unbekannte LUKS2-Anforderungen im echten Geräteheader entdeckt!\n" "Das Ersetzen des Headers mit dem Backup kann zu Datenverlust auf dem Gerät führen!" -#: lib/luks2/luks2_json_metadata.c:1465 +#: lib/luks2/luks2_json_metadata.c:1503 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1461,58 +1577,92 @@ msgstr "" "WARNUNG: Unvollendete Offline-Wiederverschlüsselung auf dem Gerät entdeckt!\n" "Das Ersetzen des Headers mit dem Backup kann zu Datenverlust auf dem Gerät führen." -#: lib/luks2/luks2_json_metadata.c:1562 +#: lib/luks2/luks2_json_metadata.c:1600 #, c-format msgid "Ignored unknown flag %s." msgstr "Unbekannter Schalter »%s« wird ignoriert." -#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 +#: lib/luks2/luks2_json_metadata.c:2525 lib/luks2/luks2_reencrypt.c:2090 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Fehlender Schlüssel für dm-crypt-Segment %u" -#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 +#: lib/luks2/luks2_json_metadata.c:2537 lib/luks2/luks2_reencrypt.c:2104 msgid "Failed to set dm-crypt segment." msgstr "Fehler beim Festlegen des »dm-crypt«-Segments." -#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 +#: lib/luks2/luks2_json_metadata.c:2543 lib/luks2/luks2_reencrypt.c:2110 msgid "Failed to set dm-linear segment." msgstr "Fehler beim Festlegen des »dm-linear«-Segments." -#: lib/luks2/luks2_json_metadata.c:2615 +#: lib/luks2/luks2_json_metadata.c:2662 src/utils_reencrypt.c:433 +msgid "No known cipher specification pattern detected in LUKS2 header." +msgstr "Kein bekanntes Verschlüsselungsmuster in LUKS2-Kopfbereich entdeckt." + +#: lib/luks2/luks2_json_metadata.c:2670 +msgid "OPAL device must have static device size." +msgstr "OPAL-Gerät muss statische Gerätegröße haben." + +#: lib/luks2/luks2_json_metadata.c:2690 +msgid "Encrypted OPAL device with integrity must be smaller than locking range." +msgstr "Verschlüsseltes OPAL-Gerät mit Integrität muss kleiner als der Sperrbereich sein." + +#: lib/luks2/luks2_json_metadata.c:2695 +msgid "OPAL device must have same size as locking range." +msgstr "OPAL-Gerät muss dieselbe Größe wie der Sperrbereich haben." + +#: lib/luks2/luks2_json_metadata.c:2715 +#, c-format +msgid "OPAL device is %s already unlocked.\n" +msgstr "Das OPAL-Gerät »%s« ist bereits entsperrt.\n" + +#: lib/luks2/luks2_json_metadata.c:2748 msgid "Unsupported device integrity configuration." msgstr "Nicht unterstützte Konfiguration für Geräteintegrität." -#: lib/luks2/luks2_json_metadata.c:2701 +#: lib/luks2/luks2_json_metadata.c:2764 +msgid "Underlying dm-integrity device with unexpected provided data sectors." +msgstr "Das zugrundeliegende dm-integrity-Gerät hat unerwartete Datensektoren bereitgestellt." + +#: lib/luks2/luks2_json_metadata.c:2859 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Wiederverschlüsselung läuft gerade. Das Gerät kann nicht deaktiviert werden." -#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 +#: lib/luks2/luks2_json_metadata.c:2870 lib/luks2/luks2_reencrypt.c:4159 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Das stillgelegte Gerät »%s« mit dm-error-Ziel konnte nicht in den Fehlerzustand gesetzt werden." -#: lib/luks2/luks2_json_metadata.c:2792 +#: lib/luks2/luks2_json_metadata.c:2939 lib/luks2/luks2_json_metadata.c:2961 +#, c-format +msgid "Device %s was deactivated but hardware OPAL device cannot be locked." +msgstr "Gerät »%s« wurde deaktiviert, aber das Hardware-OPAL-Gerät kann nicht gesperrt werden." + +#: lib/luks2/luks2_json_metadata.c:2980 msgid "Failed to read LUKS2 requirements." msgstr "Fehler beim Lesen der LUKS2-Anforderungen." -#: lib/luks2/luks2_json_metadata.c:2799 +#: lib/luks2/luks2_json_metadata.c:2987 msgid "Unmet LUKS2 requirements detected." msgstr "Unerfüllte LUKS2-Anforderungen entdeckt." -#: lib/luks2/luks2_json_metadata.c:2807 +#: lib/luks2/luks2_json_metadata.c:2995 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Diese Operation kann nicht mit einem Gerät durchgeführt werden, das für Altlasten-Wiederverschlüsselung markiert ist. Wird abgebrochen." -#: lib/luks2/luks2_json_metadata.c:2809 +#: lib/luks2/luks2_json_metadata.c:2997 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Diese Operation kann nicht mit einem Gerät durchgeführt werden, das für LUKS2-Wiederverschlüsselung markiert ist. Wird abgebrochen." -#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 +#: lib/luks2/luks2_json_metadata.c:2999 +msgid "Operation incompatible with device using OPAL. Aborting." +msgstr "Diese Operation kann nicht mit einem Gerät durchgeführt werden, das OPAL verwendet. Wird abgebrochen." + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:602 msgid "Not enough available memory to open a keyslot." msgstr "Nicht genügend Speicher, um ein Schlüsselfach zu öffnen." -#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:604 msgid "Keyslot open failed." msgstr "Fehler beim Öffnen des Schlüsselfachs." @@ -1521,330 +1671,342 @@ msgstr "Fehler beim Öffnen des Schlüsselfachs." msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Der Algorithmus %s-%s kann nicht für Schlüsselfach-Verschlüsselung verwendet werden." -#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:404 +#: lib/luks2/luks2_keyslot_reenc.c:447 lib/luks2/luks2_reencrypt.c:2714 #, c-format msgid "Hash algorithm %s is not available." msgstr "Der Hash-Algorithmus »%s« ist nicht verfügbar." -#: lib/luks2/luks2_keyslot_luks2.c:510 +#: lib/luks2/luks2_keyslot_luks2.c:371 +msgid "Warning: keyslot operation could fail as it requires more than available memory.\n" +msgstr "Warnung: Schlüsselbund-Vorgang könnte fehlschlagen, da er mehr Speicher benötigt als verfügbar ist.\n" + +#: lib/luks2/luks2_keyslot_luks2.c:520 msgid "No space for new keyslot." msgstr "Nicht genug Speicherplatz für neues Schlüsselfach." -#: lib/luks2/luks2_keyslot_reenc.c:593 +#: lib/luks2/luks2_keyslot_reenc.c:596 msgid "Invalid reencryption resilience mode change requested." msgstr "Ungültige Änderung des Modus für die robuste Wiederverschlüsselung angefordert." -#: lib/luks2/luks2_keyslot_reenc.c:714 +#: lib/luks2/luks2_keyslot_reenc.c:717 #, c-format msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes." msgstr "Die Art der Robustheit kann nicht geändert werden. Die neue Art bietet nur %<PRIu64> Bytes, der erforderliche Platz ist jedoch %<PRIu64> Bytes." -#: lib/luks2/luks2_keyslot_reenc.c:724 +#: lib/luks2/luks2_keyslot_reenc.c:727 msgid "Failed to refresh reencryption verification digest." msgstr "Fehler beim Auffrischen des Zusammenfassungswerts der Prüfung der Wiederverschlüsselung." -#: lib/luks2/luks2_luks1_convert.c:512 +#: lib/luks2/luks2_luks1_convert.c:545 #, c-format msgid "Cannot check status of device with uuid: %s." msgstr "Fehler beim Prüfen des Zustands von Gerät mit der UUID %s." -#: lib/luks2/luks2_luks1_convert.c:538 +#: lib/luks2/luks2_luks1_convert.c:571 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Fehler beim Konvertieren des Headers mit zusätzlichen LUKSMETA-Metadaten." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 +#: lib/luks2/luks2_luks1_convert.c:602 lib/luks2/luks2_reencrypt.c:3795 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "Die Chiffrierspezifikation %s-%s kann für LUKS2 nicht verwendet werden." -#: lib/luks2/luks2_luks1_convert.c:584 +#: lib/luks2/luks2_luks1_convert.c:617 msgid "Unable to move keyslot area. Not enough space." msgstr "Fehler beim Verschieben des Schlüsselfach-Bereichs. Nicht genug Speicherplatz." -#: lib/luks2/luks2_luks1_convert.c:619 +#: lib/luks2/luks2_luks1_convert.c:652 msgid "Cannot convert to LUKS2 format - invalid metadata." msgstr "Fehler beim Konvertieren ins LUKS2-Format: ungültige Metadaten." -#: lib/luks2/luks2_luks1_convert.c:636 +#: lib/luks2/luks2_luks1_convert.c:669 msgid "Unable to move keyslot area. LUKS2 keyslots area too small." msgstr "Fehler beim Verschieben des Schlüsselfach-Bereichs. Bereich für die LUKS2-Schlüsselfächer ist zu klein." -#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 +#: lib/luks2/luks2_luks1_convert.c:675 lib/luks2/luks2_luks1_convert.c:969 msgid "Unable to move keyslot area." msgstr "Fehler beim Verschieben des Schlüsselfach-Bereichs." -#: lib/luks2/luks2_luks1_convert.c:732 +#: lib/luks2/luks2_luks1_convert.c:765 msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." msgstr "Fehler beim Konvertieren in LUKS1-Format: Standardgröße für Verschlüsselungssektoren ist nicht 512 Bytes." -#: lib/luks2/luks2_luks1_convert.c:740 +#: lib/luks2/luks2_luks1_convert.c:773 msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach-Digeste sind nicht zu LUKS1 kompatibel." -#: lib/luks2/luks2_luks1_convert.c:752 +#: lib/luks2/luks2_luks1_convert.c:785 #, c-format msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "Fehler beim Konvertieren in LUKS1-Format: Gerät verwendet eingepacktes Verschlüsselungsverfahren %s." -#: lib/luks2/luks2_luks1_convert.c:757 +#: lib/luks2/luks2_luks1_convert.c:790 msgid "Cannot convert to LUKS1 format - device uses more segments." msgstr "Fehler beim Konvertieren ins LUKS1-Format: Gerät verwendet mehr Segmente." -#: lib/luks2/luks2_luks1_convert.c:765 +#: lib/luks2/luks2_luks1_convert.c:798 #, c-format msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "Fehler beim Konvertieren in LUKS1-Format: LUKS2-Header enthält %u Token." -#: lib/luks2/luks2_luks1_convert.c:779 +#: lib/luks2/luks2_luks1_convert.c:812 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach %u ist in ungültigem Zustand." -#: lib/luks2/luks2_luks1_convert.c:784 +#: lib/luks2/luks2_luks1_convert.c:817 #, c-format msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach %u (über Maximalfach) ist noch aktiv." -#: lib/luks2/luks2_luks1_convert.c:789 +#: lib/luks2/luks2_luks1_convert.c:822 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach %u ist nicht zu LUKS1 kompatibel." -#: lib/luks2/luks2_reencrypt.c:1152 +#: lib/luks2/luks2_reencrypt.c:1181 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Die Größe der Hotzone muss ein Vielfaches der berechneten Zonenausrichtung (%zu Bytes) sein." -#: lib/luks2/luks2_reencrypt.c:1157 +#: lib/luks2/luks2_reencrypt.c:1186 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Gerätegröße muss ein Vielfaches der berechneten Zonenausrichtung (%zu Bytes) sein." -#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 -#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 -#: lib/luks2/luks2_reencrypt.c:3877 +#: lib/luks2/luks2_reencrypt.c:1393 lib/luks2/luks2_reencrypt.c:1580 +#: lib/luks2/luks2_reencrypt.c:1663 lib/luks2/luks2_reencrypt.c:1705 +#: lib/luks2/luks2_reencrypt.c:3954 msgid "Failed to initialize old segment storage wrapper." msgstr "Fehler beim Initialisieren der Umverpackung für den Speicher alter Segmente." -#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 +#: lib/luks2/luks2_reencrypt.c:1407 lib/luks2/luks2_reencrypt.c:1558 msgid "Failed to initialize new segment storage wrapper." msgstr "Fehler beim Initialisieren der Umverpackung für den Speicher neuer Segmente." -#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 +#: lib/luks2/luks2_reencrypt.c:1534 lib/luks2/luks2_reencrypt.c:3966 msgid "Failed to initialize hotzone protection." msgstr "Fehler beim Initialisieren des Hotzone-Schutzes." -#: lib/luks2/luks2_reencrypt.c:1578 +#: lib/luks2/luks2_reencrypt.c:1607 msgid "Failed to read checksums for current hotzone." msgstr "Fehler beim Lesen der Prüfsummen für die aktuelle Hotzone." -#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:1614 lib/luks2/luks2_reencrypt.c:3980 #, c-format msgid "Failed to read hotzone area starting at %<PRIu64>." msgstr "Fehler beim Lesen des Hotzone-Bereichs, der bei %<PRIu64> beginnt." -#: lib/luks2/luks2_reencrypt.c:1604 +#: lib/luks2/luks2_reencrypt.c:1633 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Fehler beim Entschlüsseln von Sektor %zu." -#: lib/luks2/luks2_reencrypt.c:1610 +#: lib/luks2/luks2_reencrypt.c:1639 #, c-format msgid "Failed to recover sector %zu." msgstr "Fehler beim Wiederherstellen von Sektor %zu." -#: lib/luks2/luks2_reencrypt.c:2174 +#: lib/luks2/luks2_reencrypt.c:2203 #, c-format msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>." msgstr "Die Größe der Quell- und Zielgeräte stimmt nicht überein. Quelle %<PRIu64>, Ziel: %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2272 +#: lib/luks2/luks2_reencrypt.c:2301 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Fehler beim Aktivieren des Hotzone-Geräts »%s«." -#: lib/luks2/luks2_reencrypt.c:2289 +#: lib/luks2/luks2_reencrypt.c:2318 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Fehler beim Aktivieren des Ãœberlagerungsgeräts »%s« mit der tatsächlichen Ursprungstabelle." -#: lib/luks2/luks2_reencrypt.c:2296 +#: lib/luks2/luks2_reencrypt.c:2325 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Fehler beim Laden der neuen Zuordnung für Gerät »%s«." -#: lib/luks2/luks2_reencrypt.c:2367 +#: lib/luks2/luks2_reencrypt.c:2396 msgid "Failed to refresh reencryption devices stack." msgstr "Fehler beim Auffrischen des Gerätestapels für Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:2550 +#: lib/luks2/luks2_reencrypt.c:2596 msgid "Failed to set new keyslots area size." msgstr "Fehler beim Festlegen der neuen Bereichsgröße für Schlüsselfächer." -#: lib/luks2/luks2_reencrypt.c:2686 +#: lib/luks2/luks2_reencrypt.c:2732 #, c-format msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "Datenverschiebung ist nicht an der angeforderten Verschlüsselungs-Sektorgröße (%<PRIu32> Bytes) ausgerichtet." -#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 +#: lib/luks2/luks2_reencrypt.c:2769 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Nicht unterstützter Modus »%s« für Widerstandsfähigkeit" -#: lib/luks2/luks2_reencrypt.c:2760 +#: lib/luks2/luks2_reencrypt.c:2806 msgid "Moved segment size can not be greater than data shift value." msgstr "Die Größe des verschobenen Segments kann nicht größer als der Wert der Datenverschiebung sein." -#: lib/luks2/luks2_reencrypt.c:2802 +#: lib/luks2/luks2_reencrypt.c:2848 msgid "Invalid reencryption resilience parameters." msgstr "Ungültige Parameter für die robuste Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:2824 +#: lib/luks2/luks2_reencrypt.c:2870 #, c-format msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>." msgstr "Das verschobene Segment ist zu groß. Angeforderte Größe %<PRIu64>, verfügbarer Platz %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2911 +#: lib/luks2/luks2_reencrypt.c:2957 msgid "Failed to clear table." msgstr "Fehler beim Leeren der Tabelle." -#: lib/luks2/luks2_reencrypt.c:2997 +#: lib/luks2/luks2_reencrypt.c:3043 msgid "Reduced data size is larger than real device size." msgstr "Die reduzierte Datengröße ist größer als die tatsächliche Gerätegröße." -#: lib/luks2/luks2_reencrypt.c:3004 +#: lib/luks2/luks2_reencrypt.c:3050 #, c-format msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "Datengerät ist nicht an der angeforderten Verschlüsselungs-Sektorgröße (%<PRIu32> Bytes) ausgerichtet." -#: lib/luks2/luks2_reencrypt.c:3038 +#: lib/luks2/luks2_reencrypt.c:3084 #, c-format msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)." msgstr "Datenverschiebung (%<PRIu64> Sektoren) ist weniger als der zukünftige Datenoffset (%<PRIu64> Sektoren)." -#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 -#: lib/luks2/luks2_reencrypt.c:3554 +#: lib/luks2/luks2_reencrypt.c:3091 lib/luks2/luks2_reencrypt.c:3589 +#: lib/luks2/luks2_reencrypt.c:3610 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Fehler beim exklusiven Öffnen von »%s« (wird bereits anderweitig benutzt)." -#: lib/luks2/luks2_reencrypt.c:3234 +#: lib/luks2/luks2_reencrypt.c:3280 msgid "Device not marked for LUKS2 reencryption." msgstr "Das Gerät ist nicht für LUKS2-Wiederverschlüsselung markiert." -#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 +#: lib/luks2/luks2_reencrypt.c:3297 lib/luks2/luks2_reencrypt.c:4271 msgid "Failed to load LUKS2 reencryption context." msgstr "Fehler beim Laden des LUKS2-Wiederverschlüsselungs-Kontextes." -#: lib/luks2/luks2_reencrypt.c:3331 +#: lib/luks2/luks2_reencrypt.c:3387 msgid "Failed to get reencryption state." msgstr "Fehler beim Einlesen des Wiederverschlüsselungs-Zustands." -#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 +#: lib/luks2/luks2_reencrypt.c:3391 lib/luks2/luks2_reencrypt.c:3705 msgid "Device is not in reencryption." msgstr "Das Gerät befindet sich nicht in der Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 +#: lib/luks2/luks2_reencrypt.c:3398 lib/luks2/luks2_reencrypt.c:3712 msgid "Reencryption process is already running." msgstr "Der Wiederverschlüsselungs-Vorgang läuft bereits." -#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 +#: lib/luks2/luks2_reencrypt.c:3400 lib/luks2/luks2_reencrypt.c:3714 msgid "Failed to acquire reencryption lock." msgstr "Fehler beim Zugriff auf die Schreibsperre für die Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:3362 +#: lib/luks2/luks2_reencrypt.c:3418 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Wiederverschlüsselung kann nicht fortgesetzt werden. Führen Sie zuerst die Wiederverschlüsselungs-Wiederherstellung durch." -#: lib/luks2/luks2_reencrypt.c:3497 +#: lib/luks2/luks2_reencrypt.c:3553 msgid "Active device size and requested reencryption size don't match." msgstr "Aktive Gerätegröße und angeforderte Wiederverschlüsselungsgröße passen nicht zusammen." -#: lib/luks2/luks2_reencrypt.c:3511 +#: lib/luks2/luks2_reencrypt.c:3567 msgid "Illegal device size requested in reencryption parameters." msgstr "Ungültige Gerätegröße wurde in den Wiederverschlüsselungsparametern angefordert." -#: lib/luks2/luks2_reencrypt.c:3588 +#: lib/luks2/luks2_reencrypt.c:3644 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Wiederverschlüsselung läuft bereits. Wiederherstellung ist nicht möglich." -#: lib/luks2/luks2_reencrypt.c:3757 +#: lib/luks2/luks2_reencrypt.c:3812 msgid "LUKS2 reencryption already initialized in metadata." msgstr "LUKS2-Wiederverschlüsselung ist in den Metadaten bereits initialisiert." -#: lib/luks2/luks2_reencrypt.c:3764 +#: lib/luks2/luks2_reencrypt.c:3819 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "LUKS2-Wiederverschlüsselung konnte in den Metadaten nicht initialisiert werden." -#: lib/luks2/luks2_reencrypt.c:3859 +#: lib/luks2/luks2_reencrypt.c:3872 lib/luks2/luks2_reencrypt.c:3907 +msgid "Reencryption is not supported for DAX (persistent memory) devices." +msgstr "Wiederverschlüsselung wird für DAX-Geräte (persistenten Speicher) nicht unterstützt." + +#: lib/luks2/luks2_reencrypt.c:3879 +msgid "Failed to read passphrase from keyring." +msgstr "Fehler beim Lesen der Passphrase vom Schlüsselbund." + +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Fehler beim Festlegen der Gerätesegmente für die nächste Wiederverschlüsselungs-Hotzone." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3988 msgid "Failed to write reencryption resilience metadata." msgstr "Fehler beim Schreiben der Metadaten für robuste Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:3918 +#: lib/luks2/luks2_reencrypt.c:3995 msgid "Decryption failed." msgstr "Fehler beim Entschlüsseln." -#: lib/luks2/luks2_reencrypt.c:3923 +#: lib/luks2/luks2_reencrypt.c:4000 #, c-format msgid "Failed to write hotzone area starting at %<PRIu64>." msgstr "Fehler beim Schreiben des Hotzone-Bereichs, der bei %<PRIu64> beginnt." -#: lib/luks2/luks2_reencrypt.c:3928 +#: lib/luks2/luks2_reencrypt.c:4005 msgid "Failed to sync data." msgstr "Fehler beim Synchronisieren von Daten." -#: lib/luks2/luks2_reencrypt.c:3936 +#: lib/luks2/luks2_reencrypt.c:4013 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Fehler beim Aktualisieren der Metadaten, nachdem die aktuelle Wiederverschlüsselungs-Hotzone beendet wurde." -#: lib/luks2/luks2_reencrypt.c:4025 +#: lib/luks2/luks2_reencrypt.c:4102 msgid "Failed to write LUKS2 metadata." msgstr "Fehler beim Schreiben der LUKS2-Metadaten." -#: lib/luks2/luks2_reencrypt.c:4048 +#: lib/luks2/luks2_reencrypt.c:4125 msgid "Failed to wipe unused data device area." msgstr "Fehler beim gründlichen Löschen des ungenutzten Bereichs auf dem Gerät." -#: lib/luks2/luks2_reencrypt.c:4054 +#: lib/luks2/luks2_reencrypt.c:4131 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "Fehler beim Entfernen des ungenutzten (ungebundenen) Schlüsselfachs %d." -#: lib/luks2/luks2_reencrypt.c:4064 +#: lib/luks2/luks2_reencrypt.c:4141 msgid "Failed to remove reencryption keyslot." msgstr "Fehler beim Entfernen des Schlüsselfachs zur Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:4074 +#: lib/luks2/luks2_reencrypt.c:4151 #, c-format msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long." msgstr "Schwerwiegender Fehler beim Wiederverschlüsseln des Blocks bei %<PRIu64>, %<PRIu64> Sektoren lang." -#: lib/luks2/luks2_reencrypt.c:4078 +#: lib/luks2/luks2_reencrypt.c:4155 msgid "Online reencryption failed." msgstr "Fehler bei Online-Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:4083 +#: lib/luks2/luks2_reencrypt.c:4160 msgid "Do not resume the device unless replaced with error target manually." msgstr "Das Gerät nicht fortsetzen, außer es wird manuell durch das Fehlerziel ersetzt." -#: lib/luks2/luks2_reencrypt.c:4137 +#: lib/luks2/luks2_reencrypt.c:4212 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Wiederverschlüsselung kann nicht fortgesetzt werden. Unerwarteter Zustand der Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:4143 +#: lib/luks2/luks2_reencrypt.c:4218 msgid "Missing or invalid reencrypt context." msgstr "Fehlender oder ungültiger Wiederverschlüsselungs-Kontext." -#: lib/luks2/luks2_reencrypt.c:4150 +#: lib/luks2/luks2_reencrypt.c:4225 msgid "Failed to initialize reencryption device stack." msgstr "Fehler beim Initialisieren des Gerätestapels für Wiederverschlüsselung." -#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 +#: lib/luks2/luks2_reencrypt.c:4247 lib/luks2/luks2_reencrypt.c:4284 msgid "Failed to update reencryption context." msgstr "Fehler beim Aktualisieren des Wiederverschlüsselungskontexts." @@ -1852,80 +2014,121 @@ msgstr "Fehler beim Aktualisieren des Wiederverschlüsselungskontexts." msgid "Reencryption metadata is invalid." msgstr "Die Metadaten für die Wiederverschlüsselung sind ungültig." +#: lib/luks2/hw_opal/hw_opal.c:335 +#, c-format +msgid "OPAL range %d offset %<PRIu64> does not match expected values %<PRIu64>." +msgstr "OPAL-Bereich %d mit Offset %<PRIu64> entspricht nicht dem erwarteten Wert %<PRIu64>." + +#: lib/luks2/hw_opal/hw_opal.c:344 +#, c-format +msgid "OPAL range %d length %<PRIu64> does not match device length %<PRIu64>." +msgstr "OPAL-Bereich %d mit Länge %<PRIu64> entspricht nicht der Gerätegröße %<PRIu64>." + +#: lib/luks2/hw_opal/hw_opal.c:351 +#, c-format +msgid "OPAL range %d locking is disabled." +msgstr "In OPAL-Bereich %d ist das Sperren deaktiviert." + +#: lib/luks2/hw_opal/hw_opal.c:361 lib/luks2/hw_opal/hw_opal.c:368 +#, c-format +msgid "Unexpected OPAL range %d lock state." +msgstr "Unerwarteter Sperrzustand in OPAL-Bereich %d." + #: src/cryptsetup.c:85 msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Verschlüsselungsparameter für Schlüsselfach wird nur für LUKS2-Geräte unterstützt." -#: src/cryptsetup.c:108 src/cryptsetup.c:1901 +#: src/cryptsetup.c:128 src/cryptsetup.c:2145 #, c-format msgid "Enter token PIN: " msgstr "Geben Sie die PIN des Tokens ein: " -#: src/cryptsetup.c:110 src/cryptsetup.c:1903 +#: src/cryptsetup.c:130 src/cryptsetup.c:2147 #, c-format msgid "Enter token %d PIN: " msgstr "Geben Sie die PIN des Tokens %d ein: " -#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 -#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:188 src/cryptsetup.c:1174 src/cryptsetup.c:1515 +#: src/utils_reencrypt.c:1137 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Kein bekanntes Verschlüsselungsmuster entdeckt." -#: src/cryptsetup.c:167 +#: src/cryptsetup.c:198 +#, c-format +msgid "WARNING: Using default options for cipher (%s-%s, key size %u bits) that could be incompatible with older versions." +msgstr "Warnung: Für den Verschlüsselungsalgorithmus werden die Standardeinstellungen (%s-%s, Schlüsselgröße %u Bit) verwendet, das kann inkompatibel zu älteren Versionen sein." + +#: src/cryptsetup.c:203 +#, c-format +msgid "WARNING: Using default options for hash (%s) that could be incompatible with older versions." +msgstr "Warnung: Für den Hashalgorithmus werden die Standardeinstellungen (%s) verwendet, das kann inkompatibel zu älteren Versionen sein." + +#: src/cryptsetup.c:207 +msgid "For plain mode, always use options --cipher, --key-size and if no keyfile is used, then also --hash." +msgstr "Im einfachen Modus stets die Optionen --cipher, --key-size und (wenn keine Schlüsseldatei verwendet wird) auch --hash nutzen." + +#: src/cryptsetup.c:213 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" msgstr "WARNUNG: Der Parameter --hash wird im Plain-Modus ignoriert, wenn eine Schlüsseldatei angegeben ist.\n" -#: src/cryptsetup.c:175 +#: src/cryptsetup.c:221 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" msgstr "WARNUNG: Die Option --keyfile-size wird ignoriert, da die Lesegröße die gleiche ist wie die Verschlüsselungsschlüsselgröße ist.\n" -#: src/cryptsetup.c:215 +#: src/cryptsetup.c:258 src/cryptsetup.c:1360 src/cryptsetup.c:1558 +#: src/integritysetup.c:197 src/utils_reencrypt.c:1346 +#, c-format +msgid "Blkid scan failed for %s." +msgstr "Fehler beim Blkid-Scan für %s." + +#: src/cryptsetup.c:264 #, c-format msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Gerätesignaturen auf »%s« erkannt. Wenn Sie fortfahren, könnte das bestehende Daten beschädigen." -#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 -#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 -#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 +#: src/cryptsetup.c:270 src/cryptsetup.c:1248 src/cryptsetup.c:1296 +#: src/cryptsetup.c:1367 src/cryptsetup.c:1492 src/cryptsetup.c:1570 +#: src/cryptsetup.c:2525 src/cryptsetup.c:2952 src/integritysetup.c:187 +#: src/utils_reencrypt.c:138 src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:764 msgid "Operation aborted.\n" msgstr "Vorgang abgebrochen.\n" -#: src/cryptsetup.c:294 +#: src/cryptsetup.c:343 msgid "Option --key-file is required." msgstr "Die Option »--key-file« muss angegeben werden." -#: src/cryptsetup.c:345 +#: src/cryptsetup.c:394 msgid "Enter VeraCrypt PIM: " msgstr "VeraCrypt-PIM eingeben: " -#: src/cryptsetup.c:354 +#: src/cryptsetup.c:403 msgid "Invalid PIM value: parse error." msgstr "Ungültiger PIM-Wert: Formatfehler." -#: src/cryptsetup.c:357 +#: src/cryptsetup.c:406 msgid "Invalid PIM value: 0." msgstr "Ungültiger PIM-Wert: 0." -#: src/cryptsetup.c:360 +#: src/cryptsetup.c:409 msgid "Invalid PIM value: outside of range." msgstr "Ungültiger PIM-Wert: außerhalb des gültigen Bereichs." -#: src/cryptsetup.c:383 +#: src/cryptsetup.c:432 msgid "No device header detected with this passphrase." msgstr "Kein Geräte-Header mit dieser Passphrase gefunden." -#: src/cryptsetup.c:456 src/cryptsetup.c:632 +#: src/cryptsetup.c:505 src/cryptsetup.c:681 #, c-format msgid "Device %s is not a valid BITLK device." msgstr "Gerät »%s« ist kein gültiges BITLK-Gerät." -#: src/cryptsetup.c:464 +#: src/cryptsetup.c:513 msgid "Cannot determine volume key size for BITLK, please use --key-size option." msgstr "Die Größe des Laufwerksschlüssels für BITLK kann nicht ermittelt werden, bitte nutzen Sie die Option »--key-size«." -#: src/cryptsetup.c:506 +#: src/cryptsetup.c:555 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" @@ -1937,7 +2140,7 @@ msgstr "" "daher ausschließlich an einem sicheren Ort und verschlüsselt\n" "aufbewahrt werden." -#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 +#: src/cryptsetup.c:622 src/cryptsetup.c:703 src/cryptsetup.c:2550 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1949,65 +2152,73 @@ msgstr "" "daher ausschließlich an einem sicheren Ort und verschlüsselt\n" "aufbewahrt werden." -#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#: src/cryptsetup.c:758 src/cryptsetup.c:788 #, c-format msgid "Device %s is not a valid FVAULT2 device." msgstr "Gerät »%s« ist kein gültiges FVAULT2-Gerät." -#: src/cryptsetup.c:747 +#: src/cryptsetup.c:796 msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." msgstr "Die Größe des Laufwerksschlüssels für FVAULT2 kann nicht ermittelt werden, bitte nutzen Sie die Option »--key-size«." -#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 +#: src/cryptsetup.c:850 src/veritysetup.c:323 src/integritysetup.c:409 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Gerät »%s« ist noch aktiv und zum verzögerten Entfernen eingeplant.\n" -#: src/cryptsetup.c:835 +# upstream: period missing +#: src/cryptsetup.c:884 src/cryptsetup.c:1824 src/cryptsetup.c:2080 +#: src/cryptsetup.c:2234 src/cryptsetup.c:2681 src/cryptsetup.c:2763 +#: src/cryptsetup.c:3290 +#, c-format +msgid "Failed to set external tokens path %s." +msgstr "Fehler beim Festlegen des externen Tokenpfads »%s«." + +#: src/cryptsetup.c:893 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Um die Größe von aktiven Geräten zu öndern, muss der Laufwerksschlüssel im Schlüsselbund sein, aber die Option --disable-keyring wurde angegeben." -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1053 msgid "Benchmark interrupted." msgstr "Benchmark unterbrochen." -#: src/cryptsetup.c:1003 +#: src/cryptsetup.c:1074 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s (nicht zutreffend)\n" -#: src/cryptsetup.c:1005 +#: src/cryptsetup.c:1076 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u Iterationen pro Sekunde für %zu-Bit-Schlüssel\n" -#: src/cryptsetup.c:1019 +#: src/cryptsetup.c:1090 #, c-format msgid "%-10s N/A\n" msgstr "%-10s (nicht zutreffend)\n" -#: src/cryptsetup.c:1021 +#: src/cryptsetup.c:1092 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u Iterationen, %5u Speicher, %1u parallele Threads (CPUs) für %zu-Bit-Schlüssel (Zieldauer %u Millisekunden)\n" -#: src/cryptsetup.c:1045 +#: src/cryptsetup.c:1116 msgid "Result of benchmark is not reliable." msgstr "Das Ergebnis des Benchmarks ist nicht zuverlässig." -#: src/cryptsetup.c:1095 +#: src/cryptsetup.c:1166 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Die Tests sind nur annähernd genau, da sie nicht auf den Datenträger zugreifen.\n" # upstream: the following line should also be translated. This is because the long word "Schlüssel" for "Key" will break the layout, as well as "Verschlüsselung" for "Encryption". # To help the translators, you should provide an example for what goes into the %x placeholders, since I had to make an educated guess that the second %s would be exactly 4 characters long. This is an unnecessary burden for the translators. #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1115 +#: src/cryptsetup.c:1186 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Algorithmus | Schlüssel | Verschlüsselung | Entschlüsselung\n" -#: src/cryptsetup.c:1119 +#: src/cryptsetup.c:1190 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Verschlüsselung »%s« (mit Schlüsselgröße %i Bits) ist nicht verfügbar." @@ -2015,15 +2226,15 @@ msgstr "Verschlüsselung »%s« (mit Schlüsselgröße %i Bits) ist nicht verfü # upstream: the following line should also be translated. This is because the long word "Schlüssel" for "Key" will break the layout, as well as "Verschlüsselung" for "Encryption". # To help the translators, you should provide an example for what goes into the %x placeholders, since I had to make an educated guess that the second %s would be exactly 4 characters long. This is an unnecessary burden for the translators. #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1138 +#: src/cryptsetup.c:1209 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algorithmus | Schlüssel | Verschlüsselung | Entschlüsselung\n" -#: src/cryptsetup.c:1149 +#: src/cryptsetup.c:1220 msgid "N/A" msgstr "N/A" -#: src/cryptsetup.c:1174 +#: src/cryptsetup.c:1245 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -2031,27 +2242,27 @@ msgstr "" "Ungeschützte LUKS2-Metadaten für die Wiederverschlüsselung entdeckt. Bitte überprüfen Sie, ob die Wiederverschlüsselungsoperation erwünscht ist (siehe luksDump-Ausgabe)\n" "und fahren Sie nur fort (Upgrade der Metadaten), wenn Sie den Vorgang als echt anerkennen." -#: src/cryptsetup.c:1180 +#: src/cryptsetup.c:1251 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "Geben Sie die Passphrase für den Schutz und das Aktualisieren der Metadaten für die Wiederverschlüsselung ein: " -#: src/cryptsetup.c:1224 +#: src/cryptsetup.c:1295 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Wirklich mit der Wiederherstellung der LUKS2-Wiederverschlüsselung fortfahren?" -#: src/cryptsetup.c:1233 +#: src/cryptsetup.c:1304 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "Geben Sie die Passphrase für das Prüfen der Metadaten für die Wiederverschlüsselung ein: " -#: src/cryptsetup.c:1235 +#: src/cryptsetup.c:1306 msgid "Enter passphrase for reencryption recovery: " msgstr "Geben Sie die Passphrase für die Wiederherstellung der Wiederverschlüsselung ein: " -#: src/cryptsetup.c:1290 +#: src/cryptsetup.c:1366 msgid "Really try to repair LUKS device header?" msgstr "Wirklich versuchen, den LUKS-Geräteheader wiederherzustellen?" -#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1390 src/integritysetup.c:89 src/integritysetup.c:247 msgid "" "\n" "Wipe interrupted." @@ -2059,7 +2270,7 @@ msgstr "" "\n" "Gründlich löschen unterbrochen." -#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1395 src/integritysetup.c:94 src/integritysetup.c:284 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2068,128 +2279,144 @@ msgstr "" "Sie können diesen Vorgang mit Strg+C unterbrechen (der nicht gesäuberte Bereich des Geräts wird dann ungültige Prüfsummen haben).\n" # upstream: it is boring that I have to translate the newline at the end of each of these messages. Translating strings without newlines is much easier and faster. Since it is redundant anyway (all calls to log_err have a trailing newline), this newline should be written implicitly. -#: src/cryptsetup.c:1341 src/integritysetup.c:116 +#: src/cryptsetup.c:1417 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Fehler beim Deaktivieren des temporären Geräts »%s«." -#: src/cryptsetup.c:1392 +#: src/cryptsetup.c:1472 msgid "Integrity option can be used only for LUKS2 format." msgstr "Die Integritätsoption kann nur für das LUKS2-Format verwendet werden." -#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 +#: src/cryptsetup.c:1477 src/cryptsetup.c:1542 msgid "Unsupported LUKS2 metadata size options." msgstr "Nicht unterstützte Optionen für Größe der LUKS-Metadaten." -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:1482 +msgid "OPAL is supported only for LUKS2 format." +msgstr "OPAL wird nur für das LUKS2-Format unterstützt." + +#: src/cryptsetup.c:1491 msgid "Header file does not exist, do you want to create it?" msgstr "Die Headerdatei existiert nicht, soll sie angelegt werden?" -#: src/cryptsetup.c:1414 +#: src/cryptsetup.c:1499 #, c-format msgid "Cannot create header file %s." msgstr "Fehler beim Anlegen der Headerdatei »%s«." -#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 -#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 -#: src/integritysetup.c:333 +#: src/cryptsetup.c:1522 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:324 src/integritysetup.c:332 +#: src/integritysetup.c:342 msgid "No known integrity specification pattern detected." msgstr "Kein bekanntes Integritätsspezifikationsmuster entdeckt." -#: src/cryptsetup.c:1450 +#: src/cryptsetup.c:1535 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Das Gerät »%s« kann nicht als Datenträger-Header benutzt werden." -#: src/cryptsetup.c:1474 src/integritysetup.c:181 +#: src/cryptsetup.c:1564 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Hiermit werden die Daten auf »%s« unwiderruflich überschrieben." -#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 -#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1601 +msgid "OPAL Admin password cannot be empty." +msgstr "Das OPAL-Admin-Passwort darf nicht leer sein." + +#: src/cryptsetup.c:1615 src/cryptsetup.c:2097 src/cryptsetup.c:2247 +#: src/cryptsetup.c:2407 src/cryptsetup.c:2473 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Fehler beim Festlegen der PBKDF-Parameter." -#: src/cryptsetup.c:1593 +#: src/cryptsetup.c:1745 +msgid "Type specification in --link-vk-to-keyring keyring specification is ignored." +msgstr "Die Typangabe in --link-vk-to-keyring wird ignoriert." + +#: src/cryptsetup.c:1765 +msgid "Invalid --link-vk-to-keyring value." +msgstr "Ungültiger Wert für --link-vk-to-keyring." + +#: src/cryptsetup.c:1805 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Verringerter Datenoffset ist nur für separaten LUKS-Header erlaubt." -#: src/cryptsetup.c:1600 +#: src/cryptsetup.c:1812 #, c-format msgid "LUKS file container %s is too small for activation, there is no remaining space for data." msgstr "LUKS-Datei-Container %s ist zu klein für die Aktivierung, es ist kein Platz mehr für Daten vorhanden." -#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 +#: src/cryptsetup.c:1839 src/cryptsetup.c:2253 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Die Größe des Laufwerksschlüssels erfordert Schlüsselfächer, bitte nutzen Sie dazu die Option »--key-size«." -#: src/cryptsetup.c:1658 +#: src/cryptsetup.c:1890 msgid "Device activated but cannot make flags persistent." msgstr "Gerät aktiviert, aber die Schalter können nicht dauerhaft gespeichert werden." -#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 +#: src/cryptsetup.c:1972 src/cryptsetup.c:2040 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Schlüsselfach %d zum Löschen ausgewählt." -#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 +#: src/cryptsetup.c:1984 src/cryptsetup.c:2044 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Dies ist das letzte Schlüsselfach. Wenn Sie diesen Schlüssel löschen, wird das Gerät unbrauchbar." -#: src/cryptsetup.c:1750 +#: src/cryptsetup.c:1985 msgid "Enter any remaining passphrase: " msgstr "Geben Sie irgendeine verbleibende Passphrase ein: " -#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 +#: src/cryptsetup.c:1986 src/cryptsetup.c:2046 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Vorgang abgebrochen, das Schlüsselfach wurde NICHT gesäubert.\n" -#: src/cryptsetup.c:1787 +#: src/cryptsetup.c:2022 msgid "Enter passphrase to be deleted: " msgstr "Geben Sie die zu löschende Passphrase ein: " -#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 -#: src/cryptsetup.c:2948 +#: src/cryptsetup.c:2072 src/cryptsetup.c:2456 src/cryptsetup.c:3114 +#: src/cryptsetup.c:3281 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "Gerät »%s« ist kein gültiges LUKS2-Gerät." -#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 +#: src/cryptsetup.c:2111 src/cryptsetup.c:2330 msgid "Enter new passphrase for key slot: " msgstr "Geben Sie die neue Passphrase für das Schlüsselfach ein: " -#: src/cryptsetup.c:1968 +#: src/cryptsetup.c:2213 msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" msgstr "WARNUNG: Der Parameter --key-slot wird für die neue Nummer des Schlüsselfachs verwendet.\n" -#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:2286 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Geben Sie irgendeine bestehende Passphrase ein: " -#: src/cryptsetup.c:2152 +#: src/cryptsetup.c:2411 msgid "Enter passphrase to be changed: " msgstr "Geben Sie die zu ändernde Passphrase ein: " -#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2427 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Geben Sie die neue Passphrase ein: " -#: src/cryptsetup.c:2218 +#: src/cryptsetup.c:2477 msgid "Enter passphrase for keyslot to be converted: " msgstr "Geben Sie die Passphrase für das umzuwandelnde Schlüsselfach ein: " -#: src/cryptsetup.c:2242 +#: src/cryptsetup.c:2501 msgid "Only one device argument for isLuks operation is supported." msgstr "Die Operation »isLuks« unterstützt nur genau ein Geräte-Argument." -#: src/cryptsetup.c:2350 +#: src/cryptsetup.c:2609 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Schlüsselfach %d enthält keinen unverbundenen Schlüssel." -#: src/cryptsetup.c:2355 +#: src/cryptsetup.c:2614 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2198,40 +2425,52 @@ msgstr "" "Dieser Dump sollte daher ausschließlich an einem sicheren Ort und\n" "verschlüsselt aufbewahrt werden." -#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 +#: src/cryptsetup.c:2709 src/cryptsetup.c:2746 #, c-format msgid "%s is not active %s device name." msgstr "%s ist kein aktives %s-Gerät." -#: src/cryptsetup.c:2465 +#: src/cryptsetup.c:2741 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s ist kein aktives LUKS-Gerät, oder der Header fehlt." -#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 +#: src/cryptsetup.c:2819 src/cryptsetup.c:2838 msgid "Option --header-backup-file is required." msgstr "Option »--header-backup-file« muss angegeben werden." -#: src/cryptsetup.c:2577 +#: src/cryptsetup.c:2869 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s ist kein von cryptsetup verwaltetes Gerät." -#: src/cryptsetup.c:2588 +#: src/cryptsetup.c:2880 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Die Geräteart »%s« kann nicht aufgefrischt werden" -#: src/cryptsetup.c:2638 +#: src/cryptsetup.c:2930 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Unbekannte Art »%s« des Metadaten-Geräts." -#: src/cryptsetup.c:2640 +#: src/cryptsetup.c:2932 msgid "Command requires device and mapped name as arguments." msgstr "Dieser Befehl benötigt den Gerätenamen und den zugeordneten Namen als Argumente." -#: src/cryptsetup.c:2661 +#: src/cryptsetup.c:2942 +msgid "Enter OPAL PSID: " +msgstr "Geben Sie die OPAL-PSID ein: " + +#: src/cryptsetup.c:2942 +msgid "Enter OPAL Admin password: " +msgstr "Geben Sie das OPAL-Admin-Passwort ein: " + +#: src/cryptsetup.c:2951 +msgid "WARNING: WHOLE disk will be factory reset and all data will be lost! Continue?" +msgstr "Warnung: Der GESAMTE Datenträger wird auf die Werkseinstellungen zurückgesetzt, und alle Daten gehen verloren. Fortsetzen?" + +#: src/cryptsetup.c:2994 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2240,351 +2479,351 @@ msgstr "" "Diese Operation wird alle Schlüsselfächer auf Gerät »%s« löschen.\n" "Dadurch wird das Gerät unbrauchbar." -#: src/cryptsetup.c:2668 +#: src/cryptsetup.c:3001 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Vorgang abgebrochen, die Schlüsselfächer wurden NICHT gesäubert.\n" -#: src/cryptsetup.c:2707 +#: src/cryptsetup.c:3040 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Invalid LUKS type, only luks1 and luks2 are supported." -#: src/cryptsetup.c:2723 +#: src/cryptsetup.c:3056 #, c-format msgid "Device is already %s type." msgstr "Das Gerät hat bereits den Typ »%s«." -#: src/cryptsetup.c:2730 +#: src/cryptsetup.c:3063 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Diese Operation wird für »%s« ins Format »%s« umwandeln.\n" -#: src/cryptsetup.c:2733 +#: src/cryptsetup.c:3066 msgid "Operation aborted, device was NOT converted.\n" msgstr "Vorgang abgebrochen, das Gerät wurde NICHT konvertiert.\n" -#: src/cryptsetup.c:2773 +#: src/cryptsetup.c:3106 msgid "Option --priority, --label or --subsystem is missing." msgstr "Die Option --priority, --label oder --subsystem fehlt." -#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 +#: src/cryptsetup.c:3140 src/cryptsetup.c:3180 src/cryptsetup.c:3200 #, c-format msgid "Token %d is invalid." msgstr "Token %d ist ungültig." -#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 +#: src/cryptsetup.c:3143 src/cryptsetup.c:3203 #, c-format msgid "Token %d in use." msgstr "Token %d ist in Benutzung." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3155 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Fehler beim Hinzufügen des LUKS2-Schlüsselring-Tokens %d." -#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3229 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Token %d kann nicht dem Schlüsselfach %d zugeordnet werden." -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3183 #, c-format msgid "Token %d is not in use." msgstr "Token %d wird gerade nicht verwendet." -#: src/cryptsetup.c:2887 +#: src/cryptsetup.c:3220 msgid "Failed to import token from file." msgstr "Token konnte nicht aus der Datei importiert werden." -#: src/cryptsetup.c:2912 +#: src/cryptsetup.c:3245 #, c-format msgid "Failed to get token %d for export." msgstr "Auf Token %d kann nicht für den Export zugegriffen werden." -#: src/cryptsetup.c:2925 +#: src/cryptsetup.c:3258 #, c-format msgid "Token %d is not assigned to keyslot %d." msgstr "Token %d ist nicht dem Schlüsselfach %d zugeordnet." -#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#: src/cryptsetup.c:3260 src/cryptsetup.c:3267 #, c-format msgid "Failed to unassign token %d from keyslot %d." msgstr "Token %d kann nicht vom Schlüsselfach %d losgelöst werden." -#: src/cryptsetup.c:2983 +#: src/cryptsetup.c:3326 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "Die Optionen --tcrypt-hidden, --tcrypt-system und --tcrypt-backup sind nur zusammen mit einem TCRYPT-Gerät erlaubt." -#: src/cryptsetup.c:2986 +#: src/cryptsetup.c:3329 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "Die Optionen --veracrypt und --disable-veracrypt werden nur für TCRYPT-kompatible Geräte unterstützt." -#: src/cryptsetup.c:2989 +#: src/cryptsetup.c:3332 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "Die Option --veracrypt-pim wird nur für VeraCrypt-kompatible Geräte unterstützt." -#: src/cryptsetup.c:2993 +#: src/cryptsetup.c:3336 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "Die Option --veracrypt-query-pim wird nur für VeraCrypt-kompatible Geräte unterstützt." -#: src/cryptsetup.c:2995 +#: src/cryptsetup.c:3338 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "Die Optionen --veracrypt-pim und --veracrypt-query-pim schließen sich gegenseitig aus." -#: src/cryptsetup.c:3004 +#: src/cryptsetup.c:3347 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "Die Option --persistent ist nicht mit --test-passphrase kombinierbar." -#: src/cryptsetup.c:3007 +#: src/cryptsetup.c:3350 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "Die Optionen --refresh und --test-passphrase schließen sich gegenseitig aus." -#: src/cryptsetup.c:3010 +#: src/cryptsetup.c:3353 msgid "Option --shared is allowed only for open of plain device." msgstr "Die Option --shared ist nur beim beim »open«-Befehl eines Plain-Gerätes erlaubt." -#: src/cryptsetup.c:3013 +#: src/cryptsetup.c:3356 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "Die Option --skip ist nur beim Öffnen von plain- und loopaes-Geräten erlaubt." -#: src/cryptsetup.c:3016 +#: src/cryptsetup.c:3359 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "Die Option --offset mit der Aktion Öffnen wird nur für einfache und loopaes-Geräte unterstützt." -#: src/cryptsetup.c:3019 +#: src/cryptsetup.c:3362 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "Die Option --tcrypt-hidden kann nicht mit --allow-discards kombiniert werden." -#: src/cryptsetup.c:3023 +#: src/cryptsetup.c:3366 msgid "Sector size option with open action is supported only for plain devices." msgstr "Die Option \"Sektorgröße\" mit der Aktion \"Öffnen\" wird nur für einfache Geräte unterstützt." -#: src/cryptsetup.c:3027 +#: src/cryptsetup.c:3370 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "Die Option für große IV-Sektoren wird nur unterstützt, wenn das geöffnete Gerät Sektoren größer als 512 Bytes hat." -#: src/cryptsetup.c:3032 +#: src/cryptsetup.c:3375 msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." msgstr "Die Option --test-passphrase ist nur beim Öffnen von LUKS-, TCRYPT-, BITLK- und FVAULT2-Geräten erlaubt." -#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 +#: src/cryptsetup.c:3378 src/cryptsetup.c:3401 msgid "Options --device-size and --size cannot be combined." msgstr "Die Optionen --device-size und --size können nicht kombiniert werden." -#: src/cryptsetup.c:3038 +#: src/cryptsetup.c:3381 msgid "Option --unbound is allowed only for open of luks device." msgstr "Die Option »--unbound« ist nur beim »open«-Befehl eines LUKS-Gerätes erlaubt." -#: src/cryptsetup.c:3041 +#: src/cryptsetup.c:3384 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "Die Option »--unbound« kann nur in Kombination mit »--test-passphrase« verwendet werden." -#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 +#: src/cryptsetup.c:3393 src/veritysetup.c:671 src/integritysetup.c:767 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "Die Optionen --cancel-deferred und --deferred können nicht kombiniert werden." -#: src/cryptsetup.c:3066 -msgid "Options --reduce-device-size and --data-size cannot be combined." -msgstr "Die Optionen --reduce-device-size und --data-size können nicht kombiniert werden." +#: src/cryptsetup.c:3409 +msgid "Options --reduce-device-size and --device-size cannot be combined." +msgstr "Die Optionen --reduce-device-size und --device-size können nicht kombiniert werden." -#: src/cryptsetup.c:3069 +#: src/cryptsetup.c:3412 msgid "Option --active-name can be set only for LUKS2 device." msgstr "Die Option »--active-name« ist nur auf LUKS2-Geräte anwendbar." -#: src/cryptsetup.c:3072 +#: src/cryptsetup.c:3415 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "Die Optionen »--active-name« und »--force-offline-reencrypt« können nicht kombiniert werden." -#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 +#: src/cryptsetup.c:3423 src/cryptsetup.c:3453 msgid "Keyslot specification is required." msgstr "Das Schlüsselfach muss angegeben werden." -#: src/cryptsetup.c:3088 +#: src/cryptsetup.c:3431 msgid "Options --align-payload and --offset cannot be combined." msgstr "Die Optionen --align-payload und --offset können nicht kombiniert werden." -#: src/cryptsetup.c:3091 +#: src/cryptsetup.c:3434 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "Die Option --integrity-no-wipe ist nur für die »format«-Aktion mit Integritätserweiterung erlaubt." -#: src/cryptsetup.c:3094 +#: src/cryptsetup.c:3437 msgid "Only one of --use-[u]random options is allowed." msgstr "Nur eine der Optionen --use-[u]random ist erlaubt." -#: src/cryptsetup.c:3102 +#: src/cryptsetup.c:3445 msgid "Key size is required with --unbound option." msgstr "Die Option »--unbound« erfordert die Schlüsselgröße." -#: src/cryptsetup.c:3122 +#: src/cryptsetup.c:3465 msgid "Invalid token action." msgstr "Ungültige Token-Aktion." -#: src/cryptsetup.c:3125 +#: src/cryptsetup.c:3468 msgid "--key-description parameter is mandatory for token add action." msgstr "Der Parameter --key-description ist Pflicht für die Aktion »token add«." -#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 +#: src/cryptsetup.c:3472 src/cryptsetup.c:3485 msgid "Action requires specific token. Use --token-id parameter." msgstr "Die Aktion erfordert ein bestimmtes Token. Verwenden Sie den Parameter --token-id." -#: src/cryptsetup.c:3133 +#: src/cryptsetup.c:3476 msgid "Option --unbound is valid only with token add action." msgstr "Die Option »--unbound« kann nur zusammen mit der Aktion zum Hinzufügen eines Tokens verwendet werden." -#: src/cryptsetup.c:3135 +#: src/cryptsetup.c:3478 msgid "Options --key-slot and --unbound cannot be combined." msgstr "Die Optionen --key-slot und --unbound können nicht kombiniert werden." -#: src/cryptsetup.c:3140 +#: src/cryptsetup.c:3483 msgid "Action requires specific keyslot. Use --key-slot parameter." msgstr "Die Aktion erfordert ein bestimmtes Schlüsselfach. Verwenden Sie den Parameter --key-slot." -#: src/cryptsetup.c:3156 +#: src/cryptsetup.c:3499 msgid "<device> [--type <type>] [<name>]" msgstr "<Gerät> [--type <Art>] [<Name>]" -#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 +#: src/cryptsetup.c:3499 src/veritysetup.c:491 src/integritysetup.c:544 msgid "open device as <name>" msgstr "Gerät als <Name> öffnen" -#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 -#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 -#: src/integritysetup.c:537 src/integritysetup.c:539 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3501 src/cryptsetup.c:3502 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:545 +#: src/integritysetup.c:546 src/integritysetup.c:548 msgid "<name>" msgstr "<Name>" -#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 +#: src/cryptsetup.c:3500 src/veritysetup.c:492 src/integritysetup.c:545 msgid "close device (remove mapping)" msgstr "Gerät schließen (Zuordnung entfernen)" -#: src/cryptsetup.c:3158 src/integritysetup.c:539 +#: src/cryptsetup.c:3501 src/integritysetup.c:548 msgid "resize active device" msgstr "Größe des aktiven Geräts ändern" -#: src/cryptsetup.c:3159 +#: src/cryptsetup.c:3502 msgid "show device status" msgstr "Gerätestatus anzeigen" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "[--cipher <cipher>]" msgstr "[--cipher <Algorithmus>]" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "benchmark cipher" msgstr "Verschlüsselungsalgorithmus benchmarken" -#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 -#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 -#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 -#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 -#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 +#: src/cryptsetup.c:3504 src/cryptsetup.c:3505 src/cryptsetup.c:3506 +#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3515 +#: src/cryptsetup.c:3516 src/cryptsetup.c:3517 src/cryptsetup.c:3518 +#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521 +#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524 msgid "<device>" msgstr "<Gerät>" -#: src/cryptsetup.c:3161 +#: src/cryptsetup.c:3504 msgid "try to repair on-disk metadata" msgstr "Versuchen, die Metadaten auf dem Datenträger zu reparieren" -#: src/cryptsetup.c:3162 +#: src/cryptsetup.c:3505 msgid "reencrypt LUKS2 device" msgstr "LUKS2-Gerät wiederverschlüsseln" -#: src/cryptsetup.c:3163 +#: src/cryptsetup.c:3506 msgid "erase all keyslots (remove encryption key)" msgstr "Alle Schlüsselfächer löschen (Verschlüsselungsschlüssel entfernen)" -#: src/cryptsetup.c:3164 +#: src/cryptsetup.c:3507 msgid "convert LUKS from/to LUKS2 format" msgstr "Zwischen den Formaten LUKS und LUKS2 umwandeln" -#: src/cryptsetup.c:3165 +#: src/cryptsetup.c:3508 msgid "set permanent configuration options for LUKS2" msgstr "Permanente Konfigurationsoptionen für LUKS2 festlegen" -#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 +#: src/cryptsetup.c:3509 src/cryptsetup.c:3510 msgid "<device> [<new key file>]" msgstr "<Gerät> [<neue Schlüsseldatei>]" -#: src/cryptsetup.c:3166 +#: src/cryptsetup.c:3509 msgid "formats a LUKS device" msgstr "Ein LUKS-Gerät formatieren" -#: src/cryptsetup.c:3167 +#: src/cryptsetup.c:3510 msgid "add key to LUKS device" msgstr "Schlüssel zu LUKS-Gerät hinzufügen" -#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 +#: src/cryptsetup.c:3511 src/cryptsetup.c:3512 src/cryptsetup.c:3513 msgid "<device> [<key file>]" msgstr "<Gerät> [<Schlüsseldatei>]" -#: src/cryptsetup.c:3168 +#: src/cryptsetup.c:3511 msgid "removes supplied key or key file from LUKS device" msgstr "Entfernt bereitgestellten Schlüssel oder Schlüsseldatei vom LUKS-Gerät" -#: src/cryptsetup.c:3169 +#: src/cryptsetup.c:3512 msgid "changes supplied key or key file of LUKS device" msgstr "Ändert den angegebenen Schlüssel oder die Schlüsseldatei des LUKS-Geräts" -#: src/cryptsetup.c:3170 +#: src/cryptsetup.c:3513 msgid "converts a key to new pbkdf parameters" msgstr "Wandelt einen Schlüssel in neue PBKDF-Parameter um" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "<device> <key slot>" msgstr "<Gerät> <Schlüsselfach>" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "wipes key with number <key slot> from LUKS device" msgstr "Löscht Schlüssel mit Nummer <Schlüsselfach> vom LUKS-Gerät" -#: src/cryptsetup.c:3172 +#: src/cryptsetup.c:3515 msgid "print UUID of LUKS device" msgstr "UUID des LUKS-Geräts ausgeben" -#: src/cryptsetup.c:3173 +#: src/cryptsetup.c:3516 msgid "tests <device> for LUKS partition header" msgstr "Testet <Gerät> auf Header einer LUKS-Partition" -#: src/cryptsetup.c:3174 +#: src/cryptsetup.c:3517 msgid "dump LUKS partition information" msgstr "LUKS-Partitionsinformationen ausgeben" -#: src/cryptsetup.c:3175 +#: src/cryptsetup.c:3518 msgid "dump TCRYPT device information" msgstr "TCRYPT-Geräteinformationen ausgeben" -#: src/cryptsetup.c:3176 +#: src/cryptsetup.c:3519 msgid "dump BITLK device information" msgstr "BITLK-Geräteinformationen ausgeben" -#: src/cryptsetup.c:3177 +#: src/cryptsetup.c:3520 msgid "dump FVAULT2 device information" msgstr "VFAULT2-Geräteinformationen ausgeben" -#: src/cryptsetup.c:3178 +#: src/cryptsetup.c:3521 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "LUKS-Gerät in Ruhezustand versetzen und alle Schlüssel auslöschen (alle IOs werden eingefroren)" -#: src/cryptsetup.c:3179 +#: src/cryptsetup.c:3522 msgid "Resume suspended LUKS device" msgstr "LUKS-Gerät aus dem Ruhezustand aufwecken" -#: src/cryptsetup.c:3180 +#: src/cryptsetup.c:3523 msgid "Backup LUKS device header and keyslots" msgstr "Header und Schlüsselfächer eines LUKS-Geräts sichern" -#: src/cryptsetup.c:3181 +#: src/cryptsetup.c:3524 msgid "Restore LUKS device header and keyslots" msgstr "Header und Schlüsselfächer eines LUKS-Geräts wiederherstellen" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "<add|remove|import|export> <device>" msgstr "<add|remove|import|export> <Gerät>" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "Manipulate LUKS2 tokens" msgstr "LUKS2-Token manipulieren" -#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 +#: src/cryptsetup.c:3544 src/veritysetup.c:509 src/integritysetup.c:563 msgid "" "\n" "<action> is one of:\n" @@ -2592,7 +2831,7 @@ msgstr "" "\n" "<Aktion> ist eine von:\n" -#: src/cryptsetup.c:3207 +#: src/cryptsetup.c:3550 msgid "" "\n" "You can also use old <action> syntax aliases:\n" @@ -2604,7 +2843,7 @@ msgstr "" "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:3211 +#: src/cryptsetup.c:3554 #, c-format msgid "" "\n" @@ -2619,7 +2858,7 @@ msgstr "" "<Schlüsselfach> ist die Nummer des zu verändernden LUKS-Schlüsselfachs\n" "<Schlüsseldatei> optionale Schlüsseldatei für den neuen Schlüssel der »luksAddKey«-Aktion\n" -#: src/cryptsetup.c:3218 +#: src/cryptsetup.c:3561 #, c-format msgid "" "\n" @@ -2628,29 +2867,28 @@ msgstr "" "\n" "Vorgegebenes festeingebautes Metadatenformat ist %s (für luksFormat-Aktion).\n" -#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 -#, c-format +#: src/cryptsetup.c:3566 msgid "" "\n" -"LUKS2 external token plugin support is %s.\n" +"LUKS2 external token plugin support is enabled.\n" msgstr "" "\n" -"Die Unterstützung des externen Token-Plugins LUKS2 ist %s.\n" - -#: src/cryptsetup.c:3223 -msgid "compiled-in" -msgstr "integriert" +"Die Plugin-Unterstützung für externe LUKS2-Tokens ist aktiviert.\n" -#: src/cryptsetup.c:3224 +#: src/cryptsetup.c:3567 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Pfad des Plugins für externe LUKS2-Token: %s.\n" -#: src/cryptsetup.c:3226 -msgid "disabled" -msgstr "deaktiviert" +#: src/cryptsetup.c:3569 +msgid "" +"\n" +"LUKS2 external token plugin support is disabled.\n" +msgstr "" +"\n" +"Die Plugin-Unterstützung für externe LUKS2-Tokens ist deaktiviert.\n" -#: src/cryptsetup.c:3230 +#: src/cryptsetup.c:3573 #, c-format msgid "" "\n" @@ -2667,7 +2905,7 @@ msgstr "" "Vorgabe-PBKDF für LUKS2: %s\n" "\tIterationszeit: %d, benötigter Speicher: %d kB, parallele Threads: %d\n" -#: src/cryptsetup.c:3241 +#: src/cryptsetup.c:3584 #, c-format msgid "" "\n" @@ -2682,96 +2920,100 @@ msgstr "" "\tplain: %s, Schlüssel: %d Bits, Passphrase-Hashen: %s\n" "\tLUKS: %s, Schlüssel: %d Bits, LUKS-Header-Hashen: %s, Zufallszahlengenerator: %s\n" -#: src/cryptsetup.c:3250 +#: src/cryptsetup.c:3593 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: Standard-Schlüsselgröße mit XTS-Modus (zwei interne Schlüssel) wird verdoppelt.\n" -#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 +#: src/cryptsetup.c:3611 src/veritysetup.c:651 src/integritysetup.c:723 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: Benötigt %s als Argumente" -#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 +#: src/cryptsetup.c:3651 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Schlüsselfach ist ungültig." -#: src/cryptsetup.c:3335 +#: src/cryptsetup.c:3678 msgid "Device size must be multiple of 512 bytes sector." msgstr "Die Gerätegröße muss ein Vielfaches von 512-Byte-Sektoren sein." -#: src/cryptsetup.c:3340 +#: src/cryptsetup.c:3683 msgid "Invalid max reencryption hotzone size specification." msgstr "Ungültige Angabe der Maximalgröße für die Wiederverschlüsselungs-Hotzone." -#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 +#: src/cryptsetup.c:3697 src/cryptsetup.c:3709 msgid "Key size must be a multiple of 8 bits" msgstr "Schlüsselgröße muss ein Vielfaches von 8 Bit sein" -#: src/cryptsetup.c:3371 +#: src/cryptsetup.c:3714 msgid "Maximum device reduce size is 1 GiB." msgstr "Die maximale Verkleinerungsgröße ist 1 GiB." -#: src/cryptsetup.c:3374 +#: src/cryptsetup.c:3717 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Die verkleinerte Größe muss ein Vielfaches von 512-Byte-Sektoren sein." -#: src/cryptsetup.c:3391 +#: src/cryptsetup.c:3734 msgid "Option --priority can be only ignore/normal/prefer." msgstr "Die Option --priority kann nur »ignore/normal/prefer« sein." -#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 +#: src/cryptsetup.c:3753 src/veritysetup.c:572 src/integritysetup.c:643 msgid "Show this help message" msgstr "Diese Hilfe anzeigen" -#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 +#: src/cryptsetup.c:3754 src/veritysetup.c:573 src/integritysetup.c:644 msgid "Display brief usage" msgstr "Kurze Aufrufsyntax anzeigen" -#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 +#: src/cryptsetup.c:3755 src/veritysetup.c:574 src/integritysetup.c:645 msgid "Print package version" msgstr "Paketversion ausgeben" -#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 +#: src/cryptsetup.c:3766 src/veritysetup.c:585 src/integritysetup.c:656 msgid "Help options:" msgstr "Hilfe-Optionen:" -#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 +#: src/cryptsetup.c:3789 src/veritysetup.c:606 src/integritysetup.c:676 msgid "[OPTION...] <action> <action-specific>" msgstr "[OPTION...] <Aktion> <aktionsabhängig>" -#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 +#: src/cryptsetup.c:3798 src/veritysetup.c:615 src/integritysetup.c:687 msgid "Argument <action> missing." msgstr "Argument <Aktion> fehlt." -#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 +#: src/cryptsetup.c:3877 src/veritysetup.c:646 src/integritysetup.c:718 msgid "Unknown action." msgstr "Unbekannte Aktion." -#: src/cryptsetup.c:3546 +#: src/cryptsetup.c:3895 msgid "Option --key-file takes precedence over specified key file argument." msgstr "Die Option --key-file wirkt stärker als das angegebene Schlüsseldatei-Argument." -#: src/cryptsetup.c:3552 +#: src/cryptsetup.c:3901 msgid "Only one --key-file argument is allowed." msgstr "Die Option --key-file ist nur einmal erlaubt." -#: src/cryptsetup.c:3557 +#: src/cryptsetup.c:3906 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "Passwortbasierte Schlüsselableitungsfunktion (PBKDF) kann nur »pbkdf2« oder »argon2i/argon2id« sein." -#: src/cryptsetup.c:3562 +#: src/cryptsetup.c:3911 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "Bei PBKDF darf nur entweder die Anzahl der Durchläufe oder die Zeitbegrenzung angegeben werden." -#: src/cryptsetup.c:3573 +#: src/cryptsetup.c:3916 +msgid "Cannot link volume key to a keyring when keyring is disabled." +msgstr "Laufwerkschlüssel kann nicht mit einem Schlüsselbund verbunden werden, solange der Schlüsselbund deaktiviert ist." + +#: src/cryptsetup.c:3927 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Die Optionen --keyslot-cipher und --keyslot-keysize können nur zusammen benutzt werden." -#: src/cryptsetup.c:3581 +#: src/cryptsetup.c:3935 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Es wird keine Aktion ausgeführt. Aufgerufen mit der Option --test-args.\n" -#: src/cryptsetup.c:3594 +#: src/cryptsetup.c:3948 msgid "Cannot disable metadata locking." msgstr "Fehler beim Deaktivieren der Metadaten-Dateisperre." @@ -2836,7 +3078,7 @@ msgstr "Der Befehl erfordert die Option <root_hash> oder --root-hash-file als Ar msgid "<data_device> <hash_device>" msgstr "<Datengerät> <Hash-Gerät>" -#: src/veritysetup.c:489 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:543 msgid "format device" msgstr "Gerät formatieren" @@ -2852,7 +3094,7 @@ msgstr "Gerät verifizieren" msgid "<data_device> <name> <hash_device> [<root_hash>]" msgstr "<Datengerät> <Name> <Hash-Gerät> [<Wurzel-Hash>]" -#: src/veritysetup.c:493 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:546 msgid "show active device status" msgstr "Status der aktiven Geräte anzeigen" @@ -2860,7 +3102,7 @@ msgstr "Status der aktiven Geräte anzeigen" msgid "<hash_device>" msgstr "<Hash-Gerät>" -#: src/veritysetup.c:494 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:547 msgid "show on-disk information" msgstr "Auf dem Datenträger gespeicherte Informationen anzeigen" @@ -2890,11 +3132,11 @@ msgstr "" "Einkompilierte Vorgabewerte für dm-verity:\n" "\tHash: %s, Datenblock (Bytes): %u, Hashblock (Bytes): %u, Salt-Größe: %u, Hashformat: %u\n" -#: src/veritysetup.c:658 +#: src/veritysetup.c:661 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Die Optionen --ignore-corruption und --restart-on-corruption können nicht zusammen benutzt werden." -#: src/veritysetup.c:663 +#: src/veritysetup.c:666 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Die Optionen --panic-on-corruption und --restart-on-corruption können nicht zusammen benutzt werden." @@ -2907,29 +3149,29 @@ msgstr "" "Dadurch werden Daten auf %s und %s unwiderruflich überschrieben.\n" "Um Daten auf dem Gerät zu bewahren, verwenden Sie die Option »--no-wipe« (und aktivieren Sie sie dann mit »--integrity-recalculate«)." -#: src/integritysetup.c:212 +#: src/integritysetup.c:217 #, c-format msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "Formatiert mit Etikettgröße %u und interner Integrität %s.\n" -#: src/integritysetup.c:289 +#: src/integritysetup.c:298 msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." msgstr "Das Setzen der Option »recalculate« wird nicht unterstützt, Sie können stattdessen »--wipe« erwägen." -#: src/integritysetup.c:364 src/integritysetup.c:521 +#: src/integritysetup.c:373 src/integritysetup.c:530 #, c-format msgid "Device %s is not a valid INTEGRITY device." msgstr "Gerät »%s« ist kein gültiges INTEGRITY-Gerät." -#: src/integritysetup.c:534 src/integritysetup.c:538 +#: src/integritysetup.c:543 src/integritysetup.c:547 msgid "<integrity_device>" msgstr "<Integritätsgerät>" -#: src/integritysetup.c:535 +#: src/integritysetup.c:544 msgid "<integrity_device> <name>" msgstr "<Integritätsgerät> <Name>" -#: src/integritysetup.c:558 +#: src/integritysetup.c:567 #, c-format msgid "" "\n" @@ -2940,7 +3182,7 @@ msgstr "" "<Name> ist das Gerät, das unter »%s« angelegt werden soll\n" "<Integritätsgerät> ist das Gerät, das die Daten mit Integritätsangaben enthält\n" -#: src/integritysetup.c:563 +#: src/integritysetup.c:572 #, c-format msgid "" "\n" @@ -2953,40 +3195,40 @@ msgstr "" "\tPrüfalgorithmus: %s\n" "\tMaximalgröße der Schlüsseldatei: %d kB\n" -#: src/integritysetup.c:620 +#: src/integritysetup.c:629 #, c-format msgid "Invalid --%s size. Maximum is %u bytes." msgstr "Ungültige Größe für --%s. Maximum ist %u Bytes." -#: src/integritysetup.c:720 +#: src/integritysetup.c:732 msgid "Both key file and key size options must be specified." msgstr "Sowohl die Schlüsseldatei als auch die Schlüsselgröße müssen angegeben werden." -#: src/integritysetup.c:724 +#: src/integritysetup.c:736 msgid "Both journal integrity key file and key size options must be specified." msgstr "Sowohl die Schlüsseldatei als auch die Schlüsselgröße müssen für die Journalintegrität angegeben werden." -#: src/integritysetup.c:727 +#: src/integritysetup.c:739 msgid "Journal integrity algorithm must be specified if journal integrity key is used." msgstr "Wenn ein Integritätsschlüssel für das Journal verwendet wird, muss auch der Integritätsalgorithmus angegeben werden." -#: src/integritysetup.c:731 +#: src/integritysetup.c:743 msgid "Both journal encryption key file and key size options must be specified." msgstr "Sowohl der Verschlüsselungsschlüssel als auch die Schlüsselgröße müssen für die Journalverschlüsselung angegeben werden." -#: src/integritysetup.c:734 +#: src/integritysetup.c:746 msgid "Journal encryption algorithm must be specified if journal encryption key is used." msgstr "Wenn ein Verschlüsselungsschlüssel für das Journal verwendet wird, muss auch der Verschlüsselungsalgorithmus angegeben werden." -#: src/integritysetup.c:738 +#: src/integritysetup.c:750 msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "Die Modi Wiederherstellung und Bitmap schließen sich gegenseitig aus." -#: src/integritysetup.c:745 +#: src/integritysetup.c:757 msgid "Journal options cannot be used in bitmap mode." msgstr "Die Journal-Optionen können nicht im Bitmap-Modus verwendet werden." -#: src/integritysetup.c:750 +#: src/integritysetup.c:762 msgid "Bitmap options can be used only in bitmap mode." msgstr "Die Bitmapoptionen können nur im Bitmapmodus verwendet werden." @@ -3198,58 +3440,58 @@ msgstr "" msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Passwort-Qualitätsüberprüfung fehlgeschlagen: Falsche Passphrase (%s)" -#: src/utils_password.c:230 src/utils_password.c:244 +#: src/utils_password.c:231 src/utils_password.c:245 msgid "Error reading passphrase from terminal." msgstr "Fehler beim Lesen der Passphrase vom Terminal." -#: src/utils_password.c:242 +#: src/utils_password.c:243 msgid "Verify passphrase: " msgstr "Passphrase bestätigen: " -#: src/utils_password.c:249 +#: src/utils_password.c:250 msgid "Passphrases do not match." msgstr "Passphrasen stimmen nicht überein." -#: src/utils_password.c:287 +#: src/utils_password.c:288 msgid "Cannot use offset with terminal input." msgstr "Offset kann nicht zusammen mit Terminaleingabe benutzt werden." -#: src/utils_password.c:291 +#: src/utils_password.c:292 #, c-format msgid "Enter passphrase: " msgstr "Passphrase eingeben: " -#: src/utils_password.c:294 +#: src/utils_password.c:295 #, c-format msgid "Enter passphrase for %s: " msgstr "Geben Sie die Passphrase für »%s« ein: " -#: src/utils_password.c:328 +#: src/utils_password.c:329 msgid "No key available with this passphrase." msgstr "Kein Schlüssel mit dieser Passphrase verfügbar." -#: src/utils_password.c:330 +#: src/utils_password.c:331 msgid "No usable keyslot is available." msgstr "Es ist kein nutzbares Schlüsselfach verfügbar." -#: src/utils_luks.c:67 +#: src/utils_luks.c:68 msgid "Can't do passphrase verification on non-tty inputs." msgstr "Passphrase-Verifikation ist nur auf Terminal-Eingaben möglich." -#: src/utils_luks.c:182 +#: src/utils_luks.c:183 #, c-format msgid "Failed to open file %s in read-only mode." msgstr "Datei %s konnte nicht im Nur-Lese-Modus geöffnet werden." -#: src/utils_luks.c:195 +#: src/utils_luks.c:196 msgid "Provide valid LUKS2 token JSON:\n" msgstr "Geben Sie gültiges LUKS2-Token-JSON an:\n" -#: src/utils_luks.c:202 +#: src/utils_luks.c:203 msgid "Failed to read JSON file." msgstr "JSON-Datei konnte nicht gelesen werden." -#: src/utils_luks.c:207 +#: src/utils_luks.c:208 msgid "" "\n" "Read interrupted." @@ -3257,12 +3499,12 @@ msgstr "" "\n" "Lesen unterbrochen." -#: src/utils_luks.c:248 +#: src/utils_luks.c:249 #, c-format msgid "Failed to open file %s in write mode." msgstr "Datei %s konnte nicht im Schreibmodus geöffnet werden." -#: src/utils_luks.c:257 +#: src/utils_luks.c:258 msgid "" "\n" "Write interrupted." @@ -3270,7 +3512,7 @@ msgstr "" "\n" "Schreiben unterbrochen." -#: src/utils_luks.c:261 +#: src/utils_luks.c:262 msgid "Failed to write JSON file." msgstr "JSON-Datei konnte nicht geschrieben werden." @@ -3337,15 +3579,19 @@ msgstr "Das Gerät erfordert die Wiederherstellung der Wiederverschlüsselung. F msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "Gerät %s befindet sich bereits in der LUKS2-Neuverschlüsselung. Möchten Sie den zuvor begonnenen Vorgang fortsetzen?" -#: src/utils_reencrypt.c:353 +#: src/utils_reencrypt.c:416 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Die veraltete LUKS2-Wiederverschlüsselung wird nicht mehr unterstützt." -#: src/utils_reencrypt.c:418 +#: src/utils_reencrypt.c:421 +msgid "Can not reencrypt LUKS2 device configured to use OPAL." +msgstr "Auf einem Gerät, das für OPAL konfiguriert ist, kann die LUKS2-Wiederverschlüsselung nicht durchgeführt werden." + +#: src/utils_reencrypt.c:427 msgid "Reencryption of device with integrity profile is not supported." msgstr "Wiederverschlüsselung von Geräten mit Integritätsprofil wird nicht unterstützt." -#: src/utils_reencrypt.c:449 +#: src/utils_reencrypt.c:464 #, c-format msgid "" "Requested --sector-size %<PRIu32> is incompatible with %s superblock\n" @@ -3354,103 +3600,103 @@ msgstr "" "Angeforderte --sector-size %<PRIu32> ist nicht kompatibel mit dem %s-Superblock\n" "(Blockgröße: %<PRIu32>Bytes), der auf dem Gerät %s erkannt wurde." -#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 +#: src/utils_reencrypt.c:533 src/utils_reencrypt.c:1412 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Verschlüsselung ohne separaten Kopfbereich (--header) ist nur möglich, wenn die Größe des Hauptgeräts reduziert wird (--reduce-device-size)." -#: src/utils_reencrypt.c:525 +#: src/utils_reencrypt.c:540 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Der angeforderte Datenoffset darf maximal die Hälfte des Parameters --reduce-device-size betragen." -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:550 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n" msgstr "Der Wert von --reduce-device-size wird auf das Doppelte von --offset %<PRIu64> (in Sektoren) angepasst.\n" -#: src/utils_reencrypt.c:565 +#: src/utils_reencrypt.c:580 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "Temporäre Headerdatei »%s« existiert bereits. Wird abgebrochen." -#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 +#: src/utils_reencrypt.c:582 src/utils_reencrypt.c:589 #, c-format msgid "Cannot create temporary header file %s." msgstr "Fehler beim Anlegen der temporären Headerdatei »%s«." -#: src/utils_reencrypt.c:599 +#: src/utils_reencrypt.c:614 msgid "LUKS2 metadata size is larger than data shift value." msgstr "Die Größe der LUKS2-Metadaten ist größer als der Wert der Datenverschiebung." -#: src/utils_reencrypt.c:636 +#: src/utils_reencrypt.c:651 #, c-format msgid "Failed to place new header at head of device %s." msgstr "Der neue Header konnte nicht am Kopf des Geräts %s platziert werden." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:661 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s ist jetzt aktiv und bereit für die Onlineverschlüsselung.\n" -#: src/utils_reencrypt.c:682 +#: src/utils_reencrypt.c:697 #, c-format msgid "Active device %s is not LUKS2." msgstr "Das aktive Gerät »%s« ist kein LUKS2-Gerät." -#: src/utils_reencrypt.c:710 +#: src/utils_reencrypt.c:725 msgid "Restoring original LUKS2 header." msgstr "Wiederherstellung des ursprünglichen LUKS2-Headers." -#: src/utils_reencrypt.c:718 +#: src/utils_reencrypt.c:733 msgid "Original LUKS2 header restore failed." msgstr "Fehler beim Wiederherstellen des ursprünglichen LUKS2-Headers." -#: src/utils_reencrypt.c:744 +#: src/utils_reencrypt.c:759 #, c-format msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" msgstr "Die Header-Datei %s existiert nicht. Möchten Sie die LUKS2-Entschlüsselung von Gerät %s initialisieren und LUKS2-Header in Datei %s exportieren?" -#: src/utils_reencrypt.c:792 +#: src/utils_reencrypt.c:807 msgid "Failed to add read/write permissions to exported header file." msgstr "Fehler beim Hinzufügen der Lese-/Schreibberechtigung für die exportierte Header-Datei." -#: src/utils_reencrypt.c:845 +#: src/utils_reencrypt.c:860 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "Fehler beim Initialisieren der Wiederverschlüsselung. Eine Sicherungskopie des Headers befindet sich in %s." -#: src/utils_reencrypt.c:873 +#: src/utils_reencrypt.c:888 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "LUKS2-Entschlüsselung wird nur mit losgelöstem Headergerät unterstützt (mit Datenoffset auf 0 gesetzt)." -#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 +#: src/utils_reencrypt.c:1023 src/utils_reencrypt.c:1032 msgid "Not enough free keyslots for reencryption." msgstr "Nicht genügend freie Schlüsselfächer für Wiederverschlüsselung." -#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1053 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Schlüsseldatei kann nur mit --key-slot oder mit genau einem aktiven Schlüsselfach benutzt werden." -#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1062 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "Geben Sie die Passphrase für Schlüsselfach %d ein: " -#: src/utils_reencrypt.c:1059 +#: src/utils_reencrypt.c:1074 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "Geben Sie die Passphrase für Schlüsselfach %u ein: " -#: src/utils_reencrypt.c:1111 +#: src/utils_reencrypt.c:1126 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "Der Verschlüsselungsalgorithmus wird auf %s geändert.\n" -#: src/utils_reencrypt.c:1165 +#: src/utils_reencrypt.c:1180 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Keine Datensegmentparameter geändert. Wiederverschlüsselung abgebrochen." -#: src/utils_reencrypt.c:1267 +#: src/utils_reencrypt.c:1282 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3458,7 +3704,7 @@ msgstr "" "Die Zunahme der Größe des Verschlüsselungssektors auf einem Offline-Gerät wird nicht unterstützt.\n" "Aktivieren Sie das Gerät zuerst oder verwenden Sie die Option »--force-offline-reencrypt« (gefährlich!)." -#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1322 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3467,62 +3713,62 @@ msgstr "" "\n" "Wiederverschlüsselung unterbrochen." -#: src/utils_reencrypt.c:1312 +#: src/utils_reencrypt.c:1327 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "LUKS-Wiederverschlüsselung wird im erzwungenen Offline-Modus fortgesetzt.\n" -#: src/utils_reencrypt.c:1329 +#: src/utils_reencrypt.c:1350 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "Das Gerät %s enthält fehlerhafte LUKS-Metadaten. Vorgang wird abgebrochen." -#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 +#: src/utils_reencrypt.c:1366 src/utils_reencrypt.c:1388 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "Gerät %s ist bereits ein LUKS-Gerät. Vorgang wird abgebrochen." -#: src/utils_reencrypt.c:1373 +#: src/utils_reencrypt.c:1394 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "Gerät %s befindet sich bereits in der LUKS-Wiederverschlüsselung. Vorgang wird abgebrochen." -#: src/utils_reencrypt.c:1453 +#: src/utils_reencrypt.c:1476 msgid "LUKS2 decryption requires --header option." msgstr "LUKS2-Entschlüsselung erfordert die Option »--header«." -#: src/utils_reencrypt.c:1501 +#: src/utils_reencrypt.c:1524 msgid "Command requires device as argument." msgstr "Dieser Befehl benötigt den Gerätenamen als Argument." -#: src/utils_reencrypt.c:1514 +#: src/utils_reencrypt.c:1537 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Widersprüchliche Versionen. Gerät %s ist LUKS1." -#: src/utils_reencrypt.c:1520 +#: src/utils_reencrypt.c:1543 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Widersprüchliche Versionen. Gerät %s befindet sich in der LUKS1-Wiederverschlüsselung." -#: src/utils_reencrypt.c:1526 +#: src/utils_reencrypt.c:1549 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Widersprüchliche Versionen. Gerät %s ist LUKS2." -#: src/utils_reencrypt.c:1532 +#: src/utils_reencrypt.c:1555 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Widersprüchliche Versionen. Gerät %s befindet sich in LUKS2-Wiederverschlüsselung." -#: src/utils_reencrypt.c:1538 +#: src/utils_reencrypt.c:1561 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "Die LUKS2-Wiederverschlüsselung wurde bereits begonnen. Die Operation wird abgebrochen." -#: src/utils_reencrypt.c:1545 +#: src/utils_reencrypt.c:1568 msgid "Device reencryption not in progress." msgstr "Derzeit läuft keine Wiederverschlüsselung." -#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:295 #, c-format msgid "Cannot exclusively open %s, device in use." msgstr "Gerät »%s« kann nicht exklusiv geöffnet werden, da es bereits benutzt wird." @@ -3658,35 +3904,35 @@ msgstr "WARNUNG: Gerät %s enthält bereits eine '%s'-Partitionssignatur.\n" msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" msgstr "WARNUNG: Gerät %s enthält bereits eine '%s'-Superblock-Signatur.\n" -#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 +#: src/utils_blockdev.c:219 src/utils_blockdev.c:302 src/utils_blockdev.c:354 msgid "Failed to initialize device signature probes." msgstr "Fehler beim Initialisieren der Gerätesignatursonden." -#: src/utils_blockdev.c:274 +#: src/utils_blockdev.c:282 #, c-format msgid "Failed to stat device %s." msgstr "Gerät %s konnte nicht gefunden werden." -#: src/utils_blockdev.c:289 +#: src/utils_blockdev.c:297 #, c-format msgid "Failed to open file %s in read/write mode." msgstr "Datei %s konnte nicht im Lese-/Schreibmodus geöffnet werden." -#: src/utils_blockdev.c:307 +#: src/utils_blockdev.c:317 #, c-format msgid "Existing '%s' partition signature on device %s will be wiped." msgstr "Die bestehende »%s«-Partitionssignatur auf Gerät %s wird gelöscht." -#: src/utils_blockdev.c:310 +#: src/utils_blockdev.c:320 #, c-format msgid "Existing '%s' superblock signature on device %s will be wiped." msgstr "Die bestehende »%s«-Superblocksignatur auf Gerät %s wird gelöscht." -#: src/utils_blockdev.c:313 +#: src/utils_blockdev.c:323 msgid "Failed to wipe device signature." msgstr "Fehler beim Löschen der Gerätesignatur." -#: src/utils_blockdev.c:320 +#: src/utils_blockdev.c:330 #, c-format msgid "Failed to probe device %s for a signature." msgstr "Gerät %s konnte nicht auf eine Signatur geprüft werden." @@ -3701,11 +3947,11 @@ msgstr "Ungültige Größenangabe in Parameter --%s." msgid "Option --%s is not allowed with %s action." msgstr "Die Option --%s ist nicht mit der Aktion %s kombinierbar." -#: tokens/ssh/cryptsetup-ssh.c:110 +#: tokens/ssh/cryptsetup-ssh.c:123 msgid "Failed to write ssh token json." msgstr "Fehler beim Schreiben des SSH-Tokens im JSON-Format." -#: tokens/ssh/cryptsetup-ssh.c:128 +#: tokens/ssh/cryptsetup-ssh.c:141 msgid "" "Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" "\n" @@ -3722,105 +3968,109 @@ msgstr "" "\n" "Hinweis: Die beim Hinzufügen des Tokens angegebenen Informationen (SSH-Server-Adresse, Benutzer und Pfade) werden im LUKS2-Header im Klartext gespeichert." -#: tokens/ssh/cryptsetup-ssh.c:138 +#: tokens/ssh/cryptsetup-ssh.c:151 msgid "<action> <device>" msgstr "<Aktion> <Gerät>" -#: tokens/ssh/cryptsetup-ssh.c:141 +#: tokens/ssh/cryptsetup-ssh.c:154 msgid "Options for the 'add' action:" msgstr "Optionen für die Aktion \"add\" (Hinzufügen):" -#: tokens/ssh/cryptsetup-ssh.c:142 +#: tokens/ssh/cryptsetup-ssh.c:155 msgid "IP address/URL of the remote server for this token" msgstr "IP-Adresse/URL des entfernten Servers für dieses Token" -#: tokens/ssh/cryptsetup-ssh.c:143 +#: tokens/ssh/cryptsetup-ssh.c:156 msgid "Username used for the remote server" msgstr "Benutzername, der für den entfernten Server verwendet wird" -#: tokens/ssh/cryptsetup-ssh.c:144 +#: tokens/ssh/cryptsetup-ssh.c:157 msgid "Path to the key file on the remote server" msgstr "Pfad zur Schlüsseldatei auf dem entfernten Server" -#: tokens/ssh/cryptsetup-ssh.c:145 +#: tokens/ssh/cryptsetup-ssh.c:158 msgid "Path to the SSH key for connecting to the remote server" msgstr "Pfad zum SSH-Schlüssel für die Verbindung zum entfernten Server" -#: tokens/ssh/cryptsetup-ssh.c:146 +#: tokens/ssh/cryptsetup-ssh.c:160 +msgid "Path to directory containinig libcryptsetup external tokens" +msgstr "Pfad zum Verzeichnis, das die externen Tokens für libcryptsetup enthält" + +#: tokens/ssh/cryptsetup-ssh.c:161 msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." msgstr "Schlüsselfach, dem das Token zugewiesen werden soll. Wenn nicht angegeben, wird das Token dem ersten Schlüsselfach zugewiesen, das zur angegebenen Passphrase passt." -#: tokens/ssh/cryptsetup-ssh.c:148 +#: tokens/ssh/cryptsetup-ssh.c:163 msgid "Generic options:" msgstr "Allgemeine Optionen:" -#: tokens/ssh/cryptsetup-ssh.c:149 +#: tokens/ssh/cryptsetup-ssh.c:164 msgid "Shows more detailed error messages" msgstr "Zeigt detailliertere Fehlermeldungen an" -#: tokens/ssh/cryptsetup-ssh.c:150 +#: tokens/ssh/cryptsetup-ssh.c:165 msgid "Show debug messages" msgstr "Zeigt Debugging-Meldungen an" -#: tokens/ssh/cryptsetup-ssh.c:151 +#: tokens/ssh/cryptsetup-ssh.c:166 msgid "Show debug messages including JSON metadata" msgstr "Debugging-Meldungen anzeigen, inclusive JSON-Metadaten" -#: tokens/ssh/cryptsetup-ssh.c:262 +#: tokens/ssh/cryptsetup-ssh.c:281 msgid "Failed to open and import private key:\n" msgstr "Öffnen und Importieren des privaten Schlüssels fehlgeschlagen:\n" -#: tokens/ssh/cryptsetup-ssh.c:266 +#: tokens/ssh/cryptsetup-ssh.c:285 msgid "Failed to import private key (password protected?).\n" msgstr "Der Import des privaten Schlüssels (passwortgeschützt?) ist fehlgeschlagen.\n" #. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " -#: tokens/ssh/cryptsetup-ssh.c:268 +#: tokens/ssh/cryptsetup-ssh.c:287 #, c-format msgid "%s@%s's password: " msgstr "Passwort von %s@%s: " -#: tokens/ssh/cryptsetup-ssh.c:357 +#: tokens/ssh/cryptsetup-ssh.c:376 #, c-format msgid "Failed to parse arguments.\n" msgstr "Das Parsen der Argumente ist fehlgeschlagen.\n" -#: tokens/ssh/cryptsetup-ssh.c:368 +#: tokens/ssh/cryptsetup-ssh.c:387 #, c-format msgid "An action must be specified\n" msgstr "Es muss eine Aktion angegeben werden\n" -#: tokens/ssh/cryptsetup-ssh.c:374 +#: tokens/ssh/cryptsetup-ssh.c:393 #, c-format msgid "Device must be specified for '%s' action.\n" msgstr "Für die Aktion '%s' muss ein Gerät angegeben werden.\n" -#: tokens/ssh/cryptsetup-ssh.c:379 +#: tokens/ssh/cryptsetup-ssh.c:398 #, c-format msgid "SSH server must be specified for '%s' action.\n" msgstr "Für die Aktion '%s' muss ein SSH-Server angegeben werden.\n" -#: tokens/ssh/cryptsetup-ssh.c:384 +#: tokens/ssh/cryptsetup-ssh.c:403 #, c-format msgid "SSH user must be specified for '%s' action.\n" msgstr "Für die Aktion '%s' muss ein SSH-Benutzer angegeben werden.\n" -#: tokens/ssh/cryptsetup-ssh.c:389 +#: tokens/ssh/cryptsetup-ssh.c:408 #, c-format msgid "SSH path must be specified for '%s' action.\n" msgstr "Für die Aktion '%s' muss ein SSH-Pfad angegeben werden.\n" -#: tokens/ssh/cryptsetup-ssh.c:394 +#: tokens/ssh/cryptsetup-ssh.c:413 #, c-format msgid "SSH key path must be specified for '%s' action.\n" msgstr "Für die Aktion '%s' muss ein SSH-Schlüsselpfad angegeben werden.\n" -#: tokens/ssh/cryptsetup-ssh.c:401 +#: tokens/ssh/cryptsetup-ssh.c:420 #, c-format msgid "Failed open %s using provided credentials.\n" msgstr "Öffnen von %s mit den angegebenen Anmeldeinformationen fehlgeschlagen.\n" -#: tokens/ssh/cryptsetup-ssh.c:417 +#: tokens/ssh/cryptsetup-ssh.c:437 #, c-format msgid "Only 'add' action is currently supported by this plugin.\n" msgstr "Nur die Aktion \"add\" (Hinzufügen) wird derzeit von diesem Plugin unterstützt.\n" @@ -3865,6 +4115,12 @@ msgstr "Authentifizierung mit öffentlichem Schlüssel ist auf dem Host nicht er msgid "Public key authentication error: " msgstr "Fehler bei der Authentifizierung mit öffentlichem Schlüssel: " +#~ msgid "compiled-in" +#~ msgstr "integriert" + +#~ msgid "disabled" +#~ msgstr "deaktiviert" + #~ msgid "WARNING: Data offset is outside of currently available data device.\n" #~ msgstr "WARNING: Der Datenoffset ist außerhalb des derzeit verfügbaren Datengeräts.\n" @@ -3889,9 +4145,6 @@ msgstr "Fehler bei der Authentifizierung mit öffentlichem Schlüssel: " #~ msgid "Failed to disable reencryption requirement flag." #~ msgstr "Fehler beim Deaktivieren der Wiederverschlüsselungsanforderung." -#~ msgid "Encryption is supported only for LUKS2 format." -#~ msgstr "Verschlüsselung wird nur für das LUKS2-Format unterstützt." - #~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" #~ msgstr "LUKS-Gerät auf »%s« erkannt. Möchten Sie dieses LUKS-Gerät erneut verschlüsseln?" @@ -3958,10 +4211,6 @@ msgstr "Fehler bei der Authentifizierung mit öffentlichem Schlüssel: " #~ msgid "No free token slot." #~ msgstr "Kein freies Fach für Token." -# upstream: period missing -#~ msgid "Failed to create builtin token %s." -#~ msgstr "Fehler beim Erzeugen des eingebauten Tokens »%s«." - #~ msgid "Invalid LUKS device type." #~ msgstr "Ungültige LUKS-Geräteart." @@ -2,7 +2,7 @@ # Traducciones al español para el paquete cryptsetup. # Copyright (C) 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Free Software Foundation, Inc. # This file is put in the public domain. -# Antonio Ceballos <aceballos@gmail.com>, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 +# Antonio Ceballos <aceballos@gmail.com>, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2023, 2024 # # ###################################################################### # Traducciones dudosas: @@ -73,10 +73,10 @@ # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.4.2-rc0\n" -"Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2021-11-11 19:08+0100\n" -"PO-Revision-Date: 2021-12-12 11:49+0100\n" +"Project-Id-Version: cryptsetup 2.7.0-rc1\n" +"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" +"POT-Creation-Date: 2023-12-20 15:16+0100\n" +"PO-Revision-Date: 2024-01-13 17:04+0100\n" "Last-Translator: Antonio Ceballos <aceballos@gmail.com>\n" "Language-Team: Spanish <es@tp.org.es>\n" "Language: es\n" @@ -86,67 +86,75 @@ msgstr "" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -#: lib/libdevmapper.c:396 +#: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "No se puede inicializar el «device mapper», ejecutando como usuario no administrador." -#: lib/libdevmapper.c:399 +#: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "No se puede inicializar el «device-mapper». ¿Está cargado el módulo del núcleo dm_mod?" -#: lib/libdevmapper.c:1170 +#: lib/libdevmapper.c:1103 msgid "Requested deferred flag is not supported." msgstr "El indicador diferido solicitado no está disponible." -#: lib/libdevmapper.c:1239 +#: lib/libdevmapper.c:1172 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "El DM-UUID del dispositivo %s ha sido truncado." -#: lib/libdevmapper.c:1567 +#: lib/libdevmapper.c:1510 msgid "Unknown dm target type." msgstr "Tipo de objetivo dm desconocido." -#: lib/libdevmapper.c:1688 lib/libdevmapper.c:1693 lib/libdevmapper.c:1757 -#: lib/libdevmapper.c:1760 +#: lib/libdevmapper.c:1629 lib/libdevmapper.c:1635 lib/libdevmapper.c:1738 +#: lib/libdevmapper.c:1741 msgid "Requested dm-crypt performance options are not supported." msgstr "Las opciones de rendimiento de dm-crypt solicitadas no están disponibles." -#: lib/libdevmapper.c:1700 lib/libdevmapper.c:1704 +#: lib/libdevmapper.c:1644 lib/libdevmapper.c:1656 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Las opciones de manejo de corrupción de datos de dm-verity solicitadas no están disponibles." -#: lib/libdevmapper.c:1708 +#: lib/libdevmapper.c:1650 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "La opción «tasklets» de dm-verity solicitada no está disponible." + +#: lib/libdevmapper.c:1662 msgid "Requested dm-verity FEC options are not supported." msgstr "Las opciones FEC de dm-verity solicitadas no están disponibles." -#: lib/libdevmapper.c:1712 +#: lib/libdevmapper.c:1668 msgid "Requested data integrity options are not supported." msgstr "Las opciones de integridad de datos solicitadas no están disponibles." -#: lib/libdevmapper.c:1714 +#: lib/libdevmapper.c:1672 msgid "Requested sector_size option is not supported." msgstr "La opción sector_size solicitada no está disponible." -#: lib/libdevmapper.c:1719 lib/libdevmapper.c:1723 +#: lib/libdevmapper.c:1677 +msgid "The device size is not multiple of the requested sector size." +msgstr "El tamaño del dispositivo no es múltiplo del tamaño de sector solicitado." + +#: lib/libdevmapper.c:1684 lib/libdevmapper.c:1690 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "El recómputo automático de las etiquetas de integridad solicitado no está disponible." -#: lib/libdevmapper.c:1727 lib/libdevmapper.c:1763 lib/libdevmapper.c:1766 -#: lib/luks2/luks2_json_metadata.c:2204 +#: lib/libdevmapper.c:1696 lib/libdevmapper.c:1744 lib/libdevmapper.c:1747 +#: lib/luks2/luks2_json_metadata.c:2754 msgid "Discard/TRIM is not supported." msgstr "Descartar/TRIM no disponible." -#: lib/libdevmapper.c:1731 +#: lib/libdevmapper.c:1702 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "El modo de mapa de bits de dm-integrity solicitado no está disponible." -#: lib/libdevmapper.c:2705 +#: lib/libdevmapper.c:2738 #, c-format msgid "Failed to query dm-%s segment." msgstr "No se ha podido consultar el segmento de dm-%s." -#: lib/random.c:75 +#: lib/random.c:73 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -154,667 +162,795 @@ msgstr "" "El sistema se ha quedado sin entropÃa mientras estaba generando la clave del volumen.\n" "Por favor, mueva el ratón o pulse alguna tecla en otra ventana para provocar algún evento aleatorio.\n" -#: lib/random.c:79 +#: lib/random.c:77 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Generando la clave (%d%% hecho).\n" -#: lib/random.c:165 +#: lib/random.c:163 msgid "Running in FIPS mode." msgstr "Modo FIPS en funcionamiento." -#: lib/random.c:171 +#: lib/random.c:169 msgid "Fatal error during RNG initialisation." msgstr "Error fatal durante la inicialización del generador de números aleatorios." -#: lib/random.c:208 +#: lib/random.c:207 msgid "Unknown RNG quality requested." msgstr "La calidad solicitada para el generador de números aleatorios es desconocida." -#: lib/random.c:213 +#: lib/random.c:212 msgid "Error reading from RNG." msgstr "Error leyendo del generador de números aleatorios." -#: lib/setup.c:226 +#: lib/setup.c:261 +msgid "OPAL support is disabled in libcryptsetup." +msgstr "El soporte de OPAL está desactivado en libcryptsetup." + +#: lib/setup.c:263 +#, c-format +msgid "Device %s or kernel does not support OPAL encryption." +msgstr "El dispositivo %s o el núcleo no disponen de cifrado OPAL." + +#: lib/setup.c:279 msgid "Cannot initialize crypto RNG backend." msgstr "No se puede inicializar el «backend» del generador de números aleatorios de cifrado." -#: lib/setup.c:232 +#: lib/setup.c:285 msgid "Cannot initialize crypto backend." msgstr "No se puede inicializar el «backend» de cifrado." -#: lib/setup.c:263 lib/setup.c:2079 lib/verity/verity.c:119 +#: lib/setup.c:317 lib/setup.c:2777 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Algoritmo «hash» %s no disponible." -#: lib/setup.c:266 lib/loopaes/loopaes.c:90 +#: lib/setup.c:320 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Error de procesamiento de la clave (usando «hash» %s)." -#: lib/setup.c:332 lib/setup.c:359 +#: lib/setup.c:391 lib/setup.c:428 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "No se puede determinar el tipo de dispositivo. ¿Es incompatible la activación del dispositivo?" -#: lib/setup.c:338 lib/setup.c:3142 +#: lib/setup.c:397 lib/setup.c:3971 msgid "This operation is supported only for LUKS device." msgstr "Esta operación solamente está disponible para dispositivos LUKS." -#: lib/setup.c:365 +#: lib/setup.c:434 msgid "This operation is supported only for LUKS2 device." msgstr "Esta operación solamente está disponible para dispositivos LUKS2." -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2440 +#: lib/setup.c:491 lib/luks2/luks2_reencrypt.c:3056 msgid "All key slots full." msgstr "Todas las ranuras de claves están llenas." -#: lib/setup.c:431 +#: lib/setup.c:502 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "La ranura de claves %d no es válida; seleccione un número entre 0 y %d." -#: lib/setup.c:437 +#: lib/setup.c:508 #, c-format msgid "Key slot %d is full, please select another one." msgstr "La ranura de claves %d está llena; seleccione otra." -#: lib/setup.c:522 lib/setup.c:2900 +#: lib/setup.c:619 lib/setup.c:3672 msgid "Device size is not aligned to device logical block size." msgstr "El tamaño del dispositivo no está alineado con el tamaño de bloque lógico del dispositivo." -#: lib/setup.c:620 +#: lib/setup.c:717 #, c-format msgid "Header detected but device %s is too small." msgstr "Cabecera detectada pero el dispositivo %s es demasiado pequeño." -#: lib/setup.c:661 lib/setup.c:2845 +#: lib/setup.c:758 lib/setup.c:3563 lib/setup.c:5163 +#: lib/luks2/luks2_reencrypt.c:3848 lib/luks2/luks2_reencrypt.c:4305 msgid "This operation is not supported for this device type." msgstr "Esta operación no está disponible para este tipo de dispositivo." -#: lib/setup.c:666 +#: lib/setup.c:763 msgid "Illegal operation with reencryption in-progress." msgstr "Operación con recifrado en curso no válida." -#: lib/setup.c:834 lib/luks1/keymanage.c:527 +#: lib/setup.c:895 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "No se han podido echar atrás los metadatos de LUKS2 en memoria." + +#: lib/setup.c:982 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1374 src/cryptsetup.c:1799 +#: src/cryptsetup.c:1962 src/cryptsetup.c:2017 src/cryptsetup.c:2222 +#: src/cryptsetup.c:2392 src/cryptsetup.c:2673 src/cryptsetup.c:2981 +#: src/cryptsetup.c:3049 src/utils_reencrypt.c:1488 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:85 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "El dispositivo %s no es un dispositivo LUKS válido." + +#: lib/setup.c:985 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "Versión LUKS no disponible %d." -#: lib/setup.c:1430 lib/setup.c:2610 lib/setup.c:2683 lib/setup.c:2695 -#: lib/setup.c:2853 lib/setup.c:4643 +#: lib/setup.c:1358 +#, c-format +msgid "No known cipher specification pattern detected for active device %s." +msgstr "No se ha detectado ningún patrón conocido de especificación de cifrado para el dispositivo activo %s." + +#: lib/setup.c:1604 lib/setup.c:3317 lib/setup.c:3399 lib/setup.c:3411 +#: lib/setup.c:3581 lib/setup.c:5755 #, c-format msgid "Device %s is not active." msgstr "El dispositivo %s no está activo." -#: lib/setup.c:1447 +#: lib/setup.c:1621 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "El dispositivo subyacente asociado al dispositivo cifrado %s ha desaparecido." -#: lib/setup.c:1527 +#: lib/setup.c:1703 msgid "Invalid plain crypt parameters." msgstr "Parámetros de cifrado para modo claro no válidos." -#: lib/setup.c:1532 lib/setup.c:1982 +#: lib/setup.c:1708 lib/setup.c:2680 msgid "Invalid key size." msgstr "Tamaño de clave no válido." -#: lib/setup.c:1537 lib/setup.c:1987 lib/setup.c:2190 +#: lib/setup.c:1713 lib/setup.c:2685 lib/setup.c:2888 msgid "UUID is not supported for this crypt type." msgstr "El UUID no está disponible para este tipo de cifrado." -#: lib/setup.c:1542 lib/setup.c:1992 +#: lib/setup.c:1718 lib/setup.c:2690 msgid "Detached metadata device is not supported for this crypt type." msgstr "El dispositivo de metadatos separado no está disponible para este tipo de cifrado." -#: lib/setup.c:1552 lib/setup.c:1754 lib/luks2/luks2_reencrypt.c:2401 -#: src/cryptsetup.c:1358 src/cryptsetup.c:3723 +#: lib/setup.c:1728 lib/setup.c:1963 lib/luks2/luks2_reencrypt.c:3012 +#: src/cryptsetup.c:1467 src/cryptsetup.c:3726 msgid "Unsupported encryption sector size." msgstr "Tamaño de sector de cifrado no admitido." -#: lib/setup.c:1560 lib/setup.c:1895 lib/setup.c:2894 +#: lib/setup.c:1736 lib/setup.c:1992 lib/setup.c:3666 msgid "Device size is not aligned to requested sector size." msgstr "El tamaño del dispositivo no está alineado con el tamaño del sector solicitado." -#: lib/setup.c:1612 lib/setup.c:1732 +#: lib/setup.c:1788 lib/setup.c:2025 lib/setup.c:2357 msgid "Can't format LUKS without device." msgstr "Imposible dar formato LUKS sin dispositivo." -#: lib/setup.c:1618 lib/setup.c:1738 +#: lib/setup.c:1794 lib/setup.c:2031 lib/setup.c:2363 msgid "Requested data alignment is not compatible with data offset." msgstr "El alineamiento de datos solicitado no es compatible con el desplazamiento de los datos." -#: lib/setup.c:1686 lib/setup.c:1882 -msgid "WARNING: Data offset is outside of currently available data device.\n" -msgstr "ATENCIÓN: El desplazamiento de los datos está fuera del dispositivo de datos actualmente disponible.\n" +#: lib/setup.c:1834 lib/setup.c:2049 +msgid "WARNING: DAX device can corrupt data as it does not guarantee atomic sector updates.\n" +msgstr "ATENCIÓN: El dispositivo DAX puede corromper datos ya que no garantiza actualizaciones de sector atómicas.\n" -#: lib/setup.c:1696 lib/setup.c:1912 lib/setup.c:1933 lib/setup.c:2202 +#: lib/setup.c:1872 lib/setup.c:2144 lib/setup.c:2165 lib/setup.c:2541 +#: lib/setup.c:2587 lib/setup.c:2900 #, c-format msgid "Cannot wipe header on device %s." msgstr "No se puede limpiar la cabecera del dispositivo %s." -#: lib/setup.c:1763 -msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" -msgstr "ATENCIÓN: La activación del dispositivo va a fallar; dm-crypt no admite el tamaño de sector de cifrado solicitado.\n" +#: lib/setup.c:1885 lib/setup.c:2204 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "El dispositivo %s es demasiado pequeño para ser activado; no queda espacio para los datos.\n" -#: lib/setup.c:1786 +#: lib/setup.c:1925 msgid "Volume key is too small for encryption with integrity extensions." msgstr "La clave del volumen es demasiado pequeña para cifrado con extensiones de integridad." -#: lib/setup.c:1856 +#: lib/setup.c:1934 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "El algoritmo de cifrado %s-%s (tamaño de clave %zd bits) no está disponible." -#: lib/setup.c:1885 -#, c-format -msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" -msgstr "ATENCIÓN: el tamaño de los metadatos LUKS2 ha cambiado a %<PRIu64> bytes.\n" - -#: lib/setup.c:1889 -#, c-format -msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" -msgstr "ATENCIÓN: el tamaño de la zona de ranuras de claves LUKS2 ha cambiado a %<PRIu64> bytes.\n" +#: lib/setup.c:1973 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "ATENCIÓN: La activación del dispositivo va a fallar; dm-crypt no admite el tamaño de sector de cifrado solicitado.\n" -#: lib/setup.c:1915 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:2451 lib/luks2/luks2_reencrypt.c:3488 +#: lib/setup.c:2147 lib/setup.c:2484 lib/setup.c:2544 lib/utils_device.c:917 +#: lib/luks1/keyencryption.c:255 lib/luks2/luks2_reencrypt.c:3080 +#: lib/luks2/luks2_reencrypt.c:4364 #, c-format msgid "Device %s is too small." msgstr "El dispositivo %s es demasiado pequeño." -#: lib/setup.c:1926 lib/setup.c:1952 +#: lib/setup.c:2158 lib/setup.c:2184 lib/setup.c:2580 lib/setup.c:2626 #, c-format msgid "Cannot format device %s in use." msgstr "No se puede dar formato al dispositivo %s en uso." -#: lib/setup.c:1929 lib/setup.c:1955 +#: lib/setup.c:2161 lib/setup.c:2187 lib/setup.c:2583 lib/setup.c:2629 #, c-format msgid "Cannot format device %s, permission denied." msgstr "No se puede dar formato al dispositivo %s; permiso denegado." -#: lib/setup.c:1941 lib/setup.c:2262 +#: lib/setup.c:2173 lib/setup.c:2600 lib/setup.c:2960 #, c-format msgid "Cannot format integrity for device %s." msgstr "No se puede dar formato a la integridad del dispositivo %s." -#: lib/setup.c:1959 +#: lib/setup.c:2191 lib/setup.c:2637 #, c-format msgid "Cannot format device %s." msgstr "No se puede dar formato al dispositivo %s." -#: lib/setup.c:1977 +#: lib/setup.c:2234 +msgid "Cannot get OPAL alignment parameters." +msgstr "No se pueden obtener los parámetros de alineamiento OPAL." + +#: lib/setup.c:2243 +msgid "Bogus OPAL logical block size." +msgstr "Tamaño de bloque lógico OPAL falso." + +#: lib/setup.c:2249 +msgid "Requested data offset is not compatible with OPAL block size." +msgstr "El desplazamiento de datos solicitado no es compatible con el tamaño de bloque OPAL." + +#: lib/setup.c:2256 +msgid "Requested data alignment is not compatible with OPAL alignment." +msgstr "El alineamiento de datos solicitado no es compatible con el alineamiento OPAL." + +#: lib/setup.c:2276 +msgid "Data offset does not satisfy OPAL alignment requirements." +msgstr "El desplazamiento de datos no satisface los requisitos de alineamiento OPAL." + +#: lib/setup.c:2289 +msgid "Requested data alignment does not satisfy locking range alignment requirements." +msgstr "El alineamiento de datos solicitado no satisface los requisitos de alineamiento del rango de bloqueo." + +#: lib/setup.c:2494 +#, c-format +msgid "Compensating device size by %<PRIu64> sectors to align it with OPAL alignment granularity." +msgstr "Compensando el tamaño de dispositivo con %<PRIu64> sectores para alinearlo con la granularidad de alienamiento OPAL." + +#: lib/setup.c:2552 lib/setup.c:4068 lib/setup.c:4223 lib/utils_wipe.c:368 +#: lib/luks2/luks2_json_metadata.c:2703 lib/luks2/luks2_json_metadata.c:2955 +#, c-format +msgid "Failed to acquire OPAL lock on device %s." +msgstr "No se ha podido adquirir el bloqueo OPAL para el dispositivo %s." + +#: lib/setup.c:2561 +msgid "Incorrect OPAL Admin key." +msgstr "Clave de administrador de OPAL incorrecta." + +#: lib/setup.c:2563 +msgid "Cannot setup OPAL segment." +msgstr "No se puede configurar el segmento de OPAL." + +#: lib/setup.c:2633 +#, c-format +msgid "Cannot format device %s, OPAL device seems to be fully write-protected now." +msgstr "No se puede dar formato al dispositivo %s; parece que el dispositivo OPAL está completamente protegido contra escritura actualmente." + +#: lib/setup.c:2635 +msgid "This is perhaps a bug in firmware. Run OPAL PSID reset and reconnect for recovery." +msgstr "Quizá esto sea un error del firmware. Ejecute un reinicio PSID OPAL y reconecte para recuperar." + +#: lib/setup.c:2655 +#, c-format +msgid "Locking range %d reset on device %s failed." +msgstr "El reinicio del rango %d de bloqueo del dispositivo %s ha fallado." + +#: lib/setup.c:2675 msgid "Can't format LOOPAES without device." msgstr "Imposible dar formato LOOPAES sin dispositivo." -#: lib/setup.c:2022 +#: lib/setup.c:2720 msgid "Can't format VERITY without device." msgstr "Imposible dar formato VERITY sin dispositivo." -#: lib/setup.c:2033 lib/verity/verity.c:102 +#: lib/setup.c:2731 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Tipo de «hash» VERITY %d no disponible." -#: lib/setup.c:2039 lib/verity/verity.c:110 +#: lib/setup.c:2737 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Tamaño de bloque VERITY no disponible." -#: lib/setup.c:2044 lib/verity/verity.c:74 +#: lib/setup.c:2742 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Desplazamiento «hash» VERITY no disponible." -#: lib/setup.c:2049 +#: lib/setup.c:2747 msgid "Unsupported VERITY FEC offset." msgstr "Desplazamiento FEC VERITY no disponible." -#: lib/setup.c:2073 +#: lib/setup.c:2771 msgid "Data area overlaps with hash area." msgstr "La zona de datos se solapa con la zona «hash»." -#: lib/setup.c:2098 +#: lib/setup.c:2796 msgid "Hash area overlaps with FEC area." msgstr "La zona «hash» se solapa con la zona FEC." -#: lib/setup.c:2105 +#: lib/setup.c:2803 msgid "Data area overlaps with FEC area." msgstr "La zona de datos se solapa con la zona FEC." -#: lib/setup.c:2241 +#: lib/setup.c:2939 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "ATENCIÓN: El tamaño de etiqueta de %d bytes solicitado difiere del tamaño de salida de %s (%d bytes).\n" -#: lib/setup.c:2320 +#: lib/setup.c:3018 #, c-format msgid "Unknown crypt device type %s requested." msgstr "El tipo de dispositivo cifrado % solicitado es desconocido." -#: lib/setup.c:2616 lib/setup.c:2688 lib/setup.c:2701 +#: lib/setup.c:3325 lib/setup.c:3404 lib/setup.c:3417 #, c-format msgid "Unsupported parameters on device %s." msgstr "Parámetros no admitidos para el dispositivo %s." -#: lib/setup.c:2622 lib/setup.c:2708 lib/luks2/luks2_reencrypt.c:2503 -#: lib/luks2/luks2_reencrypt.c:2847 +#: lib/setup.c:3331 lib/setup.c:3424 lib/luks2/luks2_reencrypt.c:2908 +#: lib/luks2/luks2_reencrypt.c:3145 lib/luks2/luks2_reencrypt.c:3540 #, c-format msgid "Mismatching parameters on device %s." msgstr "Parámetros discordantes en el dispositivo %s." -#: lib/setup.c:2728 +#: lib/setup.c:3448 msgid "Crypt devices mismatch." msgstr "Los dispositivos de cifrado no concuerdan." -#: lib/setup.c:2765 lib/setup.c:2770 lib/luks2/luks2_reencrypt.c:2143 -#: lib/luks2/luks2_reencrypt.c:3255 +#: lib/setup.c:3485 lib/setup.c:3490 lib/luks2/luks2_reencrypt.c:2390 +#: lib/luks2/luks2_reencrypt.c:2924 lib/luks2/luks2_reencrypt.c:4109 #, c-format msgid "Failed to reload device %s." msgstr "No se ha podido recargar el dispositivo %s." -#: lib/setup.c:2776 lib/setup.c:2782 lib/luks2/luks2_reencrypt.c:2114 -#: lib/luks2/luks2_reencrypt.c:2121 +#: lib/setup.c:3496 lib/setup.c:3502 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2368 lib/luks2/luks2_reencrypt.c:2938 #, c-format msgid "Failed to suspend device %s." msgstr "No se ha podido suspender el dispositivo %s." -#: lib/setup.c:2788 lib/luks2/luks2_reencrypt.c:2128 -#: lib/luks2/luks2_reencrypt.c:3190 lib/luks2/luks2_reencrypt.c:3259 +#: lib/setup.c:3508 lib/luks2/luks2_reencrypt.c:2375 +#: lib/luks2/luks2_reencrypt.c:2959 lib/luks2/luks2_reencrypt.c:4022 +#: lib/luks2/luks2_reencrypt.c:4113 #, c-format msgid "Failed to resume device %s." msgstr "No se ha podido reanudar el dispositivo %s." -#: lib/setup.c:2803 +#: lib/setup.c:3523 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Error grave durante la recarga del dispositivo %s (por encima del dispositivo %s)." -#: lib/setup.c:2806 lib/setup.c:2808 +#: lib/setup.c:3526 lib/setup.c:3528 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "No se ha podido conmutar el dispositivo %s a dm-error." -#: lib/setup.c:2885 +#: lib/setup.c:3568 +msgid "Can not resize LUKS2 device with static size." +msgstr "No se ha podido cambiar el tamaño del dispositivo LUKS2 con un tamaño estático." + +#: lib/setup.c:3613 msgid "Cannot resize loop device." msgstr "No se ha podido cambiar el tamaño del dispositivo de bucle." -#: lib/setup.c:2958 +#: lib/setup.c:3657 +msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" +msgstr "ATENCIÓN: ya se ha puesto el tamaño máximo o el núcleo no permite cambiarlo.\n" + +#: lib/setup.c:3723 +msgid "Resize failed, the kernel doesn't support it." +msgstr "El cambio de tamaño ha fallado; el núcleo no admite el cambio." + +#: lib/setup.c:3755 msgid "Do you really want to change UUID of device?" msgstr "¿Está seguro de que quiere cambiar el UUID del dispositivo?" -#: lib/setup.c:3034 +#: lib/setup.c:3847 msgid "Header backup file does not contain compatible LUKS header." msgstr "El fichero de copia de seguridad de la cabecera no contiene una cabecera LUKS compatible." -#: lib/setup.c:3150 +#: lib/setup.c:3956 #, c-format msgid "Volume %s is not active." msgstr "El volumen %s no está activo." -#: lib/setup.c:3161 +#: lib/setup.c:4022 #, c-format msgid "Volume %s is already suspended." msgstr "El volumen %s ya está suspendido." -#: lib/setup.c:3174 +#: lib/setup.c:4050 #, c-format msgid "Suspend is not supported for device %s." msgstr "La suspensión no está disponible para el dispositivo %s." -#: lib/setup.c:3176 +#: lib/setup.c:4052 lib/setup.c:4060 #, c-format msgid "Error during suspending device %s." msgstr "Error durante la suspensión del dispositivo %s." -#: lib/setup.c:3212 +#: lib/setup.c:4074 +#, c-format +msgid "Device %s was suspended but hardware OPAL device cannot be locked." +msgstr "Se ha suspendido el dispositivo %s pero el dispositivo OPAL hardware no puede bloquearse." + +#: lib/setup.c:4106 lib/setup.c:4250 #, c-format msgid "Resume is not supported for device %s." msgstr "La reanudación no está disponible para el dispositivo %s." -#: lib/setup.c:3214 +#: lib/setup.c:4108 lib/setup.c:4241 lib/setup.c:4252 #, c-format msgid "Error during resuming device %s." msgstr "Error durante la reanudación del dispositivo %s." -#: lib/setup.c:3248 lib/setup.c:3296 lib/setup.c:3366 +#: lib/setup.c:4131 +msgid "Failed to link key to the specified keyring." +msgstr "No se ha podido vincular la clave al llavero especificado." + +#: lib/setup.c:4150 +msgid "Failed to unlink volume key from user specified keyring." +msgstr "No se ha podido desvincular la clave del volumen del llavero de usuario especificado." + +#: lib/setup.c:4213 lib/setup.c:4934 lib/setup.c:5549 +msgid "Failed to link volume key in user defined keyring." +msgstr "No se ha podido vincular la clave del volumne en el llavero de usuario especificado." + +#: lib/setup.c:4313 src/cryptsetup.c:2755 #, c-format msgid "Volume %s is not suspended." msgstr "EL volumen %s no está suspendido." -#: lib/setup.c:3381 lib/setup.c:3750 lib/setup.c:4423 lib/setup.c:4436 -#: lib/setup.c:4444 lib/setup.c:4457 lib/setup.c:4826 lib/setup.c:6008 +#: lib/setup.c:4414 lib/setup.c:5310 lib/setup.c:5317 lib/setup.c:7176 +#: lib/setup.c:7198 lib/setup.c:7247 src/cryptsetup.c:2265 msgid "Volume key does not match the volume." msgstr "La clave de volumen no corresponde a este volumen." -#: lib/setup.c:3428 lib/setup.c:3633 -msgid "Cannot add key slot, all slots disabled and no volume key provided." -msgstr "No se puede añadir ranura de claves; todas las ranuras están desactivadas y no se ha proporcionado una clave para el volumen." - -#: lib/setup.c:3585 +#: lib/setup.c:4568 msgid "Failed to swap new key slot." msgstr "No se ha logrado intercambiar la nueva ranura de claves." -#: lib/setup.c:3771 +#: lib/setup.c:4666 #, c-format msgid "Key slot %d is invalid." msgstr "La ranura de claves %d no es válida." -#: lib/setup.c:3777 src/cryptsetup.c:1701 src/cryptsetup.c:2041 -#: src/cryptsetup.c:2632 src/cryptsetup.c:2689 +#: lib/setup.c:4672 src/cryptsetup.c:1975 src/cryptsetup.c:2467 +#: src/cryptsetup.c:3149 src/cryptsetup.c:3209 #, c-format msgid "Keyslot %d is not active." msgstr "La ranura de claves %d no está activa." -#: lib/setup.c:3796 +#: lib/setup.c:4691 msgid "Device header overlaps with data area." msgstr "La cabecera del dispositivo se solapa con la zona de datos." -#: lib/setup.c:4089 +#: lib/setup.c:5041 msgid "Reencryption in-progress. Cannot activate device." msgstr "Recifrado en curso. No se puede activar el dispositivo." -#: lib/setup.c:4091 lib/luks2/luks2_json_metadata.c:2287 -#: lib/luks2/luks2_reencrypt.c:2946 +#: lib/setup.c:5043 lib/luks2/luks2_json_metadata.c:2861 +#: lib/luks2/luks2_reencrypt.c:3646 msgid "Failed to get reencryption lock." msgstr "No se ha podido conseguir el bloqueo de recifrado." -#: lib/setup.c:4104 lib/luks2/luks2_reencrypt.c:2965 +#: lib/setup.c:5056 lib/luks2/luks2_reencrypt.c:3665 msgid "LUKS2 reencryption recovery failed." msgstr "La recuperación del recifrado LUKS2 ha fallado." -#: lib/setup.c:4235 lib/setup.c:4500 +#: lib/setup.c:5228 lib/setup.c:5328 lib/setup.c:5386 msgid "Device type is not properly initialized." msgstr "Este tipo de dispositivo no se ha inicializado adecuadamente." -#: lib/setup.c:4283 +#: lib/setup.c:5283 #, c-format msgid "Device %s already exists." msgstr "El dispositivo %s ya existe." -#: lib/setup.c:4290 +#: lib/setup.c:5290 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "No se puede utilizar el dispositivo %s; el nombre no es válido o todavÃa está en uso." -#: lib/setup.c:4410 +#: lib/setup.c:5306 msgid "Incorrect volume key specified for plain device." msgstr "Clave de volumen incorrecta para dispositivo no cifrado." -#: lib/setup.c:4526 -msgid "Incorrect root hash specified for verity device." -msgstr "«Hash» raÃz incorrecta para dispositivo «verity»." - -#: lib/setup.c:4533 -msgid "Root hash signature required." -msgstr "Se requiere la firma «hash» raÃz." +#: lib/setup.c:5424 +msgid "Kernel keyring is not supported by the kernel." +msgstr "El llavero de núcleo no está admitido en el núcleo." -#: lib/setup.c:4542 +#: lib/setup.c:5428 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "El llavero de núcleo está ausente: se necesita para pasar la firma al núcleo." -#: lib/setup.c:4559 lib/setup.c:6084 -msgid "Failed to load key in kernel keyring." -msgstr "No se ha podido cargar la clave en el llavero del núcleo." +#: lib/setup.c:5668 +msgid "Incorrect root hash specified for verity device." +msgstr "«Hash» raÃz incorrecta para dispositivo «verity»." + +#: lib/setup.c:5711 +msgid "OPAL does not support deferred deactivation." +msgstr "OPAL no dispone de desactivación diferida." -#: lib/setup.c:4615 +#: lib/setup.c:5727 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "No se ha podido cancelar la eliminación diferida en el dispositivo %s." -#: lib/setup.c:4622 lib/setup.c:4638 lib/luks2/luks2_json_metadata.c:2340 -#: src/cryptsetup.c:2785 +#: lib/setup.c:5734 lib/setup.c:5750 lib/luks2/luks2_json_metadata.c:2915 +#: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "El dispositivo %s todavÃa se está utilizando." -#: lib/setup.c:4647 +#: lib/setup.c:5759 #, c-format msgid "Invalid device %s." msgstr "Dispositivo inválido %s." -#: lib/setup.c:4763 +#: lib/setup.c:5899 msgid "Volume key buffer too small." msgstr "El «buffer» de la clave del volumen es demasiado pequeño." -#: lib/setup.c:4771 +#: lib/setup.c:5916 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "No se puede recuperar la clave del volumen para el dispositivo LUKS2." + +#: lib/setup.c:5925 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "No se puede recuperar la clave del volumen para el dispositivo LUKS1." + +#: lib/setup.c:5935 msgid "Cannot retrieve volume key for plain device." msgstr "No se puede recuperar la clave para el dispositivo no cifrado." -#: lib/setup.c:4788 +#: lib/setup.c:5943 msgid "Cannot retrieve root hash for verity device." msgstr "No se puede recuperar el «hash» raÃz para dispositivo «verity»." -#: lib/setup.c:4792 +#: lib/setup.c:5950 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "No se puede recuperar la clave del volumen para el dispositivo BITLK." + +#: lib/setup.c:5955 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "No se puede recuperar la clave del volumen para el dispositivo FVAULT2." + +#: lib/setup.c:5957 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Esta operación no está disponible para el dispositivo cifrado %s." -#: lib/setup.c:4998 lib/setup.c:5009 +#: lib/setup.c:6141 lib/setup.c:6152 msgid "Dump operation is not supported for this device type." msgstr "Operación de volcado no deisponible para este tipo de dispositivo." -#: lib/setup.c:5337 +#: lib/setup.c:6511 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "El desplazamiento de datos no es múltiplo de %u bytes." -#: lib/setup.c:5622 +#: lib/setup.c:6819 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "No se puede convertir el dispositivo %s que todavÃa está en uso." -#: lib/setup.c:5941 +#: lib/setup.c:7117 lib/setup.c:7256 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "No se ha logrado asignar la ranura de claves %u como nueva clave del volumen." -#: lib/setup.c:6014 +#: lib/setup.c:7141 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "No se han podido inicializar los parámetros predefinidos de la ranura de claves LUKS2." -#: lib/setup.c:6020 +#: lib/setup.c:7147 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "No se ha logrado asignar la ranura de claves %d al resumen." -#: lib/setup.c:6151 -msgid "Kernel keyring is not supported by the kernel." -msgstr "El llavero de núcleo no está admitido en el núcleo." +#: lib/setup.c:7372 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "No se puede añadir ranura de claves; todas las ranuras están desactivadas y no se ha proporcionado una clave para el volumen." + +#: lib/setup.c:7441 lib/verity/verity.c:343 +msgid "Failed to load key in kernel keyring." +msgstr "No se ha podido cargar la clave en el llavero del núcleo." -#: lib/setup.c:6161 lib/luks2/luks2_reencrypt.c:3062 +#: lib/setup.c:7559 +msgid "Failed to unlink volume key from thread keyring." +msgstr "No se ha podido desvincular la clave del volumen del llavero del hilo." + +#: lib/setup.c:7586 #, c-format -msgid "Failed to read passphrase from keyring (error %d)." -msgstr "No se ha podido leer la frase contraseña desde el llavero (error %d)" +msgid "Could not find keyring described by \"%s\"." +msgstr "No se ha podido encontrar el llavero descrito por «%s»." -#: lib/setup.c:6185 +#: lib/setup.c:7645 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "No se ha podido adquirir el bloqueo de la serialización de acceso duro de memoria global." -#: lib/utils.c:80 -msgid "Cannot get process priority." -msgstr "No se puede obtener la prioridad del proceso." - -#: lib/utils.c:94 -msgid "Cannot unlock memory." -msgstr "No se puede desbloquear la memoria." - -#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502 +#: lib/utils.c:205 lib/tcrypt/tcrypt.c:503 msgid "Failed to open key file." msgstr "No se ha podido abrir el fichero de claves." -#: lib/utils.c:173 +#: lib/utils.c:210 msgid "Cannot read keyfile from a terminal." msgstr "No se puede leer el fichero de claves desde un terminal." -#: lib/utils.c:189 +#: lib/utils.c:226 msgid "Failed to stat key file." msgstr "No se ha podido efectuar «stat» sobre el fichero de claves." -#: lib/utils.c:197 lib/utils.c:218 +#: lib/utils.c:234 lib/utils.c:255 msgid "Cannot seek to requested keyfile offset." msgstr "No es posible situarse en la posición solicitada del fichero de claves." -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:219 -#: src/utils_password.c:231 +#: lib/utils.c:249 lib/utils.c:264 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "Memoria agotada mientras se estaba leyendo la frase contraseña." -#: lib/utils.c:247 +#: lib/utils.c:284 msgid "Error reading passphrase." msgstr "Error al leer la frase contraseña." -#: lib/utils.c:264 +#: lib/utils.c:301 msgid "Nothing to read on input." msgstr "No hay nada para leer en la entrada." -#: lib/utils.c:271 +#: lib/utils.c:308 msgid "Maximum keyfile size exceeded." msgstr "Se ha excedido el tamaño máximo de fichero de claves." -#: lib/utils.c:276 +#: lib/utils.c:313 msgid "Cannot read requested amount of data." msgstr "No se puede leer la cantidad de datos solicitada." -#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 +#: lib/utils_device.c:213 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1461 #, c-format msgid "Device %s does not exist or access denied." msgstr "El dispositivo %s no existe o el acceso al mismo ha sido denegado." -#: lib/utils_device.c:218 +#: lib/utils_device.c:223 #, c-format msgid "Device %s is not compatible." msgstr "El dispositivo %s no es compatible." -#: lib/utils_device.c:562 +#: lib/utils_device.c:567 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "Se ignorará por falso el tamaño de optimal-io para el dispositivo de datos (%u bytes)." -#: lib/utils_device.c:720 +#: lib/utils_device.c:728 #, c-format msgid "Device %s is too small. Need at least %<PRIu64> bytes." msgstr "El dispositivo %s es demasiado pequeño. Se necesitan %<PRIu64> bytes como mÃnimo." -#: lib/utils_device.c:801 +#: lib/utils_device.c:809 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "No se puede usar el dispositivo %s porque ya está en uso (asignado o montado)." -#: lib/utils_device.c:805 +#: lib/utils_device.c:813 #, c-format msgid "Cannot use device %s, permission denied." msgstr "No se puede utilizar el dispositivo %s; permiso denegado." -#: lib/utils_device.c:808 +#: lib/utils_device.c:816 #, c-format msgid "Cannot get info about device %s." msgstr "No se puede obtener información del dispositivo %s." -#: lib/utils_device.c:831 +#: lib/utils_device.c:839 msgid "Cannot use a loopback device, running as non-root user." msgstr "No se puede utilizar un dispositivo de bucle invertido como usuario no administrador." -#: lib/utils_device.c:842 +#: lib/utils_device.c:850 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "No se ha logrado asociar el dispositivo de bucle invertido (hace falta un dispositivo de bucle con marcador de auto-limpieza)." -#: lib/utils_device.c:890 +#: lib/utils_device.c:898 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "El «offset» solicitado está más allá del tamaño real del dispositivo %s." -#: lib/utils_device.c:898 +#: lib/utils_device.c:906 #, c-format msgid "Device %s has zero size." msgstr "El dispositivo %s tiene tamaño cero." -#: lib/utils_pbkdf.c:100 +#: lib/utils_pbkdf.c:116 msgid "Requested PBKDF target time cannot be zero." msgstr "El tiempo objetivo máximo de PBKDF no puede ser cero." -#: lib/utils_pbkdf.c:106 +#: lib/utils_pbkdf.c:122 #, c-format msgid "Unknown PBKDF type %s." msgstr "Tipo de PBKDF %s desconocido." -#: lib/utils_pbkdf.c:111 +#: lib/utils_pbkdf.c:127 #, c-format msgid "Requested hash %s is not supported." msgstr "La «hash» solicitada %s no está disponible." -#: lib/utils_pbkdf.c:122 +#: lib/utils_pbkdf.c:138 msgid "Requested PBKDF type is not supported for LUKS1." msgstr "El tipo de PBKDF solicitado no está disponible para LUKS1." -#: lib/utils_pbkdf.c:128 +#: lib/utils_pbkdf.c:144 msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "No se pueden establecer la memoria máxima de PBKDF ni los hilos paralelos con pbkdf2." -#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#: lib/utils_pbkdf.c:149 lib/utils_pbkdf.c:159 #, c-format msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "El número de iteraciones forzadas es demasiado pequeño para %s (el mÃnimo es %u)." -#: lib/utils_pbkdf.c:148 +#: lib/utils_pbkdf.c:164 #, c-format msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." msgstr "El coste de la memoria forzada es demasiado bajo para %s (el mÃnimo es %u kilobytes)." -#: lib/utils_pbkdf.c:155 +#: lib/utils_pbkdf.c:171 #, c-format msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." msgstr "El coste de la memoria máxima solicitada de PBKDF es demasiado alto (el máximo es %d kilobytes)." -#: lib/utils_pbkdf.c:160 +#: lib/utils_pbkdf.c:176 msgid "Requested maximum PBKDF memory cannot be zero." msgstr "La memoria máxima solicitada de PBKDF no puede ser cero." -#: lib/utils_pbkdf.c:164 +#: lib/utils_pbkdf.c:180 msgid "Requested PBKDF parallel threads cannot be zero." msgstr "Los hilos paralelos solicitados de PBKDF no pueden ser cero." -#: lib/utils_pbkdf.c:184 +#: lib/utils_pbkdf.c:200 msgid "Only PBKDF2 is supported in FIPS mode." msgstr "Solo se admite PBKDF2 en el modo FIPS." -#: lib/utils_benchmark.c:172 +#: lib/utils_benchmark.c:184 msgid "PBKDF benchmark disabled but iterations not set." msgstr "Banco de pruebas PBKDF desactivado pero las iteraciones no están establecidas." -#: lib/utils_benchmark.c:191 +#: lib/utils_benchmark.c:203 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "Opciones PBKDF2 no compatibles (usando el algoritmo «hash» %s)." -#: lib/utils_benchmark.c:211 +#: lib/utils_benchmark.c:223 msgid "Not compatible PBKDF options." msgstr "Opciones PBKDF no compatibles." -#: lib/utils_device_locking.c:102 +#: lib/utils_device_locking.c:101 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." msgstr "Bloqueo abortado. La ruta del bloqueo %s/%s no puede utilizarse (o no es un directorio o no existe)." -#: lib/utils_device_locking.c:109 -#, c-format -msgid "Locking directory %s/%s will be created with default compiled-in permissions." -msgstr "El directorio de bloqueo %s/%s se creará con los permisos predeterminados al compilar." - -#: lib/utils_device_locking.c:119 +#: lib/utils_device_locking.c:118 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Bloqueo abortado. La ruta del bloqueo %s/%s no puede utilizarse (%s no es un directorio)." -#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:922 -#: src/cryptsetup_reencrypt.c:1010 +#: lib/utils_wipe.c:156 lib/utils_wipe.c:227 src/utils_reencrypt_luks1.c:734 +#: src/utils_reencrypt_luks1.c:832 msgid "Cannot seek to device offset." msgstr "No es posible situarse en la posición del dispositivo." -#: lib/utils_wipe.c:208 +#: lib/utils_wipe.c:249 #, c-format msgid "Device wipe error, offset %<PRIu64>." msgstr "Error al limpiar el dispositivo, desplazamiento %<PRIu64>." +#: lib/utils_wipe.c:344 +msgid "Incorrect OPAL PSID." +msgstr "PSID OPAL incorrecto." + +#: lib/utils_wipe.c:346 +msgid "Cannot erase OPAL device." +msgstr "No se ha podido borrar el dispositivo OPAL." + #: lib/luks1/keyencryption.c:39 #, c-format msgid "" @@ -833,9 +969,9 @@ msgstr "El tamaño de clave en modo XTS debe ser 256 o 512 bits." msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." msgstr "La especificación de cifrado deberÃa estar en formato [cipher]-[mode]-[iv]." -#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 -#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1276 lib/luks2/luks2_keyslot.c:740 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1528 lib/luks2/luks2_keyslot.c:712 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "No se puede escribir en el dispositivo %s; permiso denegado." @@ -848,23 +984,24 @@ msgstr "No se ha podido abrir el dispositivo de almacenamiento de claves tempora msgid "Failed to access temporary keystore device." msgstr "No se ha podido acceder al dispositivo de almacenamiento de claves temporal." -#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:197 msgid "IO error while encrypting keyslot." msgstr "Error de entrada/salida mientras se cifraba una ranura de claves." -#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:677 -#: lib/verity/verity.c:80 lib/verity/verity.c:193 lib/verity/verity_hash.c:320 -#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:251 lib/verity/verity_fec.c:263 -#: lib/verity/verity_fec.c:268 lib/luks2/luks2_json_metadata.c:1279 -#: src/cryptsetup_reencrypt.c:177 src/cryptsetup_reencrypt.c:189 +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:681 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1531 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "No se puede abrir el dispositivo %s." -#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 msgid "IO error while decrypting keyslot." msgstr "Error de entrada/salida mientras se descifraba una ranura de claves." @@ -880,65 +1017,54 @@ msgstr "El dispositivo %s es demasiado pequeño. (LUKS1 necesita %<PRIu64> btyes msgid "LUKS keyslot %u is invalid." msgstr "La ranura de claves LUKS %u no es válida." -#: lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1107 src/cryptsetup.c:1557 -#: src/cryptsetup.c:1688 src/cryptsetup.c:1743 src/cryptsetup.c:1798 -#: src/cryptsetup.c:1863 src/cryptsetup.c:1966 src/cryptsetup.c:2030 -#: src/cryptsetup.c:2259 src/cryptsetup.c:2472 src/cryptsetup.c:2532 -#: src/cryptsetup.c:2597 src/cryptsetup.c:2741 src/cryptsetup.c:3423 -#: src/cryptsetup.c:3432 src/cryptsetup_reencrypt.c:1373 -#, c-format -msgid "Device %s is not a valid LUKS device." -msgstr "El dispositivo %s no es un dispositivo LUKS válido." - -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1124 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1391 #, c-format msgid "Requested header backup file %s already exists." msgstr "El fichero de copia de seguridad de cabecera solicitado %s ya existe." -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1126 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1393 #, c-format msgid "Cannot create header backup file %s." msgstr "No se puede crear el fichero de copia de seguridad %s." -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1133 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1400 #, c-format msgid "Cannot write header backup file %s." msgstr "No se puede escribir en el fichero de copia de seguridad %s." -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1185 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1437 msgid "Backup file does not contain valid LUKS header." msgstr "El fichero de copia de seguridad no contiene una cabecera LUKS válida." -#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1206 +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1458 #, c-format msgid "Cannot open header backup file %s." msgstr "No se puede abrir el fichero de copia de seguridad de cabecerda %s." -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1214 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1466 #, c-format msgid "Cannot read header backup file %s." msgstr "No se puede leer el fichero de copia de seguridad de cabecerda %s." -#: lib/luks1/keymanage.c:337 +#: lib/luks1/keymanage.c:339 msgid "Data offset or key size differs on device and backup, restore failed." msgstr "La posición de los datos o el tamaño de la clave no coinciden en el dispositivo y en la copia de seguridad." -#: lib/luks1/keymanage.c:345 +#: lib/luks1/keymanage.c:347 #, c-format msgid "Device %s %s%s" msgstr "Dispositivo %s %s%s" -#: lib/luks1/keymanage.c:346 +#: lib/luks1/keymanage.c:348 msgid "does not contain LUKS header. Replacing header can destroy data on that device." msgstr "no contiene cabecera LUKS. Reemplazar la cabecera puede destruir los datos en ese dispositivo." -#: lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:349 msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "ya contiene cabecera LUKS. Reemplazar la cabecera destruirá las ranuras de claves existentes." -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1248 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1500 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -946,126 +1072,130 @@ msgstr "" "\n" "ATENCIÓN: ¡la cabecera del dispositivo real tiene un UUID distinto que el de la copia de seguridad!" -#: lib/luks1/keymanage.c:395 +#: lib/luks1/keymanage.c:398 msgid "Non standard key size, manual repair required." msgstr "El tamaño de la clave no es estándar; se requiere una reparación manual." -#: lib/luks1/keymanage.c:405 +#: lib/luks1/keymanage.c:408 msgid "Non standard keyslots alignment, manual repair required." msgstr "El alineamiento de las ranuras de claves no es estándar; se requiere una reparación manual." -#: lib/luks1/keymanage.c:414 +#: lib/luks1/keymanage.c:417 #, c-format msgid "Cipher mode repaired (%s -> %s)." msgstr "Modo de cifrado reparado (%s -> %s)." -#: lib/luks1/keymanage.c:425 +#: lib/luks1/keymanage.c:428 #, c-format msgid "Cipher hash repaired to lowercase (%s)." msgstr "«Hash» de cifrado reparado a minúsculas (%s)." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533 -#: lib/luks1/keymanage.c:789 +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 #, c-format msgid "Requested LUKS hash %s is not supported." msgstr "La «hash» LUKS solicitada %s no está disponible." -#: lib/luks1/keymanage.c:441 +#: lib/luks1/keymanage.c:444 msgid "Repairing keyslots." msgstr "Reparando ranuras de claves." -#: lib/luks1/keymanage.c:460 +#: lib/luks1/keymanage.c:463 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "Ranura de claves %i: posición reparada (%u -> %u)." -#: lib/luks1/keymanage.c:468 +#: lib/luks1/keymanage.c:471 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "Ranura de claves %i: bandas reparadas (%u -> %u)." -#: lib/luks1/keymanage.c:477 +#: lib/luks1/keymanage.c:480 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "Ranura de claves %i: la firma de la partición es falsa." -#: lib/luks1/keymanage.c:482 +#: lib/luks1/keymanage.c:485 #, c-format msgid "Keyslot %i: salt wiped." msgstr "Ranura de claves %i: «salt wiped»." -#: lib/luks1/keymanage.c:499 +#: lib/luks1/keymanage.c:502 msgid "Writing LUKS header to disk." msgstr "Escribiendo cabecera LUKS en el disco." -#: lib/luks1/keymanage.c:504 +#: lib/luks1/keymanage.c:507 msgid "Repair failed." msgstr "La reparación ha fallado." -#: lib/luks1/keymanage.c:559 +#: lib/luks1/keymanage.c:562 #, c-format msgid "LUKS cipher mode %s is invalid." msgstr "El modo de cifrado LUKS %s no es válido." -#: lib/luks1/keymanage.c:564 +#: lib/luks1/keymanage.c:567 #, c-format msgid "LUKS hash %s is invalid." msgstr "El «hash» LUKS %s no es válido." -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1243 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1352 msgid "No known problems detected for LUKS header." msgstr "No se ha detectado ningún problema en la cabecera LUKS." -#: lib/luks1/keymanage.c:699 +#: lib/luks1/keymanage.c:702 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "Error al actualizar la cabecera LUKS en el dispositivo %s." -#: lib/luks1/keymanage.c:707 +#: lib/luks1/keymanage.c:710 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "Error al leer la cabecera LUKS después de actualizarla en el dispositivo %s." -#: lib/luks1/keymanage.c:783 +#: lib/luks1/keymanage.c:786 msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "La posición de los datos de una cabecera LUKS debe ser 0 o superior al tamaño de la cabecera." -#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1015 -#: src/cryptsetup.c:2904 +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:243 lib/luks2/luks2_json_metadata.c:1274 +#: src/utils_reencrypt.c:554 msgid "Wrong LUKS UUID format provided." msgstr "El formato de UUID LUKS proporcionado es incorrecto." -#: lib/luks1/keymanage.c:816 +#: lib/luks1/keymanage.c:819 msgid "Cannot create LUKS header: reading random salt failed." msgstr "No se puede crear la cabecera LUKS: fallo en la lectura «random salt»." -#: lib/luks1/keymanage.c:842 +#: lib/luks1/keymanage.c:845 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "No se puede crear la cabecera LUKS: fallo en la cabecera (usando «hash» %s)." -#: lib/luks1/keymanage.c:886 +#: lib/luks1/keymanage.c:889 #, c-format msgid "Key slot %d active, purge first." msgstr "La ranura de claves %d está activa; primero hay que purgar." -#: lib/luks1/keymanage.c:892 +#: lib/luks1/keymanage.c:895 #, c-format msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "El material de la ranura de claves %d no tiene suficientes bandas. Quizá se haya manipulado la cabecera." -#: lib/luks1/keymanage.c:1033 +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "Desbordamiento del valor de iteración PBKDF2." + +#: lib/luks1/keymanage.c:1040 #, c-format msgid "Cannot open keyslot (using hash %s)." msgstr "No se puede abrir la ranura de claves (usando «hash» %s)." -#: lib/luks1/keymanage.c:1111 +#: lib/luks1/keymanage.c:1118 #, c-format msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "La ranura %d no es válida; seleccione una ranura de claves entre 0 y %d." -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:744 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:716 #, c-format msgid "Cannot wipe device %s." msgstr "No se puede limpiar el dispositivo %s." @@ -1086,12 +1216,12 @@ msgstr "Se ha detectado un fichero de claves incompatible con «loop-AES»." msgid "Kernel does not support loop-AES compatible mapping." msgstr "El núcleo no admite asignación compatible con «loop-AES»." -#: lib/tcrypt/tcrypt.c:509 +#: lib/tcrypt/tcrypt.c:510 #, c-format msgid "Error reading keyfile %s." msgstr "Error leyendo el fichero de claves %s." -#: lib/tcrypt/tcrypt.c:559 +#: lib/tcrypt/tcrypt.c:560 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Se ha excedido la longitud máxima (%zu) de la frase contraseña TCRYPT." @@ -1101,102 +1231,102 @@ msgstr "Se ha excedido la longitud máxima (%zu) de la frase contraseña TCRYPT. msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "El algoritmo «hash» %s no está disponible, por lo que se ha ignorado." -#: lib/tcrypt/tcrypt.c:618 src/cryptsetup.c:1110 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1227 msgid "Required kernel crypto interface not available." msgstr "La interfaz de cifrado del núcleo requerida no está disponible." -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1112 +#: lib/tcrypt/tcrypt.c:623 src/cryptsetup.c:1229 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Asegúrese de que el módulo del núcleo algof_skcipher está cargado." -#: lib/tcrypt/tcrypt.c:760 +#: lib/tcrypt/tcrypt.c:764 #, c-format msgid "Activation is not supported for %d sector size." msgstr "No es posible la activación para el tamaño de sector %d." -#: lib/tcrypt/tcrypt.c:766 +#: lib/tcrypt/tcrypt.c:770 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "El núcleo no dispone de activación para este modo antiguo TCRYPT." -#: lib/tcrypt/tcrypt.c:797 +#: lib/tcrypt/tcrypt.c:801 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Activando el sistema de cifrado TCRYPT para la partición %s." -#: lib/tcrypt/tcrypt.c:875 +#: lib/tcrypt/tcrypt.c:884 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "El núcleo no admite asignación compatible con TCRYPT." -#: lib/tcrypt/tcrypt.c:1088 +#: lib/tcrypt/tcrypt.c:1097 msgid "This function is not supported without TCRYPT header load." msgstr "Esta función no está disponible sin carga de cabecera TCRYPT." -#: lib/bitlk/bitlk.c:350 +#: lib/bitlk/bitlk.c:278 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "El tipo de entrada de metadatos '%u' no esperado se ha encontrado mientras se analizaba la clave maestra del volumen soportado." -#: lib/bitlk/bitlk.c:397 +#: lib/bitlk/bitlk.c:337 msgid "Invalid string found when parsing Volume Master Key." msgstr "Se ha encontrado una cadena no válida mientras se analizaba la clave maestra del volumen." -#: lib/bitlk/bitlk.c:402 +#: lib/bitlk/bitlk.c:341 #, c-format msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "Se ha encontrado una cadena no esperada ('%s') mientras se analizaba la clave maestra del volumen soportado." -#: lib/bitlk/bitlk.c:419 +#: lib/bitlk/bitlk.c:358 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "El valor de entrada de metadatos '%u' no esperado se ha encontrado mientras se analizaba la clave maestra del volumen soportado." -#: lib/bitlk/bitlk.c:502 -#, c-format -msgid "Failed to read BITLK signature from %s." -msgstr "No se ha podido leer la firma BITLK de %s." - -#: lib/bitlk/bitlk.c:514 -msgid "Invalid or unknown signature for BITLK device." -msgstr "Firma no válida o desconocida para el dispositivo BITLK" - -#: lib/bitlk/bitlk.c:520 +#: lib/bitlk/bitlk.c:460 msgid "BITLK version 1 is currently not supported." msgstr "BITLK versión 1 no está admitido actualmente." -#: lib/bitlk/bitlk.c:526 +#: lib/bitlk/bitlk.c:466 msgid "Invalid or unknown boot signature for BITLK device." msgstr "Firma de arranque no válida o desconocida para el dispositivo BITLK" -#: lib/bitlk/bitlk.c:538 +#: lib/bitlk/bitlk.c:478 #, c-format msgid "Unsupported sector size %<PRIu16>." msgstr "Tamaño de sector no admitido %<PRIu16>." -#: lib/bitlk/bitlk.c:546 +#: lib/bitlk/bitlk.c:486 #, c-format msgid "Failed to read BITLK header from %s." msgstr "No se ha podido leer la cabecera BITLK de %s." -#: lib/bitlk/bitlk.c:571 +#: lib/bitlk/bitlk.c:511 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "No se han podido leer los metadatos BITLK FVE de %s." -#: lib/bitlk/bitlk.c:622 +#: lib/bitlk/bitlk.c:562 msgid "Unknown or unsupported encryption type." msgstr "Tipo de cifrado desconocido o no admitido." -#: lib/bitlk/bitlk.c:655 +#: lib/bitlk/bitlk.c:602 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "No se han podido leer las entradas de los metadatos BITLK de %s." -#: lib/bitlk/bitlk.c:897 +#: lib/bitlk/bitlk.c:719 +msgid "Failed to convert BITLK volume description" +msgstr "No se ha podido convertir el descifrado del volumen BITLK" + +#: lib/bitlk/bitlk.c:884 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Tipo de entrada de metadatos '%u' encontrado inesperadamente mientras se analizaba clave externa." -#: lib/bitlk/bitlk.c:912 +#: lib/bitlk/bitlk.c:907 +#, c-format +msgid "BEK file GUID '%s' does not match GUID of the volume." +msgstr "El GUID '%s' del fichero BEK no coincide con el GUID del volumen." + +#: lib/bitlk/bitlk.c:911 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "Valor de entrada de metadatos '%u' encontrado inesperadamente mientras se analizaba clave externa." @@ -1211,90 +1341,112 @@ msgstr "Versión %<PRIu32> de metadatos BEK no admitida." msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length" msgstr "Tamaño %<PRIu32> de metadatos BEK no esperado, no coincide con la longitud del fichero BEK" -#: lib/bitlk/bitlk.c:980 +#: lib/bitlk/bitlk.c:981 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Entrada de metadatos encontrada inesperadamente mientras se analizaba clave de inicio." -#: lib/bitlk/bitlk.c:1071 +#: lib/bitlk/bitlk.c:1076 msgid "This operation is not supported." msgstr "Esta operación no está disponible." -#: lib/bitlk/bitlk.c:1079 +#: lib/bitlk/bitlk.c:1084 msgid "Unexpected key data size." msgstr "Tamaño de datos de la clave no esperado." -#: lib/bitlk/bitlk.c:1205 +#: lib/bitlk/bitlk.c:1210 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Este dispositivo BITLK se encuentra en un estado en el que no puede activarse." -#: lib/bitlk/bitlk.c:1210 +#: lib/bitlk/bitlk.c:1215 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "Los dispositivos BITLK con tipo '%s' no puede activarse." -#: lib/bitlk/bitlk.c:1217 +#: lib/bitlk/bitlk.c:1222 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "La activación de un dispositivo BITLK parcialmente descifrado no puede hacerse." -#: lib/bitlk/bitlk.c:1380 +#: lib/bitlk/bitlk.c:1263 +#, c-format +msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>" +msgstr "ATENCIÓN: el tamaño del volumen «bitlocker» %<PRIu64> no coincide con el tamaño del dispositivo subyacente %<PRIu64>" + +#: lib/bitlk/bitlk.c:1390 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "No se puede activar el dispositivo; el dm-crypt del núcleo no sirve para BITLK IV." -#: lib/bitlk/bitlk.c:1384 +#: lib/bitlk/bitlk.c:1394 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "No se puede activar el dispositivo; el dm-crypt del núcleo no sirve para difusor BITLK «Elephant»." -#: lib/verity/verity.c:68 lib/verity/verity.c:179 +#: lib/bitlk/bitlk.c:1398 +msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." +msgstr "No se puede activar el dispositivo; el dm-crypt del núcleo no sirve para tamaño de sector grande." + +#: lib/bitlk/bitlk.c:1402 +msgid "Cannot activate device, kernel dm-zero module is missing." +msgstr "No se puede activar el dispositivo; falta el módulo dm-zero del núcleo." + +#: lib/fvault2/fvault2.c:542 #, c-format -msgid "Verity device %s does not use on-disk header." -msgstr "El dispositivo «verity» %s no utiliza cabecera en disco." +msgid "Could not read %u bytes of volume header." +msgstr "No se han podido leer %u «bytes» de la cabecera del volumen." -#: lib/verity/verity.c:90 +#: lib/fvault2/fvault2.c:554 #, c-format -msgid "Device %s is not a valid VERITY device." -msgstr "El dispositivo %s no es un dispositivo VERITY válido." +msgid "Unsupported FVAULT2 version %<PRIu16>." +msgstr "Versión de FVAULT2 no admitida %<PRIu16>." -#: lib/verity/verity.c:97 +#: lib/verity/verity.c:68 lib/verity/verity.c:182 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "El dispositivo «verity» %s no utiliza cabecera en disco." + +#: lib/verity/verity.c:96 #, c-format msgid "Unsupported VERITY version %d." msgstr "Versión VERITY %d no disponible." -#: lib/verity/verity.c:128 +#: lib/verity/verity.c:131 msgid "VERITY header corrupted." msgstr "Cabecera VERITY corrupta." -#: lib/verity/verity.c:173 +#: lib/verity/verity.c:176 #, c-format msgid "Wrong VERITY UUID format provided on device %s." msgstr "El formato UUID VERITY proporcionado en el dispositivo %s es incorrecto." -#: lib/verity/verity.c:217 +#: lib/verity/verity.c:220 #, c-format msgid "Error during update of verity header on device %s." msgstr "Error al actualizar la cabecera «verity» en el dispositivo %s." -#: lib/verity/verity.c:275 +#: lib/verity/verity.c:274 msgid "Root hash signature verification is not supported." msgstr "La verificación de firma «hash» raÃz solicitada no está disponible." -#: lib/verity/verity.c:287 +#: lib/verity/verity.c:279 +msgid "Root hash signature required." +msgstr "Se requiere la firma «hash» raÃz." + +#: lib/verity/verity.c:294 msgid "Errors cannot be repaired with FEC device." msgstr "Los errores no pueden repararse con dispositivo FEC." -#: lib/verity/verity.c:289 +#: lib/verity/verity.c:296 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "Se han encontrado %u errores reparables con dispositivo FEC." -#: lib/verity/verity.c:332 +#: lib/verity/verity.c:377 msgid "Kernel does not support dm-verity mapping." msgstr "El núcleo no dispone de asignación «dm-verity»." -#: lib/verity/verity.c:336 +#: lib/verity/verity.c:381 msgid "Kernel does not support dm-verity signature option." msgstr "El núcleo no dispone de opción de firma «dm-verity»." -#: lib/verity/verity.c:347 +#: lib/verity/verity.c:392 msgid "Verity device detected corruption after activation." msgstr "El dispositivo «verity» ha detectado algo corrupto después de la activación." @@ -1366,46 +1518,51 @@ msgstr "No se ha podido reparar la paridad para el bloque %<PRIu64>." msgid "Failed to write parity for RS block %<PRIu64>." msgstr "No se ha podido escribir la paridad para el bloque RS %<PRIu64>." -#: lib/verity/verity_fec.c:228 +#: lib/verity/verity_fec.c:208 msgid "Block sizes must match for FEC." msgstr "Los tamaños de bloque deben coincidir para FEC." -#: lib/verity/verity_fec.c:234 +#: lib/verity/verity_fec.c:214 msgid "Invalid number of parity bytes." msgstr "Número no válido de bytes de paridad." -#: lib/verity/verity_fec.c:239 +#: lib/verity/verity_fec.c:248 msgid "Invalid FEC segment length." msgstr "Longitud de segmento FEC no válida." -#: lib/verity/verity_fec.c:303 +#: lib/verity/verity_fec.c:316 #, c-format msgid "Failed to determine size for device %s." msgstr "No se ha podido determinar el tamaño para el dispositivo %s." -#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355 +#: lib/integrity/integrity.c:57 +#, c-format +msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." +msgstr "Metadatos dm-integrity del núcleo incompatibles (versión %u) detectados en %s." + +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:454 msgid "Kernel does not support dm-integrity mapping." msgstr "El núcleo no dispone de asociación «dm-integrity»." -#: lib/integrity/integrity.c:278 +#: lib/integrity/integrity.c:283 msgid "Kernel does not support dm-integrity fixed metadata alignment." msgstr "El núcleo no dispone de alineamiento de metadatos fijo «dm-integrity»." -#: lib/integrity/integrity.c:287 +#: lib/integrity/integrity.c:292 msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "El núcleo rehúsa activar la opción de recálculo inseguro (véanse las opciones de activación antiguas para cambiar ese funcionamiento)." -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:973 -#: lib/luks2/luks2_json_metadata.c:1268 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1197 +#: lib/luks2/luks2_json_metadata.c:1520 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "No se ha podido adquirir el bloqueo de escritura del dispositivo %s." -#: lib/luks2/luks2_disk_metadata.c:402 +#: lib/luks2/luks2_disk_metadata.c:400 msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." msgstr "Se ha detectado un intento de actualizar los metadatos LUKS2 concurrentemente. Se aborta la operación." -#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722 +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 msgid "" "Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery." @@ -1413,49 +1570,59 @@ msgstr "" "El dispositivo contiene firmas ambiguas; no se puede autorecuperar LUKS2.\n" "Por favor, ejecute \"cryptsetup repair\" para recuperación." -#: lib/luks2/luks2_json_format.c:230 +#: lib/luks2/luks2_json_format.c:231 +#, c-format +msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "ATENCIÓN: la zona de ranuras de claves (%<PRIu64> bytes) es muy pequeña; el número de ranuras de claves LUKS2 disponibles es muy limitado.\n" + +#: lib/luks2/luks2_json_format.c:427 msgid "Requested data offset is too small." msgstr "El desplazamiento de datos solicitado es demasiado pequeño." -#: lib/luks2/luks2_json_format.c:275 +#: lib/luks2/luks2_json_format.c:468 #, c-format -msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" -msgstr "ATENCIÓN: la zona de ranuras de claves (%<PRIu64> bytes) es muy pequeña; el número de ranuras de claves LUKS2 disponibles es muy limitado.\n" +msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" +msgstr "ATENCIÓN: el tamaño de los metadatos LUKS2 ha cambiado a %<PRIu64> bytes.\n" -#: lib/luks2/luks2_json_metadata.c:960 lib/luks2/luks2_json_metadata.c:1098 -#: lib/luks2/luks2_json_metadata.c:1174 lib/luks2/luks2_keyslot_luks2.c:92 -#: lib/luks2/luks2_keyslot_luks2.c:114 +#: lib/luks2/luks2_json_format.c:472 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" +msgstr "ATENCIÓN: el tamaño de la zona de ranuras de claves LUKS2 ha cambiado a %<PRIu64> bytes.\n" + +#: lib/luks2/luks2_json_metadata.c:1184 lib/luks2/luks2_json_metadata.c:1366 +#: lib/luks2/luks2_json_metadata.c:1426 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "No se ha podido adquirir el bloqueo de lectura para el dispositivo %s." -#: lib/luks2/luks2_json_metadata.c:1191 +#: lib/luks2/luks2_json_metadata.c:1443 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "Se han detectado requisitos prohibidos para LUKS2 en la copia de seguridad %s." -#: lib/luks2/luks2_json_metadata.c:1232 +#: lib/luks2/luks2_json_metadata.c:1484 msgid "Data offset differ on device and backup, restore failed." msgstr "La posición de los datos no coinciden en el dispositivo y en la copia de seguridad; ha fallado la restauración." -#: lib/luks2/luks2_json_metadata.c:1238 +#: lib/luks2/luks2_json_metadata.c:1490 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "La cabecera binaria con el tamaño de las áreas de ranuras de claves no coinciden en el dispositivo y en la copia de seguridad; la restauración ha fallado." -#: lib/luks2/luks2_json_metadata.c:1245 +#: lib/luks2/luks2_json_metadata.c:1497 #, c-format msgid "Device %s %s%s%s%s" msgstr "Dispositivo %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1246 +#: lib/luks2/luks2_json_metadata.c:1498 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "no contiene cabecera LUKS2. Reemplazar la cabecera puede destruir los datos en ese dispositivo." -#: lib/luks2/luks2_json_metadata.c:1247 +#: lib/luks2/luks2_json_metadata.c:1499 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "ya contiene cabecera LUKS2. Reemplazar la cabecera destruirá las ranuras de claves existentes." -#: lib/luks2/luks2_json_metadata.c:1249 +#: lib/luks2/luks2_json_metadata.c:1501 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1466,7 +1633,7 @@ msgstr "" "dispositivo real! Reemplazar la cabecera con la copia de seguridad puede\n" "corromper los datos en ese dispositivo!" -#: lib/luks2/luks2_json_metadata.c:1251 +#: lib/luks2/luks2_json_metadata.c:1503 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1476,409 +1643,559 @@ msgstr "" "ATENCIÓN: ¡Se ha detectado recifrado «offline» no terminado en el dispositivo!\n" "¡Reemplazar la cabecera con la copia de seguridad puede corromper los datos!" -#: lib/luks2/luks2_json_metadata.c:1349 +#: lib/luks2/luks2_json_metadata.c:1600 #, c-format msgid "Ignored unknown flag %s." msgstr "Se hará caso omiso del indicador desconocido %s." -#: lib/luks2/luks2_json_metadata.c:2054 lib/luks2/luks2_reencrypt.c:1843 +#: lib/luks2/luks2_json_metadata.c:2525 lib/luks2/luks2_reencrypt.c:2090 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Falta la clave para el segmento dm-crypt %u" -#: lib/luks2/luks2_json_metadata.c:2066 lib/luks2/luks2_reencrypt.c:1857 +#: lib/luks2/luks2_json_metadata.c:2537 lib/luks2/luks2_reencrypt.c:2104 msgid "Failed to set dm-crypt segment." msgstr "No se ha podido establecer el segmento de dm-crypt." -#: lib/luks2/luks2_json_metadata.c:2072 lib/luks2/luks2_reencrypt.c:1863 +#: lib/luks2/luks2_json_metadata.c:2543 lib/luks2/luks2_reencrypt.c:2110 msgid "Failed to set dm-linear segment." msgstr "No se ha podido establecer el segmento de dm-linear." -#: lib/luks2/luks2_json_metadata.c:2199 +#: lib/luks2/luks2_json_metadata.c:2662 src/utils_reencrypt.c:433 +msgid "No known cipher specification pattern detected in LUKS2 header." +msgstr "No se ha detectado ningún patrón conocido de especificación de cifrado en la cabecera LUKS2." + +#: lib/luks2/luks2_json_metadata.c:2670 +msgid "OPAL device must have static device size." +msgstr "El dispositivo OPAL debe tener tamaño de dispositivo estático." + +#: lib/luks2/luks2_json_metadata.c:2690 +msgid "Encrypted OPAL device with integrity must be smaller than locking range." +msgstr "El dispositivo OPAL con integridad cifrado debe ser más pequeño que el rango de bloqueo." + +#: lib/luks2/luks2_json_metadata.c:2695 +msgid "OPAL device must have same size as locking range." +msgstr "El dispositivo OPAL debe tener el mismo tamaño que el rango de bloqueo." + +#: lib/luks2/luks2_json_metadata.c:2715 +#, c-format +msgid "OPAL device is %s already unlocked.\n" +msgstr "El dispositivo OPAL es %s ya desbloqueado.\n" + +#: lib/luks2/luks2_json_metadata.c:2748 msgid "Unsupported device integrity configuration." msgstr "Configuración de integridad de dispositivo no admitida." -#: lib/luks2/luks2_json_metadata.c:2285 +#: lib/luks2/luks2_json_metadata.c:2764 +msgid "Underlying dm-integrity device with unexpected provided data sectors." +msgstr "El dispositivo «dm-integrity» subyacente presenta sectores de datos inesperados." + +#: lib/luks2/luks2_json_metadata.c:2859 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Recifrado en curso. No se puede desactivar el dispositivo." -#: lib/luks2/luks2_json_metadata.c:2296 lib/luks2/luks2_reencrypt.c:3300 +#: lib/luks2/luks2_json_metadata.c:2870 lib/luks2/luks2_reencrypt.c:4159 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "No se ha podido reemplazar el dispositivo suspendido %s con el objetivo dm-error." -#: lib/luks2/luks2_json_metadata.c:2376 +#: lib/luks2/luks2_json_metadata.c:2939 lib/luks2/luks2_json_metadata.c:2961 +#, c-format +msgid "Device %s was deactivated but hardware OPAL device cannot be locked." +msgstr "El dispositivo %s ya se ha desactivado pero el dispositivo OPAL hardware no puede bloquearse." + +#: lib/luks2/luks2_json_metadata.c:2980 msgid "Failed to read LUKS2 requirements." msgstr "No se ha podido leer los requisitos LUKS2." -#: lib/luks2/luks2_json_metadata.c:2383 +#: lib/luks2/luks2_json_metadata.c:2987 msgid "Unmet LUKS2 requirements detected." msgstr "Se han detectado requisitos LUKS2 no satisfechos." -#: lib/luks2/luks2_json_metadata.c:2391 +#: lib/luks2/luks2_json_metadata.c:2995 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Operación incompatible con dispositivo marcado para recifrado obsoleto. Se aborta." -#: lib/luks2/luks2_json_metadata.c:2393 +#: lib/luks2/luks2_json_metadata.c:2997 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Operación incompatible con dispositivo marcado para recifrado LUKS2. Se aborta." -#: lib/luks2/luks2_keyslot.c:554 lib/luks2/luks2_keyslot.c:591 +#: lib/luks2/luks2_json_metadata.c:2999 +msgid "Operation incompatible with device using OPAL. Aborting." +msgstr "Operación incompatible con dispositivo que utiliza OPAL. Se aborta." + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:602 msgid "Not enough available memory to open a keyslot." msgstr "No hay memoria disponible suficiente para abrir una ranura de claves." -#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593 +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:604 msgid "Keyslot open failed." msgstr "Fallo al abrir la ranura de claves." -#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 #, c-format msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "No se puede utilizar el algoritmo de cifrado %s-%s para el cifrado de ranuras de clave." -#: lib/luks2/luks2_keyslot_luks2.c:485 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:404 +#: lib/luks2/luks2_keyslot_reenc.c:447 lib/luks2/luks2_reencrypt.c:2714 +#, c-format +msgid "Hash algorithm %s is not available." +msgstr "El algoritmo «hash» %s no está disponible." + +#: lib/luks2/luks2_keyslot_luks2.c:371 +msgid "Warning: keyslot operation could fail as it requires more than available memory.\n" +msgstr "ATENCIÓN: la operación de ranura de claves podrÃa fallar porque requiere más memoria de la que está disponible.\n" + +#: lib/luks2/luks2_keyslot_luks2.c:520 msgid "No space for new keyslot." msgstr "No hay espacio para la nueva ranura de claves." -#: lib/luks2/luks2_luks1_convert.c:482 +#: lib/luks2/luks2_keyslot_reenc.c:596 +msgid "Invalid reencryption resilience mode change requested." +msgstr "La petición de cambio de modo de resiliencia de recifrado es incorrecta." + +#: lib/luks2/luks2_keyslot_reenc.c:717 +#, c-format +msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes." +msgstr "No se puede actualizar el tipo de resiliencia. El nuevo tipo solo ofrece %<PRIu64> «bytes»; el espacio que hace falta es: %<PRIu64> «bytes»." + +#: lib/luks2/luks2_keyslot_reenc.c:727 +msgid "Failed to refresh reencryption verification digest." +msgstr "No se ha podido refrescar el resumen de verificación del recifrado." + +#: lib/luks2/luks2_luks1_convert.c:545 #, c-format msgid "Cannot check status of device with uuid: %s." msgstr "No se puede comprobar el estado del dispositivo con uuid: %s." -#: lib/luks2/luks2_luks1_convert.c:508 +#: lib/luks2/luks2_luks1_convert.c:571 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Imposible convertir cabecera con metadatos adicionales LUKSMETA." -#: lib/luks2/luks2_luks1_convert.c:548 +#: lib/luks2/luks2_luks1_convert.c:602 lib/luks2/luks2_reencrypt.c:3795 +#, c-format +msgid "Unable to use cipher specification %s-%s for LUKS2." +msgstr "Imposible utilizar la especificación de cifrado %s-%s para LUKS2." + +#: lib/luks2/luks2_luks1_convert.c:617 msgid "Unable to move keyslot area. Not enough space." msgstr "Imposible mover el área de la ranura de claves. No hay suficiente espacio." -#: lib/luks2/luks2_luks1_convert.c:599 +#: lib/luks2/luks2_luks1_convert.c:652 +msgid "Cannot convert to LUKS2 format - invalid metadata." +msgstr "No se puede convertir a formato LUKS2 - los metadatos no son válidos." + +#: lib/luks2/luks2_luks1_convert.c:669 msgid "Unable to move keyslot area. LUKS2 keyslots area too small." msgstr "Imposible mover el área de la ranura de claves. Ãrea de ranuras de clave LUKS2 demasiado pequeña." -#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889 +#: lib/luks2/luks2_luks1_convert.c:675 lib/luks2/luks2_luks1_convert.c:969 msgid "Unable to move keyslot area." msgstr "Imposible mover el área de la ranura de claves." -#: lib/luks2/luks2_luks1_convert.c:697 +#: lib/luks2/luks2_luks1_convert.c:765 msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." msgstr "No se puede convertir a formato LUKS1 - el tamaño predefinido de sector de cifrado del segmento no es 512 bytes." -#: lib/luks2/luks2_luks1_convert.c:705 +#: lib/luks2/luks2_luks1_convert.c:773 msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "No se puede convertir a formato LUKS1 - los resúmenes de rarunas de claves no son compatibles con LUKS1." -#: lib/luks2/luks2_luks1_convert.c:717 +#: lib/luks2/luks2_luks1_convert.c:785 #, c-format msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "No se puede convertir a formato LUKS1 - el dispositivo utiliza el cifrado de clave encapsulado %s." -#: lib/luks2/luks2_luks1_convert.c:725 +#: lib/luks2/luks2_luks1_convert.c:790 +msgid "Cannot convert to LUKS1 format - device uses more segments." +msgstr "No se puede convertir a formato LUKS1 - el dispositivo utiliza más segmentos." + +#: lib/luks2/luks2_luks1_convert.c:798 #, c-format msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "No se puede convertir a formato LUKS1 - la cabecera LUKS2 contiene %u «token(s)»." -#: lib/luks2/luks2_luks1_convert.c:739 +#: lib/luks2/luks2_luks1_convert.c:812 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "No se puede convertir a formato LUKS1 - la ranura de claves %u está en un estado no válido." -#: lib/luks2/luks2_luks1_convert.c:744 +#: lib/luks2/luks2_luks1_convert.c:817 #, c-format msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." msgstr "No se puede convertir a formato LUKS1 - la ranura %u (sobre las ranuras máximas) todavÃa está activa." -#: lib/luks2/luks2_luks1_convert.c:749 +#: lib/luks2/luks2_luks1_convert.c:822 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "No se puede convertir a formato LUKS1 - la ranura de claves %u no es compatible con LUKS1." -#: lib/luks2/luks2_reencrypt.c:993 +#: lib/luks2/luks2_reencrypt.c:1181 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "El tamaño de la zona activa debe ser múltiplo del alineamiento de zona calculado (%zu bytes)." -#: lib/luks2/luks2_reencrypt.c:998 +#: lib/luks2/luks2_reencrypt.c:1186 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "El tamaño del dispositivo debe ser múltiplo del alineamiento de zona calculado (%zu bytes)." -#: lib/luks2/luks2_reencrypt.c:1042 -#, c-format -msgid "Unsupported resilience mode %s" -msgstr "Modo de resiliencia %s no admitido." - -#: lib/luks2/luks2_reencrypt.c:1259 lib/luks2/luks2_reencrypt.c:1414 -#: lib/luks2/luks2_reencrypt.c:1497 lib/luks2/luks2_reencrypt.c:1531 -#: lib/luks2/luks2_reencrypt.c:3140 +#: lib/luks2/luks2_reencrypt.c:1393 lib/luks2/luks2_reencrypt.c:1580 +#: lib/luks2/luks2_reencrypt.c:1663 lib/luks2/luks2_reencrypt.c:1705 +#: lib/luks2/luks2_reencrypt.c:3954 msgid "Failed to initialize old segment storage wrapper." msgstr "No se ha podido inicializar la envoltura antigua de almacenamiento del segmento." -#: lib/luks2/luks2_reencrypt.c:1273 lib/luks2/luks2_reencrypt.c:1392 +#: lib/luks2/luks2_reencrypt.c:1407 lib/luks2/luks2_reencrypt.c:1558 msgid "Failed to initialize new segment storage wrapper." msgstr "No se ha podido inicializar la envoltura nueva de almacenamiento del segmento." -#: lib/luks2/luks2_reencrypt.c:1441 +#: lib/luks2/luks2_reencrypt.c:1534 lib/luks2/luks2_reencrypt.c:3966 +msgid "Failed to initialize hotzone protection." +msgstr "No se ha podido inicializar la protección de la zona caliente." + +#: lib/luks2/luks2_reencrypt.c:1607 msgid "Failed to read checksums for current hotzone." msgstr "No se han podido leer las sumas de comprobación para la zona activa actual." -#: lib/luks2/luks2_reencrypt.c:1448 lib/luks2/luks2_reencrypt.c:3148 +#: lib/luks2/luks2_reencrypt.c:1614 lib/luks2/luks2_reencrypt.c:3980 #, c-format msgid "Failed to read hotzone area starting at %<PRIu64>." msgstr "No se ha podido leer la zona activa que comienza en %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:1467 +#: lib/luks2/luks2_reencrypt.c:1633 #, c-format msgid "Failed to decrypt sector %zu." msgstr "No se ha podido descifrar el sector %zu." -#: lib/luks2/luks2_reencrypt.c:1473 +#: lib/luks2/luks2_reencrypt.c:1639 #, c-format msgid "Failed to recover sector %zu." msgstr "No se ha podido recuperar el sector %zu." -#: lib/luks2/luks2_reencrypt.c:1956 +#: lib/luks2/luks2_reencrypt.c:2203 #, c-format msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>." msgstr "Los tamaños de los dispositivos origen y destino no coinciden. Origen %<PRIu64>, destino: %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:2301 #, c-format msgid "Failed to activate hotzone device %s." msgstr "No se ha podido activar el dispositivo con zona activa %s." -#: lib/luks2/luks2_reencrypt.c:2071 +#: lib/luks2/luks2_reencrypt.c:2318 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "No se ha podido activar el dispositivo de superposición %s con la tabla de orÃgenes actual." -#: lib/luks2/luks2_reencrypt.c:2078 +#: lib/luks2/luks2_reencrypt.c:2325 #, c-format msgid "Failed to load new mapping for device %s." msgstr "No se ha podido cargar el nuevo mapa para el dispositivo %s." -#: lib/luks2/luks2_reencrypt.c:2149 +#: lib/luks2/luks2_reencrypt.c:2396 msgid "Failed to refresh reencryption devices stack." msgstr "No se ha podido refrescar la pila del dispositivo de recifrado." -#: lib/luks2/luks2_reencrypt.c:2309 +#: lib/luks2/luks2_reencrypt.c:2596 msgid "Failed to set new keyslots area size." msgstr "No se ha logrado establecer el tamaño de las nuevas ranuras de claves." -#: lib/luks2/luks2_reencrypt.c:2413 +#: lib/luks2/luks2_reencrypt.c:2732 #, c-format -msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)." -msgstr "El desplazamiento de datos no está alineado con el tamaño del sector de cifrado solicitado (%<PRIu32> bytes)." +msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)." +msgstr "El valor del desplazamiento de datos no está alineado con el tamaño del sector de cifrado (%<PRIu32> bytes)." -#: lib/luks2/luks2_reencrypt.c:2434 +#: lib/luks2/luks2_reencrypt.c:2769 src/utils_reencrypt.c:189 #, c-format -msgid "Data device is not aligned to requested encryption sector size (%<PRIu32> bytes)." -msgstr "El dispositivo de datos no está alineado con el tamaño del sector de cifrado solicitado (%<PRIu32> bytes)." +msgid "Unsupported resilience mode %s" +msgstr "Modo de resiliencia %s no admitido." + +#: lib/luks2/luks2_reencrypt.c:2806 +msgid "Moved segment size can not be greater than data shift value." +msgstr "El tamaño del segmento movido no puede ser mayor que el valor del desplazamiento de los datos." + +#: lib/luks2/luks2_reencrypt.c:2848 +msgid "Invalid reencryption resilience parameters." +msgstr "Parámetros de resiliencia de recifrado no válidos." + +#: lib/luks2/luks2_reencrypt.c:2870 +#, c-format +msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>." +msgstr "Segmento movido demasiado grande. Tamaño solicitado %<PRIu64>, espacio disponible para: %<PRIu64>." + +#: lib/luks2/luks2_reencrypt.c:2957 +msgid "Failed to clear table." +msgstr "No se ha podido limpiar la tabla." -#: lib/luks2/luks2_reencrypt.c:2455 +#: lib/luks2/luks2_reencrypt.c:3043 +msgid "Reduced data size is larger than real device size." +msgstr "El tamaño de los datos reducidos es mayor que el tamaño del dispositivo real." + +#: lib/luks2/luks2_reencrypt.c:3050 +#, c-format +msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)." +msgstr "El dispositivo de datos no está alineado con el tamaño del sector de cifrado (%<PRIu32> bytes)." + +#: lib/luks2/luks2_reencrypt.c:3084 #, c-format msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)." msgstr "El desplazamiento de datos (%<PRIu64> sectores) es menor que el desplazamiento de datos futuros (%<PRIu64> sectores)." -#: lib/luks2/luks2_reencrypt.c:2461 lib/luks2/luks2_reencrypt.c:2889 -#: lib/luks2/luks2_reencrypt.c:2910 +#: lib/luks2/luks2_reencrypt.c:3091 lib/luks2/luks2_reencrypt.c:3589 +#: lib/luks2/luks2_reencrypt.c:3610 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "No se ha podido abrir %s en modo exclusivo (ya está asignado o montado)." -#: lib/luks2/luks2_reencrypt.c:2629 +#: lib/luks2/luks2_reencrypt.c:3280 msgid "Device not marked for LUKS2 reencryption." msgstr "El dispositivo no está marcado para recifrado LUKS2." -#: lib/luks2/luks2_reencrypt.c:2635 lib/luks2/luks2_reencrypt.c:3415 +#: lib/luks2/luks2_reencrypt.c:3297 lib/luks2/luks2_reencrypt.c:4271 msgid "Failed to load LUKS2 reencryption context." msgstr "No se ha podido cargar el contexto del recifrado LUKS2." -#: lib/luks2/luks2_reencrypt.c:2715 +#: lib/luks2/luks2_reencrypt.c:3387 msgid "Failed to get reencryption state." msgstr "No se ha podido obtener el estado del recifrado." -#: lib/luks2/luks2_reencrypt.c:2719 +#: lib/luks2/luks2_reencrypt.c:3391 lib/luks2/luks2_reencrypt.c:3705 msgid "Device is not in reencryption." msgstr "El dispositivo no está en recifrado." -#: lib/luks2/luks2_reencrypt.c:2726 +#: lib/luks2/luks2_reencrypt.c:3398 lib/luks2/luks2_reencrypt.c:3712 msgid "Reencryption process is already running." msgstr "El proceso de recifrado ya está en marcha." -#: lib/luks2/luks2_reencrypt.c:2728 +#: lib/luks2/luks2_reencrypt.c:3400 lib/luks2/luks2_reencrypt.c:3714 msgid "Failed to acquire reencryption lock." msgstr "No se ha podido adquirir el bloqueo de recifrado." -#: lib/luks2/luks2_reencrypt.c:2746 +#: lib/luks2/luks2_reencrypt.c:3418 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "No se puede proceder con el recifrado. Ejecute primero la recuperación de recifrado." -#: lib/luks2/luks2_reencrypt.c:2860 +#: lib/luks2/luks2_reencrypt.c:3553 msgid "Active device size and requested reencryption size don't match." msgstr "El tamaño del dispositivo activo y el tamaño de recifrado solicitado no coinciden." -#: lib/luks2/luks2_reencrypt.c:2874 +#: lib/luks2/luks2_reencrypt.c:3567 msgid "Illegal device size requested in reencryption parameters." msgstr "El tamaño de dispositivo solicitado en los parámetros de recifrado no es válido." -#: lib/luks2/luks2_reencrypt.c:2944 +#: lib/luks2/luks2_reencrypt.c:3644 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Recifrado en proceso. No se puede llevar a cabo una recuperación." -#: lib/luks2/luks2_reencrypt.c:3016 +#: lib/luks2/luks2_reencrypt.c:3812 msgid "LUKS2 reencryption already initialized in metadata." msgstr "Recifrado LUKS2 ya inicializado en los metadatos." -#: lib/luks2/luks2_reencrypt.c:3023 +#: lib/luks2/luks2_reencrypt.c:3819 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "No se ha podido inicializar el recifrado LUKS2 en los metadatos." -#: lib/luks2/luks2_reencrypt.c:3114 +#: lib/luks2/luks2_reencrypt.c:3872 lib/luks2/luks2_reencrypt.c:3907 +msgid "Reencryption is not supported for DAX (persistent memory) devices." +msgstr "El recifrado no está disponible para dispositivo DAX (memoria persistente)." + +#: lib/luks2/luks2_reencrypt.c:3879 +msgid "Failed to read passphrase from keyring." +msgstr "No se ha podido leer la frase contraseña desde el llavero." + +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to set device segments for next reencryption hotzone." msgstr "No se han podido establecer los segmentos del dispositivo para la siguiente zona activa de recifrado." -#: lib/luks2/luks2_reencrypt.c:3156 +#: lib/luks2/luks2_reencrypt.c:3988 msgid "Failed to write reencryption resilience metadata." msgstr "No se han podido escribir los metadatos de resiliencia de recifrado." -#: lib/luks2/luks2_reencrypt.c:3163 +#: lib/luks2/luks2_reencrypt.c:3995 msgid "Decryption failed." msgstr "El descifrado ha fallado." -#: lib/luks2/luks2_reencrypt.c:3168 +#: lib/luks2/luks2_reencrypt.c:4000 #, c-format msgid "Failed to write hotzone area starting at %<PRIu64>." msgstr "No se ha podido escribir la zona activa que comienza en %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:3173 +#: lib/luks2/luks2_reencrypt.c:4005 msgid "Failed to sync data." msgstr "No se han podido sincronizar los datos." -#: lib/luks2/luks2_reencrypt.c:3181 +#: lib/luks2/luks2_reencrypt.c:4013 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "No se han podido actualizar los metadatos tras completar la zona activa de recifrado actual." -#: lib/luks2/luks2_reencrypt.c:3248 +#: lib/luks2/luks2_reencrypt.c:4102 msgid "Failed to write LUKS2 metadata." msgstr "No se han podido escribir los metadatos de LUKS2." -#: lib/luks2/luks2_reencrypt.c:3271 -msgid "Failed to wipe backup segment data." -msgstr "No se han podido limpiar los datos de segmentos de respaldo." +#: lib/luks2/luks2_reencrypt.c:4125 +msgid "Failed to wipe unused data device area." +msgstr "No se ha podido limpiar el área no utilizada del dispositivo de datos." + +#: lib/luks2/luks2_reencrypt.c:4131 +#, c-format +msgid "Failed to remove unused (unbound) keyslot %d." +msgstr "No se ha logrado borrar la ranura de claves (independiente) %d no utilizada." -#: lib/luks2/luks2_reencrypt.c:3284 -msgid "Failed to disable reencryption requirement flag." -msgstr "No se ha podido desactivar el indicador del requisito de descifrado." +#: lib/luks2/luks2_reencrypt.c:4141 +msgid "Failed to remove reencryption keyslot." +msgstr "No se ha podido borrar la ranura de claves de recifrado." -#: lib/luks2/luks2_reencrypt.c:3292 +#: lib/luks2/luks2_reencrypt.c:4151 #, c-format msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long." msgstr "Error fatal mientras se recifraba una porción que comienza en %<PRIu64>, de %<PRIu64> sectores de longitud." -#: lib/luks2/luks2_reencrypt.c:3296 +#: lib/luks2/luks2_reencrypt.c:4155 msgid "Online reencryption failed." msgstr "El recifrado «online» ha fallado." # No sé cómo traducir 'error target'. -#: lib/luks2/luks2_reencrypt.c:3301 +#: lib/luks2/luks2_reencrypt.c:4160 msgid "Do not resume the device unless replaced with error target manually." msgstr "No reanudar el dispositivo a menos que se reemplace con «error target» manualmente." -#: lib/luks2/luks2_reencrypt.c:3353 +#: lib/luks2/luks2_reencrypt.c:4212 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "No se puede proceder con el recifrado. Estado de recifrado inesperado." -#: lib/luks2/luks2_reencrypt.c:3359 +#: lib/luks2/luks2_reencrypt.c:4218 msgid "Missing or invalid reencrypt context." msgstr "Contexto de recifrado ausente o no válido." -#: lib/luks2/luks2_reencrypt.c:3366 +#: lib/luks2/luks2_reencrypt.c:4225 msgid "Failed to initialize reencryption device stack." msgstr "No se ha podido inicializar la pila del dispositivo de recifrado." -#: lib/luks2/luks2_reencrypt.c:3385 lib/luks2/luks2_reencrypt.c:3428 +#: lib/luks2/luks2_reencrypt.c:4247 lib/luks2/luks2_reencrypt.c:4284 msgid "Failed to update reencryption context." msgstr "No se ha podido actualizar el contexto de recifrado." -#: src/cryptsetup.c:108 -msgid "Can't do passphrase verification on non-tty inputs." -msgstr "No se puede hacer verificación de frase contraseña en entradas no tty." +#: lib/luks2/luks2_reencrypt_digest.c:405 +msgid "Reencryption metadata is invalid." +msgstr "Los metadatos de recifrado no son válidos." + +#: lib/luks2/hw_opal/hw_opal.c:335 +#, c-format +msgid "OPAL range %d offset %<PRIu64> does not match expected values %<PRIu64>." +msgstr "El rango OPAL %d desplazamiento %<PRIu64> no coincide con los valores esperados %<PRIu64>." + +#: lib/luks2/hw_opal/hw_opal.c:344 +#, c-format +msgid "OPAL range %d length %<PRIu64> does not match device length %<PRIu64>." +msgstr "El rango OPAL %d longitud %<PRIu64> no coincide con la longitud esperada %<PRIu64>." + +#: lib/luks2/hw_opal/hw_opal.c:351 +#, c-format +msgid "OPAL range %d locking is disabled." +msgstr "El bloqueo del rango OPAL %d está desactivado." -#: src/cryptsetup.c:171 +#: lib/luks2/hw_opal/hw_opal.c:361 lib/luks2/hw_opal/hw_opal.c:368 +#, c-format +msgid "Unexpected OPAL range %d lock state." +msgstr "Estado de bloqueo del rango OPAL %d inesperado." + +#: src/cryptsetup.c:85 msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Los parámetros de cifrado de ranura de claves solo pueden configurarse para dispositivos LUKS2." -#: src/cryptsetup.c:198 +#: src/cryptsetup.c:128 src/cryptsetup.c:2145 #, c-format -msgid "Enter token PIN:" -msgstr "Introduzca el PIN del «token»:" +msgid "Enter token PIN: " +msgstr "Introduzca el PIN del «token»: " -#: src/cryptsetup.c:200 +#: src/cryptsetup.c:130 src/cryptsetup.c:2147 #, c-format -msgid "Enter token %d PIN:" -msgstr "Introduzca el PIN del «token» %d:" +msgid "Enter token %d PIN: " +msgstr "Introduzca el PIN del «token» %d: " -#: src/cryptsetup.c:245 src/cryptsetup.c:1057 src/cryptsetup.c:1401 -#: src/cryptsetup.c:3288 src/cryptsetup_reencrypt.c:700 -#: src/cryptsetup_reencrypt.c:770 +#: src/cryptsetup.c:188 src/cryptsetup.c:1174 src/cryptsetup.c:1515 +#: src/utils_reencrypt.c:1137 src/utils_reencrypt_luks1.c:517 +#: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "No se ha detectado ningún patrón conocido de especificación de cifrado." -#: src/cryptsetup.c:253 +#: src/cryptsetup.c:198 +#, c-format +msgid "WARNING: Using default options for cipher (%s-%s, key size %u bits) that could be incompatible with older versions." +msgstr "ATENCIÓN: Se están utilizando opciones predeterminadas de cifrado (%s-%s, tamaño de clave %u bits) que podrÃan ser incompatibles con versiones anteriores." + +#: src/cryptsetup.c:203 +#, c-format +msgid "WARNING: Using default options for hash (%s) that could be incompatible with older versions." +msgstr "ATENCIÓN: Se están utilizando opciones predeterminadas de «hash» (%s) que podrÃan ser incompatibles con versiones anteriores." + +#: src/cryptsetup.c:207 +msgid "For plain mode, always use options --cipher, --key-size and if no keyfile is used, then also --hash." +msgstr "Para modo sin cifrado, utlice siempre las opciones --cipher, --key-size y, si no se utiliza fichero de claves, también --hash." + +#: src/cryptsetup.c:213 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" -msgstr "ATENCIÓN: No se va a hacer caso del parámetro --hash en modo no cifrado con el fichero de claves especificado.\n" +msgstr "ATENCIÓN: No se va a hacer caso del parámetro --hash en modo sin cifrado con el fichero de claves especificado.\n" -#: src/cryptsetup.c:261 +#: src/cryptsetup.c:221 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" msgstr "ATENCIÓN: No se va a hacer caso de la opción --keyfile-size; el tamaño de lectura es igual al tamaño de la clave de cifrado.\n" -#: src/cryptsetup.c:301 +#: src/cryptsetup.c:258 src/cryptsetup.c:1360 src/cryptsetup.c:1558 +#: src/integritysetup.c:197 src/utils_reencrypt.c:1346 +#, c-format +msgid "Blkid scan failed for %s." +msgstr "La exploración de Blkid ha fallado para %s." + +#: src/cryptsetup.c:264 #, c-format msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Se ha(n) detectado firma(s) de dispositivo en %s. Si se prosigue, pueden dañarse los datos existentes." -#: src/cryptsetup.c:307 src/cryptsetup.c:1197 src/cryptsetup.c:1253 -#: src/cryptsetup.c:1378 src/cryptsetup.c:1451 src/cryptsetup.c:2099 -#: src/cryptsetup.c:2805 src/cryptsetup.c:2927 src/integritysetup.c:176 +#: src/cryptsetup.c:270 src/cryptsetup.c:1248 src/cryptsetup.c:1296 +#: src/cryptsetup.c:1367 src/cryptsetup.c:1492 src/cryptsetup.c:1570 +#: src/cryptsetup.c:2525 src/cryptsetup.c:2952 src/integritysetup.c:187 +#: src/utils_reencrypt.c:138 src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:764 msgid "Operation aborted.\n" msgstr "Operación abortada.\n" -#: src/cryptsetup.c:375 +#: src/cryptsetup.c:343 msgid "Option --key-file is required." msgstr "Es necesaria la opción --key-file." -#: src/cryptsetup.c:426 +#: src/cryptsetup.c:394 msgid "Enter VeraCrypt PIM: " msgstr "Introduzca PIM de VeraCrypt: " -#: src/cryptsetup.c:435 +#: src/cryptsetup.c:403 msgid "Invalid PIM value: parse error." msgstr "Valor de PIM no válido: error de análisis." -#: src/cryptsetup.c:438 +#: src/cryptsetup.c:406 msgid "Invalid PIM value: 0." msgstr "Valor de PIM no válido: 0." -#: src/cryptsetup.c:441 +#: src/cryptsetup.c:409 msgid "Invalid PIM value: outside of range." msgstr "Valor de PIM no válido: fuera de rango." -#: src/cryptsetup.c:464 +#: src/cryptsetup.c:432 msgid "No device header detected with this passphrase." msgstr "No se ha detectado ninguna cabecera de dispositivo con esa frase contraseña." -#: src/cryptsetup.c:537 +#: src/cryptsetup.c:505 src/cryptsetup.c:681 #, c-format msgid "Device %s is not a valid BITLK device." msgstr "El dispositivo %s no es un dispositivo BITLK válido." -#: src/cryptsetup.c:545 +#: src/cryptsetup.c:513 msgid "Cannot determine volume key size for BITLK, please use --key-size option." msgstr "No se puede determinar el tamaño de la clave del volumen para BITLK; utilice la opción --key-size." -#: src/cryptsetup.c:588 +#: src/cryptsetup.c:555 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" @@ -1888,7 +2205,7 @@ msgstr "" "sensible que permite el acceso a una partición cifrada sin frase contraseña.\n" "Este volcado deberÃa almacenarse siempre cifrado en un lugar seguro." -#: src/cryptsetup.c:661 src/cryptsetup.c:2125 +#: src/cryptsetup.c:622 src/cryptsetup.c:703 src/cryptsetup.c:2550 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1898,88 +2215,120 @@ msgstr "" "sensible que permite el acceso a una partición cifrada sin frase contraseña.\n" "Este volcado deberÃa almacenarse cifrado en un lugar seguro." -#: src/cryptsetup.c:756 src/veritysetup.c:318 src/integritysetup.c:313 +#: src/cryptsetup.c:758 src/cryptsetup.c:788 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "El dispositivo %s no es un dispositivo FVAULT2 válido." + +#: src/cryptsetup.c:796 +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "No se puede determinar el tamaño de la clave del volumen para FVAULT2; utilice la opción --key-size." + +#: src/cryptsetup.c:850 src/veritysetup.c:323 src/integritysetup.c:409 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "El dispositivo %s todavÃa está activo y programado para borrado diferido.\n" -#: src/cryptsetup.c:790 +#: src/cryptsetup.c:884 src/cryptsetup.c:1824 src/cryptsetup.c:2080 +#: src/cryptsetup.c:2234 src/cryptsetup.c:2681 src/cryptsetup.c:2763 +#: src/cryptsetup.c:3290 +#, c-format +msgid "Failed to set external tokens path %s." +msgstr "No se ha podido establecer la ruta de «tokens» externa %s." + +#: src/cryptsetup.c:893 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "El cambio de tamaño del dispositivo activo requiere clave de volumen en el llavero pero la opción --disable-keyring está puesta." -#: src/cryptsetup.c:936 +#: src/cryptsetup.c:1053 msgid "Benchmark interrupted." msgstr "Comparativa interrumpida." -#: src/cryptsetup.c:957 +#: src/cryptsetup.c:1074 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s N/A\n" -#: src/cryptsetup.c:959 +#: src/cryptsetup.c:1076 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u iteraciones por segundo para clave de %zu bits\n" -#: src/cryptsetup.c:973 +#: src/cryptsetup.c:1090 #, c-format msgid "%-10s N/A\n" msgstr "%-10s N/A\n" -#: src/cryptsetup.c:975 +#: src/cryptsetup.c:1092 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u iteraciones, %5u memora, %1u hilos paralelos (CPUs) para clave de %zu bits (tiempo solicitado %u ms)\n" -#: src/cryptsetup.c:999 +#: src/cryptsetup.c:1116 msgid "Result of benchmark is not reliable." msgstr "El resultado de la comparativa no es fiable." -#: src/cryptsetup.c:1049 +#: src/cryptsetup.c:1166 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Las pruebas son solo aproximadas usando memoria (no hay entrada/salida de almacenadmiento).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1069 +#: src/cryptsetup.c:1186 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Algoritmo | Clave | Cifrado | Descifrado\n" -#: src/cryptsetup.c:1073 +#: src/cryptsetup.c:1190 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "El algoritmo de cifrado %s (con clave de %i bits) no está disponible." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1092 +#: src/cryptsetup.c:1209 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algoritmo | Clave | Cifrado | Descifrado\n" -#: src/cryptsetup.c:1103 +#: src/cryptsetup.c:1220 msgid "N/A" msgstr "/N/A" -#: src/cryptsetup.c:1190 +#: src/cryptsetup.c:1245 msgid "" -"Seems device does not require reencryption recovery.\n" -"Do you want to proceed anyway?" +"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" +"and continue (upgrade metadata) only if you acknowledge the operation as genuine." msgstr "" -"Parece que el dispositivo no necesita recuperación del recifrado.\n" -"¿Desea continuar de todos modos?" +"Se han detectado metadatos de recifrado LUKS2 no protegidos. Verifique que la operación de recifrado es deseable (consulte\n" +"la salida de luksDump) y continúe (actualización de los metadatos) únicamente si reconoce la operación como auténtica." + +#: src/cryptsetup.c:1251 +msgid "Enter passphrase to protect and upgrade reencryption metadata: " +msgstr "Introduzca la frase contraseña para proteger y actualizar los metadatos del recifrado: " -#: src/cryptsetup.c:1196 +#: src/cryptsetup.c:1295 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "¿Está seguro de proceder con la recuperación del recifrado LUKS2?" -#: src/cryptsetup.c:1204 +#: src/cryptsetup.c:1304 +msgid "Enter passphrase to verify reencryption metadata digest: " +msgstr "Introduzca la frase contraseña para verificar el resumen de los metadatos del recifrado: " + +#: src/cryptsetup.c:1306 msgid "Enter passphrase for reencryption recovery: " msgstr "Introduzca la frase contraseña para la recuperación del recifrado: " -#: src/cryptsetup.c:1252 +#: src/cryptsetup.c:1366 msgid "Really try to repair LUKS device header?" msgstr "¿Está seguro de que quiere intentar reparar la cabecera del dispositivo LUKS?" -#: src/cryptsetup.c:1277 src/integritysetup.c:90 +#: src/cryptsetup.c:1390 src/integritysetup.c:89 src/integritysetup.c:247 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Limpieza interrumpida." + +#: src/cryptsetup.c:1395 src/integritysetup.c:94 src/integritysetup.c:284 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -1987,113 +2336,144 @@ msgstr "" "Limpieza de dispositivo para inicializar la suma de comprobación de integridad.\n" "Puede interrumpirse pulsando CTRL+c (el resto de dispositivo no limpiado contendrá sumas de comprobación no válidas.\n" -#: src/cryptsetup.c:1299 src/integritysetup.c:112 +#: src/cryptsetup.c:1417 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "No se puede desactivar el dispositivo temporal %s." -#: src/cryptsetup.c:1363 +#: src/cryptsetup.c:1472 msgid "Integrity option can be used only for LUKS2 format." msgstr "La opción de integridad solo puede utilizarse para formato LUKS2." -#: src/cryptsetup.c:1368 src/cryptsetup.c:1428 +#: src/cryptsetup.c:1477 src/cryptsetup.c:1542 msgid "Unsupported LUKS2 metadata size options." msgstr "Opciones de tamaño de metadatos LUKS2 no admitidas." -#: src/cryptsetup.c:1377 +#: src/cryptsetup.c:1482 +msgid "OPAL is supported only for LUKS2 format." +msgstr "OPAL solo está disponible para formato LUKS2." + +#: src/cryptsetup.c:1491 msgid "Header file does not exist, do you want to create it?" msgstr "No existe el fichero de cabecera; ¿desea crearlo?" -#: src/cryptsetup.c:1385 +#: src/cryptsetup.c:1499 #, c-format msgid "Cannot create header file %s." msgstr "No se puede crear el fichero de cabecera %s." -#: src/cryptsetup.c:1408 src/integritysetup.c:138 src/integritysetup.c:146 -#: src/integritysetup.c:155 src/integritysetup.c:230 src/integritysetup.c:238 -#: src/integritysetup.c:248 +#: src/cryptsetup.c:1522 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:324 src/integritysetup.c:332 +#: src/integritysetup.c:342 msgid "No known integrity specification pattern detected." msgstr "No se ha detectado ningún patrón conocido de especificación de integridad." -#: src/cryptsetup.c:1421 +#: src/cryptsetup.c:1535 #, c-format msgid "Cannot use %s as on-disk header." msgstr "No se puede utilizar %s como cabecera en disco." -#: src/cryptsetup.c:1445 src/integritysetup.c:170 +#: src/cryptsetup.c:1564 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Esto sobreescribirá los datos en %s de forma irrevocable." -#: src/cryptsetup.c:1478 src/cryptsetup.c:1814 src/cryptsetup.c:1879 -#: src/cryptsetup.c:1981 src/cryptsetup.c:2047 src/cryptsetup_reencrypt.c:530 +#: src/cryptsetup.c:1601 +msgid "OPAL Admin password cannot be empty." +msgstr "La contraseña de administrador de OPAL no puede estar vacÃa." + +#: src/cryptsetup.c:1615 src/cryptsetup.c:2097 src/cryptsetup.c:2247 +#: src/cryptsetup.c:2407 src/cryptsetup.c:2473 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "No se han podido establecer los parámetros pbkdf." -#: src/cryptsetup.c:1563 +#: src/cryptsetup.c:1745 +msgid "Type specification in --link-vk-to-keyring keyring specification is ignored." +msgstr "La especificación del tipo en la especificación de llavero de --link-vk-to-keyring se ignorará." + +#: src/cryptsetup.c:1765 +msgid "Invalid --link-vk-to-keyring value." +msgstr "Valor de --link-vk-to-keyring no válido." + +#: src/cryptsetup.c:1805 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "La posición de datos reducida está permitida solamente para cabecera LUKS separada." -#: src/cryptsetup.c:1574 src/cryptsetup.c:1885 +#: src/cryptsetup.c:1812 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "El contenedor de ficheros LUKS %s is demasiado pequeño para activarlo; no queda espacio para los datos." + +#: src/cryptsetup.c:1839 src/cryptsetup.c:2253 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "No se puede determinar el tamaño de la clave del volumen para LUKS2 sin ranuras de claves; utilice la opción --key-size." -#: src/cryptsetup.c:1619 +#: src/cryptsetup.c:1890 msgid "Device activated but cannot make flags persistent." msgstr "Dispositivo activado pero los indicadores no pueden hacerse persistentes." -#: src/cryptsetup.c:1698 src/cryptsetup.c:1766 +#: src/cryptsetup.c:1972 src/cryptsetup.c:2040 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "La ranura de claves %d se va a borrar." -#: src/cryptsetup.c:1710 src/cryptsetup.c:1770 +#: src/cryptsetup.c:1984 src/cryptsetup.c:2044 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Esta es la última ranura de claves. El dispositivo quedará inutilizado después de purgar esta clave." -#: src/cryptsetup.c:1711 +#: src/cryptsetup.c:1985 msgid "Enter any remaining passphrase: " msgstr "Introduzca cualquier frase contraseña que quede: " -#: src/cryptsetup.c:1712 src/cryptsetup.c:1772 +#: src/cryptsetup.c:1986 src/cryptsetup.c:2046 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Operación abortada; la ranura de claves NO estaba limpia.\n" -#: src/cryptsetup.c:1748 +#: src/cryptsetup.c:2022 msgid "Enter passphrase to be deleted: " msgstr "Introduzca la frase contraseña que hay que borrar: " -#: src/cryptsetup.c:1828 src/cryptsetup.c:1900 src/cryptsetup.c:1934 +#: src/cryptsetup.c:2072 src/cryptsetup.c:2456 src/cryptsetup.c:3114 +#: src/cryptsetup.c:3281 +#, c-format +msgid "Device %s is not a valid LUKS2 device." +msgstr "El dispositivo %s no es un dispositivo LUKS2 válido." + +#: src/cryptsetup.c:2111 src/cryptsetup.c:2330 msgid "Enter new passphrase for key slot: " msgstr "Introduzca una nueva frase contraseña para la ranura de claves: " -#: src/cryptsetup.c:1917 src/cryptsetup_reencrypt.c:1328 +#: src/cryptsetup.c:2213 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "ATENCIÓN: Se utiliza el parámetro --key-slot para el número de una ranura de claves nueva.\n" + +#: src/cryptsetup.c:2286 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Introduzca cualquier frase contraseña que exista: " -#: src/cryptsetup.c:1985 +#: src/cryptsetup.c:2411 msgid "Enter passphrase to be changed: " msgstr "Introduzca la frase contraseña que hay que cambiar: " -#: src/cryptsetup.c:2001 src/cryptsetup_reencrypt.c:1314 +#: src/cryptsetup.c:2427 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Introduzca una nueva frase contraseña: " -#: src/cryptsetup.c:2051 +#: src/cryptsetup.c:2477 msgid "Enter passphrase for keyslot to be converted: " msgstr "Introduzca la frase contraseña para la ranura de claves que se va a convertir: " -#: src/cryptsetup.c:2075 +#: src/cryptsetup.c:2501 msgid "Only one device argument for isLuks operation is supported." msgstr "La operación isLuks solo admite un argumento de dispositivo." -#: src/cryptsetup.c:2190 +#: src/cryptsetup.c:2609 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "La ranura de claves %d no contiene clave independiente." -#: src/cryptsetup.c:2195 +#: src/cryptsetup.c:2614 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2101,40 +2481,52 @@ msgstr "" "El volcado de la cabecera con clave independiente del volumen es información\n" "sensible. Este volcado deberÃa almacenarse cifrado en un lugar seguro." -#: src/cryptsetup.c:2286 src/cryptsetup.c:2314 +#: src/cryptsetup.c:2709 src/cryptsetup.c:2746 #, c-format msgid "%s is not active %s device name." msgstr "%s no es un nombre de dispositivo %s activo." -#: src/cryptsetup.c:2309 +#: src/cryptsetup.c:2741 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s no es un nombre de dispositivo LUKS activo o falta la cabecera." -#: src/cryptsetup.c:2347 src/cryptsetup.c:2366 +#: src/cryptsetup.c:2819 src/cryptsetup.c:2838 msgid "Option --header-backup-file is required." msgstr "Es necesaria la opción --header-backup-file." -#: src/cryptsetup.c:2397 +#: src/cryptsetup.c:2869 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s no es un dispositivo gestionable por cryptsetup." -#: src/cryptsetup.c:2408 +#: src/cryptsetup.c:2880 #, c-format msgid "Refresh is not supported for device type %s" msgstr "El refresco no está disponible para el tipo de dispositivo %s" -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2930 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Tipo de dispositivo de metadatos %s no reconocido." -#: src/cryptsetup.c:2456 +#: src/cryptsetup.c:2932 msgid "Command requires device and mapped name as arguments." msgstr "Esta orden necesita como argumentos el dispositivo y el nombre asociado." -#: src/cryptsetup.c:2477 +#: src/cryptsetup.c:2942 +msgid "Enter OPAL PSID: " +msgstr "Introduzca el PSID de OPAL: " + +#: src/cryptsetup.c:2942 +msgid "Enter OPAL Admin password: " +msgstr "Introduzca la contraseña de administrador de OPAL: " + +#: src/cryptsetup.c:2951 +msgid "WARNING: WHOLE disk will be factory reset and all data will be lost! Continue?" +msgstr "ATENCIÓN: ¡El disco ENTERO será restituido a la configuración de fábrica y todos los datos se perderán! ¿Continuar?" + +#: src/cryptsetup.c:2994 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2143,336 +2535,351 @@ msgstr "" "Esta operación borrará todas las ranuras de claves en el dispositivo %s.\n" "El dispositivo quedará inutilizable después de esta operación." -#: src/cryptsetup.c:2484 +#: src/cryptsetup.c:3001 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Operación abortada; las ranuras de claves NO estaban limpias.\n" -#: src/cryptsetup.c:2523 +#: src/cryptsetup.c:3040 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Tipo LUKS no válido; solo se admiten luks1 y luks2." -#: src/cryptsetup.c:2539 +#: src/cryptsetup.c:3056 #, c-format msgid "Device is already %s type." msgstr "El dispositivo ya es de tipo %s." -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:3063 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Esta operación convertirá el formato %s a %s.\n" -#: src/cryptsetup.c:2549 +#: src/cryptsetup.c:3066 msgid "Operation aborted, device was NOT converted.\n" msgstr "Operación abortada; el dispositivo NO estaba convertido.\n" -#: src/cryptsetup.c:2589 +#: src/cryptsetup.c:3106 msgid "Option --priority, --label or --subsystem is missing." msgstr "Falta la opción --priority, --label o --subsystem." -#: src/cryptsetup.c:2623 src/cryptsetup.c:2660 src/cryptsetup.c:2680 +#: src/cryptsetup.c:3140 src/cryptsetup.c:3180 src/cryptsetup.c:3200 #, c-format msgid "Token %d is invalid." msgstr "El «token» %d no es válido." -#: src/cryptsetup.c:2626 src/cryptsetup.c:2683 +#: src/cryptsetup.c:3143 src/cryptsetup.c:3203 #, c-format msgid "Token %d in use." msgstr "El «token» %d está en uso." -#: src/cryptsetup.c:2638 +#: src/cryptsetup.c:3155 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "No se ha podido añadir el «token» %d al llavero luks." -#: src/cryptsetup.c:2646 src/cryptsetup.c:2709 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3229 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "No se ha logrado asignar el «token» %d a la ranura de claves %d." -#: src/cryptsetup.c:2663 +#: src/cryptsetup.c:3183 #, c-format msgid "Token %d is not in use." msgstr "El «token» %d no está en uso." -#: src/cryptsetup.c:2700 +#: src/cryptsetup.c:3220 msgid "Failed to import token from file." msgstr "No se ha podido importar el «token» del fichero." -#: src/cryptsetup.c:2725 +#: src/cryptsetup.c:3245 #, c-format msgid "Failed to get token %d for export." msgstr "No se ha logrado obtener el «token» %d para exportar." -#: src/cryptsetup.c:2789 +#: src/cryptsetup.c:3258 #, c-format -msgid "Auto-detected active dm device '%s' for data device %s.\n" -msgstr "Se ha detectado automáticamente el dispositivo dm activo '%s' para el dispositivo de datos %s.\n" +msgid "Token %d is not assigned to keyslot %d." +msgstr "El «token» %d no se ha asignado a la ranura de claves %d." -#: src/cryptsetup.c:2793 +#: src/cryptsetup.c:3260 src/cryptsetup.c:3267 #, c-format -msgid "Device %s is not a block device.\n" -msgstr "El dispositivo %s no es un dispositivo de bloques.\n" +msgid "Failed to unassign token %d from keyslot %d." +msgstr "No se ha logrado desasignar el «token» %d de la ranura de claves %d." -#: src/cryptsetup.c:2795 -#, c-format -msgid "Failed to auto-detect device %s holders." -msgstr "No se han podido detectar automáticamente los propietarios del dispositivo %s." +#: src/cryptsetup.c:3326 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "La opción --tcrypt-hidden o --tcrypt-system o --tcrypt-backup solo está disponible para dispositivos TCRYPT." -#: src/cryptsetup.c:2799 -#, c-format -msgid "" -"Unable to decide if device %s is activated or not.\n" -"Are you sure you want to proceed with reencryption in offline mode?\n" -"It may lead to data corruption if the device is actually activated.\n" -"To run reencryption in online mode, use --active-name parameter instead.\n" -msgstr "" -"Imposible decidir si el dispositivo %s está activado o no.\n" -"¿Está seguro de que desea proceder con el recifrado en modo «offline»?\n" -"Puede provocarse corrupción de datos si el dispositivo está realmente\n" -"activado. Para realizar recifrado en modo «online», utilice en su lugar\n" -"el parámetro --active-name.\n" +#: src/cryptsetup.c:3329 +msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." +msgstr "Las opciones --veracrypt y --disable-veracrypt solo están disponibles para dispositivos de tipo TCRYPT." -#: src/cryptsetup.c:2881 -msgid "Encryption is supported only for LUKS2 format." -msgstr "El cifrado solo puede hacerse con formato LUKS2." +#: src/cryptsetup.c:3332 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "La opción --veracrypt-pim solo está disponible para dispositivos compatibles con VeraCrypt." -#: src/cryptsetup.c:2886 -msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." -msgstr "El cifrado sin cabecera separada (--header) no es posible sin reducción del tamaño del dispositivo de datos (--reduce-device-size)." +#: src/cryptsetup.c:3336 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "La opción --veracrypt-query-pim solo está disponible para dispositivos compatibles con VeraCrypt." -#: src/cryptsetup.c:2891 -msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." -msgstr "El desplazamiento de datos solicitado debe ser menor o igual que la mitad del parámetro --reduce-device-size." +#: src/cryptsetup.c:3338 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Las opciones --veracrypt-pim y --veracrypt-query-pim son mutuamente excluyentes." -#: src/cryptsetup.c:2900 -#, c-format -msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n" -msgstr "Ajustando el valor de --reduce-device-size al doble de --offset %<PRIu64> (sectores).\n" +#: src/cryptsetup.c:3347 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "La opción --persistent no se permite con --test-passphrase." -#: src/cryptsetup.c:2923 -#, c-format -msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" -msgstr "Se ha detectado un dispositivo LUKS en %s. ¿Desea cifrar de nuevo ese dispositivo LUKS?" +#: src/cryptsetup.c:3350 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Las opciones --refresh y --test-passphrase son mutuamente excluyentes." -#: src/cryptsetup.c:2941 -#, c-format -msgid "Temporary header file %s already exists. Aborting." -msgstr "El fichero de cabecera temporal %s ya existe. Se aborta." +#: src/cryptsetup.c:3353 +msgid "Option --shared is allowed only for open of plain device." +msgstr "La opción --shared solo se permite para abrir dispositivos no cifrados." -#: src/cryptsetup.c:2943 src/cryptsetup.c:2950 -#, c-format -msgid "Cannot create temporary header file %s." -msgstr "No se puede crear el fichero de cabecera temporal %s." +#: src/cryptsetup.c:3356 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "La opción --skip solo está disponible para abrir dispositivos no cifrados y «loopaes»." -#: src/cryptsetup.c:2975 -msgid "LUKS2 metadata size is larger than data shift value." -msgstr "El tamaño de los metadatos LUKS2 es mayor que el valor del desplazamiento de los datos." +#: src/cryptsetup.c:3359 +msgid "Option --offset with open action is only supported for plain and loopaes devices." +msgstr "La opción --offset con acción de apertura solo está disponible para abrir dispositivos no cifrados y «loopaes»." -#: src/cryptsetup.c:3007 -#, c-format -msgid "Failed to place new header at head of device %s." -msgstr "No se ha podido colocar la nueva cabecera en la cabeza del dispositivo %s." +#: src/cryptsetup.c:3362 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "La opción --tcrypt-hidden no puede combinarse con --allow-discards." -#: src/cryptsetup.c:3018 -#, c-format -msgid "%s/%s is now active and ready for online encryption.\n" -msgstr "%s/%s ahora está activo y preparado para cifrado «online».\n" +#: src/cryptsetup.c:3366 +msgid "Sector size option with open action is supported only for plain devices." +msgstr "La opción de tamaño de sector con acción de apertura solamente está disponible para dispositivos no cifrados." -#: src/cryptsetup.c:3055 -msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." -msgstr "El descifrado LUKS2 solo admite dispositivo con cabecera separada (con desplazamiento de datos puesto a 0)." +#: src/cryptsetup.c:3370 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "La opción de sectores IV grandes solo se admite para abrir dispositivo de tipo plano con tamaño de sector mayor de 512 bytes." -#: src/cryptsetup.c:3189 src/cryptsetup.c:3195 -msgid "Not enough free keyslots for reencryption." -msgstr "No hay suficientes ranuras de claves para el recifrado." +#: src/cryptsetup.c:3375 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "La opción --test-passphrase solo se permite para abrir dispositivos LUKS, TCRYPT, BITLK y FVAULT2." -#: src/cryptsetup.c:3215 src/cryptsetup_reencrypt.c:1279 -msgid "Key file can be used only with --key-slot or with exactly one key slot active." -msgstr "El fichero de claves solo puede usarse con --key-slot o con una sola ranura de claves activa exactamente." +#: src/cryptsetup.c:3378 src/cryptsetup.c:3401 +msgid "Options --device-size and --size cannot be combined." +msgstr "Las opciones --device-size y --size no pueden combinarse." -#: src/cryptsetup.c:3224 src/cryptsetup_reencrypt.c:1326 -#: src/cryptsetup_reencrypt.c:1337 -#, c-format -msgid "Enter passphrase for key slot %d: " -msgstr "Introduzca la frase contraseña para la ranura de claves %d: " +#: src/cryptsetup.c:3381 +msgid "Option --unbound is allowed only for open of luks device." +msgstr "La opción --unbound solo se permite para abrir dispositivos luks." -#: src/cryptsetup.c:3233 -#, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Introduzca la frase contraseña para la ranura de claves %u: " +#: src/cryptsetup.c:3384 +msgid "Option --unbound cannot be used without --test-passphrase." +msgstr "La opción --unbound no se puede utilizar sin --test-passphrase." -#: src/cryptsetup.c:3278 -#, c-format -msgid "Switching data encryption cipher to %s.\n" -msgstr "Cambiando el algoritmo de cifrado de datos a %s.\n" +#: src/cryptsetup.c:3393 src/veritysetup.c:671 src/integritysetup.c:767 +msgid "Options --cancel-deferred and --deferred cannot be used at the same time." +msgstr "Las opciones --cancel-deferred y --deferred no pueden utilizarse a la vez." + +#: src/cryptsetup.c:3409 +msgid "Options --reduce-device-size and --device-size cannot be combined." +msgstr "Las opciones --reduce-device-size y --device-size no pueden combinarse." + +#: src/cryptsetup.c:3412 +msgid "Option --active-name can be set only for LUKS2 device." +msgstr "La opción --active-name solo puede utilizarse para dispositivos LUKS2." #: src/cryptsetup.c:3415 -msgid "Command requires device as argument." -msgstr "Esta orden necesita un dispositivo como argumento." +msgid "Options --active-name and --force-offline-reencrypt cannot be combined." +msgstr "Las opciones --active-name y --force-offline-reencrypt no pueden combinarse." + +#: src/cryptsetup.c:3423 src/cryptsetup.c:3453 +msgid "Keyslot specification is required." +msgstr "Se requiere especificación de ranura de claves." + +#: src/cryptsetup.c:3431 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Las opciones --align-payload y --offset no pueden combinarse." + +#: src/cryptsetup.c:3434 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "La opción --integrity-no-wipe solo puede usarse para la acción de formato con extensión de integridad." #: src/cryptsetup.c:3437 -msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." -msgstr "Actualmente solo se admite el formato LUKS2. Utilice la herramienta cryptsetup-reencrypt para LUKS1." +msgid "Only one of --use-[u]random options is allowed." +msgstr "Solo se permite una de las opciones --use-[u]random." -#: src/cryptsetup.c:3449 -msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." -msgstr "Ya hay un recifrado «offline» heredado en proceso. Utilice la utilidad cryptsetup-reencrypt." +#: src/cryptsetup.c:3445 +msgid "Key size is required with --unbound option." +msgstr "El tamaño de la clave es requerido con la opción --unbound." -#: src/cryptsetup.c:3459 src/cryptsetup_reencrypt.c:155 -msgid "Reencryption of device with integrity profile is not supported." -msgstr "El recifrado de dispositivo con perfil de integridad no está admitido." +#: src/cryptsetup.c:3465 +msgid "Invalid token action." +msgstr "Acción de «token» no válida." -#: src/cryptsetup.c:3467 -msgid "LUKS2 reencryption already initialized. Aborting operation." -msgstr "El recifrado LUKS2 ya está inicializado. Se aborta la operación." +#: src/cryptsetup.c:3468 +msgid "--key-description parameter is mandatory for token add action." +msgstr "El parámetro --key-description es obligatorio para la acción de añadir «token»." + +#: src/cryptsetup.c:3472 src/cryptsetup.c:3485 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "La acción requiere un «token» especÃfico. Utilice el parámetro --token-id." + +#: src/cryptsetup.c:3476 +msgid "Option --unbound is valid only with token add action." +msgstr "La opción --unbound solo es válida con la acción de añadir «token»." -#: src/cryptsetup.c:3471 -msgid "LUKS2 device is not in reencryption." -msgstr "El dispositivo LUKS2 no está en recifrado." +#: src/cryptsetup.c:3478 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "Las opciones --key-slot y --unbound no pueden combinarse." -#: src/cryptsetup.c:3498 +#: src/cryptsetup.c:3483 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "La acción requiere una ranura de claves especÃfica. Utilice el parámetro --key-slot." + +#: src/cryptsetup.c:3499 msgid "<device> [--type <type>] [<name>]" msgstr "<dispositivo> [--type <tipo> [<nombre>]" -#: src/cryptsetup.c:3498 src/veritysetup.c:480 src/integritysetup.c:446 +#: src/cryptsetup.c:3499 src/veritysetup.c:491 src/integritysetup.c:544 msgid "open device as <name>" msgstr "abrir el dispositivo como <nombre>" -#: src/cryptsetup.c:3499 src/cryptsetup.c:3500 src/cryptsetup.c:3501 -#: src/veritysetup.c:481 src/veritysetup.c:482 src/integritysetup.c:447 -#: src/integritysetup.c:448 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3501 src/cryptsetup.c:3502 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:545 +#: src/integritysetup.c:546 src/integritysetup.c:548 msgid "<name>" msgstr "<nombre>" -#: src/cryptsetup.c:3499 src/veritysetup.c:481 src/integritysetup.c:447 +#: src/cryptsetup.c:3500 src/veritysetup.c:492 src/integritysetup.c:545 msgid "close device (remove mapping)" msgstr "cerrar dispositivo (eliminar asociación)" -#: src/cryptsetup.c:3500 +#: src/cryptsetup.c:3501 src/integritysetup.c:548 msgid "resize active device" msgstr "cambiar el tamaño del dispositivo activo" -#: src/cryptsetup.c:3501 +#: src/cryptsetup.c:3502 msgid "show device status" msgstr "mostrar el estado del dispositivo" -#: src/cryptsetup.c:3502 +#: src/cryptsetup.c:3503 msgid "[--cipher <cipher>]" msgstr "[--cypher <algoritmo_de_cifrador>]" -#: src/cryptsetup.c:3502 +#: src/cryptsetup.c:3503 msgid "benchmark cipher" msgstr "algoritmo de cifrado para pruebas" -#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505 -#: src/cryptsetup.c:3506 src/cryptsetup.c:3507 src/cryptsetup.c:3514 -#: src/cryptsetup.c:3515 src/cryptsetup.c:3516 src/cryptsetup.c:3517 -#: src/cryptsetup.c:3518 src/cryptsetup.c:3519 src/cryptsetup.c:3520 -#: src/cryptsetup.c:3521 src/cryptsetup.c:3522 +#: src/cryptsetup.c:3504 src/cryptsetup.c:3505 src/cryptsetup.c:3506 +#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3515 +#: src/cryptsetup.c:3516 src/cryptsetup.c:3517 src/cryptsetup.c:3518 +#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521 +#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524 msgid "<device>" msgstr "<dispositivo>" -#: src/cryptsetup.c:3503 +#: src/cryptsetup.c:3504 msgid "try to repair on-disk metadata" msgstr "intentar reparar metadatos en disco" -#: src/cryptsetup.c:3504 +#: src/cryptsetup.c:3505 msgid "reencrypt LUKS2 device" msgstr "recifrar dispositivo LUKS2" -#: src/cryptsetup.c:3505 +#: src/cryptsetup.c:3506 msgid "erase all keyslots (remove encryption key)" msgstr "borrar todas las ranuras de claves (eliminar clave de cifrado)" -#: src/cryptsetup.c:3506 +#: src/cryptsetup.c:3507 msgid "convert LUKS from/to LUKS2 format" msgstr "convertir formato LUKS de/en LUKS2" -#: src/cryptsetup.c:3507 +#: src/cryptsetup.c:3508 msgid "set permanent configuration options for LUKS2" msgstr "establecer opciones de configuración permanentes para LUKS2" -#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 +#: src/cryptsetup.c:3509 src/cryptsetup.c:3510 msgid "<device> [<new key file>]" msgstr "<dispositivo> [<nuevo fichero de claves>]" -#: src/cryptsetup.c:3508 +#: src/cryptsetup.c:3509 msgid "formats a LUKS device" msgstr "da formato a un dispositivo LUKS" -#: src/cryptsetup.c:3509 +#: src/cryptsetup.c:3510 msgid "add key to LUKS device" msgstr "añadir clave a un dispositivo LUKS" -#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3512 +#: src/cryptsetup.c:3511 src/cryptsetup.c:3512 src/cryptsetup.c:3513 msgid "<device> [<key file>]" msgstr "<dispositivo> [<fichero de claves>]" -#: src/cryptsetup.c:3510 +#: src/cryptsetup.c:3511 msgid "removes supplied key or key file from LUKS device" msgstr "elimina la clave suministrada o el fichero de claves del dispositivo LUKS" -#: src/cryptsetup.c:3511 +#: src/cryptsetup.c:3512 msgid "changes supplied key or key file of LUKS device" msgstr "cambia la clave suministrada o el fichero de claves del dispositivo LUKS" -#: src/cryptsetup.c:3512 +#: src/cryptsetup.c:3513 msgid "converts a key to new pbkdf parameters" msgstr "convierte una clave a los nuevos parámetros pbkdf" -#: src/cryptsetup.c:3513 +#: src/cryptsetup.c:3514 msgid "<device> <key slot>" msgstr "<dispositivo> <ranura de claves>" -#: src/cryptsetup.c:3513 +#: src/cryptsetup.c:3514 msgid "wipes key with number <key slot> from LUKS device" msgstr "borra la clave con el número <ranura de clave> del dispositivo LUKS" -#: src/cryptsetup.c:3514 +#: src/cryptsetup.c:3515 msgid "print UUID of LUKS device" msgstr "imprimir el UUID del dispositivo LUKS" -#: src/cryptsetup.c:3515 +#: src/cryptsetup.c:3516 msgid "tests <device> for LUKS partition header" msgstr "comprueba si <dispositivo> tiene cabecera de partición LUKS" -#: src/cryptsetup.c:3516 +#: src/cryptsetup.c:3517 msgid "dump LUKS partition information" msgstr "volcar información sobre la partición LUKS" -#: src/cryptsetup.c:3517 +#: src/cryptsetup.c:3518 msgid "dump TCRYPT device information" msgstr "volcar información sobre el dispositivo TCRYPT" -#: src/cryptsetup.c:3518 +#: src/cryptsetup.c:3519 msgid "dump BITLK device information" msgstr "volcar información sobre el dispositivo BITLK" -#: src/cryptsetup.c:3519 +#: src/cryptsetup.c:3520 +msgid "dump FVAULT2 device information" +msgstr "volcar información sobre el dispositivo FVAULT2" + +#: src/cryptsetup.c:3521 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Suspender el dispositivo LUKS y limpiar la clave (todas las entradas/salidas congeladas)." -#: src/cryptsetup.c:3520 +#: src/cryptsetup.c:3522 msgid "Resume suspended LUKS device" msgstr "Reanudar el dispositivo LUKS suspendido." -#: src/cryptsetup.c:3521 +#: src/cryptsetup.c:3523 msgid "Backup LUKS device header and keyslots" msgstr "Hacer copia de seguridad de la cabecera y de las ranuras de claves del dispositivo LUKS" -#: src/cryptsetup.c:3522 +#: src/cryptsetup.c:3524 msgid "Restore LUKS device header and keyslots" msgstr "Restaurar la cabecera y las ranuras de claves del dispositivo LUKS" -#: src/cryptsetup.c:3523 +#: src/cryptsetup.c:3525 msgid "<add|remove|import|export> <device>" msgstr "<añade|elimina|importa|exporta> <dispositivo>" -#: src/cryptsetup.c:3523 +#: src/cryptsetup.c:3525 msgid "Manipulate LUKS2 tokens" msgstr "Manipular «tokens» LUKS2" -#: src/cryptsetup.c:3543 src/veritysetup.c:498 src/integritysetup.c:464 +#: src/cryptsetup.c:3544 src/veritysetup.c:509 src/integritysetup.c:563 msgid "" "\n" "<action> is one of:\n" @@ -2480,19 +2887,19 @@ msgstr "" "\n" "<acción> es una de:\n" -#: src/cryptsetup.c:3549 +#: src/cryptsetup.c:3550 msgid "" "\n" "You can also use old <action> syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" msgstr "" "\n" "También se pueden utilizar los alias del tipo <acción> de la antigua sintaxis:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:3553 +#: src/cryptsetup.c:3554 #, c-format msgid "" "\n" @@ -2507,7 +2914,7 @@ msgstr "" "<ranura de claves> es el número de la ranura de claves que se va a modificar\n" "<fichero de claves> fichero de claves opcional para la nueva clave para la acción 'luksAddKey'\n" -#: src/cryptsetup.c:3560 +#: src/cryptsetup.c:3561 #, c-format msgid "" "\n" @@ -2516,29 +2923,28 @@ msgstr "" "\n" "El formato de metadatos predefinido de fábrica es %s (para la acción luksFormat).\n" -#: src/cryptsetup.c:3565 src/cryptsetup.c:3568 -#, c-format +#: src/cryptsetup.c:3566 msgid "" "\n" -"LUKS2 external token plugin support is %s.\n" +"LUKS2 external token plugin support is enabled.\n" msgstr "" "\n" -"El soporte del «plugin» del «token» externo LUKS2 es %s.\n" +"El soporte del «plugin» del «token» externo LUKS2 está activado.\n" -#: src/cryptsetup.c:3565 -msgid "compiled-in" -msgstr "integrado en la compilación" - -#: src/cryptsetup.c:3566 +#: src/cryptsetup.c:3567 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "ruta del «plugin» del «token» externo LUKS2: %s.\n" -#: src/cryptsetup.c:3568 -msgid "disabled" -msgstr "desactivado" +#: src/cryptsetup.c:3569 +msgid "" +"\n" +"LUKS2 external token plugin support is disabled.\n" +msgstr "" +"\n" +"El soporte del «plugin» del «token» externo LUKS2 está desactivado.\n" -#: src/cryptsetup.c:3572 +#: src/cryptsetup.c:3573 #, c-format msgid "" "\n" @@ -2555,7 +2961,7 @@ msgstr "" "PBKDF predefinido para LUKS2: %s\n" "\tTiempo de iteración: %d, Memoria requerida: %dkB, hilos en paralelo: %d\n" -#: src/cryptsetup.c:3583 +#: src/cryptsetup.c:3584 #, c-format msgid "" "\n" @@ -2570,206 +2976,100 @@ msgstr "" "\tsin cifrado: %s, Clave: %d bits, Contraseña «hashing»: %s\n" "\tLUKS: %s, Clave: %d bits, «hashing» de la cabecera LUKS: %s, Generador de números aleatorios: %s\n" -#: src/cryptsetup.c:3592 +#: src/cryptsetup.c:3593 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: El tamaño de clave predefinido con modo XTS (dos claves internas) va a ser duplicado.\n" -#: src/cryptsetup.c:3610 src/veritysetup.c:637 src/integritysetup.c:620 +#: src/cryptsetup.c:3611 src/veritysetup.c:651 src/integritysetup.c:723 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: necesita %s como argumentos" -#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1379 -#: src/cryptsetup_reencrypt.c:1704 +#: src/cryptsetup.c:3651 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "La ranura de claves no es válida." -#: src/cryptsetup.c:3675 +#: src/cryptsetup.c:3678 msgid "Device size must be multiple of 512 bytes sector." msgstr "El tamaño del dispositivo debe ser múltiplo de sectores de 512 bytes." -#: src/cryptsetup.c:3680 +#: src/cryptsetup.c:3683 msgid "Invalid max reencryption hotzone size specification." msgstr "La especificación del tamaño máximo de zona activa del dispositivo no es válida." -#: src/cryptsetup.c:3694 src/cryptsetup.c:3706 src/cryptsetup_reencrypt.c:1623 +#: src/cryptsetup.c:3697 src/cryptsetup.c:3709 msgid "Key size must be a multiple of 8 bits" msgstr "El tamaño de clave debe ser un múltiplo de 8 bits" -#: src/cryptsetup.c:3711 +#: src/cryptsetup.c:3714 msgid "Maximum device reduce size is 1 GiB." msgstr "El tamaño máximo de reducción del dispositivo es de 1 GiB." -#: src/cryptsetup.c:3714 src/cryptsetup_reencrypt.c:1631 +#: src/cryptsetup.c:3717 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "El tamaño de reducción debe ser múltiplo de sectores de 512 bytes." -#: src/cryptsetup.c:3731 +#: src/cryptsetup.c:3734 msgid "Option --priority can be only ignore/normal/prefer." msgstr "La opción --priority solo puede ser ignore/normal/prefer." -#: src/cryptsetup.c:3741 src/veritysetup.c:561 src/integritysetup.c:543 -#: src/cryptsetup_reencrypt.c:1641 +#: src/cryptsetup.c:3753 src/veritysetup.c:572 src/integritysetup.c:643 msgid "Show this help message" msgstr "Mostrar este mensaje de ayuda" -#: src/cryptsetup.c:3742 src/veritysetup.c:562 src/integritysetup.c:544 -#: src/cryptsetup_reencrypt.c:1642 +#: src/cryptsetup.c:3754 src/veritysetup.c:573 src/integritysetup.c:644 msgid "Display brief usage" msgstr "Mostrar brevemente cómo se usa" -#: src/cryptsetup.c:3743 src/veritysetup.c:563 src/integritysetup.c:545 -#: src/cryptsetup_reencrypt.c:1643 +#: src/cryptsetup.c:3755 src/veritysetup.c:574 src/integritysetup.c:645 msgid "Print package version" msgstr "Imprimir versión del paquete" -#: src/cryptsetup.c:3754 src/veritysetup.c:574 src/integritysetup.c:556 -#: src/cryptsetup_reencrypt.c:1654 +#: src/cryptsetup.c:3766 src/veritysetup.c:585 src/integritysetup.c:656 msgid "Help options:" msgstr "Opciones de ayuda:" -#: src/cryptsetup.c:3771 src/veritysetup.c:592 src/integritysetup.c:573 +#: src/cryptsetup.c:3789 src/veritysetup.c:606 src/integritysetup.c:676 msgid "[OPTION...] <action> <action-specific>" msgstr "[OPCIÓN...] <acción> <acción-especÃfica>" -#: src/cryptsetup.c:3780 src/veritysetup.c:601 src/integritysetup.c:584 +#: src/cryptsetup.c:3798 src/veritysetup.c:615 src/integritysetup.c:687 msgid "Argument <action> missing." msgstr "El argumento <acción> no se ha proporcionado." -#: src/cryptsetup.c:3850 src/veritysetup.c:632 src/integritysetup.c:615 +#: src/cryptsetup.c:3877 src/veritysetup.c:646 src/integritysetup.c:718 msgid "Unknown action." msgstr "Acción desconocida." -#: src/cryptsetup.c:3861 -msgid "Options --refresh and --test-passphrase are mutually exclusive." -msgstr "Las opciones --refresh y --test-passphrase son mutuamente excluyentes." - -#: src/cryptsetup.c:3866 src/veritysetup.c:656 src/integritysetup.c:663 -msgid "Options --cancel-deferred and --deferred cannot be used at the same time." -msgstr "Las opciones --cancel-deferred y --deferred no pueden utilizarse a la vez." - -#: src/cryptsetup.c:3872 -msgid "Option --shared is allowed only for open of plain device." -msgstr "La opción --shared solo se permite para abrir dispositivos no cifrados." - -#: src/cryptsetup.c:3877 -msgid "Option --persistent is not allowed with --test-passphrase." -msgstr "La opción --persistent no se permite con --test-passphrase." - -#: src/cryptsetup.c:3882 -msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." -msgstr "La opción --integrity-no-wipe solo puede usarse para la acción de formato con extensión de integridad." - -#: src/cryptsetup.c:3889 -msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." -msgstr "La opción --test-passphrase solo se permite para abrir dispositivos LUKS, TCRYPT y BITLK." - -#: src/cryptsetup.c:3901 +#: src/cryptsetup.c:3895 msgid "Option --key-file takes precedence over specified key file argument." msgstr "La opción --key-file tiene precedencia sobre el argumento de fichero de claves especificado." -#: src/cryptsetup.c:3907 +#: src/cryptsetup.c:3901 msgid "Only one --key-file argument is allowed." msgstr "Solo se permite un argumento --key-file." -#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1689 -#: src/cryptsetup_reencrypt.c:1708 -msgid "Only one of --use-[u]random options is allowed." -msgstr "Solo se permite una de las opciones --use-[u]random." - -#: src/cryptsetup.c:3915 -msgid "Options --align-payload and --offset cannot be combined." -msgstr "Las opciones --align-payload y --offset no pueden combinarse." - -#: src/cryptsetup.c:3921 -msgid "Option --skip is supported only for open of plain and loopaes devices." -msgstr "La opción --skip solo está disponible para abrir dispositivos no cifrados y «loopaes»." - -#: src/cryptsetup.c:3927 -msgid "Option --offset with open action is only supported for plain and loopaes devices." -msgstr "La opción --offset con acción de apertura solo está disponible para abrir dispositivos no cifrados y «loopaes»." - -#: src/cryptsetup.c:3933 -msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." -msgstr "La opción --tcrypt-hidden o --tcrypt-system o --tcrypt-backup solo está disponible para dispositivos TCRYPT." - -#: src/cryptsetup.c:3938 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." -msgstr "La opción --tcrypt-hidden no puede combinarse con --allow-discards." - -#: src/cryptsetup.c:3943 -msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." -msgstr "Las opciones --veracrypt y --disable-veracrypt solo están disponibles para dispositivos de tipo TCRYPT." - -#: src/cryptsetup.c:3948 -msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." -msgstr "La opción --veracrypt-pim solo está disponible para dispositivos compatibles con VeraCrypt." - -#: src/cryptsetup.c:3954 -msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." -msgstr "La opción --veracrypt-query-pim solo está disponible para dispositivos compatibles con VeraCrypt." - -#: src/cryptsetup.c:3958 -msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." -msgstr "Las opciones --veracrypt-pim y --veracrypt-query-pim son mutuamente excluyentes." - -#: src/cryptsetup.c:3966 src/cryptsetup.c:4002 -msgid "Keyslot specification is required." -msgstr "Se requiere especificación de ranura de claves." - -#: src/cryptsetup.c:3971 src/cryptsetup_reencrypt.c:1694 +#: src/cryptsetup.c:3906 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "La función de derivación de clave basada en contraseña (PBKDF) solo puede ser pbkdf2 o argon2i/argon2id." -#: src/cryptsetup.c:3976 src/cryptsetup_reencrypt.c:1699 +#: src/cryptsetup.c:3911 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "Las iteraciones forzadas de PBKDF no pueden combinarse con la opción de tiempo de iteración." -#: src/cryptsetup.c:3983 -msgid "Sector size option with open action is supported only for plain devices." -msgstr "La opción de tamaño de sector con acción de apertura solamente está disponible para dispositivos no cifrados." - -#: src/cryptsetup.c:3990 -msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." -msgstr "La opción de sectores IV grandes solo se admite para abrir dispositivo de tipo plano con tamaño de sector mayor de 512 bytes." - -#: src/cryptsetup.c:3996 -msgid "Key size is required with --unbound option." -msgstr "El tamaño de la clave es requerido con la opción --unbound." +#: src/cryptsetup.c:3916 +msgid "Cannot link volume key to a keyring when keyring is disabled." +msgstr "No se puede vincular la clave del volumen a un llavero cuando el llavero está desactivado." -#: src/cryptsetup.c:4012 -msgid "LUKS2 decryption requires option --header." -msgstr "El descifrado LUKS2 requiere la opción --header." - -#: src/cryptsetup.c:4016 -msgid "Options --reduce-device-size and --data-size cannot be combined." -msgstr "Las opciones --reduce-device-size y --data-size no pueden combinarse." - -#: src/cryptsetup.c:4020 -msgid "Options --device-size and --size cannot be combined." -msgstr "Las opciones --device-size y --size no pueden combinarse." - -#: src/cryptsetup.c:4024 +#: src/cryptsetup.c:3927 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Las opciones --keyslot-cipher y --keyslot-key-size deben utilizarse juntas." -#: src/cryptsetup.c:4028 +#: src/cryptsetup.c:3935 msgid "No action taken. Invoked with --test-args option.\n" msgstr "No se ha realizado ninguna acción. Invocado con la opción --test-args.\n" -#: src/cryptsetup.c:4040 -msgid "Invalid token action." -msgstr "Acción de «token» no válida." - -#: src/cryptsetup.c:4045 -msgid "--key-description parameter is mandatory for token add action." -msgstr "El parámetro --key-description es obligatorio para la acción de añadir «token»." - -#: src/cryptsetup.c:4051 -msgid "Action requires specific token. Use --token-id parameter." -msgstr "La acción requiere un «token» especÃfico. Utilice el parámetro --token-id." - -#: src/cryptsetup.c:4062 +#: src/cryptsetup.c:3948 msgid "Cannot disable metadata locking." msgstr "No se puede desactivar el bloqueo de metadatos." @@ -2797,67 +3097,72 @@ msgstr "No se puede crear el fichero «hash» raÃz %s para escribir." msgid "Cannot write to root hash file %s." msgstr "No se puede escribir en el fichero «hash» raÃz %s." -#: src/veritysetup.c:210 src/veritysetup.c:227 +#: src/veritysetup.c:198 src/veritysetup.c:476 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "El dispositivo %s no es un dispositivo VERITY válido." + +#: src/veritysetup.c:215 src/veritysetup.c:232 #, c-format msgid "Cannot read root hash file %s." msgstr "No se puede leer el fichero «hash» raÃz %s." -#: src/veritysetup.c:215 +#: src/veritysetup.c:220 #, c-format msgid "Invalid root hash file %s." msgstr "El fichero «hash» raÃz %s no es válido." -#: src/veritysetup.c:236 +#: src/veritysetup.c:241 msgid "Invalid root hash string specified." msgstr "La cadena «hash» raÃz especificada no es válida." -#: src/veritysetup.c:244 +#: src/veritysetup.c:249 #, c-format msgid "Invalid signature file %s." msgstr "Fichero de firmas inválido %s." -#: src/veritysetup.c:251 +#: src/veritysetup.c:256 #, c-format msgid "Cannot read signature file %s." msgstr "No se puede leer el fichero de firmas %s." -#: src/veritysetup.c:274 src/veritysetup.c:288 +#: src/veritysetup.c:279 src/veritysetup.c:293 msgid "Command requires <root_hash> or --root-hash-file option as argument." msgstr "Esta orden necesita <«hash»_raÃz> o la opción --root-hash-file como argumento." -#: src/veritysetup.c:478 +#: src/veritysetup.c:489 msgid "<data_device> <hash_device>" msgstr "<dispositivo_de_datos> <dispositivo_«hash»>" -#: src/veritysetup.c:478 src/integritysetup.c:445 +#: src/veritysetup.c:489 src/integritysetup.c:543 msgid "format device" msgstr "dar formato al dispositivo" -#: src/veritysetup.c:479 +#: src/veritysetup.c:490 msgid "<data_device> <hash_device> [<root_hash>]" msgstr "<dispositivo_de_datos> <dispositivo_«hash»> [<«hash»_raÃz>]" -#: src/veritysetup.c:479 +#: src/veritysetup.c:490 msgid "verify device" msgstr "verificar dispositivo" -#: src/veritysetup.c:480 +#: src/veritysetup.c:491 msgid "<data_device> <name> <hash_device> [<root_hash>]" msgstr "<dispositivo_de_datos> <nombre> <dispositivo_«hash»> [<«hash»_raÃz>]" -#: src/veritysetup.c:482 src/integritysetup.c:448 +#: src/veritysetup.c:493 src/integritysetup.c:546 msgid "show active device status" msgstr "mostrar el estado del dispositivo activo" -#: src/veritysetup.c:483 +#: src/veritysetup.c:494 msgid "<hash_device>" msgstr "<dispositivo_«hash»>" -#: src/veritysetup.c:483 src/integritysetup.c:449 +#: src/veritysetup.c:494 src/integritysetup.c:547 msgid "show on-disk information" msgstr "mostrar información sobre el disco" -#: src/veritysetup.c:502 +#: src/veritysetup.c:513 #, c-format msgid "" "\n" @@ -2872,7 +3177,7 @@ msgstr "" "<dispositivo_«hash»> es el dispositivo que contiene los datos de verificación\n" "<«hash»_raÃz> «hash» del nodo raÃz en «dispositivo—«hash»>\n" -#: src/veritysetup.c:509 +#: src/veritysetup.c:520 #, c-format msgid "" "\n" @@ -2883,28 +3188,46 @@ msgstr "" "Parámetros dm-verity predefinidos de fábrica:\n" "\tAlgoritmo «hash»: %s, Bloque de datos (bytes): %u, Bloque «hash» (bytes): %u, Tamaño de «salt»: %u, Formato «hash»: %u\n" -#: src/veritysetup.c:646 +#: src/veritysetup.c:661 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Las opciones --ignore-corruption y --restart-on-corruption no pueden utilizarse juntas." -#: src/veritysetup.c:651 +#: src/veritysetup.c:666 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Las opciones --panic-on-corruption y --restart-on-corruption no pueden utilizarse juntas." -#: src/integritysetup.c:201 +#: src/integritysetup.c:177 +#, c-format +msgid "" +"This will overwrite data on %s and %s irrevocably.\n" +"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)." +msgstr "" +"Esto sobreescribirá los datos en %s y %s irrevocablemente.\n" +"Para preservar el dispositivo de datos utilice la opción --no-wipe (y luego actÃvelo con --integrity-recalculate)." + +#: src/integritysetup.c:217 #, c-format msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "Formato dado con tamaño de etiqueta %u, integridad interna %s.\n" -#: src/integritysetup.c:445 src/integritysetup.c:449 +#: src/integritysetup.c:298 +msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." +msgstr "No se puede poner la opción de recalcular; valore la alternativa de utilizar --wipe." + +#: src/integritysetup.c:373 src/integritysetup.c:530 +#, c-format +msgid "Device %s is not a valid INTEGRITY device." +msgstr "El dispositivo %s no es un dispositivo INTEGRITY válido." + +#: src/integritysetup.c:543 src/integritysetup.c:547 msgid "<integrity_device>" msgstr "<dispositivo_de_integridad>" -#: src/integritysetup.c:446 +#: src/integritysetup.c:544 msgid "<integrity_device> <name>" msgstr "<dispositivo_de_integridad> <nombre>" -#: src/integritysetup.c:468 +#: src/integritysetup.c:567 #, c-format msgid "" "\n" @@ -2915,7 +3238,7 @@ msgstr "" "<nombre> es el dispositivo que se va a crear bajo %s\n" "<dispositivo_de_integridad> es el dispositivo que contiene datos con etiquetas de integridad\n" -#: src/integritysetup.c:473 +#: src/integritysetup.c:572 #, c-format msgid "" "\n" @@ -2928,241 +3251,44 @@ msgstr "" "\tAlgoritmo de la suma de comprobación: %s\n" "\tTamaño máximo del fichero de claves: %dkB\n" -#: src/integritysetup.c:530 +#: src/integritysetup.c:629 #, c-format msgid "Invalid --%s size. Maximum is %u bytes." msgstr "Tamaño de --%s no válido. El máximo es %u bytes." -#: src/integritysetup.c:628 +#: src/integritysetup.c:732 msgid "Both key file and key size options must be specified." msgstr "Deben especificarse las opciones tanto de fichero de claves como tamaño de clave." -#: src/integritysetup.c:632 +#: src/integritysetup.c:736 msgid "Both journal integrity key file and key size options must be specified." msgstr "Deben especificarse la opción del fichero de clave de integridad del diario y la del tamaño de la clave." -#: src/integritysetup.c:635 +#: src/integritysetup.c:739 msgid "Journal integrity algorithm must be specified if journal integrity key is used." msgstr "Debe especificarse el algoritmo de integridad del diario si va a utilizarse la clave de integridad del diario." -#: src/integritysetup.c:639 +#: src/integritysetup.c:743 msgid "Both journal encryption key file and key size options must be specified." msgstr "Deben especificarse la opción del fichero de la clave de cifrado del diario y la del tamaño de la clave." -#: src/integritysetup.c:642 +#: src/integritysetup.c:746 msgid "Journal encryption algorithm must be specified if journal encryption key is used." msgstr "Debe especificarse el algoritmo de cifrado del diario si va a utilizarse la clave de cifrado del diario." -#: src/integritysetup.c:646 +#: src/integritysetup.c:750 msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "Las opciones de recuperación y de modo mapa de bits son mutuamente excluyentes." -#: src/integritysetup.c:653 +#: src/integritysetup.c:757 msgid "Journal options cannot be used in bitmap mode." msgstr "Las opciones de diario no pueden utilizarse en modo mapa de bits." -#: src/integritysetup.c:658 +#: src/integritysetup.c:762 msgid "Bitmap options can be used only in bitmap mode." msgstr "Las opciones de mapa de bits solo pueden utilizarse en el modo mapa de bits." -#: src/cryptsetup_reencrypt.c:149 -msgid "Reencryption already in-progress." -msgstr "Recifrado ya en curso." - -#: src/cryptsetup_reencrypt.c:185 -#, c-format -msgid "Cannot exclusively open %s, device in use." -msgstr "No se puede abrir %s en exclusividad; el dispositivo está en uso." - -#: src/cryptsetup_reencrypt.c:199 src/cryptsetup_reencrypt.c:1120 -msgid "Allocation of aligned memory failed." -msgstr "La reserva de memoria alineada ha fallado." - -#: src/cryptsetup_reencrypt.c:206 -#, c-format -msgid "Cannot read device %s." -msgstr "No se puede leer el dispositivo %s." - -#: src/cryptsetup_reencrypt.c:217 -#, c-format -msgid "Marking LUKS1 device %s unusable." -msgstr "Marcando el dispositivo LUKS1 %s como inutilizable." - -#: src/cryptsetup_reencrypt.c:221 -#, c-format -msgid "Setting LUKS2 offline reencrypt flag on device %s." -msgstr "Estableciendo el indicador de recifrado fuera de lÃnea LUKS2 en el dispositivo %s." - -#: src/cryptsetup_reencrypt.c:238 -#, c-format -msgid "Cannot write device %s." -msgstr "No se puede escribir en el dispositivo %s." - -#: src/cryptsetup_reencrypt.c:286 -msgid "Cannot write reencryption log file." -msgstr "No se puede escribir en el fichero de registro de recifrado." - -#: src/cryptsetup_reencrypt.c:342 -msgid "Cannot read reencryption log file." -msgstr "No se puede leer el fichero de registro de recifrado." - -#: src/cryptsetup_reencrypt.c:353 -msgid "Wrong log format." -msgstr "Formato del fichero de registro incorrecto." - -#: src/cryptsetup_reencrypt.c:380 -#, c-format -msgid "Log file %s exists, resuming reencryption.\n" -msgstr "El fichero de registro %s ya existe; reanudando el recifrado.\n" - -#: src/cryptsetup_reencrypt.c:429 -msgid "Activating temporary device using old LUKS header." -msgstr "Activando dispositivo temporal utilizando cabecera LUKS antigua." - -#: src/cryptsetup_reencrypt.c:439 -msgid "Activating temporary device using new LUKS header." -msgstr "Activando dispositivo temporal utilizando cabecera LUKS nueva." - -#: src/cryptsetup_reencrypt.c:449 -msgid "Activation of temporary devices failed." -msgstr "Fallo en la activación de los dispositivos temporales." - -#: src/cryptsetup_reencrypt.c:536 -msgid "Failed to set data offset." -msgstr "No se ha podido establecer el desplazamiento de los datos." - -#: src/cryptsetup_reencrypt.c:542 -msgid "Failed to set metadata size." -msgstr "No se ha podido establecer el tamaño de los metadatos." - -#: src/cryptsetup_reencrypt.c:550 -#, c-format -msgid "New LUKS header for device %s created." -msgstr "Se ha creado una nueva cabecera LUKS para el dispositivo %s." - -#: src/cryptsetup_reencrypt.c:610 -#, c-format -msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." -msgstr "Esta versión de cryptsetup-reencrypt no sabe manejar el nuevo tipo de «token» interno %s." - -#: src/cryptsetup_reencrypt.c:632 -msgid "Failed to read activation flags from backup header." -msgstr "No se ha podido leer los indicadores de activación en la cabecera de respaldo." - -#: src/cryptsetup_reencrypt.c:636 -msgid "Failed to write activation flags to new header." -msgstr "No se ha podido escribir los indicadores de activación en la nueva cabecera." - -#: src/cryptsetup_reencrypt.c:640 src/cryptsetup_reencrypt.c:644 -msgid "Failed to read requirements from backup header." -msgstr "No se ha podido leer los requisitos en la cabecera de respaldo." - -#: src/cryptsetup_reencrypt.c:682 -#, c-format -msgid "%s header backup of device %s created." -msgstr "Se ha creado una copia de seguridad de la cabecera %s del dispositivo %s." - -#: src/cryptsetup_reencrypt.c:745 -msgid "Creation of LUKS backup headers failed." -msgstr "No se ha podido crear la copia de seguridad de las cabeceras LUKS." - -#: src/cryptsetup_reencrypt.c:878 -#, c-format -msgid "Cannot restore %s header on device %s." -msgstr "No se puede restaurar la cabecera %s en el dispositivo %s." - -#: src/cryptsetup_reencrypt.c:880 -#, c-format -msgid "%s header on device %s restored." -msgstr "Se ha restaurado la cabecera %s en el dispositivo %s." - -#: src/cryptsetup_reencrypt.c:1092 src/cryptsetup_reencrypt.c:1098 -msgid "Cannot open temporary LUKS device." -msgstr "No se puede abrir el dispositivo LUKS temporal." - -#: src/cryptsetup_reencrypt.c:1103 src/cryptsetup_reencrypt.c:1108 -msgid "Cannot get device size." -msgstr "No se puede obtener el tamaño del dispositivo." - -#: src/cryptsetup_reencrypt.c:1143 -msgid "IO error during reencryption." -msgstr "Error de entrada/salida durante el recifrado." - -#: src/cryptsetup_reencrypt.c:1174 -msgid "Provided UUID is invalid." -msgstr "El UUID proporcionado no es válido." - -#: src/cryptsetup_reencrypt.c:1408 -msgid "Cannot open reencryption log file." -msgstr "No se puede abrir el fichero de registro de recifrado." - -#: src/cryptsetup_reencrypt.c:1414 -msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." -msgstr "No hay ningún proceso de descifrado en marcha; el UUID proporcionado solo puede utilizarse para reanudar un proceso de descifrado suspendido." - -#: src/cryptsetup_reencrypt.c:1489 -#, c-format -msgid "Changed pbkdf parameters in keyslot %i." -msgstr "Se han cambiado los parámetros pbkdf en la ranura de claves %i." - -#: src/cryptsetup_reencrypt.c:1614 -msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "Solo se permiten valores entre 1 MiB y 64 MiB para el tamaño de bloque de recifrado." - -#: src/cryptsetup_reencrypt.c:1628 -msgid "Maximum device reduce size is 64 MiB." -msgstr "El tamaño máximo de reducción del dispositivo es de 64 MiB." - -#: src/cryptsetup_reencrypt.c:1669 -msgid "[OPTION...] <device>" -msgstr "[OPCIÓN...] <dispositivo>" - -#: src/cryptsetup_reencrypt.c:1677 -#, c-format -msgid "Reencryption will change: %s%s%s%s%s%s." -msgstr "El recifrado va a cambiar: %s%s%s%s%s%s." - -#: src/cryptsetup_reencrypt.c:1678 -msgid "volume key" -msgstr "clave del volumen" - -#: src/cryptsetup_reencrypt.c:1680 -msgid "set hash to " -msgstr "nuevo algoritmo «hash» " - -#: src/cryptsetup_reencrypt.c:1681 -msgid ", set cipher to " -msgstr ", nuevo algoritmo de cifrado: " - -#: src/cryptsetup_reencrypt.c:1685 -msgid "Argument required." -msgstr "Hace falta argumento." - -#: src/cryptsetup_reencrypt.c:1712 -msgid "Option --new must be used together with --reduce-device-size or --header." -msgstr "La opción --new debe utilizarse conjuntamente con --reduce-device-size o --header." - -#: src/cryptsetup_reencrypt.c:1716 -msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." -msgstr "La opción --keep-key solamente puede utilizarse con --hash, --iter-time o --pbkdf-force-iterations." - -#: src/cryptsetup_reencrypt.c:1720 -msgid "Option --new cannot be used together with --decrypt." -msgstr "La opción --new no puede utilizarse conjuntamente con --decrypt." - -#: src/cryptsetup_reencrypt.c:1726 -msgid "Option --decrypt is incompatible with specified parameters." -msgstr "La opción --decrypt es incompatible con los parámetros especificados." - -#: src/cryptsetup_reencrypt.c:1730 -msgid "Option --uuid is allowed only together with --decrypt." -msgstr "La opción --uuid solo está permitida conjuntamente con --decrypt." - -#: src/cryptsetup_reencrypt.c:1734 -msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." -msgstr "Tipo de luks no válido. Utilice uno de estos: 'luks', 'luks1' o 'luks2'." - -#: src/utils_tools.c:119 +#: src/utils_tools.c:118 msgid "" "\n" "WARNING!\n" @@ -3173,7 +3299,7 @@ msgstr "" "==========\n" #. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word. -#: src/utils_tools.c:121 +#: src/utils_tools.c:120 #, c-format msgid "" "%s\n" @@ -3184,148 +3310,174 @@ msgstr "" "\n" "¿Está seguro? (Teclee 'yes' en mayúsculas): " -#: src/utils_tools.c:127 +#: src/utils_tools.c:126 msgid "Error reading response from terminal." msgstr "Error de lectura de la respuesta recibida desde el terminal." -#: src/utils_tools.c:159 +#: src/utils_tools.c:158 msgid "Command successful." msgstr "Orden ejecutada correctamente." -#: src/utils_tools.c:167 +#: src/utils_tools.c:166 msgid "wrong or missing parameters" msgstr "parámetros incorrectos u omisos" -#: src/utils_tools.c:169 +#: src/utils_tools.c:168 msgid "no permission or bad passphrase" msgstr "sin permiso o frase de paso mala" -#: src/utils_tools.c:171 +#: src/utils_tools.c:170 msgid "out of memory" msgstr "sin memoria" -#: src/utils_tools.c:173 +#: src/utils_tools.c:172 msgid "wrong device or file specified" msgstr "se ha especificado un dispositivo o fichero incorrecto" -#: src/utils_tools.c:175 +#: src/utils_tools.c:174 msgid "device already exists or device is busy" msgstr "el dispositivo ya existe o está ocupado" -#: src/utils_tools.c:177 +#: src/utils_tools.c:176 msgid "unknown error" msgstr "error desconocido" -#: src/utils_tools.c:179 +#: src/utils_tools.c:178 #, c-format msgid "Command failed with code %i (%s)." msgstr "La orden ha fallado con código %i (%s)." -#: src/utils_tools.c:257 +#: src/utils_tools.c:256 #, c-format msgid "Key slot %i created." msgstr "Ranura de claves %i creada." -#: src/utils_tools.c:259 +#: src/utils_tools.c:258 #, c-format msgid "Key slot %i unlocked." msgstr "Ranura de claves %i desbloqueada." -#: src/utils_tools.c:261 +#: src/utils_tools.c:260 #, c-format msgid "Key slot %i removed." msgstr "Ranura de claves %i eliminada." -#: src/utils_tools.c:270 +#: src/utils_tools.c:269 #, c-format msgid "Token %i created." msgstr "«Token» %i creado." -#: src/utils_tools.c:272 +#: src/utils_tools.c:271 #, c-format msgid "Token %i removed." msgstr "«Token» %i eliminado." -#: src/utils_tools.c:282 +#: src/utils_tools.c:281 msgid "No token could be unlocked with this PIN." msgstr "No se ha podido desbloquear ningún «token» con este PIN." -#: src/utils_tools.c:284 +#: src/utils_tools.c:283 #, c-format msgid "Token %i requires PIN." msgstr "El «token» %i requiere PIN." -#: src/utils_tools.c:286 +#: src/utils_tools.c:285 #, c-format msgid "Token (type %s) requires PIN." msgstr "El «token» (tipo %s) requiere PIN." -#: src/utils_tools.c:289 +#: src/utils_tools.c:288 #, c-format msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." msgstr "El «token» %i no puede desbloquear ranura(s) de clave asignada(s) (frase contraseña incorrecta)." -#: src/utils_tools.c:291 +#: src/utils_tools.c:290 #, c-format msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." msgstr "El «token» (tipo %s) no puede desbloquear ranura(s) de clave asignada(s) (frase contraseña incorrecta)." -#: src/utils_tools.c:294 +#: src/utils_tools.c:293 #, c-format msgid "Token %i requires additional missing resource." msgstr "El «token» %i requiere un recurso adicional que no está presente." -#: src/utils_tools.c:296 +#: src/utils_tools.c:295 #, c-format msgid "Token (type %s) requires additional missing resource." msgstr "El «token» (tipo %s) requiere un recurso adicional que no está presente." -#: src/utils_tools.c:299 +#: src/utils_tools.c:298 #, c-format msgid "No usable token (type %s) is available." msgstr "Ningún «token» utilizable (tipo %s) está disponible." -#: src/utils_tools.c:301 +#: src/utils_tools.c:300 msgid "No usable token is available." msgstr "Ningún «token» utilizable está disponible." -#: src/utils_tools.c:463 -msgid "" -"\n" -"Wipe interrupted." -msgstr "" -"\n" -"Limpieza interrumpida." - -#: src/utils_tools.c:492 -msgid "" -"\n" -"Reencryption interrupted." -msgstr "" -"\n" -"Recifrado interrumpido." - -#: src/utils_tools.c:511 +#: src/utils_tools.c:393 #, c-format msgid "Cannot read keyfile %s." msgstr "No se puede leer el fichero de claves %s." -#: src/utils_tools.c:516 +#: src/utils_tools.c:398 #, c-format msgid "Cannot read %d bytes from keyfile %s." msgstr "No se pueden leer %d «bytes» en el fichero de claves %s." -#: src/utils_tools.c:541 +#: src/utils_tools.c:423 #, c-format msgid "Cannot open keyfile %s for write." msgstr "No se puede abrir el fichero de claves %s para escritura." -#: src/utils_tools.c:548 +#: src/utils_tools.c:430 #, c-format msgid "Cannot write to keyfile %s." msgstr "No se puede escribir en el fichero de claves %s." -#: src/utils_password.c:41 src/utils_password.c:74 +#: src/utils_progress.c:74 +#, c-format +msgid "%02<PRIu64>m%02<PRIu64>s" +msgstr "%02<PRIu64>m%02<PRIu64>s" + +#: src/utils_progress.c:76 +#, c-format +msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s" +msgstr "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s" + +#: src/utils_progress.c:78 +#, c-format +msgid "%02<PRIu64> days" +msgstr "%02<PRIu64> dÃas" + +#: src/utils_progress.c:105 src/utils_progress.c:138 +#, c-format +msgid "%4<PRIu64> %s written" +msgstr "%4<PRIu64> %s escrito(s)" + +#: src/utils_progress.c:109 src/utils_progress.c:142 +#, c-format +msgid "speed %5.1f %s/s" +msgstr "velocidad %5.1f %s/s" + +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. 'eol' is always new-line or empty. +#. See above. +#. +#: src/utils_progress.c:118 +#, c-format +msgid "Progress: %5.1f%%, ETA %s, %s, %s%s" +msgstr "Progreso: %5.1f%%, Final estimado %s, %s, %s%s" + +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. See above +#. +#: src/utils_progress.c:150 +#, c-format +msgid "Finished, time %s, %s, %s\n" +msgstr "Finalizado; tiempo %s, %s, %s\n" + +#: src/utils_password.c:41 src/utils_password.c:72 #, c-format msgid "Cannot check password quality: %s" msgstr "No se puede comprobar la calidad de la contraseña: %s" @@ -3339,59 +3491,63 @@ msgstr "" "Fallo en la comprobación de la calidad de la contraseña:\n" " %s" -#: src/utils_password.c:81 +#: src/utils_password.c:79 #, c-format msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Fallo en la comprobación de la calidad de la contraseña: frase contraseña incorrecta (%s)" -#: src/utils_password.c:224 src/utils_password.c:238 +#: src/utils_password.c:231 src/utils_password.c:245 msgid "Error reading passphrase from terminal." msgstr "Error al leer la frase contraseña desde el terminal." -#: src/utils_password.c:236 +#: src/utils_password.c:243 msgid "Verify passphrase: " msgstr "Verifique la frase contraseña: " -#: src/utils_password.c:243 +#: src/utils_password.c:250 msgid "Passphrases do not match." msgstr "La frase contraseña no coincide." -#: src/utils_password.c:280 +#: src/utils_password.c:288 msgid "Cannot use offset with terminal input." msgstr "No se puede usar «offset» con entrada desde terminal." -#: src/utils_password.c:283 +#: src/utils_password.c:292 #, c-format msgid "Enter passphrase: " msgstr "Introduzca la frase contraseña: " -#: src/utils_password.c:286 +#: src/utils_password.c:295 #, c-format msgid "Enter passphrase for %s: " msgstr "Introduzca la frase contraseña de %s: " -#: src/utils_password.c:317 +#: src/utils_password.c:329 msgid "No key available with this passphrase." msgstr "No hay ninguna clave disponible con esa frase contraseña." -#: src/utils_password.c:319 +#: src/utils_password.c:331 msgid "No usable keyslot is available." msgstr "No hay niguna ranura de claves utilizable disponible." -#: src/utils_luks2.c:47 +#: src/utils_luks.c:68 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "No se puede hacer verificación de frase contraseña en entradas no tty." + +#: src/utils_luks.c:183 #, c-format msgid "Failed to open file %s in read-only mode." msgstr "No se ha podido abrir el fichero %s para solo lectura." -#: src/utils_luks2.c:60 +#: src/utils_luks.c:196 msgid "Provide valid LUKS2 token JSON:\n" msgstr "Proporciona «token» LUKS2 válido en JSON:\n" -#: src/utils_luks2.c:67 +#: src/utils_luks.c:203 msgid "Failed to read JSON file." msgstr "No se ha podido leer el fichero JSON." -#: src/utils_luks2.c:72 +#: src/utils_luks.c:208 msgid "" "\n" "Read interrupted." @@ -3399,12 +3555,12 @@ msgstr "" "\n" "Lectura interrumpida." -#: src/utils_luks2.c:113 +#: src/utils_luks.c:249 #, c-format msgid "Failed to open file %s in write mode." msgstr "No se ha podido abrir el fichero %s para escritura." -#: src/utils_luks2.c:122 +#: src/utils_luks.c:258 msgid "" "\n" "Write interrupted." @@ -3412,54 +3568,428 @@ msgstr "" "\n" "Escritura interrumpida." -#: src/utils_luks2.c:126 +#: src/utils_luks.c:262 msgid "Failed to write JSON file." msgstr "No se ha podido escribir el fichero JSON." -#: src/utils_blockdev.c:192 +#: src/utils_reencrypt.c:120 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Se ha detectado automáticamente el dispositivo dm activo '%s' para el dispositivo de datos %s.\n" + +#: src/utils_reencrypt.c:124 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "No se han podido detectar automáticamente los propietarios del dispositivo %s." + +#: src/utils_reencrypt.c:130 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "El dispositivo %s no es un dispositivo de bloques.\n" + +#: src/utils_reencrypt.c:132 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Imposible decidir si el dispositivo %s está activado o no.\n" +"¿Está seguro de que desea proceder con el recifrado en modo «offline»?\n" +"Puede provocarse corrupción de datos si el dispositivo está realmente\n" +"activado. Para realizar recifrado en modo «online», utilice en su lugar\n" +"el parámetro --active-name.\n" + +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." +msgstr "" +"El dispositivo %s no es un dispositivo de bloques. No puede autodetectar si está activo o no.\n" +"Utilice --force-offline-reencrypt para saltar la comprobación y operar en modo «offline» (¡peligroso!)." + +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "La opción --resilience solicitada no puede aplicarse a la operación de recifrado actual." + +#: src/utils_reencrypt.c:203 +msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." +msgstr "El dispositivo no está en cifrado LUKS2. Opción conflictiva --encrypt." + +#: src/utils_reencrypt.c:208 +msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." +msgstr "El dispositivo no está en descifrado LUKS2. Opción conflictiva --decrypt." + +#: src/utils_reencrypt.c:215 +msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." +msgstr "El dispositivo está en recifrado utilizando resiliencia ante desplazamiento de datos. No se puede aplicar la opción -resilience solicitada." + +#: src/utils_reencrypt.c:293 +msgid "Device requires reencryption recovery. Run repair first." +msgstr "El dispositivo necesita recuperación del recifrado. Primero ejecute una reparación." + +#: src/utils_reencrypt.c:307 +#, c-format +msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" +msgstr "El dispositivo %s ya está en recifrado LUKS2. ¿Desea reanudar la operación iniciada anteriormente?" + +#: src/utils_reencrypt.c:416 +msgid "Legacy LUKS2 reencryption is no longer supported." +msgstr "Ya no se admite el recifrado LUKS2 antiguo." + +#: src/utils_reencrypt.c:421 +msgid "Can not reencrypt LUKS2 device configured to use OPAL." +msgstr "No se puede recifrar el dispositivo LUKS2 configurado para utilizar OPAL." + +#: src/utils_reencrypt.c:427 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "El recifrado de dispositivo con perfil de integridad no está admitido." + +#: src/utils_reencrypt.c:464 +#, c-format +msgid "" +"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n" +"(block size: %<PRIu32> bytes) detected on device %s." +msgstr "" +"La solicitud --sector-size %<PRIu32> es incompatible con el superbloque %s\n" +"(tamaño de bloque: %<PRIu32> «bytes») detectado en el dispositivo %s." + +#: src/utils_reencrypt.c:533 src/utils_reencrypt.c:1412 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "El cifrado sin cabecera separada (--header) no es posible sin reducción del tamaño del dispositivo de datos (--reduce-device-size)." + +#: src/utils_reencrypt.c:540 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "El desplazamiento de datos solicitado debe ser menor o igual que la mitad del parámetro --reduce-device-size." + +#: src/utils_reencrypt.c:550 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n" +msgstr "Ajustando el valor de --reduce-device-size al doble de --offset %<PRIu64> (sectores).\n" + +#: src/utils_reencrypt.c:580 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "El fichero de cabecera temporal %s ya existe. Se aborta." + +#: src/utils_reencrypt.c:582 src/utils_reencrypt.c:589 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "No se puede crear el fichero de cabecera temporal %s." + +#: src/utils_reencrypt.c:614 +msgid "LUKS2 metadata size is larger than data shift value." +msgstr "El tamaño de los metadatos LUKS2 es mayor que el valor del desplazamiento de los datos." + +#: src/utils_reencrypt.c:651 +#, c-format +msgid "Failed to place new header at head of device %s." +msgstr "No se ha podido colocar la nueva cabecera en la cabeza del dispositivo %s." + +#: src/utils_reencrypt.c:661 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s ahora está activo y preparado para cifrado «online».\n" + +#: src/utils_reencrypt.c:697 +#, c-format +msgid "Active device %s is not LUKS2." +msgstr "El dispositivo activo %s no es LUKS2." + +#: src/utils_reencrypt.c:725 +msgid "Restoring original LUKS2 header." +msgstr "Restaurando la cabecera LUKS2 original." + +#: src/utils_reencrypt.c:733 +msgid "Original LUKS2 header restore failed." +msgstr "La restauración de la cabecera LUKS2 original ha fallado." + +#: src/utils_reencrypt.c:759 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" +msgstr "El fichero de cabecera %s no existe. ¿Dese inicializar descifrado LUKS2 del dispositivo %s y exportar la cabecera LUKS2 al fichero %s?" + +#: src/utils_reencrypt.c:807 +msgid "Failed to add read/write permissions to exported header file." +msgstr "No se ha podido añadir permisos de lectura/escritura al fichero de cabecera exportado." + +#: src/utils_reencrypt.c:860 +#, c-format +msgid "Reencryption initialization failed. Header backup is available in %s." +msgstr "La inicialización del recifrado ha fallado. La copia de seguridad de la cabecera está disponible en %s." + +#: src/utils_reencrypt.c:888 +msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." +msgstr "El descifrado LUKS2 solo admite dispositivo con cabecera separada (con desplazamiento de datos puesto a 0)." + +#: src/utils_reencrypt.c:1023 src/utils_reencrypt.c:1032 +msgid "Not enough free keyslots for reencryption." +msgstr "No hay suficientes ranuras de claves para el recifrado." + +#: src/utils_reencrypt.c:1053 src/utils_reencrypt_luks1.c:1100 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "El fichero de claves solo puede usarse con --key-slot o con una sola ranura de claves activa exactamente." + +#: src/utils_reencrypt.c:1062 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt_luks1.c:1158 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Introduzca la frase contraseña para la ranura de claves %d: " + +#: src/utils_reencrypt.c:1074 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Introduzca la frase contraseña para la ranura de claves %u: " + +#: src/utils_reencrypt.c:1126 +#, c-format +msgid "Switching data encryption cipher to %s.\n" +msgstr "Cambiando el algoritmo de cifrado de datos a %s.\n" + +#: src/utils_reencrypt.c:1180 +msgid "No data segment parameters changed. Reencryption aborted." +msgstr "No ha cambiado ningún parámetro del segmento de datos. Recifrado abortado." + +#: src/utils_reencrypt.c:1282 +msgid "" +"Encryption sector size increase on offline device is not supported.\n" +"Activate the device first or use --force-offline-reencrypt option (dangerous!)." +msgstr "" +"No se admite incrementar el tamaño de sector de cifrado en dispositivo «offline».\n" +"Primero active el dispositivo o utilice la opción --force-offline-reencrypt (¡peligroso!)" + +#: src/utils_reencrypt.c:1322 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt_luks1.c:798 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Recifrado interrumpido." + +#: src/utils_reencrypt.c:1327 +msgid "Resuming LUKS reencryption in forced offline mode.\n" +msgstr "Reanudando recifrado LUKS en modo «offline» forzado.\n" + +#: src/utils_reencrypt.c:1350 +#, c-format +msgid "Device %s contains broken LUKS metadata. Aborting operation." +msgstr "El dispositivo %s contiene metadatos LUKS deteriorados. Se aborta la operación." + +#: src/utils_reencrypt.c:1366 src/utils_reencrypt.c:1388 +#, c-format +msgid "Device %s is already LUKS device. Aborting operation." +msgstr "El dispositivo %s ya es un dispositivo LUKS. Se aborta la operación." + +#: src/utils_reencrypt.c:1394 +#, c-format +msgid "Device %s is already in LUKS reencryption. Aborting operation." +msgstr "El dispositivo %s ya está en recifrado LUKS. Se aborta la operación." + +#: src/utils_reencrypt.c:1476 +msgid "LUKS2 decryption requires --header option." +msgstr "El descifrado LUKS2 requiere la opción --header." + +#: src/utils_reencrypt.c:1524 +msgid "Command requires device as argument." +msgstr "Esta orden necesita un dispositivo como argumento." + +#: src/utils_reencrypt.c:1537 +#, c-format +msgid "Conflicting versions. Device %s is LUKS1." +msgstr "Versiones en conflicto. El dispositivo %s es LUKS1." + +#: src/utils_reencrypt.c:1543 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS1 reencryption." +msgstr "Versiones en conflicto. El dispositivo %s está en recifrado LUKS1." + +#: src/utils_reencrypt.c:1549 +#, c-format +msgid "Conflicting versions. Device %s is LUKS2." +msgstr "Versiones en conflicto. El dispositivo %s es LUKS2." + +#: src/utils_reencrypt.c:1555 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS2 reencryption." +msgstr "Versiones en conflicto. El dispositivo %s está en recifrado LUKS2." + +#: src/utils_reencrypt.c:1561 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "El recifrado LUKS2 ya está inicializado. Se aborta la operación." + +#: src/utils_reencrypt.c:1568 +msgid "Device reencryption not in progress." +msgstr "El recifrado del dispositivo no está en proceso." + +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:295 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "No se puede abrir %s en exclusividad; el dispositivo está en uso." + +#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945 +msgid "Allocation of aligned memory failed." +msgstr "La reserva de memoria alineada ha fallado." + +#: src/utils_reencrypt_luks1.c:150 +#, c-format +msgid "Cannot read device %s." +msgstr "No se puede leer el dispositivo %s." + +#: src/utils_reencrypt_luks1.c:161 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "Marcando el dispositivo LUKS1 %s como inutilizable." + +#: src/utils_reencrypt_luks1.c:177 +#, c-format +msgid "Cannot write device %s." +msgstr "No se puede escribir en el dispositivo %s." + +#: src/utils_reencrypt_luks1.c:226 +msgid "Cannot write reencryption log file." +msgstr "No se puede escribir en el fichero de registro de recifrado." + +#: src/utils_reencrypt_luks1.c:282 +msgid "Cannot read reencryption log file." +msgstr "No se puede leer el fichero de registro de recifrado." + +#: src/utils_reencrypt_luks1.c:293 +msgid "Wrong log format." +msgstr "Formato del fichero de registro incorrecto." + +#: src/utils_reencrypt_luks1.c:320 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "El fichero de registro %s ya existe; reanudando el recifrado.\n" + +#: src/utils_reencrypt_luks1.c:369 +msgid "Activating temporary device using old LUKS header." +msgstr "Activando dispositivo temporal utilizando cabecera LUKS antigua." + +#: src/utils_reencrypt_luks1.c:379 +msgid "Activating temporary device using new LUKS header." +msgstr "Activando dispositivo temporal utilizando cabecera LUKS nueva." + +#: src/utils_reencrypt_luks1.c:389 +msgid "Activation of temporary devices failed." +msgstr "Fallo en la activación de los dispositivos temporales." + +#: src/utils_reencrypt_luks1.c:449 +msgid "Failed to set data offset." +msgstr "No se ha podido establecer el desplazamiento de los datos." + +#: src/utils_reencrypt_luks1.c:455 +msgid "Failed to set metadata size." +msgstr "No se ha podido establecer el tamaño de los metadatos." + +#: src/utils_reencrypt_luks1.c:463 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "Se ha creado una nueva cabecera LUKS para el dispositivo %s." + +#: src/utils_reencrypt_luks1.c:500 +#, c-format +msgid "%s header backup of device %s created." +msgstr "Se ha creado una copia de seguridad de la cabecera %s del dispositivo %s." + +#: src/utils_reencrypt_luks1.c:556 +msgid "Creation of LUKS backup headers failed." +msgstr "No se ha podido crear la copia de seguridad de las cabeceras LUKS." + +#: src/utils_reencrypt_luks1.c:685 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "No se puede restaurar la cabecera %s en el dispositivo %s." + +#: src/utils_reencrypt_luks1.c:687 +#, c-format +msgid "%s header on device %s restored." +msgstr "Se ha restaurado la cabecera %s en el dispositivo %s." + +#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923 +msgid "Cannot open temporary LUKS device." +msgstr "No se puede abrir el dispositivo LUKS temporal." + +#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933 +msgid "Cannot get device size." +msgstr "No se puede obtener el tamaño del dispositivo." + +#: src/utils_reencrypt_luks1.c:968 +msgid "IO error during reencryption." +msgstr "Error de entrada/salida durante el recifrado." + +#: src/utils_reencrypt_luks1.c:998 +msgid "Provided UUID is invalid." +msgstr "El UUID proporcionado no es válido." + +#: src/utils_reencrypt_luks1.c:1224 +msgid "Cannot open reencryption log file." +msgstr "No se puede abrir el fichero de registro de recifrado." + +#: src/utils_reencrypt_luks1.c:1230 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "No hay ningún proceso de descifrado en marcha; el UUID proporcionado solo puede utilizarse para reanudar un proceso de descifrado suspendido." + +#: src/utils_reencrypt_luks1.c:1286 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "El recifrado va a cambiar: %s%s%s%s%s%s." + +#: src/utils_reencrypt_luks1.c:1287 +msgid "volume key" +msgstr "clave del volumen" + +#: src/utils_reencrypt_luks1.c:1289 +msgid "set hash to " +msgstr "nuevo algoritmo «hash» " + +#: src/utils_reencrypt_luks1.c:1290 +msgid ", set cipher to " +msgstr ", nuevo algoritmo de cifrado: " + +#: src/utils_blockdev.c:189 #, c-format msgid "WARNING: Device %s already contains a '%s' partition signature.\n" msgstr "ATENCIÓN: El dispositivo %s ya contiene una firma de partición '%s'.\n" -#: src/utils_blockdev.c:200 +#: src/utils_blockdev.c:197 #, c-format msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" msgstr "ATENCIÓN: El dispositivo %s ya contiene una firma de superbloque '%s'.\n" -#: src/utils_blockdev.c:221 src/utils_blockdev.c:285 +#: src/utils_blockdev.c:219 src/utils_blockdev.c:302 src/utils_blockdev.c:354 msgid "Failed to initialize device signature probes." msgstr "No se han podido inicializar los sondeos de firma del dispositivo." -#: src/utils_blockdev.c:265 +#: src/utils_blockdev.c:282 #, c-format msgid "Failed to stat device %s." msgstr "No se ha podido efectuar «stat» sobre el dispositivo %s." -#: src/utils_blockdev.c:278 -#, c-format -msgid "Device %s is in use. Cannot proceed with format operation." -msgstr "El dispositivo %s está en uso. No se puede proceder con la operación de dar formato." - -#: src/utils_blockdev.c:280 +#: src/utils_blockdev.c:297 #, c-format msgid "Failed to open file %s in read/write mode." msgstr "No se ha podido abrir el fichero %s para lectura y escritura." -#: src/utils_blockdev.c:294 +#: src/utils_blockdev.c:317 #, c-format msgid "Existing '%s' partition signature on device %s will be wiped." msgstr "La firma de la partición '%s' existente en el dispositivo %s va a ser borrada." -#: src/utils_blockdev.c:297 +#: src/utils_blockdev.c:320 #, c-format msgid "Existing '%s' superblock signature on device %s will be wiped." msgstr "La firma del superbloque '%s' existente en el dispositivo %s va a ser borrada." -#: src/utils_blockdev.c:300 +#: src/utils_blockdev.c:323 msgid "Failed to wipe device signature." msgstr "No se ha podido limpiar la firma del dispositivo." -#: src/utils_blockdev.c:307 +#: src/utils_blockdev.c:330 #, c-format msgid "Failed to probe device %s for a signature." msgstr "No se ha podido sondear el dispositivo %s para una firma." @@ -3469,16 +3999,16 @@ msgstr "No se ha podido sondear el dispositivo %s para una firma." msgid "Invalid size specification in parameter --%s." msgstr "La especificación del tamaño no es válida en el parámetro --%s." -#: src/utils_args.c:121 +#: src/utils_args.c:125 #, c-format msgid "Option --%s is not allowed with %s action." msgstr "La opción --%s no se permite con la acción %s." -#: tokens/ssh/cryptsetup-ssh.c:108 +#: tokens/ssh/cryptsetup-ssh.c:123 msgid "Failed to write ssh token json." msgstr "No se ha podido escribir el json del «token» ssh." -#: tokens/ssh/cryptsetup-ssh.c:126 +#: tokens/ssh/cryptsetup-ssh.c:141 msgid "" "Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" "\n" @@ -3494,110 +4024,114 @@ msgstr "" "\n" "Nota: la información proporcionada al añadir el «token» (dirección del servidor SSH, usuario y rutas) se almacenará en la cabecera LUKS2 en texto plano." -#: tokens/ssh/cryptsetup-ssh.c:136 +#: tokens/ssh/cryptsetup-ssh.c:151 msgid "<action> <device>" msgstr "<acción> <dispositivo>" -#: tokens/ssh/cryptsetup-ssh.c:139 +#: tokens/ssh/cryptsetup-ssh.c:154 msgid "Options for the 'add' action:" msgstr "Opciones para la acción 'add':" -#: tokens/ssh/cryptsetup-ssh.c:140 +#: tokens/ssh/cryptsetup-ssh.c:155 msgid "IP address/URL of the remote server for this token" msgstr "Dirección IP/URL del servidor remoto para este «token»" -#: tokens/ssh/cryptsetup-ssh.c:141 +#: tokens/ssh/cryptsetup-ssh.c:156 msgid "Username used for the remote server" msgstr "Nombre de usuario utilizado para el servidor remoto" -#: tokens/ssh/cryptsetup-ssh.c:142 +#: tokens/ssh/cryptsetup-ssh.c:157 msgid "Path to the key file on the remote server" msgstr "Ruta del fichero de claves en el servidor remoto" -#: tokens/ssh/cryptsetup-ssh.c:143 +#: tokens/ssh/cryptsetup-ssh.c:158 msgid "Path to the SSH key for connecting to the remote server" msgstr "Ruta de la clave SSH para conectarse al servidor remoto" -#: tokens/ssh/cryptsetup-ssh.c:144 +#: tokens/ssh/cryptsetup-ssh.c:160 +msgid "Path to directory containinig libcryptsetup external tokens" +msgstr "Ruta del directorio que contiene los «tokens» externos de libcryptsetup" + +#: tokens/ssh/cryptsetup-ssh.c:161 msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." msgstr "Ranura de claves a la que asignar el «token». Si no se especifica, el «token» será asignado a la primera ranura de claves que coincida con la frase contraseña proporcionada." -#: tokens/ssh/cryptsetup-ssh.c:146 +#: tokens/ssh/cryptsetup-ssh.c:163 msgid "Generic options:" msgstr "Opciones genéricas:" -#: tokens/ssh/cryptsetup-ssh.c:147 +#: tokens/ssh/cryptsetup-ssh.c:164 msgid "Shows more detailed error messages" msgstr "Muestra mensajes de error más detallados" -#: tokens/ssh/cryptsetup-ssh.c:148 +#: tokens/ssh/cryptsetup-ssh.c:165 msgid "Show debug messages" msgstr "Mostrar mensajes de depuración" -#: tokens/ssh/cryptsetup-ssh.c:149 +#: tokens/ssh/cryptsetup-ssh.c:166 msgid "Show debug messages including JSON metadata" msgstr "Mostrar mensajes de depuración incluidos los metadatos JSON" -#: tokens/ssh/cryptsetup-ssh.c:260 +#: tokens/ssh/cryptsetup-ssh.c:281 msgid "Failed to open and import private key:\n" msgstr "No se ha podido abrir e importar la clave privada:\n" -#: tokens/ssh/cryptsetup-ssh.c:264 +#: tokens/ssh/cryptsetup-ssh.c:285 msgid "Failed to import private key (password protected?).\n" msgstr "No se ha podido importar la clave privada (¿está protegida por contraseña?).\n" #. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " -#: tokens/ssh/cryptsetup-ssh.c:266 +#: tokens/ssh/cryptsetup-ssh.c:287 #, c-format msgid "%s@%s's password: " msgstr "Contraseña de %s@%s: " -#: tokens/ssh/cryptsetup-ssh.c:355 +#: tokens/ssh/cryptsetup-ssh.c:376 #, c-format msgid "Failed to parse arguments.\n" msgstr "No se han podido analizar los argumentos.\n" -#: tokens/ssh/cryptsetup-ssh.c:366 +#: tokens/ssh/cryptsetup-ssh.c:387 #, c-format msgid "An action must be specified\n" msgstr "Es preciso especificar una acción\n" -#: tokens/ssh/cryptsetup-ssh.c:372 +#: tokens/ssh/cryptsetup-ssh.c:393 #, c-format msgid "Device must be specified for '%s' action.\n" msgstr "Es preciso especificar el dispositivo para la acción '%s'.\n" -#: tokens/ssh/cryptsetup-ssh.c:377 +#: tokens/ssh/cryptsetup-ssh.c:398 #, c-format msgid "SSH server must be specified for '%s' action.\n" msgstr "Es preciso especificar el servidor SSH para la acción '%s'.\n" -#: tokens/ssh/cryptsetup-ssh.c:382 +#: tokens/ssh/cryptsetup-ssh.c:403 #, c-format msgid "SSH user must be specified for '%s' action.\n" msgstr "Es preciso especificar el usuario SSH para la acción '%s'.\n" -#: tokens/ssh/cryptsetup-ssh.c:387 +#: tokens/ssh/cryptsetup-ssh.c:408 #, c-format msgid "SSH path must be specified for '%s' action.\n" msgstr "Es preciso especificar la ruta SSH para la acción '%s'.\n" -#: tokens/ssh/cryptsetup-ssh.c:392 +#: tokens/ssh/cryptsetup-ssh.c:413 #, c-format msgid "SSH key path must be specified for '%s' action.\n" msgstr "Es preciso especificar la ruta de la ruta SSH para la acción '%s'.\n" -#: tokens/ssh/cryptsetup-ssh.c:399 +#: tokens/ssh/cryptsetup-ssh.c:420 #, c-format msgid "Failed open %s using provided credentials.\n" msgstr "No se ha podido abrir %s con las credenciales proporcionadas.\n" -#: tokens/ssh/cryptsetup-ssh.c:415 +#: tokens/ssh/cryptsetup-ssh.c:437 #, c-format msgid "Only 'add' action is currently supported by this plugin.\n" msgstr "Actualmente este «plugin» solo admite la acción 'add'.\n" -#: tokens/ssh/ssh-utils.c:46 tokens/ssh/ssh-utils.c:59 +#: tokens/ssh/ssh-utils.c:46 msgid "Cannot create sftp session: " msgstr "No se puede crear la sesión sftp: " @@ -3605,6 +4139,10 @@ msgstr "No se puede crear la sesión sftp: " msgid "Cannot init sftp session: " msgstr "No se puede iniciar la sesión sftp: " +#: tokens/ssh/ssh-utils.c:59 +msgid "Cannot open sftp session: " +msgstr "No se puede abrir la sesión sftp: " + #: tokens/ssh/ssh-utils.c:66 msgid "Cannot stat sftp file: " msgstr "No se puede obtener el estado del fichero sftp: " @@ -3633,12 +4171,102 @@ msgstr "El método de autenticación de clave pública no está permitido en el msgid "Public key authentication error: " msgstr "Error de autenticación de clave pública: " +#~ msgid "compiled-in" +#~ msgstr "integrado en la compilación" + +#~ msgid "disabled" +#~ msgstr "desactivado" + +#~ msgid "WARNING: Data offset is outside of currently available data device.\n" +#~ msgstr "ATENCIÓN: El desplazamiento de los datos está fuera del dispositivo de datos actualmente disponible.\n" + +#~ msgid "Cannot get process priority." +#~ msgstr "No se puede obtener la prioridad del proceso." + +#~ msgid "Cannot unlock memory." +#~ msgstr "No se puede desbloquear la memoria." + +#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions." +#~ msgstr "El directorio de bloqueo %s/%s se creará con los permisos predeterminados al compilar." + +#~ msgid "Failed to read BITLK signature from %s." +#~ msgstr "No se ha podido leer la firma BITLK de %s." + +#~ msgid "Invalid or unknown signature for BITLK device." +#~ msgstr "Firma no válida o desconocida para el dispositivo BITLK" + +#~ msgid "Failed to wipe backup segment data." +#~ msgstr "No se han podido limpiar los datos de segmentos de respaldo." + +#~ msgid "Failed to disable reencryption requirement flag." +#~ msgstr "No se ha podido desactivar el indicador del requisito de descifrado." + +#~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +#~ msgstr "Se ha detectado un dispositivo LUKS en %s. ¿Desea cifrar de nuevo ese dispositivo LUKS?" + +#~ msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +#~ msgstr "Actualmente solo se admite el formato LUKS2. Utilice la herramienta cryptsetup-reencrypt para LUKS1." + +#~ msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +#~ msgstr "Ya hay un recifrado «offline» heredado en proceso. Utilice la utilidad cryptsetup-reencrypt." + +#~ msgid "LUKS2 device is not in reencryption." +#~ msgstr "El dispositivo LUKS2 no está en recifrado." + +#~ msgid "Reencryption already in-progress." +#~ msgstr "Recifrado ya en curso." + +#~ msgid "Setting LUKS2 offline reencrypt flag on device %s." +#~ msgstr "Estableciendo el indicador de recifrado fuera de lÃnea LUKS2 en el dispositivo %s." + +#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +#~ msgstr "Esta versión de cryptsetup-reencrypt no sabe manejar el nuevo tipo de «token» interno %s." + +#~ msgid "Failed to read activation flags from backup header." +#~ msgstr "No se ha podido leer los indicadores de activación en la cabecera de respaldo." + +#~ msgid "Failed to read requirements from backup header." +#~ msgstr "No se ha podido leer los requisitos en la cabecera de respaldo." + +#~ msgid "Changed pbkdf parameters in keyslot %i." +#~ msgstr "Se han cambiado los parámetros pbkdf en la ranura de claves %i." + +#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +#~ msgstr "Solo se permiten valores entre 1 MiB y 64 MiB para el tamaño de bloque de recifrado." + +#~ msgid "Maximum device reduce size is 64 MiB." +#~ msgstr "El tamaño máximo de reducción del dispositivo es de 64 MiB." + +#~ msgid "[OPTION...] <device>" +#~ msgstr "[OPCIÓN...] <dispositivo>" + +#~ msgid "Argument required." +#~ msgstr "Hace falta argumento." + +#~ msgid "Option --new must be used together with --reduce-device-size or --header." +#~ msgstr "La opción --new debe utilizarse conjuntamente con --reduce-device-size o --header." + +#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +#~ msgstr "La opción --keep-key solamente puede utilizarse con --hash, --iter-time o --pbkdf-force-iterations." + +#~ msgid "Option --new cannot be used together with --decrypt." +#~ msgstr "La opción --new no puede utilizarse conjuntamente con --decrypt." + +#~ msgid "Option --decrypt is incompatible with specified parameters." +#~ msgstr "La opción --decrypt es incompatible con los parámetros especificados." + +#~ msgid "Option --uuid is allowed only together with --decrypt." +#~ msgstr "La opción --uuid solo está permitida conjuntamente con --decrypt." + +#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +#~ msgstr "Tipo de luks no válido. Utilice uno de estos: 'luks', 'luks1' o 'luks2'." + +#~ msgid "Device %s is in use. Cannot proceed with format operation." +#~ msgstr "El dispositivo %s está en uso. No se puede proceder con la operación de dar formato." + #~ msgid "No free token slot." #~ msgstr "No hay ninguna ranura de «token» libre." -#~ msgid "Failed to create builtin token %s." -#~ msgstr "No se ha podido crear el «token» interno %s." - #~ msgid "Invalid LUKS device type." #~ msgstr "Tipo de dispositivo LUKS no válido." @@ -3958,9 +4586,6 @@ msgstr "Error de autenticación de clave pública: " #~ msgid "Sector size option is not supported for this command." #~ msgstr "La opción de tamaño de sector no está disponible para esta orden." -#~ msgid "Option --unbound may be used only with luksAddKey and luksDump actions." -#~ msgstr "La opción --unbound solo puede utilizarse con las acciones luksAddKey y luksDump." - #~ msgid "Option --refresh may be used only with open action." #~ msgstr "La opción --refresh solo puede utilizarse con la acción de abrir." @@ -4141,9 +4766,6 @@ msgstr "Error de autenticación de clave pública: " #~ msgid "Read new volume (master) key from file" #~ msgstr "Leer la clave (maestra) del volumen desde fichero" -#~ msgid "PBKDF2 iteration time for LUKS (in ms)" -#~ msgstr "Tiempo de iteración PBKDF2 para LUKS (en ms)" - #~ msgid "Use direct-io when accessing devices" #~ msgstr "Utilizar entrada/salida directa para acceder a los dispositivos" @@ -4183,9 +4805,6 @@ msgstr "Error de autenticación de clave pública: " #~ msgid "Parameter --refresh is only allowed with open or refresh commands." #~ msgstr "El parámetro --refresh solo se permite con las órdenes de abrir y de refrescar." -#~ msgid "Cipher %s is not available." -#~ msgstr "El algoritmo de cifrado %s no está disponible." - #~ msgid "Unsupported encryption sector size.\n" #~ msgstr "Tamaño de sector de cifrado no admitido.\n" @@ -4195,9 +4814,6 @@ msgstr "Error de autenticación de clave pública: " #~ msgid "Online reencryption in progress. Aborting." #~ msgstr "Recifrado «online» en curso. Se aborta." -#~ msgid "No LUKS2 reencryption in progress." -#~ msgstr "No hay ningún recifrado LUKS2 en proceso." - #~ msgid "Interrupted by a signal." #~ msgstr "Interrumpido por una señal." @@ -4261,9 +4877,6 @@ msgstr "Error de autenticación de clave pública: " #~ msgid "Error: Calculated reencryption offset %<PRIu64> is beyond device size %<PRIu64>." #~ msgstr "Error: El desplazamiento %<PRIu64> de recifrado calculado sobrepasa el tamaño %<PRIu64> del dispositivo." -#~ msgid "Device is not in clean reencryption state." -#~ msgstr "El dispositivo no está en un estado de recifrado limpio." - #~ msgid "Failed to calculate new segments." #~ msgstr "No se ha podido calcular los nuevos segmentos." @@ -7,10 +7,10 @@ # Frédéric Marchal <fmarchal@perso.be>, 2023. msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.6.1-rc0\n" +"Project-Id-Version: cryptsetup 2.7.0-rc1\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2023-02-01 15:58+0100\n" -"PO-Revision-Date: 2023-02-02 15:51+0100\n" +"POT-Creation-Date: 2023-12-20 15:16+0100\n" +"PO-Revision-Date: 2023-12-21 11:38+0100\n" "Last-Translator: Frédéric Marchal <fmarchal@perso.be>\n" "Language-Team: French <traduc@traduc.org>\n" "Language: fr\n" @@ -28,58 +28,62 @@ msgstr "Impossible d'initialiser le gestionnaire « device-mapper ». Exécuti msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Impossible d'initialiser le gestionnaire « device-mapper ». Le module noyau dm_mod est-il chargé ?" -#: lib/libdevmapper.c:1102 +#: lib/libdevmapper.c:1103 msgid "Requested deferred flag is not supported." msgstr "Le fanion différé demandé n'est pas supporté." -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1172 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "Le DM-UUID du périphérique %s a été tronqué." -#: lib/libdevmapper.c:1501 +#: lib/libdevmapper.c:1510 msgid "Unknown dm target type." msgstr "Type de cible dm inconnu." -#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 -#: lib/libdevmapper.c:1727 +#: lib/libdevmapper.c:1629 lib/libdevmapper.c:1635 lib/libdevmapper.c:1738 +#: lib/libdevmapper.c:1741 msgid "Requested dm-crypt performance options are not supported." msgstr "Les options de performance dm-crypt demandées ne sont pas supportées." -#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 +#: lib/libdevmapper.c:1644 lib/libdevmapper.c:1656 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Les options demandées de gestion de corruption des données dm-verity ne sont pas supportées." -#: lib/libdevmapper.c:1641 +#: lib/libdevmapper.c:1650 msgid "Requested dm-verity tasklets option is not supported." msgstr "L'option dm-verity tasklets demandée n'est pas supportée." -#: lib/libdevmapper.c:1653 +#: lib/libdevmapper.c:1662 msgid "Requested dm-verity FEC options are not supported." msgstr "Les options dm-verity FEC demandées ne sont pas supportées." -#: lib/libdevmapper.c:1659 +#: lib/libdevmapper.c:1668 msgid "Requested data integrity options are not supported." msgstr "Les options d'intégrité de données demandées ne sont pas supportées." -#: lib/libdevmapper.c:1663 +#: lib/libdevmapper.c:1672 msgid "Requested sector_size option is not supported." msgstr "L'option sector_size demandée n'est pas supportée." -#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 +#: lib/libdevmapper.c:1677 +msgid "The device size is not multiple of the requested sector size." +msgstr "La taille du périphérique n'est pas un multiple de la taille de secteur demandée." + +#: lib/libdevmapper.c:1684 lib/libdevmapper.c:1690 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Le recalcule automatique des balises de sécurité demandés n'est pas supporté." -#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 -#: lib/luks2/luks2_json_metadata.c:2620 +#: lib/libdevmapper.c:1696 lib/libdevmapper.c:1744 lib/libdevmapper.c:1747 +#: lib/luks2/luks2_json_metadata.c:2754 msgid "Discard/TRIM is not supported." msgstr "Discard/TRIM n'est pas supporté." -#: lib/libdevmapper.c:1688 +#: lib/libdevmapper.c:1702 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Le mode de carte de bits d'intégrité dm demandé n'est pas supporté." -#: lib/libdevmapper.c:2724 +#: lib/libdevmapper.c:2738 #, c-format msgid "Failed to query dm-%s segment." msgstr "Échec lors de l'interrogation du segment dm-%s." @@ -113,653 +117,743 @@ msgstr "La qualité du générateur aléatoire RNG demandé est inconnue." msgid "Error reading from RNG." msgstr "Erreur en lecture du générateur aléatoire RNG " -#: lib/setup.c:231 +#: lib/setup.c:261 +msgid "OPAL support is disabled in libcryptsetup." +msgstr "Le support de OPAL est désactivé dans libcryptsetup." + +#: lib/setup.c:263 +#, c-format +msgid "Device %s or kernel does not support OPAL encryption." +msgstr "Le périphérique %s ou le noyau ne supporte pas le chiffrement OPAL." + +#: lib/setup.c:279 msgid "Cannot initialize crypto RNG backend." msgstr "Impossible d'initialiser le moteur aléatoire RNG pour le chiffrement." -#: lib/setup.c:237 +#: lib/setup.c:285 msgid "Cannot initialize crypto backend." msgstr "Impossible d'initialiser le moteur de chiffrement." -#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 +#: lib/setup.c:317 lib/setup.c:2777 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "L'algorithme de hachage %s n'est pas supporté." -#: lib/setup.c:271 lib/loopaes/loopaes.c:90 +#: lib/setup.c:320 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Erreur de traitement de clé (valeur hachage %s)." -#: lib/setup.c:342 lib/setup.c:369 +#: lib/setup.c:391 lib/setup.c:428 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Impossible de déterminer le type de périphérique. Activation du périphérique incompatible ?" -#: lib/setup.c:348 lib/setup.c:3320 +#: lib/setup.c:397 lib/setup.c:3971 msgid "This operation is supported only for LUKS device." msgstr "Cette opération n'est possible que pour les périphériques LUKS." -#: lib/setup.c:375 +#: lib/setup.c:434 msgid "This operation is supported only for LUKS2 device." msgstr "Cette opération n'est possible que pour les périphériques LUKS2." -#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 +#: lib/setup.c:491 lib/luks2/luks2_reencrypt.c:3056 msgid "All key slots full." msgstr "Tous les emplacements de clés sont utilisés." -#: lib/setup.c:438 +#: lib/setup.c:502 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "L'emplacement de clé %d n'est pas valide, merci d'en choisir un entre 0 et %d." -#: lib/setup.c:444 +#: lib/setup.c:508 #, c-format msgid "Key slot %d is full, please select another one." msgstr "L'emplacement de clé %d est utilisé, merci d'en sélectionner un autre." -#: lib/setup.c:529 lib/setup.c:3042 +#: lib/setup.c:619 lib/setup.c:3672 msgid "Device size is not aligned to device logical block size." msgstr "La taille du périphérique n'est pas alignée avec la taille d'un bloc logique du périphérique." -#: lib/setup.c:627 +#: lib/setup.c:717 #, c-format msgid "Header detected but device %s is too small." msgstr "En-tête détecté mais le périphérique %s est trop petit." -#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 -#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 +#: lib/setup.c:758 lib/setup.c:3563 lib/setup.c:5163 +#: lib/luks2/luks2_reencrypt.c:3848 lib/luks2/luks2_reencrypt.c:4305 msgid "This operation is not supported for this device type." msgstr "Cette opération n'est pas supportée pour ce type de périphérique." -#: lib/setup.c:673 +#: lib/setup.c:763 msgid "Illegal operation with reencryption in-progress." msgstr "Opération illégale avec une re-chiffrement en cours." -#: lib/setup.c:802 +#: lib/setup.c:895 msgid "Failed to rollback LUKS2 metadata in memory." msgstr "Échec lors du retour en arrière des métadonnées LUKS2 en mémoire." -#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 -#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 -#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 -#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 -#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 -#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:982 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1374 src/cryptsetup.c:1799 +#: src/cryptsetup.c:1962 src/cryptsetup.c:2017 src/cryptsetup.c:2222 +#: src/cryptsetup.c:2392 src/cryptsetup.c:2673 src/cryptsetup.c:2981 +#: src/cryptsetup.c:3049 src/utils_reencrypt.c:1488 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:85 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "%s n'est pas un périphérique LUKS valide." -#: lib/setup.c:892 lib/luks1/keymanage.c:530 +#: lib/setup.c:985 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "La version %d de LUKS n'est pas supportée." -#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 -#: lib/setup.c:2952 lib/setup.c:4764 +#: lib/setup.c:1358 +#, c-format +msgid "No known cipher specification pattern detected for active device %s." +msgstr "Aucun motif connu d'algorithme de chiffrement n'a été détecté pour le périphérique actif %s." + +#: lib/setup.c:1604 lib/setup.c:3317 lib/setup.c:3399 lib/setup.c:3411 +#: lib/setup.c:3581 lib/setup.c:5755 #, c-format msgid "Device %s is not active." msgstr "Le périphérique %s n'est pas activé." -#: lib/setup.c:1508 +#: lib/setup.c:1621 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Le périphérique sous-jacent pour le périphérique chiffré %s a disparu." -#: lib/setup.c:1590 +#: lib/setup.c:1703 msgid "Invalid plain crypt parameters." msgstr "Paramètres de chiffrement non valides." -#: lib/setup.c:1595 lib/setup.c:2054 +#: lib/setup.c:1708 lib/setup.c:2680 msgid "Invalid key size." msgstr "La taille de la clé n'est pas valide." -#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 +#: lib/setup.c:1713 lib/setup.c:2685 lib/setup.c:2888 msgid "UUID is not supported for this crypt type." msgstr "le UUID n'est pas supporté avec ce type de chiffrement." -#: lib/setup.c:1605 lib/setup.c:2064 +#: lib/setup.c:1718 lib/setup.c:2690 msgid "Detached metadata device is not supported for this crypt type." msgstr "Un périphérique avec des métadonnées détachées n'est pas supporté avec ce type de chiffrement." -#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 -#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 +#: lib/setup.c:1728 lib/setup.c:1963 lib/luks2/luks2_reencrypt.c:3012 +#: src/cryptsetup.c:1467 src/cryptsetup.c:3726 msgid "Unsupported encryption sector size." msgstr "Taille de secteur de chiffrement non supportée." -#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 +#: lib/setup.c:1736 lib/setup.c:1992 lib/setup.c:3666 msgid "Device size is not aligned to requested sector size." msgstr "La taille du périphérique n'est pas alignée avec la taille de secteur demandée." -#: lib/setup.c:1675 lib/setup.c:1799 +#: lib/setup.c:1788 lib/setup.c:2025 lib/setup.c:2357 msgid "Can't format LUKS without device." msgstr "Impossible de formater en LUKS sans périphérique." -#: lib/setup.c:1681 lib/setup.c:1805 +#: lib/setup.c:1794 lib/setup.c:2031 lib/setup.c:2363 msgid "Requested data alignment is not compatible with data offset." msgstr "L'alignement de données demandé n'est pas compatible avec le décalage des données." -#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 +#: lib/setup.c:1834 lib/setup.c:2049 +msgid "WARNING: DAX device can corrupt data as it does not guarantee atomic sector updates.\n" +msgstr "ATTENTION : Un périphérique DAX peut corrompre les données car il ne garanti pas la mise à jour atomique des secteurs.\n" + +#: lib/setup.c:1872 lib/setup.c:2144 lib/setup.c:2165 lib/setup.c:2541 +#: lib/setup.c:2587 lib/setup.c:2900 #, c-format msgid "Cannot wipe header on device %s." msgstr "Impossible d'effacer l'en-tête du périphérique %s." -#: lib/setup.c:1769 lib/setup.c:2036 +#: lib/setup.c:1885 lib/setup.c:2204 #, c-format msgid "Device %s is too small for activation, there is no remaining space for data.\n" msgstr "Le périphérique %s est trop petit pour l'activation, il ne reste pas d'espace pour les données.\n" -#: lib/setup.c:1840 -msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" -msgstr "AVERTISSEMENT: L'activation du périphérique va échouer, dm-crypt ne supporte pas la taille de secteur de chiffrement demandée.\n" - -#: lib/setup.c:1863 +#: lib/setup.c:1925 msgid "Volume key is too small for encryption with integrity extensions." msgstr "La clé de volume est trop petite pour chiffrer avec les extensions d'intégrité." -#: lib/setup.c:1923 +#: lib/setup.c:1934 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Le chiffrement %s-%s (clé de %zd bits) n'est pas disponible." -#: lib/setup.c:1949 -#, c-format -msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" -msgstr "ATTENTION: La taille des métadonnées LUKS2 est devenue %<PRIu64> octets.\n" - -#: lib/setup.c:1953 -#, c-format -msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" -msgstr "ATTENTION: La taille de la zone des emplacements de clés LUKS2 est devenue %<PRIu64> octets.\n" +#: lib/setup.c:1973 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "AVERTISSEMENT: L'activation du périphérique va échouer, dm-crypt ne supporte pas la taille de secteur de chiffrement demandée.\n" -#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 +#: lib/setup.c:2147 lib/setup.c:2484 lib/setup.c:2544 lib/utils_device.c:917 +#: lib/luks1/keyencryption.c:255 lib/luks2/luks2_reencrypt.c:3080 +#: lib/luks2/luks2_reencrypt.c:4364 #, c-format msgid "Device %s is too small." msgstr "Le périphérique %s est trop petit." -#: lib/setup.c:1990 lib/setup.c:2016 +#: lib/setup.c:2158 lib/setup.c:2184 lib/setup.c:2580 lib/setup.c:2626 #, c-format msgid "Cannot format device %s in use." msgstr "Impossible de formater le périphérique %s qui est en cours d'utilisation." -#: lib/setup.c:1993 lib/setup.c:2019 +#: lib/setup.c:2161 lib/setup.c:2187 lib/setup.c:2583 lib/setup.c:2629 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Impossible de formater le périphérique %s. Permission refusée." -#: lib/setup.c:2005 lib/setup.c:2334 +#: lib/setup.c:2173 lib/setup.c:2600 lib/setup.c:2960 #, c-format msgid "Cannot format integrity for device %s." msgstr "Impossible de formater l'intégrité du périphérique %s." -#: lib/setup.c:2023 +#: lib/setup.c:2191 lib/setup.c:2637 #, c-format msgid "Cannot format device %s." msgstr "Impossible de formater le périphérique %s" -#: lib/setup.c:2049 +#: lib/setup.c:2234 +msgid "Cannot get OPAL alignment parameters." +msgstr "Impossible d'obtenir les paramètres d'alignement de OPAL." + +#: lib/setup.c:2243 +msgid "Bogus OPAL logical block size." +msgstr "Taille de bloc logique OPAL incorrecte." + +#: lib/setup.c:2249 +msgid "Requested data offset is not compatible with OPAL block size." +msgstr "L'offset de données demandé n'est pas compatible avec la taille de bloc de OPAL." + +#: lib/setup.c:2256 +msgid "Requested data alignment is not compatible with OPAL alignment." +msgstr "L'alignement de données demandé n'est pas compatible avec l'alignement de OPAL." + +#: lib/setup.c:2276 +msgid "Data offset does not satisfy OPAL alignment requirements." +msgstr "L'offset de données ne satisfait pas les exigences d'alignement de OPAL." + +#: lib/setup.c:2289 +msgid "Requested data alignment does not satisfy locking range alignment requirements." +msgstr "L'alignement de données demandé les exigences de la plage d'alignement du verrouillage." + +#: lib/setup.c:2494 +#, c-format +msgid "Compensating device size by %<PRIu64> sectors to align it with OPAL alignment granularity." +msgstr "La taille du périphérique est compensée avec %<PRIu64> secteurs pour l'aligner avec la granularité de l'alignement de OPAL." + +#: lib/setup.c:2552 lib/setup.c:4068 lib/setup.c:4223 lib/utils_wipe.c:368 +#: lib/luks2/luks2_json_metadata.c:2703 lib/luks2/luks2_json_metadata.c:2955 +#, c-format +msgid "Failed to acquire OPAL lock on device %s." +msgstr "Impossible d'acquérir le verrou OPAL sur le périphérique %s." + +#: lib/setup.c:2561 +msgid "Incorrect OPAL Admin key." +msgstr "Clé admin OPAL incorrecte." + +#: lib/setup.c:2563 +msgid "Cannot setup OPAL segment." +msgstr "Impossible de configurer le segment OPAL." + +#: lib/setup.c:2633 +#, c-format +msgid "Cannot format device %s, OPAL device seems to be fully write-protected now." +msgstr "Impossible de formater le périphérique %s. Le périphérique OPAL semble maintenant être complètement protégé contre l'écriture." + +#: lib/setup.c:2635 +msgid "This is perhaps a bug in firmware. Run OPAL PSID reset and reconnect for recovery." +msgstr "Il s'agit peut-être d'un bogue du micro logiciel. Exécutez une réinitialisation PSID OPAL et reconnectez pour récupération." + +#: lib/setup.c:2655 +#, c-format +msgid "Locking range %d reset on device %s failed." +msgstr "La réinitialisation de la plage %d de verrouillage du périphérique %s a échouée." + +#: lib/setup.c:2675 msgid "Can't format LOOPAES without device." msgstr "Impossible de formater LOOPAES sans périphérique." -#: lib/setup.c:2094 +#: lib/setup.c:2720 msgid "Can't format VERITY without device." msgstr "Impossible de formater VERITY sans périphérique." -#: lib/setup.c:2105 lib/verity/verity.c:101 +#: lib/setup.c:2731 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Type de hachage VERITY %d non supporté." -#: lib/setup.c:2111 lib/verity/verity.c:109 +#: lib/setup.c:2737 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Taille de bloc VERITY non supportée." -#: lib/setup.c:2116 lib/verity/verity.c:74 +#: lib/setup.c:2742 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Décalage de hachage VERITY non supporté." -#: lib/setup.c:2121 +#: lib/setup.c:2747 msgid "Unsupported VERITY FEC offset." msgstr "Décalage VERITY FEC non supporté." -#: lib/setup.c:2145 +#: lib/setup.c:2771 msgid "Data area overlaps with hash area." msgstr "La zone de données recouvre la zone de hachage." -#: lib/setup.c:2170 +#: lib/setup.c:2796 msgid "Hash area overlaps with FEC area." msgstr "La zone de hachage recouvre la zone FEC." -#: lib/setup.c:2177 +#: lib/setup.c:2803 msgid "Data area overlaps with FEC area." msgstr "La zone de données recouvre la zone FEC." -#: lib/setup.c:2313 +#: lib/setup.c:2939 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "ATTENTION : La taille %d demandée pour l'étiquette est différente de la taille de sortie de %s (%d octets).\n" -#: lib/setup.c:2392 +#: lib/setup.c:3018 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Type de chiffrement de périphérique demandé (%s) inconnu." -#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 +#: lib/setup.c:3325 lib/setup.c:3404 lib/setup.c:3417 #, c-format msgid "Unsupported parameters on device %s." msgstr "Paramètres non supportés sur le périphérique %s." -#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 -#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 +#: lib/setup.c:3331 lib/setup.c:3424 lib/luks2/luks2_reencrypt.c:2908 +#: lib/luks2/luks2_reencrypt.c:3145 lib/luks2/luks2_reencrypt.c:3540 #, c-format msgid "Mismatching parameters on device %s." msgstr "Paramètres non concordants sur le périphérique %s." -#: lib/setup.c:2822 +#: lib/setup.c:3448 msgid "Crypt devices mismatch." msgstr "Désaccord entre les périphériques crypt." -#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 -#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 +#: lib/setup.c:3485 lib/setup.c:3490 lib/luks2/luks2_reencrypt.c:2390 +#: lib/luks2/luks2_reencrypt.c:2924 lib/luks2/luks2_reencrypt.c:4109 #, c-format msgid "Failed to reload device %s." msgstr "Impossible de recharger le périphérique %s." -#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 -#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 +#: lib/setup.c:3496 lib/setup.c:3502 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2368 lib/luks2/luks2_reencrypt.c:2938 #, c-format msgid "Failed to suspend device %s." msgstr "Impossible de suspendre le périphérique %s." -#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 -#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 -#: lib/luks2/luks2_reencrypt.c:4036 +#: lib/setup.c:3508 lib/luks2/luks2_reencrypt.c:2375 +#: lib/luks2/luks2_reencrypt.c:2959 lib/luks2/luks2_reencrypt.c:4022 +#: lib/luks2/luks2_reencrypt.c:4113 #, c-format msgid "Failed to resume device %s." msgstr "Impossible de redémarrer le périphérique %s." -#: lib/setup.c:2897 +#: lib/setup.c:3523 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Erreur fatale en rechargeant le périphérique %s (au dessus du périphérique %s)" -#: lib/setup.c:2900 lib/setup.c:2902 +#: lib/setup.c:3526 lib/setup.c:3528 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Impossible de basculer le périphérique %s en dm-error." -#: lib/setup.c:2984 +#: lib/setup.c:3568 +msgid "Can not resize LUKS2 device with static size." +msgstr "Impossible de redimensionner le périphérique LUKS2 avec une taille statique." + +#: lib/setup.c:3613 msgid "Cannot resize loop device." msgstr "Impossible de redimensionner le périphérique loopback." -#: lib/setup.c:3027 +#: lib/setup.c:3657 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "ATTENTION: La taille maximale est déjà définie ou le noyau ne supporte pas le redimensionnement.\n" -#: lib/setup.c:3088 +#: lib/setup.c:3723 msgid "Resize failed, the kernel doesn't support it." msgstr "Le redimensionnement a échoué, le noyau ne le supporte pas." -#: lib/setup.c:3120 +#: lib/setup.c:3755 msgid "Do you really want to change UUID of device?" msgstr "Voulez vous réellement changer l'UUID du périphérique ?" -#: lib/setup.c:3212 +#: lib/setup.c:3847 msgid "Header backup file does not contain compatible LUKS header." msgstr "Le fichier de sauvegarde de l'en-tête ne contient pas d'en-tête compatible LUKS." -#: lib/setup.c:3328 +#: lib/setup.c:3956 #, c-format msgid "Volume %s is not active." msgstr "Le volume %s n'est pas actif." -#: lib/setup.c:3339 +#: lib/setup.c:4022 #, c-format msgid "Volume %s is already suspended." msgstr "Le volume %s est déjà suspendu." -#: lib/setup.c:3352 +#: lib/setup.c:4050 #, c-format msgid "Suspend is not supported for device %s." msgstr "Le périphérique %s ne supporte pas la suspension." -#: lib/setup.c:3354 +#: lib/setup.c:4052 lib/setup.c:4060 #, c-format msgid "Error during suspending device %s." msgstr "Erreur lors de la suspension du périphérique %s." -#: lib/setup.c:3389 +#: lib/setup.c:4074 +#, c-format +msgid "Device %s was suspended but hardware OPAL device cannot be locked." +msgstr "Le périphérique %s a été suspendu mais le périphérique matériel OPAL ne sait pas être verrouillé." + +#: lib/setup.c:4106 lib/setup.c:4250 #, c-format msgid "Resume is not supported for device %s." msgstr "Le périphérique %s ne supporte pas la remise en service." -#: lib/setup.c:3391 +#: lib/setup.c:4108 lib/setup.c:4241 lib/setup.c:4252 #, c-format msgid "Error during resuming device %s." msgstr "Erreur lors de la remise en service du périphérique %s." -#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 -#: src/cryptsetup.c:2479 +#: lib/setup.c:4131 +msgid "Failed to link key to the specified keyring." +msgstr "Impossible de lier la clé au porte-clé spécifié." + +#: lib/setup.c:4150 +msgid "Failed to unlink volume key from user specified keyring." +msgstr "Impossible de délier la clé du porte-clé utilisateur spécifié." + +#: lib/setup.c:4213 lib/setup.c:4934 lib/setup.c:5549 +msgid "Failed to link volume key in user defined keyring." +msgstr "Impossible de lier la clé de volume dans le porte-clé utilisateur." + +#: lib/setup.c:4313 src/cryptsetup.c:2755 #, c-format msgid "Volume %s is not suspended." msgstr "Le volume %s n'est pas suspendu." -#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 -#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 -#: src/cryptsetup.c:2011 +#: lib/setup.c:4414 lib/setup.c:5310 lib/setup.c:5317 lib/setup.c:7176 +#: lib/setup.c:7198 lib/setup.c:7247 src/cryptsetup.c:2265 msgid "Volume key does not match the volume." msgstr "Ceci n'est pas la clé du volume." -#: lib/setup.c:3737 +#: lib/setup.c:4568 msgid "Failed to swap new key slot." msgstr "Nouvel emplacement de clé impossible à échanger." -#: lib/setup.c:3835 +#: lib/setup.c:4666 #, c-format msgid "Key slot %d is invalid." msgstr "L'emplacement de clé %d n'est pas valide." -#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 -#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 +#: lib/setup.c:4672 src/cryptsetup.c:1975 src/cryptsetup.c:2467 +#: src/cryptsetup.c:3149 src/cryptsetup.c:3209 #, c-format msgid "Keyslot %d is not active." msgstr "L'emplacement de clé %d n'est pas actif." -#: lib/setup.c:3860 +#: lib/setup.c:4691 msgid "Device header overlaps with data area." msgstr "L'en-tête du périphérique recouvre la zone de données." -#: lib/setup.c:4165 +#: lib/setup.c:5041 msgid "Reencryption in-progress. Cannot activate device." msgstr "Re-chiffrement en cours. Impossible d'activer le périphérique." -#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 -#: lib/luks2/luks2_reencrypt.c:3590 +#: lib/setup.c:5043 lib/luks2/luks2_json_metadata.c:2861 +#: lib/luks2/luks2_reencrypt.c:3646 msgid "Failed to get reencryption lock." msgstr "Impossible d'obtenir le verrou de re-chiffrement." -#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 +#: lib/setup.c:5056 lib/luks2/luks2_reencrypt.c:3665 msgid "LUKS2 reencryption recovery failed." msgstr "La récupération du rechiffrement LUKS2 a échoué." -#: lib/setup.c:4352 lib/setup.c:4618 +#: lib/setup.c:5228 lib/setup.c:5328 lib/setup.c:5386 msgid "Device type is not properly initialized." msgstr "Type de périphérique improprement initialisé." -#: lib/setup.c:4400 +#: lib/setup.c:5283 #, c-format msgid "Device %s already exists." msgstr "Le périphérique %s existe déjà ." -#: lib/setup.c:4407 +#: lib/setup.c:5290 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Impossible d'utiliser le périphérique %s, le nom est invalide ou est toujours utilisé." -#: lib/setup.c:4527 +#: lib/setup.c:5306 msgid "Incorrect volume key specified for plain device." msgstr "Clé de volume incorrecte pour le périphérique en clair." -#: lib/setup.c:4644 -msgid "Incorrect root hash specified for verity device." -msgstr "Hachage racine incorrect spécifié pour le périphérique verity." - -#: lib/setup.c:4654 -msgid "Root hash signature required." -msgstr "Signature de hachage racine requise." +#: lib/setup.c:5424 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Le porte-clé du noyau n'est pas supporté par ce noyau." -#: lib/setup.c:4663 +#: lib/setup.c:5428 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Le porte-clé du noyau est manquant : il est requis pour passer une signature au noyau." -#: lib/setup.c:4680 lib/setup.c:6423 -msgid "Failed to load key in kernel keyring." -msgstr "Impossible de charger la clé dans le porte-clé du noyau." +#: lib/setup.c:5668 +msgid "Incorrect root hash specified for verity device." +msgstr "Hachage racine incorrect spécifié pour le périphérique verity." -#: lib/setup.c:4736 +#: lib/setup.c:5711 +msgid "OPAL does not support deferred deactivation." +msgstr "OPAL ne supporte pas la désactivation différée." + +#: lib/setup.c:5727 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Impossible d'annuler la suppression différée du périphérique %s." -#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 +#: lib/setup.c:5734 lib/setup.c:5750 lib/luks2/luks2_json_metadata.c:2915 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Le périphérique %s est toujours occupé." -#: lib/setup.c:4768 +#: lib/setup.c:5759 #, c-format msgid "Invalid device %s." msgstr "Le périphérique %s n'est pas valide." -#: lib/setup.c:4908 +#: lib/setup.c:5899 msgid "Volume key buffer too small." msgstr "Le tampon de la clé du volume est trop petit." -#: lib/setup.c:4925 +#: lib/setup.c:5916 msgid "Cannot retrieve volume key for LUKS2 device." msgstr "Impossible de récupérer la clé du volume pour le périphérique LUKS2." -#: lib/setup.c:4934 +#: lib/setup.c:5925 msgid "Cannot retrieve volume key for LUKS1 device." msgstr "Impossible de récupérer la clé du volume pour le périphérique LUKS1." -#: lib/setup.c:4944 +#: lib/setup.c:5935 msgid "Cannot retrieve volume key for plain device." msgstr "Impossible de récupérer la clé du volume pour ce périphérique de type « plain »." -#: lib/setup.c:4952 +#: lib/setup.c:5943 msgid "Cannot retrieve root hash for verity device." msgstr "Impossible de récupérer le hachage racine pour le périphérique verity." -#: lib/setup.c:4959 +#: lib/setup.c:5950 msgid "Cannot retrieve volume key for BITLK device." msgstr "Impossible de récupérer la clé du volume pour le périphérique BITLK." -#: lib/setup.c:4964 +#: lib/setup.c:5955 msgid "Cannot retrieve volume key for FVAULT2 device." msgstr "Impossible de récupérer la clé du volume pour le périphérique FVAULT2." -#: lib/setup.c:4966 +#: lib/setup.c:5957 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Cette opération n'est pas possible pour le périphérique chiffré %s." -#: lib/setup.c:5147 lib/setup.c:5158 +#: lib/setup.c:6141 lib/setup.c:6152 msgid "Dump operation is not supported for this device type." msgstr "L'opération de vidage n'est pas supportée pour ce type de périphérique." -#: lib/setup.c:5500 +#: lib/setup.c:6511 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Le décalage des données n'est pas un multiple de %u octets." -#: lib/setup.c:5788 +#: lib/setup.c:6819 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Impossible de convertir le périphérique %s qui est toujours en cours d'utilisation." -#: lib/setup.c:6098 lib/setup.c:6237 +#: lib/setup.c:7117 lib/setup.c:7256 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Échec de l'affectation de l'emplacement de clé %u pour la nouvelle clé de volume." -#: lib/setup.c:6122 +#: lib/setup.c:7141 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Échec de l'initialisation des paramètres par défaut des emplacement de clé LUKS2." -#: lib/setup.c:6128 +#: lib/setup.c:7147 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Échec de l'affectation de l'emplacement de clé %d aux résumé." -#: lib/setup.c:6353 +#: lib/setup.c:7372 msgid "Cannot add key slot, all slots disabled and no volume key provided." msgstr "Impossible d'ajouter un emplacement de clé, tous les emplacements sont désactivés et aucune clé n'a été fournie pour ce volume." -#: lib/setup.c:6490 -msgid "Kernel keyring is not supported by the kernel." -msgstr "Le porte-clé du noyau n'est pas supporté par ce noyau." +#: lib/setup.c:7441 lib/verity/verity.c:343 +msgid "Failed to load key in kernel keyring." +msgstr "Impossible de charger la clé dans le porte-clé du noyau." -#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 +#: lib/setup.c:7559 +msgid "Failed to unlink volume key from thread keyring." +msgstr "Impossible de délier la clé de volume du thread du porte-clé." + +#: lib/setup.c:7586 #, c-format -msgid "Failed to read passphrase from keyring (error %d)." -msgstr "Échec lors de la lecture du mot de passe depuis le porte-clé (erreur %d)." +msgid "Could not find keyring described by \"%s\"." +msgstr "Impossible de trouver le porte-clé décrit par « %s »." -#: lib/setup.c:6523 +#: lib/setup.c:7645 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Erreur lors de l'acquisition du verrou global de sérialisation des accès strictes à la mémoire" -#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 +#: lib/utils.c:205 lib/tcrypt/tcrypt.c:503 msgid "Failed to open key file." msgstr "Impossible d'ouvrir le fichier de clef." -#: lib/utils.c:163 +#: lib/utils.c:210 msgid "Cannot read keyfile from a terminal." msgstr "Impossible de lire le fichier de clé depuis un terminal." -#: lib/utils.c:179 +#: lib/utils.c:226 msgid "Failed to stat key file." msgstr "Impossible d'exécuter « stat » sur le fichier de clef." -#: lib/utils.c:187 lib/utils.c:208 +#: lib/utils.c:234 lib/utils.c:255 msgid "Cannot seek to requested keyfile offset." msgstr "Impossible de sauter au décalage demandé dans le fichier de clé." -#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 -#: src/utils_password.c:237 +#: lib/utils.c:249 lib/utils.c:264 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "Plus assez de mémoire lors de la lecture de la phrase secrète." -#: lib/utils.c:237 +#: lib/utils.c:284 msgid "Error reading passphrase." msgstr "Erreur de lecture de la phrase secrète." -#: lib/utils.c:254 +#: lib/utils.c:301 msgid "Nothing to read on input." msgstr "Rien à lire en entrée." -#: lib/utils.c:261 +#: lib/utils.c:308 msgid "Maximum keyfile size exceeded." msgstr "Taille max. de fichier de clé dépassée." -#: lib/utils.c:266 +#: lib/utils.c:313 msgid "Cannot read requested amount of data." msgstr "Impossible de lire la quantité de données demandée." -#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 +#: lib/utils_device.c:213 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1461 #, c-format msgid "Device %s does not exist or access denied." msgstr "Le périphérique %s n'existe pas ou l'accès y est interdit." -#: lib/utils_device.c:217 +#: lib/utils_device.c:223 #, c-format msgid "Device %s is not compatible." msgstr "Le périphérique %s n'est pas compatible." -#: lib/utils_device.c:561 +#: lib/utils_device.c:567 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "La mauvaise taille de optimal-io est ignorée pour le périphérique de données (%u octets)." -#: lib/utils_device.c:722 +#: lib/utils_device.c:728 #, c-format msgid "Device %s is too small. Need at least %<PRIu64> bytes." msgstr "Le périphérique %s est trop petit. Il a besoin d'au moins %<PRIu64> octets." -#: lib/utils_device.c:803 +#: lib/utils_device.c:809 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Impossible d'utiliser le périphérique %s actuellement utilisé (déjà mappé ou monté)." -#: lib/utils_device.c:807 +#: lib/utils_device.c:813 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Impossible d'utiliser le périphérique %s, permission refusée." -#: lib/utils_device.c:810 +#: lib/utils_device.c:816 #, c-format msgid "Cannot get info about device %s." msgstr "Impossible d'obtenir des informations au sujet du périphérique %s." -#: lib/utils_device.c:833 +#: lib/utils_device.c:839 msgid "Cannot use a loopback device, running as non-root user." msgstr "Impossible d'utiliser un périphérique loopback. Fonctionne comme un utilisateur non-root." -#: lib/utils_device.c:844 +#: lib/utils_device.c:850 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "Impossible d'associer le périphérique loopback (le drapeau « autoclear » est requis)." -#: lib/utils_device.c:892 +#: lib/utils_device.c:898 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Le décalage demandé est au delà de la taille réelle du périphérique %s." -#: lib/utils_device.c:900 +#: lib/utils_device.c:906 #, c-format msgid "Device %s has zero size." msgstr "Le périphérique %s a une taille nulle." -#: lib/utils_pbkdf.c:100 +#: lib/utils_pbkdf.c:116 msgid "Requested PBKDF target time cannot be zero." msgstr "Le temps cible PBKDF demandé ne peut pas être zéro." -#: lib/utils_pbkdf.c:106 +#: lib/utils_pbkdf.c:122 #, c-format msgid "Unknown PBKDF type %s." msgstr "Type PBKDF %s inconnu." -#: lib/utils_pbkdf.c:111 +#: lib/utils_pbkdf.c:127 #, c-format msgid "Requested hash %s is not supported." msgstr "L'algorithme de hachage %s demandé n'est pas supporté." -#: lib/utils_pbkdf.c:122 +#: lib/utils_pbkdf.c:138 msgid "Requested PBKDF type is not supported for LUKS1." msgstr "Le type PBKDF demandé n'est pas supporté par LUKS1." -#: lib/utils_pbkdf.c:128 +#: lib/utils_pbkdf.c:144 msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "La mémoire maximum ou les threads parallèles de PBKDF ne peuvent pas être définis avec pbkdf2." -#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#: lib/utils_pbkdf.c:149 lib/utils_pbkdf.c:159 #, c-format msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "Le nombre d'itérations forcées est trop petit pour %s (le minimum est %u)." -#: lib/utils_pbkdf.c:148 +#: lib/utils_pbkdf.c:164 #, c-format msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." msgstr "Le coût de la mémoire forcé est trop petit pour %s (le minimum est %u kilooctets)." -#: lib/utils_pbkdf.c:155 +#: lib/utils_pbkdf.c:171 #, c-format msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." msgstr "Le coût de la mémoire PBKDF maximum demandée est trop grand (maximum est %d kilooctets)." -#: lib/utils_pbkdf.c:160 +#: lib/utils_pbkdf.c:176 msgid "Requested maximum PBKDF memory cannot be zero." msgstr "La mémoire PBKDF maximum demandée ne peut pas être zéro." -#: lib/utils_pbkdf.c:164 +#: lib/utils_pbkdf.c:180 msgid "Requested PBKDF parallel threads cannot be zero." msgstr "Le nombre de threads parallèles PBKDF demandé ne peut pas être zéro." -#: lib/utils_pbkdf.c:184 +#: lib/utils_pbkdf.c:200 msgid "Only PBKDF2 is supported in FIPS mode." msgstr "Seul PBKDF2 est supporté en mode FIPS." -#: lib/utils_benchmark.c:175 +#: lib/utils_benchmark.c:184 msgid "PBKDF benchmark disabled but iterations not set." msgstr "L'étalon PBKDF est désactivé mais les itérations ne sont pas définies." -#: lib/utils_benchmark.c:194 +#: lib/utils_benchmark.c:203 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "Options PBKDF2 incompatibles (en utilisant l'algorithme de hachage %s)." -#: lib/utils_benchmark.c:214 +#: lib/utils_benchmark.c:223 msgid "Not compatible PBKDF options." msgstr "Options PBKDF incompatibles." @@ -773,16 +867,24 @@ msgstr "Verrouillage interrompu. Le chemin de verrouillage %s/%s est inutilisabl msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Verrouillage interrompu. Le chemin de verrouillage %s/%s est inutilisable (%s n'est pas un répertoire)." -#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: lib/utils_wipe.c:156 lib/utils_wipe.c:227 src/utils_reencrypt_luks1.c:734 #: src/utils_reencrypt_luks1.c:832 msgid "Cannot seek to device offset." msgstr "Impossible de se déplacer au décalage du périphérique." -#: lib/utils_wipe.c:247 +#: lib/utils_wipe.c:249 #, c-format msgid "Device wipe error, offset %<PRIu64>." msgstr "Erreur durant l'effacement total, offset %<PRIu64>" +#: lib/utils_wipe.c:344 +msgid "Incorrect OPAL PSID." +msgstr "PSID OPAL incorrecte." + +#: lib/utils_wipe.c:346 +msgid "Cannot erase OPAL device." +msgstr "Impossible d'effacer le périphérique OPAL." + #: lib/luks1/keyencryption.c:39 #, c-format msgid "" @@ -803,7 +905,7 @@ msgstr "La spécification du chiffrement devrait être au format [chiffrement]-[ #: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 #: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 -#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 +#: lib/luks2/luks2_json_metadata.c:1528 lib/luks2/luks2_keyslot.c:712 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Impossible d'écrire sur le périphérique %s. Permission refusée." @@ -817,17 +919,17 @@ msgid "Failed to access temporary keystore device." msgstr "Impossible d'accéder au périphérique de stockage temporaire de clés." #: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 -#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:197 msgid "IO error while encrypting keyslot." msgstr "Erreur E/S pendant le chiffrement de l'emplacement de clé." #: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 -#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:681 #: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 #: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 #: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 #: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 -#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: lib/luks2/luks2_json_metadata.c:1531 src/utils_reencrypt_luks1.c:121 #: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." @@ -849,32 +951,32 @@ msgstr "Le périphérique %s est trop petit (LUKS1 a besoin d'au moins %<PRIu64> msgid "LUKS keyslot %u is invalid." msgstr "L'emplacement de clé LUKS %u n'est pas valide." -#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1391 #, c-format msgid "Requested header backup file %s already exists." msgstr "Le fichier de sauvegarde d'en-tête demandé %s existe déjà ." -#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1393 #, c-format msgid "Cannot create header backup file %s." msgstr "Impossible de créer le fichier de sauvegarde d'en-tête %s." -#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1400 #, c-format msgid "Cannot write header backup file %s." msgstr "Impossible d'écrire le fichier de sauvegarde d'en-tête %s." -#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1437 msgid "Backup file does not contain valid LUKS header." msgstr "Le fichier de sauvegarde ne contient pas d'en-tête LUKS valide." #: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 -#: lib/luks2/luks2_json_metadata.c:1420 +#: lib/luks2/luks2_json_metadata.c:1458 #, c-format msgid "Cannot open header backup file %s." msgstr "Impossible d'ouvrir le fichier de sauvegarde d'en-tête %s." -#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1466 #, c-format msgid "Cannot read header backup file %s." msgstr "Impossible de lire le fichier de sauvegarde d'en-tête %s." @@ -896,7 +998,7 @@ msgstr "ne contient pas d'en-tête LUKS. Remplacer l'en-tête peut détruire les msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "contient déjà un en-tête LUKS. Remplacer l'en-tête détruira les emplacements de clés actuels." -#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1500 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -970,7 +1072,7 @@ msgstr "Le mode de chiffrement LUKS %s n'est pas valide." msgid "LUKS hash %s is invalid." msgstr "La valeur hachée LUKS %s n'est pas valide." -#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1352 msgid "No known problems detected for LUKS header." msgstr "Aucun problème connu détecté pour l'en-tête LUKS." @@ -989,8 +1091,8 @@ msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "L'offset des données d'un en-tête LUKS doit être soit 0 ou soit plus grand que la taille de l'en-tête." #: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 -#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 -#: src/utils_reencrypt.c:539 +#: lib/luks2/luks2_json_format.c:243 lib/luks2/luks2_json_metadata.c:1274 +#: src/utils_reencrypt.c:554 msgid "Wrong LUKS UUID format provided." msgstr "Mauvais format fourni pour le UUID LUKS." @@ -1027,7 +1129,7 @@ msgstr "Impossible d'ouvrir l'emplacement de clé (en utilisant le hachage %s)." msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "L'emplacement de clé %d n'est pas valide, merci de sélectionner un emplacement entre 0 et %d." -#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:716 #, c-format msgid "Cannot wipe device %s." msgstr "Impossible d'effacer de façon sécurisée le périphérique %s." @@ -1048,48 +1150,48 @@ msgstr "Fichier de clé incompatible pour boucle « loop-AES »." msgid "Kernel does not support loop-AES compatible mapping." msgstr "Le noyau ne supporte pas les associations de type boucle « loop-AES »." -#: lib/tcrypt/tcrypt.c:508 +#: lib/tcrypt/tcrypt.c:510 #, c-format msgid "Error reading keyfile %s." msgstr "Erreur lors de la lecture du fichier de clé %s." -#: lib/tcrypt/tcrypt.c:558 +#: lib/tcrypt/tcrypt.c:560 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Longueur maximum de la phrase secrète TCRYPT (%zu) dépassée." -#: lib/tcrypt/tcrypt.c:600 +#: lib/tcrypt/tcrypt.c:602 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "L'algorithme de hachage PBKDF2 %s n'est pas supporté, ignoré." -#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1227 msgid "Required kernel crypto interface not available." msgstr "L'interface du noyau requise pour le chiffrement n'est pas disponible." -#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 +#: lib/tcrypt/tcrypt.c:623 src/cryptsetup.c:1229 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Vérifiez que le module du noyau algif_skcipher est chargé." -#: lib/tcrypt/tcrypt.c:762 +#: lib/tcrypt/tcrypt.c:764 #, c-format msgid "Activation is not supported for %d sector size." msgstr "L'activation n'est pas supportée pour des secteurs de taille %d." -#: lib/tcrypt/tcrypt.c:768 +#: lib/tcrypt/tcrypt.c:770 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Le noyau ne supporte pas l'activation pour ce mode TCRYPT historique." -#: lib/tcrypt/tcrypt.c:799 +#: lib/tcrypt/tcrypt.c:801 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Activation du chiffrement du système TCRYPT sur la partition %s." -#: lib/tcrypt/tcrypt.c:882 +#: lib/tcrypt/tcrypt.c:884 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Le noyau ne supporte pas les associations de type TCRYPT." -#: lib/tcrypt/tcrypt.c:1095 +#: lib/tcrypt/tcrypt.c:1097 msgid "This function is not supported without TCRYPT header load." msgstr "Cette fonction n'est pas supportée sans le chargement de l'en-tête TCRYPT." @@ -1148,74 +1250,74 @@ msgstr "Impossible de lire les entrées des méta-données de BITLK depuis %s." msgid "Failed to convert BITLK volume description" msgstr "Échec lors de la conversion de la description du volume BITLK" -#: lib/bitlk/bitlk.c:882 +#: lib/bitlk/bitlk.c:884 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Un type d'entrée « %u » inattendu a été trouvé dans la méta-donnée en analysant la clé externe." -#: lib/bitlk/bitlk.c:905 +#: lib/bitlk/bitlk.c:907 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "Le GUID du fichier BEK « %s » ne correspond pas au GUID du volume." -#: lib/bitlk/bitlk.c:909 +#: lib/bitlk/bitlk.c:911 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "La valeur « %u » pour l'entrée de la méta-donnée est inattendue en analysant la clé externe." -#: lib/bitlk/bitlk.c:948 +#: lib/bitlk/bitlk.c:950 #, c-format msgid "Unsupported BEK metadata version %<PRIu32>" msgstr "Métadonnées BEK version %<PRIu32> non supportées" -#: lib/bitlk/bitlk.c:953 +#: lib/bitlk/bitlk.c:955 #, c-format msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length" msgstr "La taille inattendue des métadonnées BEK %<PRIu32> ne correspond pas à la longueur du fichier BEK" -#: lib/bitlk/bitlk.c:979 +#: lib/bitlk/bitlk.c:981 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Une entrée de méta-donnée inattendue a été trouvée en analysant la clé de démarrage." -#: lib/bitlk/bitlk.c:1075 +#: lib/bitlk/bitlk.c:1076 msgid "This operation is not supported." msgstr "Cette opération n'est pas supportée." -#: lib/bitlk/bitlk.c:1083 +#: lib/bitlk/bitlk.c:1084 msgid "Unexpected key data size." msgstr "Taille inattendue pour les données de la clé." -#: lib/bitlk/bitlk.c:1209 +#: lib/bitlk/bitlk.c:1210 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Ce périphérique BITLK est dans un état non supporté et ne peut pas être activé." -#: lib/bitlk/bitlk.c:1214 +#: lib/bitlk/bitlk.c:1215 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "Les périphériques BITLK avec le type « %s » ne peuvent pas être activés." -#: lib/bitlk/bitlk.c:1221 +#: lib/bitlk/bitlk.c:1222 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "L'activation d'un périphérique BITLK partiellement déchiffré n'est pas supporté." -#: lib/bitlk/bitlk.c:1262 +#: lib/bitlk/bitlk.c:1263 #, c-format msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>" msgstr "AVERTISSEMENT: La taille %<PRIu64> du volume BitLocker ne correspond pas à la taille %<PRIu64> du périphérique sous-jacent" -#: lib/bitlk/bitlk.c:1389 +#: lib/bitlk/bitlk.c:1390 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Impossible d'activer le périphérique car dm-crypt dans le noyau ne supporte pas BITLK IV." -#: lib/bitlk/bitlk.c:1393 +#: lib/bitlk/bitlk.c:1394 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Impossible d'activer le périphérique car dm-crypt dans le noyau ne supporte pas le diffuseur BITLK Elephant." -#: lib/bitlk/bitlk.c:1397 +#: lib/bitlk/bitlk.c:1398 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "Impossible d'activer le périphérique car dm-crypt dans le noyau ne supporte pas une grande taille de secteur." -#: lib/bitlk/bitlk.c:1401 +#: lib/bitlk/bitlk.c:1402 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Impossible d'activer le périphérique car le module dm-zero est manquant dans le noyau." @@ -1253,28 +1355,32 @@ msgstr "Mauvais format d'UUID VERITY fourni sur le périphérique %s." msgid "Error during update of verity header on device %s." msgstr "Erreur lors de la mise à jour de l'en-tête verity sur le périphérique %s." -#: lib/verity/verity.c:278 +#: lib/verity/verity.c:274 msgid "Root hash signature verification is not supported." msgstr "La vérification de la signature du hachage racine n'est pas supportée." -#: lib/verity/verity.c:290 +#: lib/verity/verity.c:279 +msgid "Root hash signature required." +msgstr "Signature de hachage racine requise." + +#: lib/verity/verity.c:294 msgid "Errors cannot be repaired with FEC device." msgstr "Les erreurs ne savent pas être réparées avec un périphérique FEC." -#: lib/verity/verity.c:292 +#: lib/verity/verity.c:296 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "%u erreurs réparables ont été trouvées avec le périphérique FEC." -#: lib/verity/verity.c:335 +#: lib/verity/verity.c:377 msgid "Kernel does not support dm-verity mapping." msgstr "Le noyau ne supporte pas les associations de type dm-verity." -#: lib/verity/verity.c:339 +#: lib/verity/verity.c:381 msgid "Kernel does not support dm-verity signature option." msgstr "Le noyau ne supporte pas les options de signature dm-verity." -#: lib/verity/verity.c:350 +#: lib/verity/verity.c:392 msgid "Verity device detected corruption after activation." msgstr "Le périphérique verity a détecté une corruption après l'activation." @@ -1368,7 +1474,7 @@ msgstr "Impossible de déterminer la taille du périphérique %s." msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." msgstr "Métadonnées dm-integrity du noyau incompatible (version %u) détectée sur %s." -#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:454 msgid "Kernel does not support dm-integrity mapping." msgstr "Le noyau ne supporte pas les associations de type dm-integrity." @@ -1380,8 +1486,8 @@ msgstr "Le noyau ne supporte pas les alignements de méta-données fixés de dm- msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Le noyau refuse d'activer l'option de recalcul non sûre (voyez les options d'activation historique pour outrepasser)." -#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 -#: lib/luks2/luks2_json_metadata.c:1482 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1197 +#: lib/luks2/luks2_json_metadata.c:1520 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Impossible d'acquérir un verrou en écriture sur le périphérique %s." @@ -1398,49 +1504,59 @@ msgstr "" "Le périphérique contient une signature ambigüe, impossible de récupérer automatiquement LUKS2.\n" "Veuillez exécuter « cryptsetup repair » pour la récupération." -#: lib/luks2/luks2_json_format.c:229 +#: lib/luks2/luks2_json_format.c:231 +#, c-format +msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "ATTENTION: la zone des emplacements de clés (%<PRIu64> octets) est très petite, le nombre d'emplacements de clés LUKS2 est très limité.\n" + +#: lib/luks2/luks2_json_format.c:427 msgid "Requested data offset is too small." msgstr "Le décalage de données demandé est trop petit." -#: lib/luks2/luks2_json_format.c:274 +#: lib/luks2/luks2_json_format.c:468 #, c-format -msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" -msgstr "ATTENTION: la zone des emplacements de clés (%<PRIu64> octets) est très petite, le nombre d'emplacements de clés LUKS2 est très limité.\n" +msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" +msgstr "ATTENTION: La taille des métadonnées LUKS2 est devenue %<PRIu64> octets.\n" + +#: lib/luks2/luks2_json_format.c:472 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" +msgstr "ATTENTION: La taille de la zone des emplacements de clés LUKS2 est devenue %<PRIu64> octets.\n" -#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 -#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_json_metadata.c:1184 lib/luks2/luks2_json_metadata.c:1366 +#: lib/luks2/luks2_json_metadata.c:1426 lib/luks2/luks2_keyslot_luks2.c:94 #: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Impossible d'acquérir le verrou de lecture sur le périphérique %s." -#: lib/luks2/luks2_json_metadata.c:1405 +#: lib/luks2/luks2_json_metadata.c:1443 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "Des exigences LUKS2 interdites ont été détectées dans la sauvegarde %s." -#: lib/luks2/luks2_json_metadata.c:1446 +#: lib/luks2/luks2_json_metadata.c:1484 msgid "Data offset differ on device and backup, restore failed." msgstr "Les décalages des données ne sont pas identiques sur le périphérique et la sauvegarde, la restauration a échoué." -#: lib/luks2/luks2_json_metadata.c:1452 +#: lib/luks2/luks2_json_metadata.c:1490 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Les en-têtes binaires avec des tailles de zones d'emplacements de clés sont différents sur le périphérique et la sauvegarde, la restauration a échouée." -#: lib/luks2/luks2_json_metadata.c:1459 +#: lib/luks2/luks2_json_metadata.c:1497 #, c-format msgid "Device %s %s%s%s%s" msgstr "Périphérique %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1460 +#: lib/luks2/luks2_json_metadata.c:1498 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "ne contient pas d'en-tête LUKS2. Remplacer l'en-tête peut détruire les données de ce périphérique." -#: lib/luks2/luks2_json_metadata.c:1461 +#: lib/luks2/luks2_json_metadata.c:1499 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "contient déjà un en-tête LUKS2. Remplacer l'en-tête détruira les emplacements de clés actuels." -#: lib/luks2/luks2_json_metadata.c:1463 +#: lib/luks2/luks2_json_metadata.c:1501 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1450,7 +1566,7 @@ msgstr "" "ATTENTION: des exigences LUKS2 inconnues ont été détectées sur l'en-tête du périphérique réel !\n" "Remplacer l'en-tête par la sauvegarde peut corrompre les données sur ce périphérique !" -#: lib/luks2/luks2_json_metadata.c:1465 +#: lib/luks2/luks2_json_metadata.c:1503 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1460,58 +1576,92 @@ msgstr "" "ATTENTION: Un rechiffrement hors-ligne non terminé a été détecté sur le périphérique !\n" "Remplacer l'en-tête par la sauvegarde peut corrompre les données." -#: lib/luks2/luks2_json_metadata.c:1562 +#: lib/luks2/luks2_json_metadata.c:1600 #, c-format msgid "Ignored unknown flag %s." msgstr "Fanion inconnu %s ignoré." -#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 +#: lib/luks2/luks2_json_metadata.c:2525 lib/luks2/luks2_reencrypt.c:2090 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Clé manquante pour le segment %u de dm-crypt" -#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 +#: lib/luks2/luks2_json_metadata.c:2537 lib/luks2/luks2_reencrypt.c:2104 msgid "Failed to set dm-crypt segment." msgstr "Impossible de définir le segment dm-crypt." -#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 +#: lib/luks2/luks2_json_metadata.c:2543 lib/luks2/luks2_reencrypt.c:2110 msgid "Failed to set dm-linear segment." msgstr "Impossible de définir le segment dm-linear." -#: lib/luks2/luks2_json_metadata.c:2615 +#: lib/luks2/luks2_json_metadata.c:2662 src/utils_reencrypt.c:433 +msgid "No known cipher specification pattern detected in LUKS2 header." +msgstr "Aucun motif connu d'algorithme de chiffrement n'a été détecté dans l'en-tête LUKS2." + +#: lib/luks2/luks2_json_metadata.c:2670 +msgid "OPAL device must have static device size." +msgstr "Un périphérique OPAL doit avoir une taille de périphérique statique." + +#: lib/luks2/luks2_json_metadata.c:2690 +msgid "Encrypted OPAL device with integrity must be smaller than locking range." +msgstr "Un périphérique OPAL chiffré avec intégrité doit être plus petit que la plage de verrouillage." + +#: lib/luks2/luks2_json_metadata.c:2695 +msgid "OPAL device must have same size as locking range." +msgstr "Un périphérique OPAL doit avoir la même taille que la plage de verrouillage." + +#: lib/luks2/luks2_json_metadata.c:2715 +#, c-format +msgid "OPAL device is %s already unlocked.\n" +msgstr "Le périphérique OPAL %s est déjà déverrouillé.\n" + +#: lib/luks2/luks2_json_metadata.c:2748 msgid "Unsupported device integrity configuration." msgstr "Configuration d'intégrité du périphérique non supportée." -#: lib/luks2/luks2_json_metadata.c:2701 +#: lib/luks2/luks2_json_metadata.c:2764 +msgid "Underlying dm-integrity device with unexpected provided data sectors." +msgstr "Les secteurs de données fournis sont inattendus pour le périphérique dm-integrity sous-jacent." + +#: lib/luks2/luks2_json_metadata.c:2859 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Re-chiffrement en cours. Le périphérique ne peut être désactivé." -#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 +#: lib/luks2/luks2_json_metadata.c:2870 lib/luks2/luks2_reencrypt.c:4159 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Échec du remplacement du périphérique suspendu %s avec la cible dm-error." -#: lib/luks2/luks2_json_metadata.c:2792 +#: lib/luks2/luks2_json_metadata.c:2939 lib/luks2/luks2_json_metadata.c:2961 +#, c-format +msgid "Device %s was deactivated but hardware OPAL device cannot be locked." +msgstr "Le périphérique %s a été désactivé mais le périphérique matériel OPAL ne sait pas être verrouillé." + +#: lib/luks2/luks2_json_metadata.c:2980 msgid "Failed to read LUKS2 requirements." msgstr "Échec lors de la lecture des exigences LUKS2." -#: lib/luks2/luks2_json_metadata.c:2799 +#: lib/luks2/luks2_json_metadata.c:2987 msgid "Unmet LUKS2 requirements detected." msgstr "Des exigences LUKS2 non rencontrées ont été détectées." -#: lib/luks2/luks2_json_metadata.c:2807 +#: lib/luks2/luks2_json_metadata.c:2995 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Opération incompatible avec un périphérique marqué pour le rechiffrement historique. Abandon." -#: lib/luks2/luks2_json_metadata.c:2809 +#: lib/luks2/luks2_json_metadata.c:2997 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Opération incompatible avec un périphérique marqué pour le rechiffrement LUKS2. Abandon." -#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 +#: lib/luks2/luks2_json_metadata.c:2999 +msgid "Operation incompatible with device using OPAL. Aborting." +msgstr "Opération incompatible avec un périphérique utilisant OPAL. Abandon." + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:602 msgid "Not enough available memory to open a keyslot." msgstr "Pas assez de mémoire disponible pour ouvrir l'emplacement de clé." -#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:604 msgid "Keyslot open failed." msgstr "Échec de l'ouverture de l'emplacement de clé." @@ -1520,331 +1670,343 @@ msgstr "Échec de l'ouverture de l'emplacement de clé." msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Impossible d'utiliser le chiffrement %s-%s pour le chiffrement de l'emplacement de clé" -#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:404 +#: lib/luks2/luks2_keyslot_reenc.c:447 lib/luks2/luks2_reencrypt.c:2714 #, c-format msgid "Hash algorithm %s is not available." msgstr "L'algorithme de hachage %s n'est pas disponible." -#: lib/luks2/luks2_keyslot_luks2.c:510 +#: lib/luks2/luks2_keyslot_luks2.c:371 +msgid "Warning: keyslot operation could fail as it requires more than available memory.\n" +msgstr "Attention : l'opération sur l'emplacement de clé peut échouer car il requiert plus de mémoire disponible.\n" + +#: lib/luks2/luks2_keyslot_luks2.c:520 msgid "No space for new keyslot." msgstr "Plus d'espace pour le nouvel emplacement de clé." -#: lib/luks2/luks2_keyslot_reenc.c:593 +#: lib/luks2/luks2_keyslot_reenc.c:596 msgid "Invalid reencryption resilience mode change requested." msgstr "Requête de changement du mode de résilience du rechiffrement invalide." -#: lib/luks2/luks2_keyslot_reenc.c:714 +#: lib/luks2/luks2_keyslot_reenc.c:717 #, c-format msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes." msgstr "Impossible de mettre à jour le type de résilience. Le nouveau type ne fourni que %<PRIu64> octets alors que l'espace requis est %<PRIu64> octets." -#: lib/luks2/luks2_keyslot_reenc.c:724 +#: lib/luks2/luks2_keyslot_reenc.c:727 msgid "Failed to refresh reencryption verification digest." msgstr "Impossible de rafraîchir le résumé de la vérification de rechiffrement." -#: lib/luks2/luks2_luks1_convert.c:512 +#: lib/luks2/luks2_luks1_convert.c:545 #, c-format msgid "Cannot check status of device with uuid: %s." msgstr "Ne peut vérifier le statut du périphérique avec le uuid : %s." -#: lib/luks2/luks2_luks1_convert.c:538 +#: lib/luks2/luks2_luks1_convert.c:571 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Impossible de convertir un en-tête avec des métadonnées LUKSMETA supplémentaires." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 +#: lib/luks2/luks2_luks1_convert.c:602 lib/luks2/luks2_reencrypt.c:3795 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "Impossible d'utiliser la spécification de chiffrement %s-%s pour LUKS2." -#: lib/luks2/luks2_luks1_convert.c:584 +#: lib/luks2/luks2_luks1_convert.c:617 msgid "Unable to move keyslot area. Not enough space." msgstr "Impossible de déplacer la zone des emplacements de clés. Pas assez d'espace." -#: lib/luks2/luks2_luks1_convert.c:619 +#: lib/luks2/luks2_luks1_convert.c:652 msgid "Cannot convert to LUKS2 format - invalid metadata." msgstr "Impossible de convertir au format LUKS2 – métadonnées invalides." -#: lib/luks2/luks2_luks1_convert.c:636 +#: lib/luks2/luks2_luks1_convert.c:669 msgid "Unable to move keyslot area. LUKS2 keyslots area too small." msgstr "Impossible de déplacer la zone des emplacements de clés. Les emplacements de clés LULS2 sont trop petits." -#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 +#: lib/luks2/luks2_luks1_convert.c:675 lib/luks2/luks2_luks1_convert.c:969 msgid "Unable to move keyslot area." msgstr "Impossible de déplacer la zone des emplacements de clés." -#: lib/luks2/luks2_luks1_convert.c:732 +#: lib/luks2/luks2_luks1_convert.c:765 msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." msgstr "Impossible de convertir au format LUKS1 – la taille du secteur de chiffrement du segment par défaut n'est pas 512 octets." -#: lib/luks2/luks2_luks1_convert.c:740 +#: lib/luks2/luks2_luks1_convert.c:773 msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "Impossible de convertir au format LUKS1 – les résumés des emplacements de clés ne sont pas compatibles avec LUKS1." -#: lib/luks2/luks2_luks1_convert.c:752 +#: lib/luks2/luks2_luks1_convert.c:785 #, c-format msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "Impossible de convertir au format LUKS1 – le périphérique utilise des clés de chiffrement %s emballées." -#: lib/luks2/luks2_luks1_convert.c:757 +#: lib/luks2/luks2_luks1_convert.c:790 msgid "Cannot convert to LUKS1 format - device uses more segments." msgstr "Impossible de convertir au format LUKS1 – le périphérique utilise plus de segments." -#: lib/luks2/luks2_luks1_convert.c:765 +#: lib/luks2/luks2_luks1_convert.c:798 #, c-format msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "Impossible de convertir au format LUKS1 – l'en-tête LUKS2 contient %u jeton(s)." -#: lib/luks2/luks2_luks1_convert.c:779 +#: lib/luks2/luks2_luks1_convert.c:812 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "Impossible de convertir au format LUKS1 – l'emplacement de clé %u est dans un état invalide." -#: lib/luks2/luks2_luks1_convert.c:784 +#: lib/luks2/luks2_luks1_convert.c:817 #, c-format msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." msgstr "Impossible de convertir au format LUKS1 – l'emplacement %u (sur les emplacements maximum) est toujours actif." -#: lib/luks2/luks2_luks1_convert.c:789 +#: lib/luks2/luks2_luks1_convert.c:822 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Impossible de convertir au format LUKS1 – l'emplacement de clé %u n'est pas compatible avec LUKS1." -#: lib/luks2/luks2_reencrypt.c:1152 +#: lib/luks2/luks2_reencrypt.c:1181 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "La taille de la zone chaude doit être un multiple de l'alignement de zone calculé (%zu octets)." -#: lib/luks2/luks2_reencrypt.c:1157 +#: lib/luks2/luks2_reencrypt.c:1186 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "La taille du périphérique doit être un multiple de l'alignement de zone calculé (%zu octets)." -#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 -#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 -#: lib/luks2/luks2_reencrypt.c:3877 +#: lib/luks2/luks2_reencrypt.c:1393 lib/luks2/luks2_reencrypt.c:1580 +#: lib/luks2/luks2_reencrypt.c:1663 lib/luks2/luks2_reencrypt.c:1705 +#: lib/luks2/luks2_reencrypt.c:3954 msgid "Failed to initialize old segment storage wrapper." msgstr "Impossible d'initialiser l'encapsulation pour le stockage de l'ancien segment." -#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 +#: lib/luks2/luks2_reencrypt.c:1407 lib/luks2/luks2_reencrypt.c:1558 msgid "Failed to initialize new segment storage wrapper." msgstr "Impossible d'initialiser l'encapsulation pour le stockage du nouveau segment." -#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 +#: lib/luks2/luks2_reencrypt.c:1534 lib/luks2/luks2_reencrypt.c:3966 msgid "Failed to initialize hotzone protection." msgstr "Impossible d'initialiser la protection des zones chaudes." -#: lib/luks2/luks2_reencrypt.c:1578 +#: lib/luks2/luks2_reencrypt.c:1607 msgid "Failed to read checksums for current hotzone." msgstr "Impossible de lire les sommes de contrôle pour la zone chaude actuelle." -#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:1614 lib/luks2/luks2_reencrypt.c:3980 #, c-format msgid "Failed to read hotzone area starting at %<PRIu64>." msgstr "Échec de la lecture de la zone chaude démarrant à %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:1604 +#: lib/luks2/luks2_reencrypt.c:1633 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Échec lors du déchiffrement du secteur %zu." -#: lib/luks2/luks2_reencrypt.c:1610 +#: lib/luks2/luks2_reencrypt.c:1639 #, c-format msgid "Failed to recover sector %zu." msgstr "Échec lors de la récupération du secteur %zu." -#: lib/luks2/luks2_reencrypt.c:2174 +#: lib/luks2/luks2_reencrypt.c:2203 #, c-format msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>." msgstr "Les tailles des périphériques source et cible ne correspondent pas. Source %<PRIu64>, cible: %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2272 +#: lib/luks2/luks2_reencrypt.c:2301 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Échec de l'activation du périphérique de zone chaude %s." -#: lib/luks2/luks2_reencrypt.c:2289 +#: lib/luks2/luks2_reencrypt.c:2318 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Impossible d'activer le périphérique de surcouche %s avec la table d'origine actuelle." -#: lib/luks2/luks2_reencrypt.c:2296 +#: lib/luks2/luks2_reencrypt.c:2325 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Impossible de charger la nouvelle cartographie du périphérique %s." -#: lib/luks2/luks2_reencrypt.c:2367 +#: lib/luks2/luks2_reencrypt.c:2396 msgid "Failed to refresh reencryption devices stack." msgstr "Impossible de rafraîchir la pile des périphériques de rechiffrement." -#: lib/luks2/luks2_reencrypt.c:2550 +#: lib/luks2/luks2_reencrypt.c:2596 msgid "Failed to set new keyslots area size." msgstr "Impossible de définir la taille de la nouvelle zone des emplacements de clés." -#: lib/luks2/luks2_reencrypt.c:2686 +#: lib/luks2/luks2_reencrypt.c:2732 #, c-format msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "La valeur de décalage de données n'est pas alignée sur la taille de secteur de chiffrement (%<PRIu32> octets)." -#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 +#: lib/luks2/luks2_reencrypt.c:2769 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Mode de résilience %s non supporté" -#: lib/luks2/luks2_reencrypt.c:2760 +#: lib/luks2/luks2_reencrypt.c:2806 msgid "Moved segment size can not be greater than data shift value." msgstr "La taille du secteur déplacé ne peut pas être plus grande que la valeur de décalage des données." -#: lib/luks2/luks2_reencrypt.c:2802 +#: lib/luks2/luks2_reencrypt.c:2848 msgid "Invalid reencryption resilience parameters." msgstr "Paramètres de rechiffrement de la résilience invalides." -#: lib/luks2/luks2_reencrypt.c:2824 +#: lib/luks2/luks2_reencrypt.c:2870 #, c-format msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>." msgstr "Le segment déplacé est trop grand. La taille demandée est %<PRIu64>, l'espace disponible est %<PRIu64>" -#: lib/luks2/luks2_reencrypt.c:2911 +#: lib/luks2/luks2_reencrypt.c:2957 msgid "Failed to clear table." msgstr "Erreur lors de la suppression de la table." -#: lib/luks2/luks2_reencrypt.c:2997 +#: lib/luks2/luks2_reencrypt.c:3043 msgid "Reduced data size is larger than real device size." msgstr "La taille des données réduites est plus grande que la taille réelle du périphérique." -#: lib/luks2/luks2_reencrypt.c:3004 +#: lib/luks2/luks2_reencrypt.c:3050 #, c-format msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "Le périphérique de données n'est pas aligné sur la taille de secteur de chiffrement (%<PRIu32> octets)." -#: lib/luks2/luks2_reencrypt.c:3038 +#: lib/luks2/luks2_reencrypt.c:3084 #, c-format msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)." msgstr "Le décalage de données (%<PRIu64> secteurs) est plus petit que le décalage de données future (%<PRIu64> secteurs)." -#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 -#: lib/luks2/luks2_reencrypt.c:3554 +#: lib/luks2/luks2_reencrypt.c:3091 lib/luks2/luks2_reencrypt.c:3589 +#: lib/luks2/luks2_reencrypt.c:3610 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Erreur lors de l'ouverture de %s en mode exclusif (déjà mappé ou monté)." -#: lib/luks2/luks2_reencrypt.c:3234 +#: lib/luks2/luks2_reencrypt.c:3280 msgid "Device not marked for LUKS2 reencryption." msgstr "Le périphérique n'est pas marqué pour le rechiffrement LUKS2." -#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 +#: lib/luks2/luks2_reencrypt.c:3297 lib/luks2/luks2_reencrypt.c:4271 msgid "Failed to load LUKS2 reencryption context." msgstr "Échec du chargement du contexte de rechiffrement LUKS2" -#: lib/luks2/luks2_reencrypt.c:3331 +#: lib/luks2/luks2_reencrypt.c:3387 msgid "Failed to get reencryption state." msgstr "Impossible d'obtenir l'état de rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 +#: lib/luks2/luks2_reencrypt.c:3391 lib/luks2/luks2_reencrypt.c:3705 msgid "Device is not in reencryption." msgstr "Le périphérique n'est pas en rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 +#: lib/luks2/luks2_reencrypt.c:3398 lib/luks2/luks2_reencrypt.c:3712 msgid "Reencryption process is already running." msgstr "Le rechiffrement est déjà en cours." -#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 +#: lib/luks2/luks2_reencrypt.c:3400 lib/luks2/luks2_reencrypt.c:3714 msgid "Failed to acquire reencryption lock." msgstr "Impossible d'acquérir le verrou de rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3362 +#: lib/luks2/luks2_reencrypt.c:3418 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Impossible de réaliser le rechiffrement. Exécutez d'abord la récupération du rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3497 +#: lib/luks2/luks2_reencrypt.c:3553 msgid "Active device size and requested reencryption size don't match." msgstr "La taille du périphérique actif et la taille de rechiffrement demandée ne correspondent pas." -#: lib/luks2/luks2_reencrypt.c:3511 +#: lib/luks2/luks2_reencrypt.c:3567 msgid "Illegal device size requested in reencryption parameters." msgstr "Taille de périphérique illégale demandée dans les paramètres de rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3588 +#: lib/luks2/luks2_reencrypt.c:3644 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Rechiffrement en cours. La récupération ne peut pas être réalisée." -#: lib/luks2/luks2_reencrypt.c:3757 +#: lib/luks2/luks2_reencrypt.c:3812 msgid "LUKS2 reencryption already initialized in metadata." msgstr "Rechiffrement LUKS2 déjà initialisé dans les métadonnées." -#: lib/luks2/luks2_reencrypt.c:3764 +#: lib/luks2/luks2_reencrypt.c:3819 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Échec de l'initialisation du rechiffrement LUKS2 dans les métadonnées." -#: lib/luks2/luks2_reencrypt.c:3859 +#: lib/luks2/luks2_reencrypt.c:3872 lib/luks2/luks2_reencrypt.c:3907 +msgid "Reencryption is not supported for DAX (persistent memory) devices." +msgstr "Le rechiffrement n'est pas supporté avec les périphériques DAX (mémoire persistante)." + +#: lib/luks2/luks2_reencrypt.c:3879 +msgid "Failed to read passphrase from keyring." +msgstr "Échec lors de la lecture du mot de passe depuis le porte-clé." + +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Impossible de définir les segments du périphérique pour le rechiffrement suivant de la zone chaude." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3988 msgid "Failed to write reencryption resilience metadata." msgstr "Échec lors de l'écriture des métadonnées de la résilience du rechiffrement." -#: lib/luks2/luks2_reencrypt.c:3918 +#: lib/luks2/luks2_reencrypt.c:3995 msgid "Decryption failed." msgstr "Échec du déchiffrement." -#: lib/luks2/luks2_reencrypt.c:3923 +#: lib/luks2/luks2_reencrypt.c:4000 #, c-format msgid "Failed to write hotzone area starting at %<PRIu64>." msgstr "Échec de l'écriture de la zone chaude démarrant à %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:3928 +#: lib/luks2/luks2_reencrypt.c:4005 msgid "Failed to sync data." msgstr "Erreur lors de la synchronisation des données." -#: lib/luks2/luks2_reencrypt.c:3936 +#: lib/luks2/luks2_reencrypt.c:4013 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Échec de la mise à jour des métadonnées après la fin du rechiffrement de la zone chaude courante." -#: lib/luks2/luks2_reencrypt.c:4025 +#: lib/luks2/luks2_reencrypt.c:4102 msgid "Failed to write LUKS2 metadata." msgstr "Échec lors de l'écriture des métadonnées LUKS2" -#: lib/luks2/luks2_reencrypt.c:4048 +#: lib/luks2/luks2_reencrypt.c:4125 msgid "Failed to wipe unused data device area." msgstr "Impossible d'effacer la zone du périphérique contenant les données inutilisées." -#: lib/luks2/luks2_reencrypt.c:4054 +#: lib/luks2/luks2_reencrypt.c:4131 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "Erreur lors de la suppression de l'emplacement de clé inutilisé (unbound) %d." -#: lib/luks2/luks2_reencrypt.c:4064 +#: lib/luks2/luks2_reencrypt.c:4141 msgid "Failed to remove reencryption keyslot." msgstr "Erreur lors de la suppression de l'emplacement de clé de re-chiffrement." -#: lib/luks2/luks2_reencrypt.c:4074 +#: lib/luks2/luks2_reencrypt.c:4151 #, c-format msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long." msgstr "Erreur fatale en rechiffrant le morceau commençant à %<PRIu64> d'une longueur de %<PRIu64> secteurs." -#: lib/luks2/luks2_reencrypt.c:4078 +#: lib/luks2/luks2_reencrypt.c:4155 msgid "Online reencryption failed." msgstr "Échec du rechiffrement en-ligne." # Frédéric: Je n'ai pas la moindre idée de ce que le développeur a voulu écrire. Qu'est-ce que "error target" dans ce contexte ? -#: lib/luks2/luks2_reencrypt.c:4083 +#: lib/luks2/luks2_reencrypt.c:4160 msgid "Do not resume the device unless replaced with error target manually." msgstr "Ne pas redémarrer le périphérique à moins qu'il ait été remplacé manuellement par la cible en erreur." -#: lib/luks2/luks2_reencrypt.c:4137 +#: lib/luks2/luks2_reencrypt.c:4212 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Impossible de réaliser le rechiffrement. Statut de rechiffrement inattendu." -#: lib/luks2/luks2_reencrypt.c:4143 +#: lib/luks2/luks2_reencrypt.c:4218 msgid "Missing or invalid reencrypt context." msgstr "Contexte de rechiffrement manquant ou invalide." -#: lib/luks2/luks2_reencrypt.c:4150 +#: lib/luks2/luks2_reencrypt.c:4225 msgid "Failed to initialize reencryption device stack." msgstr "Impossible d'initialiser la pile du périphérique de rechiffrement." -#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 +#: lib/luks2/luks2_reencrypt.c:4247 lib/luks2/luks2_reencrypt.c:4284 msgid "Failed to update reencryption context." msgstr "Échec de la mise à jour du contexte de rechiffrement." @@ -1852,80 +2014,121 @@ msgstr "Échec de la mise à jour du contexte de rechiffrement." msgid "Reencryption metadata is invalid." msgstr "Les méta-données de rechiffrement sont invalides." +#: lib/luks2/hw_opal/hw_opal.c:335 +#, c-format +msgid "OPAL range %d offset %<PRIu64> does not match expected values %<PRIu64>." +msgstr "Pour la plage OPAL %d, l'offset %<PRIu64> ne correspond pas aux valeurs %<PRIu64> attendues." + +#: lib/luks2/hw_opal/hw_opal.c:344 +#, c-format +msgid "OPAL range %d length %<PRIu64> does not match device length %<PRIu64>." +msgstr "Pour la plage OPAL %d, la longueur %<PRIu64> ne correspond pas à la longueur %<PRIu64> du périphérique." + +#: lib/luks2/hw_opal/hw_opal.c:351 +#, c-format +msgid "OPAL range %d locking is disabled." +msgstr "Pour la plage OPAL %d, le verrouillage est désactivé." + +#: lib/luks2/hw_opal/hw_opal.c:361 lib/luks2/hw_opal/hw_opal.c:368 +#, c-format +msgid "Unexpected OPAL range %d lock state." +msgstr "État de verrouillage inattendu pour la plage OPAL %d." + #: src/cryptsetup.c:85 msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Les paramètres de chiffrement des emplacement de clés peuvent uniquement être définis pour un périphérique LUKS2." -#: src/cryptsetup.c:108 src/cryptsetup.c:1901 +#: src/cryptsetup.c:128 src/cryptsetup.c:2145 #, c-format msgid "Enter token PIN: " msgstr "Entrez le code PIN du jeton : " -#: src/cryptsetup.c:110 src/cryptsetup.c:1903 +#: src/cryptsetup.c:130 src/cryptsetup.c:2147 #, c-format msgid "Enter token %d PIN: " msgstr "Entrez le code PIN du jeton %d : " -#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 -#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:188 src/cryptsetup.c:1174 src/cryptsetup.c:1515 +#: src/utils_reencrypt.c:1137 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Aucun motif connu d'algorithme de chiffrement n'a été détecté." -#: src/cryptsetup.c:167 +#: src/cryptsetup.c:198 +#, c-format +msgid "WARNING: Using default options for cipher (%s-%s, key size %u bits) that could be incompatible with older versions." +msgstr "ATTENTION : Utilisation des options par défaut pour le chiffrement (%s-%s, taille de clé %u bits) qui pourraient être incompatibles avec les vieilles versions." + +#: src/cryptsetup.c:203 +#, c-format +msgid "WARNING: Using default options for hash (%s) that could be incompatible with older versions." +msgstr "ATTENTION : Utilisation des options par défaut pour le hachage (%s) qui pourraient être incompatibles avec les vieilles versions." + +#: src/cryptsetup.c:207 +msgid "For plain mode, always use options --cipher, --key-size and if no keyfile is used, then also --hash." +msgstr "En mode simple, utilisez toujours les options --cipher, --key-size et si aucun fichier de clé n'est utilisé, alors, aussi --hash." + +#: src/cryptsetup.c:213 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" msgstr "ATTENTION: Le paramètre --hash est ignoré en mode non chiffré quand le fichier de clé est spécifié.\n" -#: src/cryptsetup.c:175 +#: src/cryptsetup.c:221 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" msgstr "ATTENTION: L'option --keyfile-size est ignorée. La taille de lecture est la même que la taille de la clé de chiffrement.\n" -#: src/cryptsetup.c:215 +#: src/cryptsetup.c:258 src/cryptsetup.c:1360 src/cryptsetup.c:1558 +#: src/integritysetup.c:197 src/utils_reencrypt.c:1346 +#, c-format +msgid "Blkid scan failed for %s." +msgstr "L'analyse de blkid a échouée pour %s." + +#: src/cryptsetup.c:264 #, c-format msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Signature(s) de périphérique détectée(s) sur %s. Continuer risque d'endommager les données existantes." -#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 -#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 -#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 +#: src/cryptsetup.c:270 src/cryptsetup.c:1248 src/cryptsetup.c:1296 +#: src/cryptsetup.c:1367 src/cryptsetup.c:1492 src/cryptsetup.c:1570 +#: src/cryptsetup.c:2525 src/cryptsetup.c:2952 src/integritysetup.c:187 +#: src/utils_reencrypt.c:138 src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:764 msgid "Operation aborted.\n" msgstr "Opération interrompue.\n" -#: src/cryptsetup.c:294 +#: src/cryptsetup.c:343 msgid "Option --key-file is required." msgstr "L'option --key-file est requise." -#: src/cryptsetup.c:345 +#: src/cryptsetup.c:394 msgid "Enter VeraCrypt PIM: " msgstr "Entrez le PIN VeraCrypt : " -#: src/cryptsetup.c:354 +#: src/cryptsetup.c:403 msgid "Invalid PIM value: parse error." msgstr "Valeur PIN invalide : erreur d'analyse" -#: src/cryptsetup.c:357 +#: src/cryptsetup.c:406 msgid "Invalid PIM value: 0." msgstr "Valeur PIN invalide: 0" -#: src/cryptsetup.c:360 +#: src/cryptsetup.c:409 msgid "Invalid PIM value: outside of range." msgstr "Valeur PIN invalide: hors des limites." -#: src/cryptsetup.c:383 +#: src/cryptsetup.c:432 msgid "No device header detected with this passphrase." msgstr "Aucun en-tête détecté avec cette phrase secrète sur le périphérique." -#: src/cryptsetup.c:456 src/cryptsetup.c:632 +#: src/cryptsetup.c:505 src/cryptsetup.c:681 #, c-format msgid "Device %s is not a valid BITLK device." msgstr "Le périphérique %s n'est pas un périphérique BITLK valide." -#: src/cryptsetup.c:464 +#: src/cryptsetup.c:513 msgid "Cannot determine volume key size for BITLK, please use --key-size option." msgstr "Impossible de déterminer la taille de la clé de volume pour BITLK, veuillez utiliser l'option --key-size." -#: src/cryptsetup.c:506 +#: src/cryptsetup.c:555 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" @@ -1935,7 +2138,7 @@ msgstr "" "sensible qui permet d'accéder à la partition chiffrée sans mot de passe.\n" "Ce contenu devrait toujours être stocké, chiffré, en lieu sûr." -#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 +#: src/cryptsetup.c:622 src/cryptsetup.c:703 src/cryptsetup.c:2550 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1945,77 +2148,84 @@ msgstr "" "sensible qui permet d'accéder à la partition chiffrée sans mot de passe.\n" "Ce contenu devrait être stocké, chiffré, en lieu sûr." -#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#: src/cryptsetup.c:758 src/cryptsetup.c:788 #, c-format msgid "Device %s is not a valid FVAULT2 device." msgstr "Le périphérique %s n'est pas un périphérique FVAULT2 valide." -#: src/cryptsetup.c:747 +#: src/cryptsetup.c:796 msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." msgstr "Impossible de déterminer la taille de la clé de volume pour FVAULT2, veuillez utiliser l'option --key-size." -#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 +#: src/cryptsetup.c:850 src/veritysetup.c:323 src/integritysetup.c:409 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Le périphérique %s est toujours actif et prévu pour une suppression différée.\n" -#: src/cryptsetup.c:835 +#: src/cryptsetup.c:884 src/cryptsetup.c:1824 src/cryptsetup.c:2080 +#: src/cryptsetup.c:2234 src/cryptsetup.c:2681 src/cryptsetup.c:2763 +#: src/cryptsetup.c:3290 +#, c-format +msgid "Failed to set external tokens path %s." +msgstr "Échec en essayant de définir le chemin %s pour les jetons externes." + +#: src/cryptsetup.c:893 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Le redimensionnement d'un périphérique actif requiert que la clé du volume soit dans le porte-clé mais l'option --disable-keyring est définie." -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1053 msgid "Benchmark interrupted." msgstr "Test de performance interrompu." -#: src/cryptsetup.c:1003 +#: src/cryptsetup.c:1074 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s N/A\n" -#: src/cryptsetup.c:1005 +#: src/cryptsetup.c:1076 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u itérations par seconde pour une clé de %zu bits\n" -#: src/cryptsetup.c:1019 +#: src/cryptsetup.c:1090 #, c-format msgid "%-10s N/A\n" msgstr "%-10s N/A\n" -#: src/cryptsetup.c:1021 +#: src/cryptsetup.c:1092 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u itérations, %5u mémoire, %1u threads parallèles (CPUs) pour une clé de %zu bits (temps de %u ms demandé)\n" -#: src/cryptsetup.c:1045 +#: src/cryptsetup.c:1116 msgid "Result of benchmark is not reliable." msgstr "Le résultat de l'évaluation de performance n'est pas fiable." -#: src/cryptsetup.c:1095 +#: src/cryptsetup.c:1166 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Tests approximatifs en utilisant uniquement la mémoire (pas de stockage E/S).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1115 +#: src/cryptsetup.c:1186 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Algorithme | Clé | Chiffrement | Déchiffrement\n" -#: src/cryptsetup.c:1119 +#: src/cryptsetup.c:1190 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Le chiffrement %s (avec une clé de %i bits) n'est pas disponible." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1138 +#: src/cryptsetup.c:1209 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algorithme | Clé | Chiffrement | Déchiffrement\n" -#: src/cryptsetup.c:1149 +#: src/cryptsetup.c:1220 msgid "N/A" msgstr "N/D" -#: src/cryptsetup.c:1174 +#: src/cryptsetup.c:1245 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -2024,27 +2234,27 @@ msgstr "" "désirable (consultez la sortie de luksDump) et continuez (mise à niveau des métadonnées) uniquement si vous constatez que\n" "l'opération est légitime." -#: src/cryptsetup.c:1180 +#: src/cryptsetup.c:1251 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "Entrez la phrase secrète pour protéger et mettre à niveau les métadonnées de rechiffrement : " -#: src/cryptsetup.c:1224 +#: src/cryptsetup.c:1295 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Réellement procéder à la récupération du rechiffrement LUKS2 ?" -#: src/cryptsetup.c:1233 +#: src/cryptsetup.c:1304 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "Entrez la phrase secrète pour vérifier le résumé des métadonnées du rechiffrement : " -#: src/cryptsetup.c:1235 +#: src/cryptsetup.c:1306 msgid "Enter passphrase for reencryption recovery: " msgstr "Entrez la phrase secrète pour la récupération du rechiffrement : " -#: src/cryptsetup.c:1290 +#: src/cryptsetup.c:1366 msgid "Really try to repair LUKS device header?" msgstr "Réellement essayer de réparer l'en-tête du périphérique LUKS ?" -#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1390 src/integritysetup.c:89 src/integritysetup.c:247 msgid "" "\n" "Wipe interrupted." @@ -2052,7 +2262,7 @@ msgstr "" "\n" "Effacement interrompu." -#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1395 src/integritysetup.c:94 src/integritysetup.c:284 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2060,128 +2270,144 @@ msgstr "" "Effacement du périphérique pour initialiser les sommes de contrôle d'intégrité.\n" "Vous pouvez interrompre ceci en appuyant sur CTRL+c (le reste du périphérique effacé contiendra toujours des sommes de contrôle invalides).\n" -#: src/cryptsetup.c:1341 src/integritysetup.c:116 +#: src/cryptsetup.c:1417 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Impossible de désactiver le périphérique temporaire %s." -#: src/cryptsetup.c:1392 +#: src/cryptsetup.c:1472 msgid "Integrity option can be used only for LUKS2 format." msgstr "L'option d'intégrité peut uniquement être utilisée avec le format LUKS2." -#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 +#: src/cryptsetup.c:1477 src/cryptsetup.c:1542 msgid "Unsupported LUKS2 metadata size options." msgstr "Options de taille des métadonnées LUKS2 non supportées." -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:1482 +msgid "OPAL is supported only for LUKS2 format." +msgstr "OPAL est uniquement supporté avec le format LUKS2." + +#: src/cryptsetup.c:1491 msgid "Header file does not exist, do you want to create it?" msgstr "Le fichier d'en-tête n'existe pas, voulez-vous le créer ?" -#: src/cryptsetup.c:1414 +#: src/cryptsetup.c:1499 #, c-format msgid "Cannot create header file %s." msgstr "Impossible de créer le fichier d'en-tête %s." -#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 -#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 -#: src/integritysetup.c:333 +#: src/cryptsetup.c:1522 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:324 src/integritysetup.c:332 +#: src/integritysetup.c:342 msgid "No known integrity specification pattern detected." msgstr "Aucun motif connu de spécification d'intégrité n'a été détecté." -#: src/cryptsetup.c:1450 +#: src/cryptsetup.c:1535 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Ne peut utiliser %s comme en-tête sur disque." -#: src/cryptsetup.c:1474 src/integritysetup.c:181 +#: src/cryptsetup.c:1564 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Cette action écrasera définitivement les données sur %s." -#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 -#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1601 +msgid "OPAL Admin password cannot be empty." +msgstr "Le mot de passe Admin de OPAL ne peut pas être vide." + +#: src/cryptsetup.c:1615 src/cryptsetup.c:2097 src/cryptsetup.c:2247 +#: src/cryptsetup.c:2407 src/cryptsetup.c:2473 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Impossible de définir les paramètres pbkdf." -#: src/cryptsetup.c:1593 +#: src/cryptsetup.c:1745 +msgid "Type specification in --link-vk-to-keyring keyring specification is ignored." +msgstr "La spécification de type dans la spécification du porte-clé --link-vk-to-keyring est ignorée." + +#: src/cryptsetup.c:1765 +msgid "Invalid --link-vk-to-keyring value." +msgstr "Valeur invalide pour --link-vk-to-keyring." + +#: src/cryptsetup.c:1805 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Décalage réduit de données est uniquement permis dans un en-tête LUKS détaché." -#: src/cryptsetup.c:1600 +#: src/cryptsetup.c:1812 #, c-format msgid "LUKS file container %s is too small for activation, there is no remaining space for data." msgstr "Le container %s du fichier LUKS est trop petit pour l'activation, il ne reste pas d'espace pour les données." -#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 +#: src/cryptsetup.c:1839 src/cryptsetup.c:2253 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Impossible de déterminer la taille de la clé de volume pour LUKS sans emplacement de clé, veuillez utiliser l'option --key-size." -#: src/cryptsetup.c:1658 +#: src/cryptsetup.c:1890 msgid "Device activated but cannot make flags persistent." msgstr "Le périphérique a été activé mais les fanions ne peuvent pas être rendus permanents." -#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 +#: src/cryptsetup.c:1972 src/cryptsetup.c:2040 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Emplacement de clé %d sélectionné pour suppression." -#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 +#: src/cryptsetup.c:1984 src/cryptsetup.c:2044 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Ceci est le dernier emplacement de clé. Le périphérique sera inutilisable après la suppression de cette clé." -#: src/cryptsetup.c:1750 +#: src/cryptsetup.c:1985 msgid "Enter any remaining passphrase: " msgstr "Entrez toute phrase secrète restante : " -#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 +#: src/cryptsetup.c:1986 src/cryptsetup.c:2046 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Opération interrompue, l'emplacement de clé n'a PAS été effacé.\n" -#: src/cryptsetup.c:1787 +#: src/cryptsetup.c:2022 msgid "Enter passphrase to be deleted: " msgstr "Entrez la phrase secrète à effacer : " -#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 -#: src/cryptsetup.c:2948 +#: src/cryptsetup.c:2072 src/cryptsetup.c:2456 src/cryptsetup.c:3114 +#: src/cryptsetup.c:3281 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "%s n'est pas un périphérique LUKS2 valide." -#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 +#: src/cryptsetup.c:2111 src/cryptsetup.c:2330 msgid "Enter new passphrase for key slot: " msgstr "Entrez une nouvelle phrase secrète pour l'emplacement de clé : " -#: src/cryptsetup.c:1968 +#: src/cryptsetup.c:2213 msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" msgstr "ATTENTION: Le paramètre --key-slot est utilisé pour le nouveau numéro de l'emplacement de clé.\n" -#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:2286 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Entrez une phrase secrète existante : " -#: src/cryptsetup.c:2152 +#: src/cryptsetup.c:2411 msgid "Enter passphrase to be changed: " msgstr "Entrez la phrase secrète à changer : " -#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2427 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Entrez la nouvelle phrase secrète : " -#: src/cryptsetup.c:2218 +#: src/cryptsetup.c:2477 msgid "Enter passphrase for keyslot to be converted: " msgstr "Entrez la phrase secrète pour l'emplacement de clé à convertir: " -#: src/cryptsetup.c:2242 +#: src/cryptsetup.c:2501 msgid "Only one device argument for isLuks operation is supported." msgstr "L'opération isLuks supporte seulement un périphérique en argument." -#: src/cryptsetup.c:2350 +#: src/cryptsetup.c:2609 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "L'emplacement de clé %d ne contient pas de clé non liée." -#: src/cryptsetup.c:2355 +#: src/cryptsetup.c:2614 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2189,40 +2415,52 @@ msgstr "" "Le contenu de l'en-tête avec une clé non liée est une information sensible.\n" "Ce contenu devrait être stocké, chiffré, en lieu sûr." -#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 +#: src/cryptsetup.c:2709 src/cryptsetup.c:2746 #, c-format msgid "%s is not active %s device name." msgstr "%s n'est pas un nom de périphérique %s actif." -#: src/cryptsetup.c:2465 +#: src/cryptsetup.c:2741 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s n'est pas un nom de périphérique LUKS actif ou l'en-tête est manquant." -#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 +#: src/cryptsetup.c:2819 src/cryptsetup.c:2838 msgid "Option --header-backup-file is required." msgstr "L'option --header-backup-file est requise." -#: src/cryptsetup.c:2577 +#: src/cryptsetup.c:2869 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s n'est pas un périphérique géré par cryptsetup." -#: src/cryptsetup.c:2588 +#: src/cryptsetup.c:2880 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Le rafraîchissement n'est pas supporté pour un périphérique de type %s" -#: src/cryptsetup.c:2638 +#: src/cryptsetup.c:2930 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Type de métadonnée du périphérique %s non reconnu." -#: src/cryptsetup.c:2640 +#: src/cryptsetup.c:2932 msgid "Command requires device and mapped name as arguments." msgstr "La commande exige un périphérique et un nom de correspondance comme arguments." -#: src/cryptsetup.c:2661 +#: src/cryptsetup.c:2942 +msgid "Enter OPAL PSID: " +msgstr "Entrez le PSID OPAL : " + +#: src/cryptsetup.c:2942 +msgid "Enter OPAL Admin password: " +msgstr "Entrez le mot de passe Admin de OPAL : " + +#: src/cryptsetup.c:2951 +msgid "WARNING: WHOLE disk will be factory reset and all data will be lost! Continue?" +msgstr "ATTENTION : Le disque ENTIER sera réinitialisé d'usine et toutes les données seront perdues ! Continuer ?" + +#: src/cryptsetup.c:2994 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2231,351 +2469,351 @@ msgstr "" "Cette opération va supprimer tous les emplacements de clés du périphérique %s.\n" "Le périphérique sera inutilisable après cette opération." -#: src/cryptsetup.c:2668 +#: src/cryptsetup.c:3001 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Opération interrompue, les emplacements de clés n'ont PAS été effacés.\n" -#: src/cryptsetup.c:2707 +#: src/cryptsetup.c:3040 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Type LUKS invalide, seuls luks1 et luks2 sont supportés." -#: src/cryptsetup.c:2723 +#: src/cryptsetup.c:3056 #, c-format msgid "Device is already %s type." msgstr "Le périphérique est déjà du type %s." -#: src/cryptsetup.c:2730 +#: src/cryptsetup.c:3063 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Cette opération va convertir %s au format %s.\n" -#: src/cryptsetup.c:2733 +#: src/cryptsetup.c:3066 msgid "Operation aborted, device was NOT converted.\n" msgstr "Opération interrompue, le périphérique n'a PAS été converti.\n" -#: src/cryptsetup.c:2773 +#: src/cryptsetup.c:3106 msgid "Option --priority, --label or --subsystem is missing." msgstr "L'option --priority, --label ou --subsystem est manquante." -#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 +#: src/cryptsetup.c:3140 src/cryptsetup.c:3180 src/cryptsetup.c:3200 #, c-format msgid "Token %d is invalid." msgstr "Le jeton %d est invalide." -#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 +#: src/cryptsetup.c:3143 src/cryptsetup.c:3203 #, c-format msgid "Token %d in use." msgstr "Le jeton %d est utilisé." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3155 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Échec lors de l'ajout du jeton %d au porte-clé luks2." -#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3229 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Échec lors de l'affectation du jeton %d à l'emplacement de clé %d." -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3183 #, c-format msgid "Token %d is not in use." msgstr "Le jeton %d n'est pas utilisé." -#: src/cryptsetup.c:2887 +#: src/cryptsetup.c:3220 msgid "Failed to import token from file." msgstr "Impossible d'importer le jeton depuis le fichier." -#: src/cryptsetup.c:2912 +#: src/cryptsetup.c:3245 #, c-format msgid "Failed to get token %d for export." msgstr "Impossible d'obtenir le jeton %d pour l'export." -#: src/cryptsetup.c:2925 +#: src/cryptsetup.c:3258 #, c-format msgid "Token %d is not assigned to keyslot %d." msgstr "Le jeton %d n'est pas assigné à l'emplacement de clé %d." -#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#: src/cryptsetup.c:3260 src/cryptsetup.c:3267 #, c-format msgid "Failed to unassign token %d from keyslot %d." msgstr "Impossible de dissocier le jeton %d de l'emplacement de clé %d." -#: src/cryptsetup.c:2983 +#: src/cryptsetup.c:3326 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "Les options --tcrypt-hidden, --tcrypt-system ou --tcrypt-backup sont supportées seulement pour un périphérique TCRYPT." -#: src/cryptsetup.c:2986 +#: src/cryptsetup.c:3329 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "L'option --veracrypt ou --disable-veracrypt est uniquement supportée pour un périphérique de type TCRYPT." -#: src/cryptsetup.c:2989 +#: src/cryptsetup.c:3332 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "L'option --veracrypt-pim est uniquement supportée pour un périphérique compatible avec VeraCrypt." -#: src/cryptsetup.c:2993 +#: src/cryptsetup.c:3336 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "L'option --veracrypt-query-pim est uniquement supportée pour un périphérique compatible avec VeraCrypt." -#: src/cryptsetup.c:2995 +#: src/cryptsetup.c:3338 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "Les options --veracrypt-pim et --veracrypt-query-pim sont mutuellement exclusives." -#: src/cryptsetup.c:3004 +#: src/cryptsetup.c:3347 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "L'option --persistent n'est pas permise avec --test-passphrase." -#: src/cryptsetup.c:3007 +#: src/cryptsetup.c:3350 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "Les options --refresh et --test-passphrase sont mutuellement exclusives." -#: src/cryptsetup.c:3010 +#: src/cryptsetup.c:3353 msgid "Option --shared is allowed only for open of plain device." msgstr "L'option --shared est permise uniquement pour ouvrir un périphérique ordinaire." -#: src/cryptsetup.c:3013 +#: src/cryptsetup.c:3356 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "L'option --skip est supportée uniquement pour ouvrir des périphériques ordinaires et loopaes." -#: src/cryptsetup.c:3016 +#: src/cryptsetup.c:3359 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "L'option --offset avec l'action d'ouverture est supportée uniquement pour des périphériques ordinaires et loopaes." -#: src/cryptsetup.c:3019 +#: src/cryptsetup.c:3362 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "L'option --tcrypt-hidden ne peut pas être combinée avec --allow-discards." -#: src/cryptsetup.c:3023 +#: src/cryptsetup.c:3366 msgid "Sector size option with open action is supported only for plain devices." msgstr "L'option de taille de secteur avec l'action d'ouverture est uniquement supportée pour des périphérique ordinaires." -#: src/cryptsetup.c:3027 +#: src/cryptsetup.c:3370 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "L'option des secteurs IV (vecteur d'initialisation) de grande taille est supportée uniquement à l'ouverture de périphériques de type simple avec une taille de secteur supérieure à 512 octets." -#: src/cryptsetup.c:3032 +#: src/cryptsetup.c:3375 msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." msgstr "L'option --test-passphrase est autorisée uniquement pour ouvrir des périphériques LUKS, TCRYPT, BITLK et FVAULT2." -#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 +#: src/cryptsetup.c:3378 src/cryptsetup.c:3401 msgid "Options --device-size and --size cannot be combined." msgstr "Les options --device-size et --size ne peuvent pas être combinées." -#: src/cryptsetup.c:3038 +#: src/cryptsetup.c:3381 msgid "Option --unbound is allowed only for open of luks device." msgstr "L'option --unbound est permise uniquement pour ouvrir un périphérique luks." -#: src/cryptsetup.c:3041 +#: src/cryptsetup.c:3384 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "L'option --unbound ne peut pas être utilisée sans --test-passphrase." -#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 +#: src/cryptsetup.c:3393 src/veritysetup.c:671 src/integritysetup.c:767 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "Les options --cancel-deferred et --deferred ne peuvent pas être utilisées en même temps." -#: src/cryptsetup.c:3066 -msgid "Options --reduce-device-size and --data-size cannot be combined." -msgstr "Les options --reduce-device-size et --data-size ne peuvent pas être combinées." +#: src/cryptsetup.c:3409 +msgid "Options --reduce-device-size and --device-size cannot be combined." +msgstr "Les options --reduce-device-size et --device-size ne peuvent pas être combinées." -#: src/cryptsetup.c:3069 +#: src/cryptsetup.c:3412 msgid "Option --active-name can be set only for LUKS2 device." msgstr "L'option --active-name peut uniquement être définie pour un périphérique LUKS2." -#: src/cryptsetup.c:3072 +#: src/cryptsetup.c:3415 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "Les options --active-name et --force-offline-reencrypt ne peuvent pas être combinées." -#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 +#: src/cryptsetup.c:3423 src/cryptsetup.c:3453 msgid "Keyslot specification is required." msgstr "Une spécification d'emplacement de clé est requise." -#: src/cryptsetup.c:3088 +#: src/cryptsetup.c:3431 msgid "Options --align-payload and --offset cannot be combined." msgstr "Les options --align-payload et --offset ne peuvent pas être combinées." -#: src/cryptsetup.c:3091 +#: src/cryptsetup.c:3434 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "L'option --integrity-no-wipe peut uniquement être utilisée pour une action de formatage avec l'extension d'intégrité." -#: src/cryptsetup.c:3094 +#: src/cryptsetup.c:3437 msgid "Only one of --use-[u]random options is allowed." msgstr "Seule une des deux possibilités --use-[u]random est autorisée." -#: src/cryptsetup.c:3102 +#: src/cryptsetup.c:3445 msgid "Key size is required with --unbound option." msgstr "La taille de clé est requise avec l'option --unbound." -#: src/cryptsetup.c:3122 +#: src/cryptsetup.c:3465 msgid "Invalid token action." msgstr "L'action de jeton est invalide." -#: src/cryptsetup.c:3125 +#: src/cryptsetup.c:3468 msgid "--key-description parameter is mandatory for token add action." msgstr "Le paramètre --key-description est requis pour l'action d'ajout d'un jeton." -#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 +#: src/cryptsetup.c:3472 src/cryptsetup.c:3485 msgid "Action requires specific token. Use --token-id parameter." msgstr "L'action requiert un jeton spécifique. Utilisez le paramètre --token-id." -#: src/cryptsetup.c:3133 +#: src/cryptsetup.c:3476 msgid "Option --unbound is valid only with token add action." msgstr "L'option --unbound est uniquement valable avec l'action d'ajout d'un jeton." -#: src/cryptsetup.c:3135 +#: src/cryptsetup.c:3478 msgid "Options --key-slot and --unbound cannot be combined." msgstr "Les options --key-slot et --unbound ne peuvent pas être combinées." -#: src/cryptsetup.c:3140 +#: src/cryptsetup.c:3483 msgid "Action requires specific keyslot. Use --key-slot parameter." msgstr "L'action requiert un jeton spécifique. Utilisez le paramètre --key-slot." -#: src/cryptsetup.c:3156 +#: src/cryptsetup.c:3499 msgid "<device> [--type <type>] [<name>]" msgstr "<périphérique> [--type <type>] [<nom>]" -#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 +#: src/cryptsetup.c:3499 src/veritysetup.c:491 src/integritysetup.c:544 msgid "open device as <name>" msgstr "ouvrir le périphérique comme <nom>" -#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 -#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 -#: src/integritysetup.c:537 src/integritysetup.c:539 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3501 src/cryptsetup.c:3502 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:545 +#: src/integritysetup.c:546 src/integritysetup.c:548 msgid "<name>" msgstr "<nom>" -#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 +#: src/cryptsetup.c:3500 src/veritysetup.c:492 src/integritysetup.c:545 msgid "close device (remove mapping)" msgstr "fermeture du périphérique (supprime le « mapping »)" -#: src/cryptsetup.c:3158 src/integritysetup.c:539 +#: src/cryptsetup.c:3501 src/integritysetup.c:548 msgid "resize active device" msgstr "redimensionner le périphérique actif" -#: src/cryptsetup.c:3159 +#: src/cryptsetup.c:3502 msgid "show device status" msgstr "afficher le statut du périphérique" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "[--cipher <cipher>]" msgstr "[--cipher <chiffrement>]" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "benchmark cipher" msgstr "chiffrement pour test de performance" -#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 -#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 -#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 -#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 -#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 +#: src/cryptsetup.c:3504 src/cryptsetup.c:3505 src/cryptsetup.c:3506 +#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3515 +#: src/cryptsetup.c:3516 src/cryptsetup.c:3517 src/cryptsetup.c:3518 +#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521 +#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524 msgid "<device>" msgstr "<périphérique>" -#: src/cryptsetup.c:3161 +#: src/cryptsetup.c:3504 msgid "try to repair on-disk metadata" msgstr "essayer de réparer les métadonnées sur le disque" -#: src/cryptsetup.c:3162 +#: src/cryptsetup.c:3505 msgid "reencrypt LUKS2 device" msgstr "rechiffrer le périphérique LUKS2" -#: src/cryptsetup.c:3163 +#: src/cryptsetup.c:3506 msgid "erase all keyslots (remove encryption key)" msgstr "supprimer tous les emplacements de clés (supprime la clé de chiffrement)" -#: src/cryptsetup.c:3164 +#: src/cryptsetup.c:3507 msgid "convert LUKS from/to LUKS2 format" msgstr "convertir LUKS depuis/vers le format LUKS2" -#: src/cryptsetup.c:3165 +#: src/cryptsetup.c:3508 msgid "set permanent configuration options for LUKS2" msgstr "définir les options de configuration permanentes pour LUKS2" -#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 +#: src/cryptsetup.c:3509 src/cryptsetup.c:3510 msgid "<device> [<new key file>]" msgstr "<périphérique> [<fichier de la nouvelle clé>]" -#: src/cryptsetup.c:3166 +#: src/cryptsetup.c:3509 msgid "formats a LUKS device" msgstr "formater un périphérique LUKS" -#: src/cryptsetup.c:3167 +#: src/cryptsetup.c:3510 msgid "add key to LUKS device" msgstr "ajouter une clé au périphérique LUKS" -#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 +#: src/cryptsetup.c:3511 src/cryptsetup.c:3512 src/cryptsetup.c:3513 msgid "<device> [<key file>]" msgstr "<périphérique> [<fichier de clé>]" -#: src/cryptsetup.c:3168 +#: src/cryptsetup.c:3511 msgid "removes supplied key or key file from LUKS device" msgstr "retire du périphérique LUKS la clé ou le fichier de clé fourni" -#: src/cryptsetup.c:3169 +#: src/cryptsetup.c:3512 msgid "changes supplied key or key file of LUKS device" msgstr "modifie la clé ou le fichier de clé fourni pour le périphérique LUKS" -#: src/cryptsetup.c:3170 +#: src/cryptsetup.c:3513 msgid "converts a key to new pbkdf parameters" msgstr "converti une clé vers les nouveaux paramètres pbkdf" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "<device> <key slot>" msgstr "<périphérique> <emplacement de clé>" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "wipes key with number <key slot> from LUKS device" msgstr "efface de façon sécurisée la clé avec le numéro <emplacement de clé> du périphérique LUKS" -#: src/cryptsetup.c:3172 +#: src/cryptsetup.c:3515 msgid "print UUID of LUKS device" msgstr "afficher l'UUID du périphérique LUKS" -#: src/cryptsetup.c:3173 +#: src/cryptsetup.c:3516 msgid "tests <device> for LUKS partition header" msgstr "teste si <périphérique> a un en-tête de partition LUKS" -#: src/cryptsetup.c:3174 +#: src/cryptsetup.c:3517 msgid "dump LUKS partition information" msgstr "affiche les informations LUKS de la partition" -#: src/cryptsetup.c:3175 +#: src/cryptsetup.c:3518 msgid "dump TCRYPT device information" msgstr "affiche les informations du périphérique TCRYPT" -#: src/cryptsetup.c:3176 +#: src/cryptsetup.c:3519 msgid "dump BITLK device information" msgstr "affiche les informations du périphérique BITLK" -#: src/cryptsetup.c:3177 +#: src/cryptsetup.c:3520 msgid "dump FVAULT2 device information" msgstr "affiche les informations du périphérique FVAULT2" -#: src/cryptsetup.c:3178 +#: src/cryptsetup.c:3521 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Suspendre le périphérique LUKS et effacer de façon sécurisée la clé (toutes les entrées/sorties sont suspendues)" -#: src/cryptsetup.c:3179 +#: src/cryptsetup.c:3522 msgid "Resume suspended LUKS device" msgstr "Remettre en service le périphérique LUKS suspendu" -#: src/cryptsetup.c:3180 +#: src/cryptsetup.c:3523 msgid "Backup LUKS device header and keyslots" msgstr "Sauvegarder l'en-tête et les emplacements de clés du périphérique LUKS" -#: src/cryptsetup.c:3181 +#: src/cryptsetup.c:3524 msgid "Restore LUKS device header and keyslots" msgstr "Restaurer l'en-tête et les emplacements de clés du périphérique LUKS" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "<add|remove|import|export> <device>" msgstr "<add|remove|import|export> <périphérique>" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "Manipulate LUKS2 tokens" msgstr "Manipuler les jetons LUKS2" -#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 +#: src/cryptsetup.c:3544 src/veritysetup.c:509 src/integritysetup.c:563 msgid "" "\n" "<action> is one of:\n" @@ -2583,7 +2821,7 @@ msgstr "" "\n" "<action> est l'une de :\n" -#: src/cryptsetup.c:3207 +#: src/cryptsetup.c:3550 msgid "" "\n" "You can also use old <action> syntax aliases:\n" @@ -2595,7 +2833,7 @@ msgstr "" "\touvrir : create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" "\tfermer : remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:3211 +#: src/cryptsetup.c:3554 #, c-format msgid "" "\n" @@ -2610,7 +2848,7 @@ msgstr "" "<emplacement> est le numéro de l'emplacement de clé LUKS à modifier\n" "<fichier de clé> est un fichier optionnel contenant la nouvelle clé pour l'action luksAddKey\n" -#: src/cryptsetup.c:3218 +#: src/cryptsetup.c:3561 #, c-format msgid "" "\n" @@ -2619,29 +2857,28 @@ msgstr "" "\n" "Le format de métadonnées compilé par défaut est %s (pour l'action luksFormat).\n" -#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 -#, c-format +#: src/cryptsetup.c:3566 msgid "" "\n" -"LUKS2 external token plugin support is %s.\n" +"LUKS2 external token plugin support is enabled.\n" msgstr "" "\n" -"Le support du greffon de jeton externe LUKS2 est %s.\n" +"Le support du greffon de jeton externe LUKS2 est enabled.\n" -#: src/cryptsetup.c:3223 -msgid "compiled-in" -msgstr "intégré dans la compilation" - -#: src/cryptsetup.c:3224 +#: src/cryptsetup.c:3567 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Chemin du greffon de jeton externe LUKS2 : %s.\n" -#: src/cryptsetup.c:3226 -msgid "disabled" -msgstr "désactivé" +#: src/cryptsetup.c:3569 +msgid "" +"\n" +"LUKS2 external token plugin support is disabled.\n" +msgstr "" +"\n" +"Le support du greffon de jeton externe LUKS2 est désactivé.\n" -#: src/cryptsetup.c:3230 +#: src/cryptsetup.c:3573 #, c-format msgid "" "\n" @@ -2658,7 +2895,7 @@ msgstr "" "PBKDF par défaut pour LUKS2 : %s\n" "\tTemps d'itération: %d, Mémoire requise: %d ko, Threads parallèles: %d\n" -#: src/cryptsetup.c:3241 +#: src/cryptsetup.c:3584 #, c-format msgid "" "\n" @@ -2673,96 +2910,100 @@ msgstr "" "\tplain: %s, Clé: %d bits, Hachage mot de passe: %s\n" "\tLUKS: %s, Clé: %d bits, Hachage en-tête LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:3250 +#: src/cryptsetup.c:3593 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: La taille de clé par défaut en mode XTS (deux clés internes) sera doublée.\n" -#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 +#: src/cryptsetup.c:3611 src/veritysetup.c:651 src/integritysetup.c:723 #, c-format msgid "%s: requires %s as arguments" msgstr "%s : exige %s comme arguments." -#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 +#: src/cryptsetup.c:3651 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Emplacement de clé non valide." -#: src/cryptsetup.c:3335 +#: src/cryptsetup.c:3678 msgid "Device size must be multiple of 512 bytes sector." msgstr "La taille du périphérique doit être un multiple d'un secteur de 512 octets." -#: src/cryptsetup.c:3340 +#: src/cryptsetup.c:3683 msgid "Invalid max reencryption hotzone size specification." msgstr "La spécification de la taille maximale de la zone chaude de rechiffrement est invalide." -#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 +#: src/cryptsetup.c:3697 src/cryptsetup.c:3709 msgid "Key size must be a multiple of 8 bits" msgstr "La taille de la clé doit être un multiple de 8 bits" -#: src/cryptsetup.c:3371 +#: src/cryptsetup.c:3714 msgid "Maximum device reduce size is 1 GiB." msgstr "La taille maximum réduite pour le périphérique est 1 GiB." -#: src/cryptsetup.c:3374 +#: src/cryptsetup.c:3717 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "La taille réduite doit être un multiple d'un secteur de 512 octets." -#: src/cryptsetup.c:3391 +#: src/cryptsetup.c:3734 msgid "Option --priority can be only ignore/normal/prefer." msgstr "L'option --priority peut uniquement être ignore/normal/prefer." -#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 +#: src/cryptsetup.c:3753 src/veritysetup.c:572 src/integritysetup.c:643 msgid "Show this help message" msgstr "Afficher ce message d'aide" -#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 +#: src/cryptsetup.c:3754 src/veritysetup.c:573 src/integritysetup.c:644 msgid "Display brief usage" msgstr "Afficher, en résumé, la syntaxe d'invocation" -#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 +#: src/cryptsetup.c:3755 src/veritysetup.c:574 src/integritysetup.c:645 msgid "Print package version" msgstr "Afficher la version du paquet" -#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 +#: src/cryptsetup.c:3766 src/veritysetup.c:585 src/integritysetup.c:656 msgid "Help options:" msgstr "Options d'aide :" -#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 +#: src/cryptsetup.c:3789 src/veritysetup.c:606 src/integritysetup.c:676 msgid "[OPTION...] <action> <action-specific>" msgstr "[OPTION...] <action> <paramètres de l'action>" -#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 +#: src/cryptsetup.c:3798 src/veritysetup.c:615 src/integritysetup.c:687 msgid "Argument <action> missing." msgstr "Il manque l'argument <action>." -#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 +#: src/cryptsetup.c:3877 src/veritysetup.c:646 src/integritysetup.c:718 msgid "Unknown action." msgstr "Action inconnue." -#: src/cryptsetup.c:3546 +#: src/cryptsetup.c:3895 msgid "Option --key-file takes precedence over specified key file argument." msgstr "L'option --key-file est prioritaire par rapport à un fichier de clé spécifié en argument." -#: src/cryptsetup.c:3552 +#: src/cryptsetup.c:3901 msgid "Only one --key-file argument is allowed." msgstr "Un seul argument --key-file est autorisé." -#: src/cryptsetup.c:3557 +#: src/cryptsetup.c:3906 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "La fonction de dérivation d'une clé basée sur un mot de passe (PBKDF = Password-Based Key Derivation Function) peut uniquement être pbkdf2 ou argon2i/argon2id." -#: src/cryptsetup.c:3562 +#: src/cryptsetup.c:3911 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "Les itérations forcées de PBKDF ne peuvent pas être combinées avec l'option de temps d'itération." -#: src/cryptsetup.c:3573 +#: src/cryptsetup.c:3916 +msgid "Cannot link volume key to a keyring when keyring is disabled." +msgstr "Impossible de lier une clé de volume à un porte-clé quand le porte-clé est désactivé." + +#: src/cryptsetup.c:3927 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Les options --keyslot-cipher et --keyslot-key-size doivent être utilisées ensembles." -#: src/cryptsetup.c:3581 +#: src/cryptsetup.c:3935 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Aucune action réalisée. Invoqué avec l'option --test-args.\n" -#: src/cryptsetup.c:3594 +#: src/cryptsetup.c:3948 msgid "Cannot disable metadata locking." msgstr "Impossible de désactiver le verrouillage des métadonnées." @@ -2827,7 +3068,7 @@ msgstr "La commande exige <hachage_racine> ou l'option --root-hash-file comme ar msgid "<data_device> <hash_device>" msgstr "<périph_données> <périph_hachage>" -#: src/veritysetup.c:489 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:543 msgid "format device" msgstr "formater le périphérique" @@ -2843,7 +3084,7 @@ msgstr "vérifier le périphérique" msgid "<data_device> <name> <hash_device> [<root_hash>]" msgstr "<périph_données> <nom> <périph_hachage> [<hachage_racine>]" -#: src/veritysetup.c:493 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:546 msgid "show active device status" msgstr "afficher le statut du périphérique actif" @@ -2851,7 +3092,7 @@ msgstr "afficher le statut du périphérique actif" msgid "<hash_device>" msgstr "<périph_hachage>" -#: src/veritysetup.c:494 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:547 msgid "show on-disk information" msgstr "afficher les informations sur le disque" @@ -2881,11 +3122,11 @@ msgstr "" "Paramètres compilés par défaut dans dm-verity :\n" "\tHachage: %s, Bloc données (octets): %u, Bloc hachage (octets): %u, Taille aléa: %u, Format hachage: %u\n" -#: src/veritysetup.c:658 +#: src/veritysetup.c:661 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Les options --ignore-corruption et --restart-on-corruption ne peuvent être utilisées ensembles." -#: src/veritysetup.c:663 +#: src/veritysetup.c:666 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Les options --panic-on-corruption et --restart-on-corruption ne peuvent être utilisées ensembles." @@ -2898,29 +3139,29 @@ msgstr "" "Ceci écrasera les données sur %s et %s de manière irrévocable.\n" "Pour préserver le périphérique de données, utilisez l'option --no-wipe (et ensuite activez-le avec --integrity-recalculate)." -#: src/integritysetup.c:212 +#: src/integritysetup.c:217 #, c-format msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "Formaté avec une taille de balise de %u, intégrité interne %s.\n" -#: src/integritysetup.c:289 +#: src/integritysetup.c:298 msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." msgstr "Définir le fanion pour le recalcul n'est pas supporté, envisagez plutôt d'utiliser --wipe." -#: src/integritysetup.c:364 src/integritysetup.c:521 +#: src/integritysetup.c:373 src/integritysetup.c:530 #, c-format msgid "Device %s is not a valid INTEGRITY device." msgstr "Le périphérique %s n'est pas un périphérique INTEGRITY valable." -#: src/integritysetup.c:534 src/integritysetup.c:538 +#: src/integritysetup.c:543 src/integritysetup.c:547 msgid "<integrity_device>" msgstr "<périph_intégrité>" -#: src/integritysetup.c:535 +#: src/integritysetup.c:544 msgid "<integrity_device> <name>" msgstr "<périph_intégrigé> <nom>" -#: src/integritysetup.c:558 +#: src/integritysetup.c:567 #, c-format msgid "" "\n" @@ -2931,7 +3172,7 @@ msgstr "" "<nom> est le périphérique à créer sous %s\n" "<périph_intégrité> est le périphérique contenant les données avec les balises d'intégrité\n" -#: src/integritysetup.c:563 +#: src/integritysetup.c:572 #, c-format msgid "" "\n" @@ -2944,40 +3185,40 @@ msgstr "" "\tAlgorithme de somme de contrôle : %s\n" "\tTaille maximale du fichier de clé : %dko\n" -#: src/integritysetup.c:620 +#: src/integritysetup.c:629 #, c-format msgid "Invalid --%s size. Maximum is %u bytes." msgstr "La taille --%s n'est pas valide. Le maximum est %u octets." -#: src/integritysetup.c:720 +#: src/integritysetup.c:732 msgid "Both key file and key size options must be specified." msgstr "Les options du fichier de clé et de la taille de la clé doivent être spécifiées toutes les deux." -#: src/integritysetup.c:724 +#: src/integritysetup.c:736 msgid "Both journal integrity key file and key size options must be specified." msgstr "Les options du fichier de clé de l'intégrité du journal et de la taille de la clé doivent être spécifiées toutes les deux." -#: src/integritysetup.c:727 +#: src/integritysetup.c:739 msgid "Journal integrity algorithm must be specified if journal integrity key is used." msgstr "L'algorithme d'intégrité du journal doit être spécifié si la clé d'intégrité du journal est utilisée." -#: src/integritysetup.c:731 +#: src/integritysetup.c:743 msgid "Both journal encryption key file and key size options must be specified." msgstr "Les options du fichier de clé de chiffrement du journal et de la taille de la clé doivent être spécifiées toutes les deux." -#: src/integritysetup.c:734 +#: src/integritysetup.c:746 msgid "Journal encryption algorithm must be specified if journal encryption key is used." msgstr "L'algorithme de chiffrement du journal doit être spécifié si la clé de chiffrement du journal est utilisée." -#: src/integritysetup.c:738 +#: src/integritysetup.c:750 msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "Les options de mode récupération et champ de bits sont mutuellement exclusives." -#: src/integritysetup.c:745 +#: src/integritysetup.c:757 msgid "Journal options cannot be used in bitmap mode." msgstr "Les options de journal ne peuvent pas être utilisées en mode champ de bits." -#: src/integritysetup.c:750 +#: src/integritysetup.c:762 msgid "Bitmap options can be used only in bitmap mode." msgstr "Les options de champ de bits peuvent uniquement être utilisées en mode champ de bits." @@ -3189,58 +3430,58 @@ msgstr "" msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Échec de la vérification de la qualité du mot de passe : Mauvais mot de passe (%s)" -#: src/utils_password.c:230 src/utils_password.c:244 +#: src/utils_password.c:231 src/utils_password.c:245 msgid "Error reading passphrase from terminal." msgstr "Erreur de lecture de la phrase secrète depuis la console." -#: src/utils_password.c:242 +#: src/utils_password.c:243 msgid "Verify passphrase: " msgstr "Vérifiez la phrase secrète : " -#: src/utils_password.c:249 +#: src/utils_password.c:250 msgid "Passphrases do not match." msgstr "Les phrases secrètes ne sont pas identiques." -#: src/utils_password.c:287 +#: src/utils_password.c:288 msgid "Cannot use offset with terminal input." msgstr "Le décalage n'est pas possible si l'entrée provient de la console." -#: src/utils_password.c:291 +#: src/utils_password.c:292 #, c-format msgid "Enter passphrase: " msgstr "Saisissez la phrase secrète : " -#: src/utils_password.c:294 +#: src/utils_password.c:295 #, c-format msgid "Enter passphrase for %s: " msgstr "Saisissez la phrase secrète pour %s : " -#: src/utils_password.c:328 +#: src/utils_password.c:329 msgid "No key available with this passphrase." msgstr "Aucune clé disponible avec cette phrase secrète." -#: src/utils_password.c:330 +#: src/utils_password.c:331 msgid "No usable keyslot is available." msgstr "Aucun emplacement de clé utilisable est disponible." -#: src/utils_luks.c:67 +#: src/utils_luks.c:68 msgid "Can't do passphrase verification on non-tty inputs." msgstr "Impossible de vérifier une phrase secrète non saisie sur une console." -#: src/utils_luks.c:182 +#: src/utils_luks.c:183 #, c-format msgid "Failed to open file %s in read-only mode." msgstr "Impossible d'ouvrir le fichier %s en lecture seule." -#: src/utils_luks.c:195 +#: src/utils_luks.c:196 msgid "Provide valid LUKS2 token JSON:\n" msgstr "Fournissez le jeton LUKS valide au format JSON:\n" -#: src/utils_luks.c:202 +#: src/utils_luks.c:203 msgid "Failed to read JSON file." msgstr "Impossible de lire le fichier JSON." -#: src/utils_luks.c:207 +#: src/utils_luks.c:208 msgid "" "\n" "Read interrupted." @@ -3248,12 +3489,12 @@ msgstr "" "\n" "Lecture interrompue." -#: src/utils_luks.c:248 +#: src/utils_luks.c:249 #, c-format msgid "Failed to open file %s in write mode." msgstr "Impossible d'ouvrir le fichier %s en écriture seule." -#: src/utils_luks.c:257 +#: src/utils_luks.c:258 msgid "" "\n" "Write interrupted." @@ -3261,7 +3502,7 @@ msgstr "" "\n" "Écriture interrompue." -#: src/utils_luks.c:261 +#: src/utils_luks.c:262 msgid "Failed to write JSON file." msgstr "Erreur lors de l'écriture du fichier JSON." @@ -3328,15 +3569,19 @@ msgstr "Le périphérique requiert une récupération de rechiffrement. Exécute msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "Le périphérique %s est déjà en cours de rechiffrement LUKS2. Voulez-vous redémarrer l'opération précédemment initialisée ?" -#: src/utils_reencrypt.c:353 +#: src/utils_reencrypt.c:416 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Le rechiffrement LUKS2 historique n'est plus supporté." -#: src/utils_reencrypt.c:418 +#: src/utils_reencrypt.c:421 +msgid "Can not reencrypt LUKS2 device configured to use OPAL." +msgstr "Impossible de rechiffrer un périphérique LUKS2 configuré pour utiliser OPAL." + +#: src/utils_reencrypt.c:427 msgid "Reencryption of device with integrity profile is not supported." msgstr "Le rechiffrement d'un périphérique avec un profil d'intégrité n'est pas supporté." -#: src/utils_reencrypt.c:449 +#: src/utils_reencrypt.c:464 #, c-format msgid "" "Requested --sector-size %<PRIu32> is incompatible with %s superblock\n" @@ -3345,103 +3590,103 @@ msgstr "" "La taille de secteur demandée avec --sector-size %<PRIu32> est incompatible avec le superbloc %s\n" "(taille de bloc : %<PRIu32> octets) détecté sur le périphérique %s." -#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 +#: src/utils_reencrypt.c:533 src/utils_reencrypt.c:1412 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Le chiffrement sans en-tête détaché (--header) n'est pas possible sans une réduction de la taille du périphérique de données (--reduce-device-size)" -#: src/utils_reencrypt.c:525 +#: src/utils_reencrypt.c:540 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Le décalage de données demandé doit être inférieur ou égal à la moitié du paramètre --reduce-device-size." -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:550 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n" msgstr "Ajustement de la valeur de --reduce-device-size à deux fois --offset %<PRIu64> (secteurs).\n" -#: src/utils_reencrypt.c:565 +#: src/utils_reencrypt.c:580 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "Le fichier temporaire d'en-tête %s existe déjà . Abandon." -#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 +#: src/utils_reencrypt.c:582 src/utils_reencrypt.c:589 #, c-format msgid "Cannot create temporary header file %s." msgstr "Impossible de créer le fichier temporaire d'en-tête %s." -#: src/utils_reencrypt.c:599 +#: src/utils_reencrypt.c:614 msgid "LUKS2 metadata size is larger than data shift value." msgstr "La taille des métadonnées LUKS2 est plus grande que la valeur de décalage des données." -#: src/utils_reencrypt.c:636 +#: src/utils_reencrypt.c:651 #, c-format msgid "Failed to place new header at head of device %s." msgstr "Impossible de placer le nouvel en-tête au début du périphérique %s." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:661 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s est maintenant actif et prêt pour un chiffrement en ligne.\n" -#: src/utils_reencrypt.c:682 +#: src/utils_reencrypt.c:697 #, c-format msgid "Active device %s is not LUKS2." msgstr "Le périphérique actif %s n'est pas LUKS2." -#: src/utils_reencrypt.c:710 +#: src/utils_reencrypt.c:725 msgid "Restoring original LUKS2 header." msgstr "Restauration de l'en-tête LUKS2 original." -#: src/utils_reencrypt.c:718 +#: src/utils_reencrypt.c:733 msgid "Original LUKS2 header restore failed." msgstr "Échec de la restauration de l'en-tête LUKS2 original." -#: src/utils_reencrypt.c:744 +#: src/utils_reencrypt.c:759 #, c-format msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" msgstr "Le fichier d'en-tête %s n'existe pas. Voulez-vous initialiser le déchiffrement LUKS2 du périphérique %s et exporter l'en-tête LUKS2 dans le fichier %s ?" -#: src/utils_reencrypt.c:792 +#: src/utils_reencrypt.c:807 msgid "Failed to add read/write permissions to exported header file." msgstr "Échec de l'ajout des permissions lecture/écriture pour exporter le fichier d'en-tête." -#: src/utils_reencrypt.c:845 +#: src/utils_reencrypt.c:860 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "L'initialisation du rechiffrement a échoué. La sauvegarde de l'en-tête est disponible dans %s." -#: src/utils_reencrypt.c:873 +#: src/utils_reencrypt.c:888 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "Le déchiffrement LUKS2 est uniquement supporté avec un périphérique à l'en-tête détaché (avec l'offset de données défini à 0)." -#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 +#: src/utils_reencrypt.c:1023 src/utils_reencrypt.c:1032 msgid "Not enough free keyslots for reencryption." msgstr "Pas assez d'emplacements de clés libres pour le rechiffrement." -#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1053 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Le fichier de clé peut uniquement être utilisé avec --key-slot ou avec exactement un seul emplacement de clé actif." -#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1062 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "Entrez la phrase secrète pour l'emplacement de clé %d : " -#: src/utils_reencrypt.c:1059 +#: src/utils_reencrypt.c:1074 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "Entrez la phrase secrète pour l'emplacement de clé %u : " -#: src/utils_reencrypt.c:1111 +#: src/utils_reencrypt.c:1126 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "Basculement de l'algorithme de chiffrement de données vers %s.\n" -#: src/utils_reencrypt.c:1165 +#: src/utils_reencrypt.c:1180 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Aucun paramètre de segment de donnée changé. Rechiffrement abandonné." -#: src/utils_reencrypt.c:1267 +#: src/utils_reencrypt.c:1282 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3449,7 +3694,7 @@ msgstr "" "L'augmentation de la taille du secteur de chiffrement n'est pas supportée sur un périphérique hors-ligne.\n" "Activez d'abord le périphérique ou utilisez l'option --force-offline-reencrypt (dangereux !)." -#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1322 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3458,62 +3703,62 @@ msgstr "" "\n" "Rechiffrement interrompu." -#: src/utils_reencrypt.c:1312 +#: src/utils_reencrypt.c:1327 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "Redémarrage du rechiffrement LUKS en mode hors-ligne forcé.\n" -#: src/utils_reencrypt.c:1329 +#: src/utils_reencrypt.c:1350 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "Le périphérique %s contient des métadonnées LUKS endommagées. L'opération est abandonnée." -#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 +#: src/utils_reencrypt.c:1366 src/utils_reencrypt.c:1388 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "Le périphérique %s est déjà un périphérique LUKS. L'opération est abandonnée." -#: src/utils_reencrypt.c:1373 +#: src/utils_reencrypt.c:1394 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "Le périphérique %s est déjà en cours de rechiffrement LUKS. L'opération est abandonnée." -#: src/utils_reencrypt.c:1453 +#: src/utils_reencrypt.c:1476 msgid "LUKS2 decryption requires --header option." msgstr "Le déchiffrement LUKS2 requiert l'option --header." -#: src/utils_reencrypt.c:1501 +#: src/utils_reencrypt.c:1524 msgid "Command requires device as argument." msgstr "La commande exige un périphérique comme argument." -#: src/utils_reencrypt.c:1514 +#: src/utils_reencrypt.c:1537 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Versions conflictuelles. Le périphérique %s est LUKS1." -#: src/utils_reencrypt.c:1520 +#: src/utils_reencrypt.c:1543 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Versions conflictuelles. Le périphérique %s est en cours de rechiffrement LUKS1." -#: src/utils_reencrypt.c:1526 +#: src/utils_reencrypt.c:1549 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Versions conflictuelle. Le périphérique %s est LUKS2" -#: src/utils_reencrypt.c:1532 +#: src/utils_reencrypt.c:1555 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Versions conflictuelles. Le périphérique %s est en cours de rechiffrement LUKS2." -#: src/utils_reencrypt.c:1538 +#: src/utils_reencrypt.c:1561 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "Rechiffrement LUKS2 déjà initialisé. Abandon de l'opération." -#: src/utils_reencrypt.c:1545 +#: src/utils_reencrypt.c:1568 msgid "Device reencryption not in progress." msgstr "Le rechiffrement du périphérique n'est pas en cours." -#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:295 #, c-format msgid "Cannot exclusively open %s, device in use." msgstr "Impossible d'ouvrir exclusivement %s : périphérique utilisé." @@ -3649,35 +3894,35 @@ msgstr "ATTENTION: Le périphérique %s contient déjà une signature pour une p msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" msgstr "ATTENTION: Le périphérique %s contient déjà une signature pour un superblock « %s ».\n" -#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 +#: src/utils_blockdev.c:219 src/utils_blockdev.c:302 src/utils_blockdev.c:354 msgid "Failed to initialize device signature probes." msgstr "Impossible d'initialiser les sondes de la signature du périphérique." -#: src/utils_blockdev.c:274 +#: src/utils_blockdev.c:282 #, c-format msgid "Failed to stat device %s." msgstr "Impossible d'exécuter « stat » sur le périphérique %s." -#: src/utils_blockdev.c:289 +#: src/utils_blockdev.c:297 #, c-format msgid "Failed to open file %s in read/write mode." msgstr "Impossible d'ouvrir le fichier %s en mode lecture/écriture." -#: src/utils_blockdev.c:307 +#: src/utils_blockdev.c:317 #, c-format msgid "Existing '%s' partition signature on device %s will be wiped." msgstr "La signature de partition « %s » existante sur le périphérique %s sera effacée." -#: src/utils_blockdev.c:310 +#: src/utils_blockdev.c:320 #, c-format msgid "Existing '%s' superblock signature on device %s will be wiped." msgstr "La signature de superbloc « %s » existante sur le périphérique %s sera effacée." -#: src/utils_blockdev.c:313 +#: src/utils_blockdev.c:323 msgid "Failed to wipe device signature." msgstr "Impossible d'effacer la signature du périphérique." -#: src/utils_blockdev.c:320 +#: src/utils_blockdev.c:330 #, c-format msgid "Failed to probe device %s for a signature." msgstr "Impossible de sonder le périphérique %s pour une signature." @@ -3692,11 +3937,11 @@ msgstr "La spécification de taille est invalide dans le paramètre --%s." msgid "Option --%s is not allowed with %s action." msgstr "L'option --%s n'est pas permise avec l'action %s." -#: tokens/ssh/cryptsetup-ssh.c:110 +#: tokens/ssh/cryptsetup-ssh.c:123 msgid "Failed to write ssh token json." msgstr "Erreur lors de l'écriture du json du jeton ssh." -#: tokens/ssh/cryptsetup-ssh.c:128 +#: tokens/ssh/cryptsetup-ssh.c:141 msgid "" "Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" "\n" @@ -3712,105 +3957,109 @@ msgstr "" "\n" "Note : L'information fournie en ajoutant le jeton (adresse du serveur SSH, utilisateur et chemins) sont stockés dans l'en-tête LUKS2 sous forme de texte clair." -#: tokens/ssh/cryptsetup-ssh.c:138 +#: tokens/ssh/cryptsetup-ssh.c:151 msgid "<action> <device>" msgstr "<action> <périphérique>" -#: tokens/ssh/cryptsetup-ssh.c:141 +#: tokens/ssh/cryptsetup-ssh.c:154 msgid "Options for the 'add' action:" msgstr "Options pour l'action « add » :" -#: tokens/ssh/cryptsetup-ssh.c:142 +#: tokens/ssh/cryptsetup-ssh.c:155 msgid "IP address/URL of the remote server for this token" msgstr "Adresse IP/URL du serveur distant pour ce jeton" -#: tokens/ssh/cryptsetup-ssh.c:143 +#: tokens/ssh/cryptsetup-ssh.c:156 msgid "Username used for the remote server" msgstr "Nom d'utilisateur utilisé pour le serveur distant" -#: tokens/ssh/cryptsetup-ssh.c:144 +#: tokens/ssh/cryptsetup-ssh.c:157 msgid "Path to the key file on the remote server" msgstr "Chemin vers le fichier de clé sur le serveur distant" -#: tokens/ssh/cryptsetup-ssh.c:145 +#: tokens/ssh/cryptsetup-ssh.c:158 msgid "Path to the SSH key for connecting to the remote server" msgstr "Chemin vers la clé SSH pour se connecter au serveur distant" -#: tokens/ssh/cryptsetup-ssh.c:146 +#: tokens/ssh/cryptsetup-ssh.c:160 +msgid "Path to directory containinig libcryptsetup external tokens" +msgstr "Chemin vers le répertoire contenant les jetons externes de libcryptsetup" + +#: tokens/ssh/cryptsetup-ssh.c:161 msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." msgstr "Emplacement de clé à assigner au jeton. Si non spécifié, le jeton sera assigné au premier emplacement de clé correspondant à la phrase secrète fournie." -#: tokens/ssh/cryptsetup-ssh.c:148 +#: tokens/ssh/cryptsetup-ssh.c:163 msgid "Generic options:" msgstr "Options génériques :" -#: tokens/ssh/cryptsetup-ssh.c:149 +#: tokens/ssh/cryptsetup-ssh.c:164 msgid "Shows more detailed error messages" msgstr "Afficher des messages d'erreur plus détaillés" -#: tokens/ssh/cryptsetup-ssh.c:150 +#: tokens/ssh/cryptsetup-ssh.c:165 msgid "Show debug messages" msgstr "Afficher les messages de débogage" -#: tokens/ssh/cryptsetup-ssh.c:151 +#: tokens/ssh/cryptsetup-ssh.c:166 msgid "Show debug messages including JSON metadata" msgstr "Montrer les messages de débogage incluant les métadonnées JSON" -#: tokens/ssh/cryptsetup-ssh.c:262 +#: tokens/ssh/cryptsetup-ssh.c:281 msgid "Failed to open and import private key:\n" msgstr "Impossible d'ouvrir et d'importer la clé privée :\n" -#: tokens/ssh/cryptsetup-ssh.c:266 +#: tokens/ssh/cryptsetup-ssh.c:285 msgid "Failed to import private key (password protected?).\n" msgstr "Impossible d'importer la clé privée (protégée par mot de passe ?).\n" #. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " -#: tokens/ssh/cryptsetup-ssh.c:268 +#: tokens/ssh/cryptsetup-ssh.c:287 #, c-format msgid "%s@%s's password: " msgstr "mot de passe de %s@%s : " -#: tokens/ssh/cryptsetup-ssh.c:357 +#: tokens/ssh/cryptsetup-ssh.c:376 #, c-format msgid "Failed to parse arguments.\n" msgstr "Échec lors de l'analyse des arguments.\n" -#: tokens/ssh/cryptsetup-ssh.c:368 +#: tokens/ssh/cryptsetup-ssh.c:387 #, c-format msgid "An action must be specified\n" msgstr "Une action doit être spécifiée\n" -#: tokens/ssh/cryptsetup-ssh.c:374 +#: tokens/ssh/cryptsetup-ssh.c:393 #, c-format msgid "Device must be specified for '%s' action.\n" msgstr "Le périphérique doit être spécifié pour l'action « %s ».\n" -#: tokens/ssh/cryptsetup-ssh.c:379 +#: tokens/ssh/cryptsetup-ssh.c:398 #, c-format msgid "SSH server must be specified for '%s' action.\n" msgstr "Le serveur SSH doit être spécifié pour l'action « %s ».\n" -#: tokens/ssh/cryptsetup-ssh.c:384 +#: tokens/ssh/cryptsetup-ssh.c:403 #, c-format msgid "SSH user must be specified for '%s' action.\n" msgstr "L'utilisateur SSH doit être spécifié pour l'action « %s ».\n" -#: tokens/ssh/cryptsetup-ssh.c:389 +#: tokens/ssh/cryptsetup-ssh.c:408 #, c-format msgid "SSH path must be specified for '%s' action.\n" msgstr "Le chemin SSH doit être spécifié pour l'action « %s ».\n" -#: tokens/ssh/cryptsetup-ssh.c:394 +#: tokens/ssh/cryptsetup-ssh.c:413 #, c-format msgid "SSH key path must be specified for '%s' action.\n" msgstr "Le chemin de la clé SSH doit être spécifié pour l'action « %s ».\n" -#: tokens/ssh/cryptsetup-ssh.c:401 +#: tokens/ssh/cryptsetup-ssh.c:420 #, c-format msgid "Failed open %s using provided credentials.\n" msgstr "Échec de l'ouverture de %s en utilisant les identifiants fournis.\n" -#: tokens/ssh/cryptsetup-ssh.c:417 +#: tokens/ssh/cryptsetup-ssh.c:437 #, c-format msgid "Only 'add' action is currently supported by this plugin.\n" msgstr "Seule l'action « add » est actuellement supportée par ce greffon.\n" @@ -3855,6 +4104,12 @@ msgstr "La méthode d'authentification par clé publique n'est pas permise sur l msgid "Public key authentication error: " msgstr "Erreur durant l'authentification par clé publique : " +#~ msgid "compiled-in" +#~ msgstr "intégré dans la compilation" + +#~ msgid "disabled" +#~ msgstr "désactivé" + #~ msgid "WARNING: Data offset is outside of currently available data device.\n" #~ msgstr "AVERTISSEMENT: L'offset des données est en dehors du périphérique de données actuellement disponible.\n" @@ -3879,9 +4134,6 @@ msgstr "Erreur durant l'authentification par clé publique : " #~ msgid "Failed to disable reencryption requirement flag." #~ msgstr "Impossible de désactiver le fanion de demande de rechiffrement." -#~ msgid "Encryption is supported only for LUKS2 format." -#~ msgstr "Le chiffrement est uniquement supporté avec le format LUKS2." - #~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" #~ msgstr "Périphérique LUKS détecté sur %s. Voulez-vous chiffrer à nouveau ce périphérique LUKS ?" @@ -3948,9 +4200,6 @@ msgstr "Erreur durant l'authentification par clé publique : " #~ msgid "No free token slot." #~ msgstr "Aucun emplacement de jeton libre" -#~ msgid "Failed to create builtin token %s." -#~ msgstr "Échec lors de la création du jeton intégré %s" - #~ msgid "Invalid LUKS device type." #~ msgstr "Type de périphérique LUKS invalide." @@ -5,10 +5,10 @@ # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.6.1-rc0\n" +"Project-Id-Version: cryptsetup 2.7.0-rc1\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2023-02-01 15:58+0100\n" -"PO-Revision-Date: 2023-02-02 20:52+0900\n" +"POT-Creation-Date: 2023-12-20 15:16+0100\n" +"PO-Revision-Date: 2023-12-21 20:17+0900\n" "Last-Translator: Hiroshi Takekawa <sian@big.or.jp>\n" "Language-Team: Japanese <translation-team-ja@lists.sourceforge.net>\n" "Language: ja\n" @@ -25,58 +25,62 @@ msgstr "device-mapper ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“ã€non-root ã§å®Ÿè¡Œã—ã¾ã™ã msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "device-mapper ã‚’åˆæœŸåŒ–ã§ãã¾ã›ã‚“。dm_mod モジュールã¯ãƒãƒ¼ãƒ‰ã•ã‚Œã¦ã¾ã™ã‹ï¼Ÿ" -#: lib/libdevmapper.c:1102 +#: lib/libdevmapper.c:1103 msgid "Requested deferred flag is not supported." msgstr "指定ã•ã‚ŒãŸå»¶æœŸãƒ•ãƒ©ã‚°ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1172 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "デãƒã‚¤ã‚¹ %s ã® DM-UUID ã¯çŸç¸®ã•ã‚Œã¦ã„ã¾ã™ã€‚" -#: lib/libdevmapper.c:1501 +#: lib/libdevmapper.c:1510 msgid "Unknown dm target type." msgstr "ä¸æ˜Žãª dm target タイプã§ã™ã€‚" -#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 -#: lib/libdevmapper.c:1727 +#: lib/libdevmapper.c:1629 lib/libdevmapper.c:1635 lib/libdevmapper.c:1738 +#: lib/libdevmapper.c:1741 msgid "Requested dm-crypt performance options are not supported." msgstr "指定ã•ã‚ŒãŸ dm-crypt パフォーマンスオプションã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 +#: lib/libdevmapper.c:1644 lib/libdevmapper.c:1656 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "指定ã•ã‚ŒãŸ dm-verity ã®ãƒ‡ãƒ¼ã‚¿ç ´å£Šæ™‚ã®å¯¾å¿œã«ã¤ã„ã¦ã®ã‚ªãƒ—ションã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/libdevmapper.c:1641 +#: lib/libdevmapper.c:1650 msgid "Requested dm-verity tasklets option is not supported." msgstr "指定ã•ã‚ŒãŸ dm-verity ã®ã‚¿ã‚¹ã‚¯ãƒ¬ãƒƒãƒˆã‚ªãƒ—ションã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/libdevmapper.c:1653 +#: lib/libdevmapper.c:1662 msgid "Requested dm-verity FEC options are not supported." msgstr "指定ã•ã‚ŒãŸ dm-verity ã®èª¤ã‚Šè¨‚æ£(FEC)オプションã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/libdevmapper.c:1659 +#: lib/libdevmapper.c:1668 msgid "Requested data integrity options are not supported." msgstr "指定ã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã®ç„¡æ”¹ã–ん確èªã®ã‚ªãƒ—ションã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/libdevmapper.c:1663 +#: lib/libdevmapper.c:1672 msgid "Requested sector_size option is not supported." msgstr "指定ã•ã‚ŒãŸ sector_size オプションã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 +#: lib/libdevmapper.c:1677 +msgid "The device size is not multiple of the requested sector size." +msgstr "デãƒã‚¤ã‚¹ã‚µã‚¤ã‚ºãŒè¦æ±‚ã•ã‚ŒãŸã‚»ã‚¯ã‚¿ã‚µã‚¤ã‚ºã®ã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆã«åˆã„ã¾ã›ã‚“。" + +#: lib/libdevmapper.c:1684 lib/libdevmapper.c:1690 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "指定ã•ã‚ŒãŸæ”¹ã–ん確èªã‚¿ã‚°ã®è‡ªå‹•å†è¨ˆç®—ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 -#: lib/luks2/luks2_json_metadata.c:2620 +#: lib/libdevmapper.c:1696 lib/libdevmapper.c:1744 lib/libdevmapper.c:1747 +#: lib/luks2/luks2_json_metadata.c:2754 msgid "Discard/TRIM is not supported." msgstr "Discard/TRIM ã¯ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/libdevmapper.c:1688 +#: lib/libdevmapper.c:1702 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "è¦æ±‚ã•ã‚ŒãŸ dm-integrity ã®ãƒ“ットマップモードã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/libdevmapper.c:2724 +#: lib/libdevmapper.c:2738 #, c-format msgid "Failed to query dm-%s segment." msgstr "dm-%s ã®ã‚¯ã‚¨ãƒªãƒ¼ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" @@ -110,653 +114,743 @@ msgstr "ä¸æ˜Žãª RNG(乱数生æˆå™¨) ã®è³ª(quality)ãŒè¦æ±‚ã•ã‚Œã¾ã—ãŸã€ msgid "Error reading from RNG." msgstr "RNG(乱数生æˆå™¨)ã‹ã‚‰èªã¿è¾¼ã¿ä¸ã«ã‚¨ãƒ©ãƒ¼ã€‚" -#: lib/setup.c:231 +#: lib/setup.c:261 +msgid "OPAL support is disabled in libcryptsetup." +msgstr "OPAL サãƒãƒ¼ãƒˆã¯ libcryptsetup ã§ç„¡åŠ¹åŒ–ã•ã‚Œã¦ã„ã¾ã™ã€‚" + +#: lib/setup.c:263 +#, c-format +msgid "Device %s or kernel does not support OPAL encryption." +msgstr "デãƒã‚¤ã‚¹ %s ã‹ã‚«ãƒ¼ãƒãƒ«ãŒ OPAL æš—å·åŒ–をサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" + +#: lib/setup.c:279 msgid "Cannot initialize crypto RNG backend." msgstr "æš—å·å‘ã‘RNG(乱数生æˆå™¨)ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã®åˆæœŸåŒ–ãŒã§ãã¾ã›ã‚“。" -#: lib/setup.c:237 +#: lib/setup.c:285 msgid "Cannot initialize crypto backend." msgstr "æš—å·ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã®åˆæœŸåŒ–ãŒã§ãã¾ã›ã‚“。" -#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 +#: lib/setup.c:317 lib/setup.c:2777 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ %s ãŒã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:271 lib/loopaes/loopaes.c:90 +#: lib/setup.c:320 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "éµã®å‡¦ç†ã§ã‚¨ãƒ©ãƒ¼ (ãƒãƒƒã‚·ãƒ¥ %s を使用)。" -#: lib/setup.c:342 lib/setup.c:369 +#: lib/setup.c:391 lib/setup.c:428 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "デãƒã‚¤ã‚¹ã‚¿ã‚¤ãƒ—ãŒã‚ã‹ã‚Šã¾ã›ã‚“。互æ›æ€§ã®ãªã„デãƒã‚¤ã‚¹ã®ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ã‚·ãƒ§ãƒ³ã‚’ã—よã†ã¨ã—ã¦ã„ã¾ã›ã‚“ã‹ï¼Ÿ" -#: lib/setup.c:348 lib/setup.c:3320 +#: lib/setup.c:397 lib/setup.c:3971 msgid "This operation is supported only for LUKS device." msgstr "ã“ã®æ“作㯠LUKS デãƒã‚¤ã‚¹ã§ã—ã‹ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:375 +#: lib/setup.c:434 msgid "This operation is supported only for LUKS2 device." msgstr "ã“ã®æ“作㯠LUKS2 デãƒã‚¤ã‚¹ã§ã—ã‹ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 +#: lib/setup.c:491 lib/luks2/luks2_reencrypt.c:3056 msgid "All key slots full." msgstr "ã‚ースãƒãƒƒãƒˆãŒã„ã£ã±ã„ã§ã™ã€‚" -#: lib/setup.c:438 +#: lib/setup.c:502 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "ã‚ースãƒãƒƒãƒˆ %d ã¯ä¸æ£ã§ã™ã€‚0 ã‹ã‚‰ %d ã®é–“ã‚’é¸ã‚“ã§ãã ã•ã„。" -#: lib/setup.c:444 +#: lib/setup.c:508 #, c-format msgid "Key slot %d is full, please select another one." msgstr "ã‚ースãƒãƒƒãƒˆ %d ã¯ä½¿ã‚ã‚Œã¦ã„ã¾ã™ã€‚別ã®ç•ªå·ã‚’é¸ã‚“ã§ãã ã•ã„。" -#: lib/setup.c:529 lib/setup.c:3042 +#: lib/setup.c:619 lib/setup.c:3672 msgid "Device size is not aligned to device logical block size." msgstr "デãƒã‚¤ã‚¹ã‚µã‚¤ã‚ºãŒè«–ç†ãƒ–ãƒãƒƒã‚¯ã‚µã‚¤ã‚ºã®ã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆã«åˆã„ã¾ã›ã‚“。" -#: lib/setup.c:627 +#: lib/setup.c:717 #, c-format msgid "Header detected but device %s is too small." msgstr "ヘッダãŒæ¤œå‡ºã•ã‚Œã¾ã—ãŸãŒãƒ‡ãƒã‚¤ã‚¹ %s ãŒå°ã•ã™ãŽã¾ã™ã€‚" -#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 -#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 +#: lib/setup.c:758 lib/setup.c:3563 lib/setup.c:5163 +#: lib/luks2/luks2_reencrypt.c:3848 lib/luks2/luks2_reencrypt.c:4305 msgid "This operation is not supported for this device type." msgstr "ã“ã®æ“作ã¯ã“ã®ãƒ‡ãƒã‚¤ã‚¹ã‚¿ã‚¤ãƒ—ã§ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:673 +#: lib/setup.c:763 msgid "Illegal operation with reencryption in-progress." msgstr "オフラインã§ã®å†æš—å·åŒ–ä¸ã§ã™ã€‚ä¸æ¢ã—ã¾ã™ã€‚" -#: lib/setup.c:802 +#: lib/setup.c:895 msgid "Failed to rollback LUKS2 metadata in memory." msgstr "メモリ上㮠LUKS2 メタデータã®ãƒãƒ¼ãƒ«ãƒãƒƒã‚¯ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 -#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 -#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 -#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 -#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 -#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:982 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1374 src/cryptsetup.c:1799 +#: src/cryptsetup.c:1962 src/cryptsetup.c:2017 src/cryptsetup.c:2222 +#: src/cryptsetup.c:2392 src/cryptsetup.c:2673 src/cryptsetup.c:2981 +#: src/cryptsetup.c:3049 src/utils_reencrypt.c:1488 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:85 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "デãƒã‚¤ã‚¹ %s ã¯æœ‰åŠ¹ãª LUKS デãƒã‚¤ã‚¹ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: lib/setup.c:892 lib/luks1/keymanage.c:530 +#: lib/setup.c:985 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "LUKS ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %d ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 -#: lib/setup.c:2952 lib/setup.c:4764 +#: lib/setup.c:1358 +#, c-format +msgid "No known cipher specification pattern detected for active device %s." +msgstr "アクティブãªãƒ‡ãƒã‚¤ã‚¹ %s ã«æ—¢çŸ¥ã®æš—å·ã‚¹ãƒšãƒƒã‚¯ãƒ‘ターンãŒæ¤œå‡ºã•ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚" + +#: lib/setup.c:1604 lib/setup.c:3317 lib/setup.c:3399 lib/setup.c:3411 +#: lib/setup.c:3581 lib/setup.c:5755 #, c-format msgid "Device %s is not active." msgstr "デãƒã‚¤ã‚¹ %s ã¯ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: lib/setup.c:1508 +#: lib/setup.c:1621 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "æš—å·åŒ–ã•ã‚ŒãŸãƒ‡ãƒã‚¤ã‚¹ %s ã®å…ƒã«ãªã‚‹ãƒ‡ãƒã‚¤ã‚¹ãŒæ¶ˆæ»…ã—ã¾ã—ãŸã€‚" -#: lib/setup.c:1590 +#: lib/setup.c:1703 msgid "Invalid plain crypt parameters." msgstr "ä¸æ£ãª plain crypt ã®ãƒ‘ラメータ。" -#: lib/setup.c:1595 lib/setup.c:2054 +#: lib/setup.c:1708 lib/setup.c:2680 msgid "Invalid key size." msgstr "ä¸æ£ãªã‚ーサイズ。" -#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 +#: lib/setup.c:1713 lib/setup.c:2685 lib/setup.c:2888 msgid "UUID is not supported for this crypt type." msgstr "UUID ã¯ã“ã®æš—å·ã‚¿ã‚¤ãƒ—ã§ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:1605 lib/setup.c:2064 +#: lib/setup.c:1718 lib/setup.c:2690 msgid "Detached metadata device is not supported for this crypt type." msgstr "分離ã—ãŸãƒ¡ã‚¿ãƒ‡ãƒ¼ã‚¿ãƒ‡ãƒã‚¤ã‚¹ã¯ã“ã®æš—å·ã‚¿ã‚¤ãƒ—ã§ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 -#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 +#: lib/setup.c:1728 lib/setup.c:1963 lib/luks2/luks2_reencrypt.c:3012 +#: src/cryptsetup.c:1467 src/cryptsetup.c:3726 msgid "Unsupported encryption sector size." msgstr "サãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ãªã„æš—å·åŒ–セクタサイズã§ã™ã€‚" -#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 +#: lib/setup.c:1736 lib/setup.c:1992 lib/setup.c:3666 msgid "Device size is not aligned to requested sector size." msgstr "デãƒã‚¤ã‚¹ã‚µã‚¤ã‚ºãŒè¦æ±‚ã•ã‚ŒãŸã‚»ã‚¯ã‚¿ã‚µã‚¤ã‚ºã®ã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆã«åˆã„ã¾ã›ã‚“。" -#: lib/setup.c:1675 lib/setup.c:1799 +#: lib/setup.c:1788 lib/setup.c:2025 lib/setup.c:2357 msgid "Can't format LUKS without device." msgstr "デãƒã‚¤ã‚¹ãªã—ã«ã¯ LUKS å½¢å¼ã«ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã§ãã¾ã›ã‚“。" -#: lib/setup.c:1681 lib/setup.c:1805 +#: lib/setup.c:1794 lib/setup.c:2031 lib/setup.c:2363 msgid "Requested data alignment is not compatible with data offset." msgstr "è¦æ±‚ã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆã¨ãƒ‡ãƒ¼ã‚¿ã‚ªãƒ•ã‚»ãƒƒãƒˆãŒåˆã„ã¾ã›ã‚“。" -#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 +#: lib/setup.c:1834 lib/setup.c:2049 +msgid "WARNING: DAX device can corrupt data as it does not guarantee atomic sector updates.\n" +msgstr "è¦å‘Š: DAX デãƒã‚¤ã‚¹ã¯ã‚¢ãƒˆãƒŸãƒƒã‚¯ãªã‚»ã‚¯ã‚¿æ›´æ–°ã‚’ä¿è¨¼ã—ãªã„ãŸã‚データãŒå£Šã‚Œã‚‹ã“ã¨ãŒã‚ã‚Šã¾ã™ã€‚\n" + +#: lib/setup.c:1872 lib/setup.c:2144 lib/setup.c:2165 lib/setup.c:2541 +#: lib/setup.c:2587 lib/setup.c:2900 #, c-format msgid "Cannot wipe header on device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®ãƒ˜ãƒƒãƒ€ã‚’消ã—去れã¾ã›ã‚“。" -#: lib/setup.c:1769 lib/setup.c:2036 +#: lib/setup.c:1885 lib/setup.c:2204 #, c-format msgid "Device %s is too small for activation, there is no remaining space for data.\n" msgstr "デãƒã‚¤ã‚¹ %s ã¯ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ãƒˆã™ã‚‹ã®ã«å°ã•ã™ãŽã¾ã™ã€‚データ用ã®ã‚¹ãƒšãƒ¼ã‚¹ãŒã‚ã‚Šã¾ã›ã‚“。\n" -#: lib/setup.c:1840 -msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" -msgstr "è¦å‘Š: デãƒã‚¤ã‚¹ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ã‚·ãƒ§ãƒ³ãŒå¤±æ•—ã—ã¾ã—ãŸã€‚dm-crypt ãŒè¦æ±‚ã•ã‚ŒãŸæš—å·ã‚»ã‚¯ã‚¿ã‚µã‚¤ã‚ºã‚’サãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。\n" - -#: lib/setup.c:1863 +#: lib/setup.c:1925 msgid "Volume key is too small for encryption with integrity extensions." msgstr "ボリュームã‚ーã¯æ”¹ã–ã‚“è€æ€§æ‹¡å¼µã®ãŸã‚æš—å·ã«ã¯éµé•·ãŒå°ã•ã™ãŽã¾ã™ã€‚" -#: lib/setup.c:1923 +#: lib/setup.c:1934 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "æš—å· %s-%s (ã‚ーサイズ %zd ビット) ã¯åˆ©ç”¨ã§ãã¾ã›ã‚“。" -#: lib/setup.c:1949 -#, c-format -msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" -msgstr "è¦å‘Š: LUKS2 メタデータサイズ㌠%<PRIu64> ãƒã‚¤ãƒˆã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚\n" - -#: lib/setup.c:1953 -#, c-format -msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" -msgstr "è¦å‘Š: LUKS2 ã‚ースãƒãƒƒãƒˆé ˜åŸŸã‚µã‚¤ã‚ºãŒ %<PRIu64> ãƒã‚¤ãƒˆã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚\n" +#: lib/setup.c:1973 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "è¦å‘Š: デãƒã‚¤ã‚¹ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ã‚·ãƒ§ãƒ³ãŒå¤±æ•—ã—ã¾ã—ãŸã€‚dm-crypt ãŒè¦æ±‚ã•ã‚ŒãŸæš—å·ã‚»ã‚¯ã‚¿ã‚µã‚¤ã‚ºã‚’サãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。\n" -#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 +#: lib/setup.c:2147 lib/setup.c:2484 lib/setup.c:2544 lib/utils_device.c:917 +#: lib/luks1/keyencryption.c:255 lib/luks2/luks2_reencrypt.c:3080 +#: lib/luks2/luks2_reencrypt.c:4364 #, c-format msgid "Device %s is too small." msgstr "デãƒã‚¤ã‚¹ %s ã®ã‚µã‚¤ã‚ºãŒå°ã•ã™ãŽã¾ã™ã€‚" -#: lib/setup.c:1990 lib/setup.c:2016 +#: lib/setup.c:2158 lib/setup.c:2184 lib/setup.c:2580 lib/setup.c:2626 #, c-format msgid "Cannot format device %s in use." msgstr "デãƒã‚¤ã‚¹ %s ã¯ä½¿ç”¨ä¸ã®ãŸã‚フォーマットã§ãã¾ã›ã‚“。" -#: lib/setup.c:1993 lib/setup.c:2019 +#: lib/setup.c:2161 lib/setup.c:2187 lib/setup.c:2583 lib/setup.c:2629 #, c-format msgid "Cannot format device %s, permission denied." msgstr "デãƒã‚¤ã‚¹ %s ã¯æ¨©é™ãŒãªã„ãŸã‚フォーマットã§ãã¾ã›ã‚“。" -#: lib/setup.c:2005 lib/setup.c:2334 +#: lib/setup.c:2173 lib/setup.c:2600 lib/setup.c:2960 #, c-format msgid "Cannot format integrity for device %s." msgstr "デãƒã‚¤ã‚¹ %s を改ã–ã‚“è€æ€§ãŒã¤ãよã†ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã§ãã¾ã›ã‚“。" -#: lib/setup.c:2023 +#: lib/setup.c:2191 lib/setup.c:2637 #, c-format msgid "Cannot format device %s." msgstr "デãƒã‚¤ã‚¹ %s をフォーマットã§ãã¾ã›ã‚“。" -#: lib/setup.c:2049 +#: lib/setup.c:2234 +msgid "Cannot get OPAL alignment parameters." +msgstr "OPAL アライメントパラメータをå–å¾—ã§ãã¾ã›ã‚“。" + +#: lib/setup.c:2243 +msgid "Bogus OPAL logical block size." +msgstr "OPAL è«–ç†ãƒ–ãƒãƒƒã‚¯ã‚µã‚¤ã‚ºãŒãŠã‹ã—ã„ã§ã™ã€‚" + +#: lib/setup.c:2249 +msgid "Requested data offset is not compatible with OPAL block size." +msgstr "è¦æ±‚ã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã‚ªãƒ•ã‚»ãƒƒãƒˆãŒ OPAL ブãƒãƒƒã‚¯ã‚µã‚¤ã‚ºã¨äº’æ›æ€§ãŒã‚ã‚Šã¾ã›ã‚“。" + +#: lib/setup.c:2256 +msgid "Requested data alignment is not compatible with OPAL alignment." +msgstr "è¦æ±‚ã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆãŒ OPAL アライメントã¨äº’æ›æ€§ãŒã‚ã‚Šã¾ã›ã‚“。" + +#: lib/setup.c:2276 +msgid "Data offset does not satisfy OPAL alignment requirements." +msgstr "データオフセット㌠OPAL アライメント制約を満ãŸã—ã¦ã„ã¾ã›ã‚“。" + +#: lib/setup.c:2289 +msgid "Requested data alignment does not satisfy locking range alignment requirements." +msgstr "è¦æ±‚ã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆã¯ãƒãƒƒã‚¯ãƒ¬ãƒ³ã‚¸ã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆã«å¯¾ã™ã‚‹è¦æ±‚を満ãŸã—ã¾ã›ã‚“。" + +#: lib/setup.c:2494 +#, c-format +msgid "Compensating device size by %<PRIu64> sectors to align it with OPAL alignment granularity." +msgstr "OPAL ã®ã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆç²’度ã«åˆã‚ã›ã‚‹ãŸã‚ã«ãƒ‡ãƒã‚¤ã‚¹ã‚µã‚¤ã‚ºãŒ %<PRIu64> セクタ少ãªããªã‚Šã¾ã™ã€‚" + +#: lib/setup.c:2552 lib/setup.c:4068 lib/setup.c:4223 lib/utils_wipe.c:368 +#: lib/luks2/luks2_json_metadata.c:2703 lib/luks2/luks2_json_metadata.c:2955 +#, c-format +msgid "Failed to acquire OPAL lock on device %s." +msgstr "デãƒã‚¤ã‚¹ %s ã® OPAL ãƒãƒƒã‚¯ã‚’å–å¾—ã§ãã¾ã›ã‚“ã§ã—ãŸã€‚" + +#: lib/setup.c:2561 +msgid "Incorrect OPAL Admin key." +msgstr "OPAL 管ç†è€…ã‚ーãŒæ£ã—ãã‚ã‚Šã¾ã›ã‚“。" + +#: lib/setup.c:2563 +msgid "Cannot setup OPAL segment." +msgstr "OPAL セグメントをè¨å®šã§ãã¾ã›ã‚“。" + +#: lib/setup.c:2633 +#, c-format +msgid "Cannot format device %s, OPAL device seems to be fully write-protected now." +msgstr "デãƒã‚¤ã‚¹ %s をフォーマットã§ãã¾ã›ã‚“。OPAL デãƒã‚¤ã‚¹ã¯å®Œå…¨ã«æ›¸ãè¾¼ã¿ç¦æ¢ã«ãªã£ã¦ã„るよã†ã§ã™ã€‚" + +#: lib/setup.c:2635 +msgid "This is perhaps a bug in firmware. Run OPAL PSID reset and reconnect for recovery." +msgstr "ãŠãらãファームウェアã®ãƒã‚°ã§ã™ã€‚OPAL PSID リセットをã—ã¦å¾©æ—§ã®ãŸã‚ã«å†æŽ¥ç¶šã—ã¦ãã ã•ã„。" + +#: lib/setup.c:2655 +#, c-format +msgid "Locking range %d reset on device %s failed." +msgstr "ãƒãƒƒã‚¯ãƒ¬ãƒ³ã‚¸ %d ã®ãƒªã‚»ãƒƒãƒˆã‚’デãƒã‚¤ã‚¹ %s ã«è©¦ã¿ã¾ã—ãŸãŒå¤±æ•—ã—ã¾ã—ãŸã€‚" + +#: lib/setup.c:2675 msgid "Can't format LOOPAES without device." msgstr "LOOPAES ã¨ã—ã¦ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã™ã‚‹ã«ã¯ãƒ‡ãƒã‚¤ã‚¹ãŒå¿…è¦ã§ã™ã€‚" -#: lib/setup.c:2094 +#: lib/setup.c:2720 msgid "Can't format VERITY without device." msgstr "VERITY ã¨ã—ã¦ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã™ã‚‹ã«ã¯ãƒ‡ãƒã‚¤ã‚¹ãŒå¿…è¦ã§ã™ã€‚" -#: lib/setup.c:2105 lib/verity/verity.c:101 +#: lib/setup.c:2731 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "VERITY ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ— %d ã¯ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:2111 lib/verity/verity.c:109 +#: lib/setup.c:2737 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "サãƒãƒ¼ãƒˆã—ã¦ã„ãªã„ VERITY ブãƒãƒƒã‚¯ã‚µã‚¤ã‚ºã§ã™ã€‚" -#: lib/setup.c:2116 lib/verity/verity.c:74 +#: lib/setup.c:2742 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "サãƒãƒ¼ãƒˆã—ã¦ã„ãªã„ VERITY ãƒãƒƒã‚·ãƒ¥ã‚ªãƒ•ã‚»ãƒƒãƒˆã§ã™ã€‚" -#: lib/setup.c:2121 +#: lib/setup.c:2747 msgid "Unsupported VERITY FEC offset." msgstr "サãƒãƒ¼ãƒˆã—ã¦ã„ãªã„ VERITY FEC オフセットã§ã™ã€‚" -#: lib/setup.c:2145 +#: lib/setup.c:2771 msgid "Data area overlaps with hash area." msgstr "ãƒ‡ãƒ¼ã‚¿é ˜åŸŸãŒãƒãƒƒã‚·ãƒ¥é ˜åŸŸã¨é‡ãªã£ã¦ã„ã¾ã™ã€‚" -#: lib/setup.c:2170 +#: lib/setup.c:2796 msgid "Hash area overlaps with FEC area." msgstr "ãƒãƒƒã‚·ãƒ¥é ˜åŸŸãŒ FEC é ˜åŸŸã¨é‡ãªã£ã¦ã„ã¾ã™ã€‚" -#: lib/setup.c:2177 +#: lib/setup.c:2803 msgid "Data area overlaps with FEC area." msgstr "ãƒ‡ãƒ¼ã‚¿é ˜åŸŸãŒ FEC é ˜åŸŸã¨é‡ãªã£ã¦ã„ã¾ã™ã€‚" -#: lib/setup.c:2313 +#: lib/setup.c:2939 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "è¦å‘Š: 指定ã•ã‚ŒãŸã‚¿ã‚°ã®ã‚µã‚¤ã‚º %d ãƒã‚¤ãƒˆãŒ %s ã®å‡ºåŠ›ã‚µã‚¤ã‚ºã¨ç•°ãªã‚Šã¾ã™ (%d ãƒã‚¤ãƒˆ)。\n" -#: lib/setup.c:2392 +#: lib/setup.c:3018 #, c-format msgid "Unknown crypt device type %s requested." msgstr "ä¸æ˜Žãªæš—å·ãƒ‡ãƒã‚¤ã‚¹ã‚¿ã‚¤ãƒ— %s ãŒæŒ‡å®šã•ã‚Œã¾ã—ãŸã€‚" -#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 +#: lib/setup.c:3325 lib/setup.c:3404 lib/setup.c:3417 #, c-format msgid "Unsupported parameters on device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®ãƒ‘ラメータã¯ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 -#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 +#: lib/setup.c:3331 lib/setup.c:3424 lib/luks2/luks2_reencrypt.c:2908 +#: lib/luks2/luks2_reencrypt.c:3145 lib/luks2/luks2_reencrypt.c:3540 #, c-format msgid "Mismatching parameters on device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®ãƒ‘ラメータãŒãƒŸã‚¹ãƒžãƒƒãƒã—ã¦ã„ã¾ã™ã€‚" -#: lib/setup.c:2822 +#: lib/setup.c:3448 msgid "Crypt devices mismatch." msgstr "Crypt デãƒã‚¤ã‚¹ãŒä¸€è‡´ã—ã¾ã›ã‚“。" -#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 -#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 +#: lib/setup.c:3485 lib/setup.c:3490 lib/luks2/luks2_reencrypt.c:2390 +#: lib/luks2/luks2_reencrypt.c:2924 lib/luks2/luks2_reencrypt.c:4109 #, c-format msgid "Failed to reload device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®ãƒªãƒãƒ¼ãƒ‰ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 -#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 +#: lib/setup.c:3496 lib/setup.c:3502 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2368 lib/luks2/luks2_reencrypt.c:2938 #, c-format msgid "Failed to suspend device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®ã‚µã‚¹ãƒšãƒ³ãƒ‰ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 -#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 -#: lib/luks2/luks2_reencrypt.c:4036 +#: lib/setup.c:3508 lib/luks2/luks2_reencrypt.c:2375 +#: lib/luks2/luks2_reencrypt.c:2959 lib/luks2/luks2_reencrypt.c:4022 +#: lib/luks2/luks2_reencrypt.c:4113 #, c-format msgid "Failed to resume device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®ãƒªã‚¸ãƒ¥ãƒ¼ãƒ ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/setup.c:2897 +#: lib/setup.c:3523 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "デãƒã‚¤ã‚¹ %s ã®ãƒªãƒãƒ¼ãƒ‰ä¸ã«è‡´å‘½çš„ãªã‚¨ãƒ©ãƒ¼(デãƒã‚¤ã‚¹ %s ã®ä¸Šã§)。" -#: lib/setup.c:2900 lib/setup.c:2902 +#: lib/setup.c:3526 lib/setup.c:3528 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "デãƒã‚¤ã‚¹ %s ã‚’ dm-error ã«ã‚¹ã‚¤ãƒƒãƒã§ãã¾ã›ã‚“。" -#: lib/setup.c:2984 +#: lib/setup.c:3568 +msgid "Can not resize LUKS2 device with static size." +msgstr "é™çš„サイズ㮠LUKS2 デãƒã‚¤ã‚¹ã¯ãƒªã‚µã‚¤ã‚ºã§ãã¾ã›ã‚“。" + +#: lib/setup.c:3613 msgid "Cannot resize loop device." msgstr "ループデãƒã‚¤ã‚¹ã¯ãƒªã‚µã‚¤ã‚ºã§ãã¾ã›ã‚“。" -#: lib/setup.c:3027 +#: lib/setup.c:3657 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "è¦å‘Š: 最大サイズãŒæ—¢ã«è¨å®šæ¸ˆã‹ã‚«ãƒ¼ãƒãƒ«ãŒãƒªã‚µã‚¤ã‚ºã‚’サãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。\n" -#: lib/setup.c:3088 +#: lib/setup.c:3723 msgid "Resize failed, the kernel doesn't support it." msgstr "リサイズã«å¤±æ•—ã—ã¾ã—ãŸã€‚カーãƒãƒ«ãŒã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:3120 +#: lib/setup.c:3755 msgid "Do you really want to change UUID of device?" msgstr "デãƒã‚¤ã‚¹ã® UUID を本当ã«å¤‰æ›´ã—ã¦ã‚‚ã„ã„ã§ã™ã‹ï¼Ÿ" -#: lib/setup.c:3212 +#: lib/setup.c:3847 msgid "Header backup file does not contain compatible LUKS header." msgstr "ヘッダã®ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ファイルã®ä¸å‘³ãŒ LUKS ヘッダã¨äº’æ›æ€§ãŒã‚ã‚Šã¾ã›ã‚“。" -#: lib/setup.c:3328 +#: lib/setup.c:3956 #, c-format msgid "Volume %s is not active." msgstr "ボリューム%s ã¯ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: lib/setup.c:3339 +#: lib/setup.c:4022 #, c-format msgid "Volume %s is already suspended." msgstr "ボリューム%s ã¯æ—¢ã«åœæ¢ã•ã‚Œã¦ã„ã¾ã™ã€‚" -#: lib/setup.c:3352 +#: lib/setup.c:4050 #, c-format msgid "Suspend is not supported for device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®åœæ¢ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:3354 +#: lib/setup.c:4052 lib/setup.c:4060 #, c-format msgid "Error during suspending device %s." msgstr "デãƒã‚¤ã‚¹ %s åœæ¢ä¸ã«ã‚¨ãƒ©ãƒ¼ã€‚" -#: lib/setup.c:3389 +#: lib/setup.c:4074 +#, c-format +msgid "Device %s was suspended but hardware OPAL device cannot be locked." +msgstr "デãƒã‚¤ã‚¹ %s ã¯åœæ¢ã•ã‚Œã¾ã—ãŸãŒã€ãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ OPAL デãƒã‚¤ã‚¹ã¯ãƒãƒƒã‚¯ã§ãã¾ã›ã‚“。" + +#: lib/setup.c:4106 lib/setup.c:4250 #, c-format msgid "Resume is not supported for device %s." msgstr "デãƒã‚¤ã‚¹ %s ã¯å†é–‹ã‚’サãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:3391 +#: lib/setup.c:4108 lib/setup.c:4241 lib/setup.c:4252 #, c-format msgid "Error during resuming device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®å†é–‹ä¸ã«ã‚¨ãƒ©ãƒ¼ã€‚" -#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 -#: src/cryptsetup.c:2479 +#: lib/setup.c:4131 +msgid "Failed to link key to the specified keyring." +msgstr "ã‚ーを指定ã•ã‚ŒãŸã‚ーリングã«ãƒªãƒ³ã‚¯ã§ãã¾ã›ã‚“。" + +#: lib/setup.c:4150 +msgid "Failed to unlink volume key from user specified keyring." +msgstr "ボリュームã‚ーを指定ã•ã‚ŒãŸã‚ーリングã‹ã‚‰ã‚¢ãƒ³ãƒªãƒ³ã‚¯ã§ãã¾ã›ã‚“。" + +#: lib/setup.c:4213 lib/setup.c:4934 lib/setup.c:5549 +msgid "Failed to link volume key in user defined keyring." +msgstr "ボリュームã‚ーを指定ã•ã‚ŒãŸã‚ーリングã«ãƒªãƒ³ã‚¯ã§ãã¾ã›ã‚“。" + +#: lib/setup.c:4313 src/cryptsetup.c:2755 #, c-format msgid "Volume %s is not suspended." msgstr "ボリューム%s ã¯åœæ¢ã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 -#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 -#: src/cryptsetup.c:2011 +#: lib/setup.c:4414 lib/setup.c:5310 lib/setup.c:5317 lib/setup.c:7176 +#: lib/setup.c:7198 lib/setup.c:7247 src/cryptsetup.c:2265 msgid "Volume key does not match the volume." msgstr "ボリュームã‚ーãŒãƒœãƒªãƒ¥ãƒ¼ãƒ ã«åˆã„ã¾ã›ã‚“。" -#: lib/setup.c:3737 +#: lib/setup.c:4568 msgid "Failed to swap new key slot." msgstr "æ–°ã—ã„ã‚ースãƒãƒƒãƒˆã‚’交æ›ã§ãã¾ã›ã‚“ã§ã—ãŸã€‚" -#: lib/setup.c:3835 +#: lib/setup.c:4666 #, c-format msgid "Key slot %d is invalid." msgstr "ã‚ースãƒãƒƒãƒˆ %d ã¯ä¸æ£ã§ã™ã€‚" -#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 -#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 +#: lib/setup.c:4672 src/cryptsetup.c:1975 src/cryptsetup.c:2467 +#: src/cryptsetup.c:3149 src/cryptsetup.c:3209 #, c-format msgid "Keyslot %d is not active." msgstr "ã‚ースãƒãƒƒãƒˆ %d ã¯éžã‚¢ã‚¯ãƒ†ã‚£ãƒ–ã§ã™ã€‚" -#: lib/setup.c:3860 +#: lib/setup.c:4691 msgid "Device header overlaps with data area." msgstr "デãƒã‚¤ã‚¹ãƒ˜ãƒƒãƒ€ãŒãƒ‡ãƒ¼ã‚¿é ˜åŸŸã«é‡ãªã£ã¦ã„ã¾ã™ã€‚" -#: lib/setup.c:4165 +#: lib/setup.c:5041 msgid "Reencryption in-progress. Cannot activate device." msgstr "æ—¢ã«å†æš—å·åŒ–ä¸ã§ã™ã€‚デãƒã‚¤ã‚¹ã‚’アクティベートã§ãã¾ã›ã‚“。" -#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 -#: lib/luks2/luks2_reencrypt.c:3590 +#: lib/setup.c:5043 lib/luks2/luks2_json_metadata.c:2861 +#: lib/luks2/luks2_reencrypt.c:3646 msgid "Failed to get reencryption lock." msgstr "å†æš—å·åŒ–ãƒãƒƒã‚¯ã‚’å–å¾—ã§ãã¾ã›ã‚“。" -#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 +#: lib/setup.c:5056 lib/luks2/luks2_reencrypt.c:3665 msgid "LUKS2 reencryption recovery failed." msgstr "LUKS2 ã®å†æš—å·åŒ–ã¯æ—¢ã«åˆæœŸåŒ–ã•ã‚Œã¾ã—ãŸã€‚" -#: lib/setup.c:4352 lib/setup.c:4618 +#: lib/setup.c:5228 lib/setup.c:5328 lib/setup.c:5386 msgid "Device type is not properly initialized." msgstr "デãƒã‚¤ã‚¹ã‚¿ã‚¤ãƒ—ãŒæ£ã—ãåˆæœŸåŒ–ã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:4400 +#: lib/setup.c:5283 #, c-format msgid "Device %s already exists." msgstr "デãƒã‚¤ã‚¹ %s ã¯æ—¢ã«å˜åœ¨ã—ã¾ã™ã€‚" -#: lib/setup.c:4407 +#: lib/setup.c:5290 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "デãƒã‚¤ã‚¹ %s を使ãˆã¾ã›ã‚“。åå‰ãŒä¸æ£ã‹ä½¿ç”¨ä¸ã§ã™ã€‚" -#: lib/setup.c:4527 +#: lib/setup.c:5306 msgid "Incorrect volume key specified for plain device." msgstr "æ£ã—ããªã„ボリュームã‚ーãŒãƒ—レーンデãƒã‚¤ã‚¹ã«æŒ‡å®šã•ã‚Œã¾ã—ãŸã€‚" -#: lib/setup.c:4644 -msgid "Incorrect root hash specified for verity device." -msgstr "æ£ã—ããªã„ルートãƒãƒƒã‚·ãƒ¥ãŒ verity デãƒã‚¤ã‚¹ã«æŒ‡å®šã•ã‚Œã¾ã—ãŸã€‚" - -#: lib/setup.c:4654 -msgid "Root hash signature required." -msgstr "ルートãƒãƒƒã‚·ãƒ¥ç½²åãŒå¿…è¦ã§ã™ã€‚" +#: lib/setup.c:5424 +msgid "Kernel keyring is not supported by the kernel." +msgstr "カーãƒãƒ«ãŒã‚«ãƒ¼ãƒãƒ«ã‚ーリングをサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:4663 +#: lib/setup.c:5428 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "ç½²åをカーãƒãƒ«ã«æ¸¡ã™ã®ã«å¿…è¦ãªã‚«ãƒ¼ãƒãƒ«ã‚ーリングをカーãƒãƒ«ãŒã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:4680 lib/setup.c:6423 -msgid "Failed to load key in kernel keyring." -msgstr "ã‚ーをカーãƒãƒ«ã‚ーリングã«ãƒãƒ¼ãƒ‰ã§ãã¾ã›ã‚“。" +#: lib/setup.c:5668 +msgid "Incorrect root hash specified for verity device." +msgstr "æ£ã—ããªã„ルートãƒãƒƒã‚·ãƒ¥ãŒ verity デãƒã‚¤ã‚¹ã«æŒ‡å®šã•ã‚Œã¾ã—ãŸã€‚" -#: lib/setup.c:4736 +#: lib/setup.c:5711 +msgid "OPAL does not support deferred deactivation." +msgstr "OPAL ã¯é…延デアクティベーションをサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" + +#: lib/setup.c:5727 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "デãƒã‚¤ã‚¹ %s ã‹ã‚‰ã®é…延削除をã‚ャンセルã§ãã¾ã›ã‚“ã§ã—ãŸã€‚" -#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 +#: lib/setup.c:5734 lib/setup.c:5750 lib/luks2/luks2_json_metadata.c:2915 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "デãƒã‚¤ã‚¹ %s ã¯ä½¿ç”¨ä¸ã§ã™ã€‚" -#: lib/setup.c:4768 +#: lib/setup.c:5759 #, c-format msgid "Invalid device %s." msgstr "デãƒã‚¤ã‚¹ %s ã¯ä¸æ£ã§ã™ã€‚" -#: lib/setup.c:4908 +#: lib/setup.c:5899 msgid "Volume key buffer too small." msgstr "ボリュームã‚ーã®ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¾ã™ã€‚" -#: lib/setup.c:4925 +#: lib/setup.c:5916 msgid "Cannot retrieve volume key for LUKS2 device." msgstr "LUKS2 デãƒã‚¤ã‚¹å‘ã‘ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ ã‚ーãŒå–å¾—ã§ãã¾ã›ã‚“。" -#: lib/setup.c:4934 +#: lib/setup.c:5925 msgid "Cannot retrieve volume key for LUKS1 device." msgstr "LUKS1 デãƒã‚¤ã‚¹å‘ã‘ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ ã‚ーãŒå–å¾—ã§ãã¾ã›ã‚“。" -#: lib/setup.c:4944 +#: lib/setup.c:5935 msgid "Cannot retrieve volume key for plain device." msgstr "プレーンデãƒã‚¤ã‚¹å‘ã‘ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ ã‚ーãŒå–å¾—ã§ãã¾ã›ã‚“。" -#: lib/setup.c:4952 +#: lib/setup.c:5943 msgid "Cannot retrieve root hash for verity device." msgstr "verity デãƒã‚¤ã‚¹ã®ãƒ«ãƒ¼ãƒˆãƒãƒƒã‚·ãƒ¥ãŒèªã¿å‡ºã›ã¾ã›ã‚“。" -#: lib/setup.c:4959 +#: lib/setup.c:5950 msgid "Cannot retrieve volume key for BITLK device." msgstr "BITLK デãƒã‚¤ã‚¹å‘ã‘ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ ã‚ーãŒå–å¾—ã§ãã¾ã›ã‚“。" -#: lib/setup.c:4964 +#: lib/setup.c:5955 msgid "Cannot retrieve volume key for FVAULT2 device." msgstr "FVAULT2 デãƒã‚¤ã‚¹å‘ã‘ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ ã‚ーãŒå–å¾—ã§ãã¾ã›ã‚“。" -#: lib/setup.c:4966 +#: lib/setup.c:5957 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "ã“ã®æ“作㯠%s æš—å·åŒ–デãƒã‚¤ã‚¹ã§ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:5147 lib/setup.c:5158 +#: lib/setup.c:6141 lib/setup.c:6152 msgid "Dump operation is not supported for this device type." msgstr "ã“ã®ãƒ‡ãƒã‚¤ã‚¹ã‚¿ã‚¤ãƒ—ã¯ãƒ€ãƒ³ãƒ—æ“作をサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/setup.c:5500 +#: lib/setup.c:6511 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "データオフセット㌠%u ãƒã‚¤ãƒˆã®å€æ•°ã§ã‚ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" -#: lib/setup.c:5788 +#: lib/setup.c:6819 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "使用ä¸ã®ãƒ‡ãƒã‚¤ã‚¹ %s を変æ›ã§ãã¾ã›ã‚“。" -#: lib/setup.c:6098 lib/setup.c:6237 +#: lib/setup.c:7117 lib/setup.c:7256 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "æ–°ã—ã„ボリュームã‚ーå‘ã‘ã®ã‚ースãƒãƒƒãƒˆ %u を確ä¿ã§ãã¾ã›ã‚“。" -#: lib/setup.c:6122 +#: lib/setup.c:7141 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "デフォルト LUKS2 ã‚ースãƒãƒƒãƒˆãƒ‘ラメータをåˆæœŸåŒ–ã§ãã¾ã›ã‚“。" -#: lib/setup.c:6128 +#: lib/setup.c:7147 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "ダイジェストã™ã‚‹ãŸã‚ã®ã‚ースãƒãƒƒãƒˆ %d ãŒç¢ºä¿ã§ãã¾ã›ã‚“。" -#: lib/setup.c:6353 +#: lib/setup.c:7372 msgid "Cannot add key slot, all slots disabled and no volume key provided." msgstr "ã‚ースãƒãƒƒãƒˆã‚’è¿½åŠ ã§ãã¾ã›ã‚“。全ã¦ã®ã‚¹ãƒãƒƒãƒˆãŒç„¡åŠ¹ã§ãƒœãƒªãƒ¥ãƒ¼ãƒ ã‚ーãŒæ¸¡ã•ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚" -#: lib/setup.c:6490 -msgid "Kernel keyring is not supported by the kernel." -msgstr "カーãƒãƒ«ãŒã‚«ãƒ¼ãƒãƒ«ã‚ーリングをサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" +#: lib/setup.c:7441 lib/verity/verity.c:343 +msgid "Failed to load key in kernel keyring." +msgstr "ã‚ーをカーãƒãƒ«ã‚ーリングã«ãƒãƒ¼ãƒ‰ã§ãã¾ã›ã‚“。" -#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 +#: lib/setup.c:7559 +msgid "Failed to unlink volume key from thread keyring." +msgstr "ボリュームã‚ーをスレッドã‚ーリングã‹ã‚‰ã‚¢ãƒ³ãƒªãƒ³ã‚¯ã§ãã¾ã›ã‚“。" + +#: lib/setup.c:7586 #, c-format -msgid "Failed to read passphrase from keyring (error %d)." -msgstr "ã‚ーリングã‹ã‚‰ãƒ‘スフレーズãŒèªã¿å‡ºã›ã¾ã›ã‚“ (エラー %d)。" +msgid "Could not find keyring described by \"%s\"." +msgstr "ã‚ーリング \"%s\" ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚" -#: lib/setup.c:6523 +#: lib/setup.c:7645 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "ã‚°ãƒãƒ¼ãƒãƒ« memory-hard アクセス直列化ãƒãƒƒã‚¯ãŒå–ã‚Œã¾ã›ã‚“。" -#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 +#: lib/utils.c:205 lib/tcrypt/tcrypt.c:503 msgid "Failed to open key file." msgstr "ã‚ーファイルãŒã‚ªãƒ¼ãƒ—ンã§ãã¾ã›ã‚“。" -#: lib/utils.c:163 +#: lib/utils.c:210 msgid "Cannot read keyfile from a terminal." msgstr "ターミナルã‹ã‚‰ã‚ーファイルをèªã¿ã“ã‚ã¾ã›ã‚“。" -#: lib/utils.c:179 +#: lib/utils.c:226 msgid "Failed to stat key file." msgstr "ã‚ーファイルを stat() ã§ãã¾ã›ã‚“。" -#: lib/utils.c:187 lib/utils.c:208 +#: lib/utils.c:234 lib/utils.c:255 msgid "Cannot seek to requested keyfile offset." msgstr "指定ã•ã‚ŒãŸã‚ーファイルオフセットã«ã‚·ãƒ¼ã‚¯ã§ãã¾ã›ã‚“。" -#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 -#: src/utils_password.c:237 +#: lib/utils.c:249 lib/utils.c:264 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "パスフレーズèªã¿è¾¼ã¿ä¸ã«ãƒ¡ãƒ¢ãƒªãŒä¸è¶³ã—ã¾ã—ãŸã€‚" -#: lib/utils.c:237 +#: lib/utils.c:284 msgid "Error reading passphrase." msgstr "パスフレーズã®èªã¿è¾¼ã¿ã§ã‚¨ãƒ©ãƒ¼ã€‚" -#: lib/utils.c:254 +#: lib/utils.c:301 msgid "Nothing to read on input." msgstr "èªã‚‚ã†ã¨ã—ãŸã‚‰å…¥åŠ›ãŒç©ºã§ã™ã€‚" -#: lib/utils.c:261 +#: lib/utils.c:308 msgid "Maximum keyfile size exceeded." msgstr "ã‚ーファイルãŒæœ€å¤§ã‚µã‚¤ã‚ºã‚’超ãˆã¦ã„ã¾ã™ã€‚" -#: lib/utils.c:266 +#: lib/utils.c:313 msgid "Cannot read requested amount of data." msgstr "指定ã•ã‚ŒãŸã‚µã‚¤ã‚ºã®ãƒ‡ãƒ¼ã‚¿ã‚’èªã¿è¾¼ã‚ã¾ã›ã‚“。" -#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 +#: lib/utils_device.c:213 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1461 #, c-format msgid "Device %s does not exist or access denied." msgstr "デãƒã‚¤ã‚¹ %s ã¯å˜åœ¨ã—ãªã„ã‹ã‚¢ã‚¯ã‚»ã‚¹ãŒæ‹’å¦ã•ã‚Œã¾ã—ãŸã€‚" -#: lib/utils_device.c:217 +#: lib/utils_device.c:223 #, c-format msgid "Device %s is not compatible." msgstr "デãƒã‚¤ã‚¹ %s ã¯äº’æ›æ€§ãŒã‚ã‚Šã¾ã›ã‚“。" -#: lib/utils_device.c:561 +#: lib/utils_device.c:567 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "データデãƒã‚¤ã‚¹ã®ãŠã‹ã—ãª(bogus) optimal-io サイズ (%u ãƒã‚¤ãƒˆ) ã¯ç„¡è¦–ã—ã¾ã™ã€‚" -#: lib/utils_device.c:722 +#: lib/utils_device.c:728 #, c-format msgid "Device %s is too small. Need at least %<PRIu64> bytes." msgstr "デãƒã‚¤ã‚¹ %s ãŒå°ã•ã™ãŽã¾ã™ã€‚å°‘ãªãã¨ã‚‚ %<PRIu64> ãƒã‚¤ãƒˆå¿…è¦ã§ã™ã€‚" -#: lib/utils_device.c:803 +#: lib/utils_device.c:809 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "デãƒã‚¤ã‚¹ %s ã¯ä½¿ç”¨ä¸ã§ä½¿ãˆã¾ã›ã‚“ (æ—¢ã«ãƒžãƒƒãƒ—ã•ã‚Œã¦ã„ã‚‹ã‹ãƒžã‚¦ãƒ³ãƒˆã•ã‚Œã¦ã„ã¾ã™)。" -#: lib/utils_device.c:807 +#: lib/utils_device.c:813 #, c-format msgid "Cannot use device %s, permission denied." msgstr "デãƒã‚¤ã‚¹ %s ãŒä½¿ãˆã¾ã›ã‚“ã€æ‹’å¦ã•ã‚Œã¾ã—ãŸã€‚" -#: lib/utils_device.c:810 +#: lib/utils_device.c:816 #, c-format msgid "Cannot get info about device %s." msgstr "デãƒã‚¤ã‚¹ %s ã«ã¤ã„ã¦ã®æƒ…å ±ãŒå–å¾—ã§ãã¾ã›ã‚“。" -#: lib/utils_device.c:833 +#: lib/utils_device.c:839 msgid "Cannot use a loopback device, running as non-root user." msgstr "ループãƒãƒƒã‚¯ãƒ‡ãƒã‚¤ã‚¹ãŒä½¿ãˆã¾ã›ã‚“ã€éž root ユーザã§å®Ÿè¡Œã—ã¦ã„ã¾ã›ã‚“ã‹ã€‚" -#: lib/utils_device.c:844 +#: lib/utils_device.c:850 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "ループデãƒã‚¤ã‚¹ã®ã‚¢ã‚¿ãƒƒãƒã§ãã¾ã›ã‚“ (autoclear 付ãã®ãƒ«ãƒ¼ãƒ—デãƒã‚¤ã‚¹ãŒå¿…è¦ã§ã™)。" -#: lib/utils_device.c:892 +#: lib/utils_device.c:898 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "指定ã•ã‚ŒãŸã‚ªãƒ•ã‚»ãƒƒãƒˆã¯ãƒ‡ãƒã‚¤ã‚¹ %s ã®å®Ÿéš›ã®ã‚µã‚¤ã‚ºã‚’超ãˆã¦ã„ã¾ã™ã€‚" -#: lib/utils_device.c:900 +#: lib/utils_device.c:906 #, c-format msgid "Device %s has zero size." msgstr "デãƒã‚¤ã‚¹ %s ã®ã‚µã‚¤ã‚ºãŒ 0 ã§ã™ã€‚" -#: lib/utils_pbkdf.c:100 +#: lib/utils_pbkdf.c:116 msgid "Requested PBKDF target time cannot be zero." msgstr "è¦æ±‚ã•ã‚ŒãŸ PBKDF ã®ç›®æ¨™æ™‚間㯠0 ã§ã¯ã„ã‘ã¾ã›ã‚“。" -#: lib/utils_pbkdf.c:106 +#: lib/utils_pbkdf.c:122 #, c-format msgid "Unknown PBKDF type %s." msgstr "%s ã¯ä¸æ˜Žãª PBKDF タイプã§ã™ã€‚" -#: lib/utils_pbkdf.c:111 +#: lib/utils_pbkdf.c:127 #, c-format msgid "Requested hash %s is not supported." msgstr "è¦æ±‚ã•ã‚ŒãŸãƒãƒƒã‚·ãƒ¥ %s ã¯ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/utils_pbkdf.c:122 +#: lib/utils_pbkdf.c:138 msgid "Requested PBKDF type is not supported for LUKS1." msgstr "è¦æ±‚ã•ã‚ŒãŸ PBKDF タイプ㯠LUKS1 ã§ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/utils_pbkdf.c:128 +#: lib/utils_pbkdf.c:144 msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "PBKDF ã® max memory ã‚„ parallel threads 㯠pbkdf2 ã®æ™‚ã¯è¨å®šã§ãã¾ã›ã‚“。" -#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#: lib/utils_pbkdf.c:149 lib/utils_pbkdf.c:159 #, c-format msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "%s ã«ã¤ã„ã¦å¼·åˆ¶ã•ã‚Œã‚‹æœ€å°ç¹°ã‚Šè¿”ã—回数ãŒå°ã•ã™ãŽã¾ã™ (æœ€å° %u)。" -#: lib/utils_pbkdf.c:148 +#: lib/utils_pbkdf.c:164 #, c-format msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." msgstr "%s ã«ã¤ã„ã¦å¼·åˆ¶ã•ã‚Œã‚‹ãƒ¡ãƒ¢ãƒªã‚³ã‚¹ãƒˆãŒå°ã•ã™ãŽã¾ã™ (æœ€å° %u KB)。" -#: lib/utils_pbkdf.c:155 +#: lib/utils_pbkdf.c:171 #, c-format msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." msgstr "指定ã•ã‚ŒãŸ PBKDF メモリコストãŒå¤§ãã™ãŽã¾ã™ (最大 %d KB)。" -#: lib/utils_pbkdf.c:160 +#: lib/utils_pbkdf.c:176 msgid "Requested maximum PBKDF memory cannot be zero." msgstr "PBKDF メモリ㯠0 ã§ã¯ã„ã‘ã¾ã›ã‚“。" -#: lib/utils_pbkdf.c:164 +#: lib/utils_pbkdf.c:180 msgid "Requested PBKDF parallel threads cannot be zero." msgstr "è¦æ±‚ã•ã‚ŒãŸ PBKDF 並列スレッド数㯠0 ã§ã¯ã„ã‘ã¾ã›ã‚“。" -#: lib/utils_pbkdf.c:184 +#: lib/utils_pbkdf.c:200 msgid "Only PBKDF2 is supported in FIPS mode." msgstr "FIPS モードã§ã¯ PBKDF2 ã—ã‹ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/utils_benchmark.c:175 +#: lib/utils_benchmark.c:184 msgid "PBKDF benchmark disabled but iterations not set." msgstr "PBKDF ベンãƒãƒžãƒ¼ã‚¯ãŒç„¡åŠ¹ã§ã™ãŒç¹°ã‚Šè¿”ã—回数ãŒè¨å®šã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/utils_benchmark.c:194 +#: lib/utils_benchmark.c:203 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "PBKDF2 ã¨äº’æ›æ€§ã®ãªã„オプションã§ã™ (ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ %s)。" -#: lib/utils_benchmark.c:214 +#: lib/utils_benchmark.c:223 msgid "Not compatible PBKDF options." msgstr "互æ›æ€§ã®ãªã„ PBKDF オプションã§ã™ã€‚" @@ -770,16 +864,24 @@ msgstr "ãƒãƒƒã‚¯ã‚’ä¸æ¢ã—ã¾ã™ã€‚ãƒãƒƒã‚¯ã«ä½¿ã†ãƒ‘ス %s/%s ãŒä½¿ç”¨ã msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "ãƒãƒƒã‚¯ã‚’ä¸æ¢ã—ã¾ã™ã€‚ãƒãƒƒã‚¯ã«ä½¿ã†ãƒ‘ス %s/%s ãŒä½¿ç”¨ã§ãã¾ã›ã‚“ (%s ã¯ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã§ã¯ã‚ã‚Šã¾ã›ã‚“)。" -#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: lib/utils_wipe.c:156 lib/utils_wipe.c:227 src/utils_reencrypt_luks1.c:734 #: src/utils_reencrypt_luks1.c:832 msgid "Cannot seek to device offset." msgstr "デãƒã‚¤ã‚¹ã‚ªãƒ•ã‚»ãƒƒãƒˆã¾ã§ seek ã§ãã¾ã›ã‚“。" -#: lib/utils_wipe.c:247 +#: lib/utils_wipe.c:249 #, c-format msgid "Device wipe error, offset %<PRIu64>." msgstr "デãƒã‚¤ã‚¹ã®ãƒ¯ã‚¤ãƒ—ã§ã‚¨ãƒ©ãƒ¼, オフセット %<PRIu64>." +#: lib/utils_wipe.c:344 +msgid "Incorrect OPAL PSID." +msgstr "OPAL PSID ãŒæ£ã—ãã‚ã‚Šã¾ã›ã‚“。" + +#: lib/utils_wipe.c:346 +msgid "Cannot erase OPAL device." +msgstr "OPAL デãƒã‚¤ã‚¹ を削除ã§ãã¾ã›ã‚“。" + #: lib/luks1/keyencryption.c:39 #, c-format msgid "" @@ -799,7 +901,7 @@ msgstr "æš—å·ã®æŒ‡å®šã¯ [æš—å·]-[モード]-[åˆæœŸãƒ™ã‚¯ã‚¿] ã¨ã„ã†å½¢å¼ #: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 #: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 -#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 +#: lib/luks2/luks2_json_metadata.c:1528 lib/luks2/luks2_keyslot.c:712 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "デãƒã‚¤ã‚¹ %s ã«æ›¸ãè¾¼ã‚ã¾ã›ã‚“。パーミッションãŒã‚ã‚Šã¾ã›ã‚“。" @@ -813,17 +915,17 @@ msgid "Failed to access temporary keystore device." msgstr "一時的ãªã‚ーストアデãƒã‚¤ã‚¹ã«ã‚¢ã‚¯ã‚»ã‚¹ã§ãã¾ã›ã‚“。" #: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 -#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:197 msgid "IO error while encrypting keyslot." msgstr "ã‚ースãƒãƒƒãƒˆã‚’æš—å·åŒ–ä¸ã«I/OエラーãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚" #: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 -#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:681 #: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 #: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 #: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 #: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 -#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: lib/luks2/luks2_json_metadata.c:1531 src/utils_reencrypt_luks1.c:121 #: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." @@ -845,32 +947,32 @@ msgstr "デãƒã‚¤ã‚¹ %s ãŒå°ã•ã™ãŽã¾ã™ã€‚(LUKS1 ã¯æœ€ä½Žã§ã‚‚ %<PRIu64> msgid "LUKS keyslot %u is invalid." msgstr "LUKS ã‚ースãƒãƒƒãƒˆ %u ã¯ä¸æ£ã§ã™ã€‚" -#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1391 #, c-format msgid "Requested header backup file %s already exists." msgstr "è¦æ±‚ã•ã‚ŒãŸãƒ˜ãƒƒãƒ€ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ファイル %s ã¯æ—¢ã«å˜åœ¨ã—ã¦ã„ã¾ã™ã€‚" -#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1393 #, c-format msgid "Cannot create header backup file %s." msgstr "ヘッダãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ファイル %s ãŒä½œæˆã§ãã¾ã›ã‚“。" -#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1400 #, c-format msgid "Cannot write header backup file %s." msgstr "ヘッダãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ファイル %s ã«æ›¸ãè¾¼ã‚ã¾ã›ã‚“。" -#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1437 msgid "Backup file does not contain valid LUKS header." msgstr "ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ファイルãŒæœ‰åŠ¹ãª LUKS ヘッダをå«ã‚“ã§ã„ã¾ã›ã‚“。" #: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 -#: lib/luks2/luks2_json_metadata.c:1420 +#: lib/luks2/luks2_json_metadata.c:1458 #, c-format msgid "Cannot open header backup file %s." msgstr "ヘッダãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ファイル %s をオープンã§ãã¾ã›ã‚“。" -#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1466 #, c-format msgid "Cannot read header backup file %s." msgstr "ヘッダãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ファイル %s ã‚’èªã‚ã¾ã›ã‚“。" @@ -892,7 +994,7 @@ msgstr "LUKS ヘッダãŒå«ã¾ã‚Œã¦ã„ã¾ã›ã‚“。ヘッダを置ãæ›ãˆã‚‹ã msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "LUKS ヘッダを既ã«å«ã‚“ã§ã„ã¾ã™ã€‚ヘッダを置ãæ›ãˆã‚‹ã¨æ—¢ã«ã‚ã‚‹ã‚ースãƒãƒƒãƒˆã‚’ç ´å£Šã—ã¾ã™ã€‚" -#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1500 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -966,7 +1068,7 @@ msgstr "LUKS æš—å·ãƒ¢ãƒ¼ãƒ‰ %s ã¯ä¸æ£ã§ã™ã€‚" msgid "LUKS hash %s is invalid." msgstr "LUKS ãƒãƒƒã‚·ãƒ¥ %s ã¯ä¸æ£ã§ã™ã€‚" -#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1352 msgid "No known problems detected for LUKS header." msgstr "LUKS ヘッダã«æ—¢çŸ¥ã®ä¸å…·åˆã¯æ¤œå‡ºã•ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚" @@ -985,8 +1087,8 @@ msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "LUKS ヘッダã®ãƒ‡ãƒ¼ã‚¿ã¸ã®ã‚ªãƒ•ã‚»ãƒƒãƒˆã¯ 0 ã‹ãƒ˜ãƒƒãƒ€ã‚µã‚¤ã‚ºã‚ˆã‚Šå¤§ãããªã‘ã‚Œã°ã„ã‘ã¾ã›ã‚“。" #: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 -#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 -#: src/utils_reencrypt.c:539 +#: lib/luks2/luks2_json_format.c:243 lib/luks2/luks2_json_metadata.c:1274 +#: src/utils_reencrypt.c:554 msgid "Wrong LUKS UUID format provided." msgstr "LUKS UUID ã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã¾ã™ã€‚" @@ -1023,7 +1125,7 @@ msgstr "ã‚ースãƒãƒƒãƒˆã‚’オープンã§ãã¾ã›ã‚“ (ãƒãƒƒã‚·ãƒ¥ %s を使 msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "ã‚ースãƒãƒƒãƒˆ %d ã¯ä¸æ£ã§ã™ã€‚0 ã‹ã‚‰ %d ã®é–“ã‚’é¸ã‚“ã§ãã ã•ã„。" -#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:716 #, c-format msgid "Cannot wipe device %s." msgstr "デãƒã‚¤ã‚¹ %s をワイプã§ãã¾ã›ã‚“。" @@ -1044,48 +1146,48 @@ msgstr "互æ›æ€§ã®ãªã„ loop-AES ã‚ーファイルãŒæ¤œå‡ºã•ã‚Œã¾ã—ãŸã€ msgid "Kernel does not support loop-AES compatible mapping." msgstr "カーãƒãƒ«ãŒ loop-AES 互æ›ãƒžãƒƒãƒ”ングをサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/tcrypt/tcrypt.c:508 +#: lib/tcrypt/tcrypt.c:510 #, c-format msgid "Error reading keyfile %s." msgstr "ã‚ーファイル %s ã‚’èªã¿è¾¼ã¿ä¸ã«ã‚¨ãƒ©ãƒ¼ã€‚" -#: lib/tcrypt/tcrypt.c:558 +#: lib/tcrypt/tcrypt.c:560 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "TCRYPT パスフレーズã®æœ€å¤§é•· (%zu) を超ãˆã¾ã—ãŸã€‚" -#: lib/tcrypt/tcrypt.c:600 +#: lib/tcrypt/tcrypt.c:602 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "PBKDF2 ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ %s ãŒåˆ©ç”¨ã§ããªã„ã®ã§ã‚¹ã‚ップã—ã¾ã™ã€‚" -#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1227 msgid "Required kernel crypto interface not available." msgstr "å¿…è¦ãªã‚«ãƒ¼ãƒãƒ« crypto インターフェースãŒä½¿ç”¨ã§ãã¾ã›ã‚“。" -#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 +#: lib/tcrypt/tcrypt.c:623 src/cryptsetup.c:1229 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "algif_skcipher カーãƒãƒ«ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’ãƒãƒ¼ãƒ‰ã—ã¦ãã ã•ã„。" -#: lib/tcrypt/tcrypt.c:762 +#: lib/tcrypt/tcrypt.c:764 #, c-format msgid "Activation is not supported for %d sector size." msgstr "アクティベーション㯠%d セクタサイズã§ã¯ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/tcrypt/tcrypt.c:768 +#: lib/tcrypt/tcrypt.c:770 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "カーãƒãƒ«ãŒ TCRYPT レガシーモードã®ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ã‚·ãƒ§ãƒ³ã‚’サãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/tcrypt/tcrypt.c:799 +#: lib/tcrypt/tcrypt.c:801 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "TCRYPT システム暗å·ã‚’パーティション %s ã«å¯¾ã—ã¦ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ã‚·ãƒ§ãƒ³ã—ã¾ã—ãŸã€‚" -#: lib/tcrypt/tcrypt.c:882 +#: lib/tcrypt/tcrypt.c:884 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "カーãƒãƒ«ãŒ TCRYPT 互æ›ã®ãƒžãƒƒãƒ”ングをサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/tcrypt/tcrypt.c:1095 +#: lib/tcrypt/tcrypt.c:1097 msgid "This function is not supported without TCRYPT header load." msgstr "ã“ã®æ©Ÿèƒ½ã¯ TCRYPT ヘッダã®èªã¿è¾¼ã¿ãªã—ã§ã¯ã‚µãƒãƒ¼ãƒˆã—ã¾ã›ã‚“。" @@ -1144,74 +1246,74 @@ msgstr "%s ã‹ã‚‰ BITLK メタデータエントリをèªã¿è¾¼ã‚ã¾ã›ã‚“ã§ã msgid "Failed to convert BITLK volume description" msgstr "BITLKボリューム㮠description を変æ›ã§ãã¾ã›ã‚“。" -#: lib/bitlk/bitlk.c:882 +#: lib/bitlk/bitlk.c:884 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "外部ã‚ーを解釈ä¸ã«äºˆæœŸã—ãªã„メタデータエントリタイプ '%u' ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚" -#: lib/bitlk/bitlk.c:905 +#: lib/bitlk/bitlk.c:907 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "BEK ファイル GUID '%s' ãŒãƒœãƒªãƒ¥ãƒ¼ãƒ ã® GUID ã¨ä¸€è‡´ã—ã¾ã›ã‚“。" -#: lib/bitlk/bitlk.c:909 +#: lib/bitlk/bitlk.c:911 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "外部ã‚ーを解釈ä¸ã«äºˆæœŸã—ãªã„メタデータエントリー値 '%u' ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚" -#: lib/bitlk/bitlk.c:948 +#: lib/bitlk/bitlk.c:950 #, c-format msgid "Unsupported BEK metadata version %<PRIu32>" msgstr "サãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ãªã„ BEK メタデータãƒãƒ¼ã‚¸ãƒ§ãƒ³ %<PRIu32> ã§ã™ã€‚" -#: lib/bitlk/bitlk.c:953 +#: lib/bitlk/bitlk.c:955 #, c-format msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length" msgstr "予期ã—ãªã„ BEK メタデータサイズ %<PRIu32> 㯠BEK ファイルサイズã¨åˆã„ã¾ã›ã‚“" -#: lib/bitlk/bitlk.c:979 +#: lib/bitlk/bitlk.c:981 msgid "Unexpected metadata entry found when parsing startup key." msgstr "スタートアップã‚ーを解釈ä¸ã«äºˆæœŸã—ãªã„メタデータエントリãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚" -#: lib/bitlk/bitlk.c:1075 +#: lib/bitlk/bitlk.c:1076 msgid "This operation is not supported." msgstr "ã“ã®æ“作ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/bitlk/bitlk.c:1083 +#: lib/bitlk/bitlk.c:1084 msgid "Unexpected key data size." msgstr "予期ã—ãªã„ã‚ーデータサイズã§ã™ã€‚" -#: lib/bitlk/bitlk.c:1209 +#: lib/bitlk/bitlk.c:1210 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "ã“ã® BITLK デãƒã‚¤ã‚¹ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ãªã„状態ã«ã‚ã‚‹ãŸã‚アクティベートã§ãã¾ã›ã‚“。" -#: lib/bitlk/bitlk.c:1214 +#: lib/bitlk/bitlk.c:1215 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "タイプ '%s' ã® BITLK デãƒã‚¤ã‚¹ã¯ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ãƒˆã§ãã¾ã›ã‚“。" -#: lib/bitlk/bitlk.c:1221 +#: lib/bitlk/bitlk.c:1222 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "部分的ã«å¾©å·ã•ã‚ŒãŸ BITLK デãƒã‚¤ã‚¹ã®ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ã‚·ãƒ§ãƒ³ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/bitlk/bitlk.c:1262 +#: lib/bitlk/bitlk.c:1263 #, c-format msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>" msgstr "è¦å‘Š: BitLocker ボリュームサイズ %<PRIu64> ãŒãƒ‡ãƒã‚¤ã‚¹ã‚µã‚¤ã‚º %<PRIu64> ã¨ä¸€è‡´ã—ã¾ã›ã‚“" -#: lib/bitlk/bitlk.c:1389 +#: lib/bitlk/bitlk.c:1390 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "カーãƒãƒ«ã® dm-crypt ㌠BITLK IV をサãƒãƒ¼ãƒˆã—ã¦ã„ãªã„ãŸã‚デãƒã‚¤ã‚¹ã‚’アクティベートã§ãã¾ã›ã‚“。" -#: lib/bitlk/bitlk.c:1393 +#: lib/bitlk/bitlk.c:1394 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "カーãƒãƒ«ã® dm-crypt ㌠BITLK Elephant diffuser をサãƒãƒ¼ãƒˆã—ã¦ã„ãªã„ãŸã‚デãƒã‚¤ã‚¹ã‚’アクティベートã§ãã¾ã›ã‚“。" -#: lib/bitlk/bitlk.c:1397 +#: lib/bitlk/bitlk.c:1398 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "カーãƒãƒ«ã® dm-crypt ãŒãƒ©ãƒ¼ã‚¸ã‚»ã‚¯ã‚¿ã‚µã‚¤ã‚ºã‚’サãƒãƒ¼ãƒˆã—ã¦ã„ãªã„ãŸã‚デãƒã‚¤ã‚¹ã‚’アクティベートã§ãã¾ã›ã‚“。" -#: lib/bitlk/bitlk.c:1401 +#: lib/bitlk/bitlk.c:1402 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "カーãƒãƒ«ã® dm-zero モジュールãŒãªã„ãŸã‚デãƒã‚¤ã‚¹ã‚’アクティベートã§ãã¾ã›ã‚“。" @@ -1249,28 +1351,32 @@ msgstr "デãƒã‚¤ã‚¹ %s ã® VERITY UUID フォーマットãŒé–“é•ã£ã¦ã„ã¾ã msgid "Error during update of verity header on device %s." msgstr "デãƒã‚¤ã‚¹ %s ã® verity ヘッダを更新ä¸ã«ã‚¨ãƒ©ãƒ¼ã€‚" -#: lib/verity/verity.c:278 +#: lib/verity/verity.c:274 msgid "Root hash signature verification is not supported." msgstr "ルートãƒãƒƒã‚·ãƒ¥ç½²åã®æ¤œè¨¼ã¯ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/verity/verity.c:290 +#: lib/verity/verity.c:279 +msgid "Root hash signature required." +msgstr "ルートãƒãƒƒã‚·ãƒ¥ç½²åãŒå¿…è¦ã§ã™ã€‚" + +#: lib/verity/verity.c:294 msgid "Errors cannot be repaired with FEC device." msgstr "FEC デãƒã‚¤ã‚¹ã®ã‚¨ãƒ©ãƒ¼ãŒä¿®å¾©ã§ãã¾ã›ã‚“。" -#: lib/verity/verity.c:292 +#: lib/verity/verity.c:296 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "FEC デãƒã‚¤ã‚¹ã« %u 個ã®ä¿®å¾©å¯èƒ½ãªã‚¨ãƒ©ãƒ¼ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚" -#: lib/verity/verity.c:335 +#: lib/verity/verity.c:377 msgid "Kernel does not support dm-verity mapping." msgstr "カーãƒãƒ«ãŒ dm-verity マッピングをサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/verity/verity.c:339 +#: lib/verity/verity.c:381 msgid "Kernel does not support dm-verity signature option." msgstr "カーãƒãƒ«ãŒ dm-verity ç½²åオプションをサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: lib/verity/verity.c:350 +#: lib/verity/verity.c:392 msgid "Verity device detected corruption after activation." msgstr "アクティベーションã•ã‚ŒãŸ Verity デãƒã‚¤ã‚¹ãŒç ´æãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚" @@ -1364,7 +1470,7 @@ msgstr "デãƒã‚¤ã‚¹ %s ã®ã‚µã‚¤ã‚ºãŒä¸æ˜Žã§ã™ã€‚" msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." msgstr "互æ›æ€§ã®ãªã„カーãƒãƒ«ã® dm-integrity ã®ãƒ¡ã‚¿ãƒ‡ãƒ¼ã‚¿ (ãƒãƒ¼ã‚¸ãƒ§ãƒ³ %u) ㌠%s ã«æ¤œå‡ºã•ã‚Œã¾ã—ãŸã€‚" -#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:454 msgid "Kernel does not support dm-integrity mapping." msgstr "カーãƒãƒ«ãŒ dm-integrity マッピングをサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" @@ -1376,8 +1482,8 @@ msgstr "カーãƒãƒ«ãŒ dm-integrity 固定メタデータアラインメントã msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "カーãƒãƒ«ãŒå®‰å…¨ã§ãªã„å†è¨ˆç®—オプションを拒å¦ã—ã¾ã—㟠(レガジーアクティベーションオプションã§ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã§ãã¾ã™)。" -#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 -#: lib/luks2/luks2_json_metadata.c:1482 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1197 +#: lib/luks2/luks2_json_metadata.c:1520 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®æ›¸ãè¾¼ã¿ã®ãŸã‚ã®ãƒãƒƒã‚¯ã‚’å–å¾—ã§ãã¾ã›ã‚“ã§ã—ãŸã€‚" @@ -1394,49 +1500,59 @@ msgstr "" "デãƒã‚¤ã‚¹ã®ã‚·ã‚°ãƒãƒãƒ£ãŒæ›–昧ãªã®ã§ã€LUKS2 ã®è‡ªå‹•ä¿®å¾©ãŒã§ãã¾ã›ã‚“。.\n" "修復ã™ã‚‹ã«ã¯ \"cryptsetup repair\" を実行ã—ã¦ãã ã•ã„。" -#: lib/luks2/luks2_json_format.c:229 +#: lib/luks2/luks2_json_format.c:231 +#, c-format +msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "è¦å‘Š: ã‚ースãƒãƒƒãƒˆé ˜åŸŸ (%<PRIu64> ãƒã‚¤ãƒˆ) ãŒã¨ã¦ã‚‚å°ã•ã„ãŸã‚ã€åˆ©ç”¨å¯èƒ½ãª LUKS2 ã‚ースãƒãƒƒãƒˆæ•°ãŒåˆ¶é™ã•ã‚Œã¾ã™ã€‚\n" + +#: lib/luks2/luks2_json_format.c:427 msgid "Requested data offset is too small." msgstr "è¦æ±‚ã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã‚ªãƒ•ã‚»ãƒƒãƒˆãŒå°ã•ã™ãŽã¾ã™ã€‚" -#: lib/luks2/luks2_json_format.c:274 +#: lib/luks2/luks2_json_format.c:468 #, c-format -msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" -msgstr "è¦å‘Š: ã‚ースãƒãƒƒãƒˆé ˜åŸŸ (%<PRIu64> ãƒã‚¤ãƒˆ) ãŒã¨ã¦ã‚‚å°ã•ã„ãŸã‚ã€åˆ©ç”¨å¯èƒ½ãª LUKS2 ã‚ースãƒãƒƒãƒˆæ•°ãŒåˆ¶é™ã•ã‚Œã¾ã™ã€‚\n" +msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" +msgstr "è¦å‘Š: LUKS2 メタデータサイズ㌠%<PRIu64> ãƒã‚¤ãƒˆã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚\n" + +#: lib/luks2/luks2_json_format.c:472 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" +msgstr "è¦å‘Š: LUKS2 ã‚ースãƒãƒƒãƒˆé ˜åŸŸã‚µã‚¤ã‚ºãŒ %<PRIu64> ãƒã‚¤ãƒˆã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚\n" -#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 -#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_json_metadata.c:1184 lib/luks2/luks2_json_metadata.c:1366 +#: lib/luks2/luks2_json_metadata.c:1426 lib/luks2/luks2_keyslot_luks2.c:94 #: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®èªã¿è¾¼ã¿ã®ãŸã‚ã®ãƒãƒƒã‚¯ã‚’å–å¾—ã§ãã¾ã›ã‚“ã§ã—ãŸã€‚" -#: lib/luks2/luks2_json_metadata.c:1405 +#: lib/luks2/luks2_json_metadata.c:1443 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "ç¦æ¢ã•ã‚ŒãŸ LUKS2 è¦æ±‚ãŒãƒãƒƒã‚¯ã‚¢ãƒƒãƒ— %s ã«æ¤œå‡ºã•ã‚Œã¾ã—ãŸã€‚" -#: lib/luks2/luks2_json_metadata.c:1446 +#: lib/luks2/luks2_json_metadata.c:1484 msgid "Data offset differ on device and backup, restore failed." msgstr "データオフセットãŒãƒ‡ãƒã‚¤ã‚¹ã¨ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã¨ç•°ãªã‚‹ãŸã‚修復ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_json_metadata.c:1452 +#: lib/luks2/luks2_json_metadata.c:1490 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "ã‚ースãƒãƒƒãƒˆé ˜åŸŸã®ã‚ã‚‹ãƒã‚¤ãƒŠãƒªãƒ˜ãƒƒãƒ€ã®ã‚µã‚¤ã‚ºãŒãƒ‡ãƒã‚¤ã‚¹ã¨ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã§ç•°ãªã‚‹ãŸã‚修復ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_json_metadata.c:1459 +#: lib/luks2/luks2_json_metadata.c:1497 #, c-format msgid "Device %s %s%s%s%s" msgstr "デãƒã‚¤ã‚¹ %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1460 +#: lib/luks2/luks2_json_metadata.c:1498 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "LUKS2 ヘッダãŒå«ã¾ã‚Œã¦ã„ã¾ã›ã‚“。ヘッダを置ãæ›ãˆã‚‹ã¨ãƒ‡ãƒ¼ã‚¿ã‚’ç ´å£Šã—ã‹ãã¾ã›ã‚“。" -#: lib/luks2/luks2_json_metadata.c:1461 +#: lib/luks2/luks2_json_metadata.c:1499 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "既㫠LUKS2 ヘッダãŒã‚ã‚Šã¾ã™ã€‚ヘッダを置ãæ›ãˆã‚‹ã¨æ—¢ã«ã‚ã‚‹ã‚ースãƒãƒƒãƒˆã‚’ç ´å£Šã—ã¾ã™ã€‚" -#: lib/luks2/luks2_json_metadata.c:1463 +#: lib/luks2/luks2_json_metadata.c:1501 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1446,7 +1562,7 @@ msgstr "" "è¦å‘Š: ä¸æ˜Žãª LUKS2 ã¸ã®è¦æ±‚ãŒãƒªã‚¢ãƒ«ãƒ‡ãƒã‚¤ã‚¹ãƒ˜ãƒƒãƒ€ã«ã‚ã‚Šã¾ã™ï¼\n" "ヘッダをãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã§ç½®ãæ›ãˆã‚‹ã¨ãƒ‡ãƒ¼ã‚¿ã‚’ç ´å£Šã™ã‚‹æã‚ŒãŒã‚ã‚Šã¾ã™ï¼" -#: lib/luks2/luks2_json_metadata.c:1465 +#: lib/luks2/luks2_json_metadata.c:1503 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1456,58 +1572,92 @@ msgstr "" "è¦å‘Š: オフラインã®å†æš—å·åŒ–ãŒçµ‚了ã—ã¦ã„ã¾ã›ã‚“ï¼\n" "ヘッダを置ãæ›ãˆã‚‹ã¨ãƒ‡ãƒ¼ã‚¿ã‚’ç ´å£Šã—ã‹ãã¾ã›ã‚“。" -#: lib/luks2/luks2_json_metadata.c:1562 +#: lib/luks2/luks2_json_metadata.c:1600 #, c-format msgid "Ignored unknown flag %s." msgstr "ä¸æ˜Žãªãƒ•ãƒ©ã‚° %s を無視ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 +#: lib/luks2/luks2_json_metadata.c:2525 lib/luks2/luks2_reencrypt.c:2090 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "dm-crypt セグメント %u ã«ã‚ーãŒã‚ã‚Šã¾ã›ã‚“" -#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 +#: lib/luks2/luks2_json_metadata.c:2537 lib/luks2/luks2_reencrypt.c:2104 msgid "Failed to set dm-crypt segment." msgstr "dm-crypt セグメントã®è¨å®šã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 +#: lib/luks2/luks2_json_metadata.c:2543 lib/luks2/luks2_reencrypt.c:2110 msgid "Failed to set dm-linear segment." msgstr "dm-linear セグメントã®è¨å®šã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_json_metadata.c:2615 +#: lib/luks2/luks2_json_metadata.c:2662 src/utils_reencrypt.c:433 +msgid "No known cipher specification pattern detected in LUKS2 header." +msgstr "LUKS2 ヘッダã«æ—¢çŸ¥ã®æš—å·ã‚¹ãƒšãƒƒã‚¯ãƒ‘ターンを検出ã§ãã¾ã›ã‚“ã§ã—ãŸã€‚" + +#: lib/luks2/luks2_json_metadata.c:2670 +msgid "OPAL device must have static device size." +msgstr "OPAL デãƒã‚¤ã‚¹ã¯å›ºå®šãƒ‡ãƒã‚¤ã‚¹ã‚µã‚¤ã‚ºã§ãªã‘ã‚Œã°ãªã‚Šã¾ã›ã‚“。" + +#: lib/luks2/luks2_json_metadata.c:2690 +msgid "Encrypted OPAL device with integrity must be smaller than locking range." +msgstr "完全性ãŒæœ‰åŠ¹ãªæš—å·åŒ– OPAL デãƒã‚¤ã‚¹ã¯ãƒãƒƒã‚¯ãƒ¬ãƒ³ã‚¸ã‚ˆã‚Šå°ã•ããªã‘ã‚Œã°ãªã‚Šã¾ã›ã‚“。" + +#: lib/luks2/luks2_json_metadata.c:2695 +msgid "OPAL device must have same size as locking range." +msgstr "OPAL デãƒã‚¤ã‚¹ã¯ãƒãƒƒã‚¯ãƒ¬ãƒ³ã‚¸ã¨åŒã˜ã‚µã‚¤ã‚ºã§ãªã‘ã‚Œã°ãªã‚Šã¾ã›ã‚“。" + +#: lib/luks2/luks2_json_metadata.c:2715 +#, c-format +msgid "OPAL device is %s already unlocked.\n" +msgstr "OPAL デãƒã‚¤ã‚¹ %s ã¯æ—¢ã«ã‚¢ãƒ³ãƒãƒƒã‚¯ã•ã‚Œã¦ã„ã¾ã™ã€‚\n" + +#: lib/luks2/luks2_json_metadata.c:2748 msgid "Unsupported device integrity configuration." msgstr "サãƒãƒ¼ãƒˆã—ã¦ã„ãªã„デãƒã‚¤ã‚¹æ•´åˆæ€§è¨å®šã§ã™ã€‚" -#: lib/luks2/luks2_json_metadata.c:2701 +#: lib/luks2/luks2_json_metadata.c:2764 +msgid "Underlying dm-integrity device with unexpected provided data sectors." +msgstr "dm-integrity デãƒã‚¤ã‚¹ãŒãƒ‡ãƒ¼ã‚¿ã‚»ã‚¯ã‚¿ã«å¯¾ã—ã¦æœŸå¾…通りã§ã¯ã‚ã‚Šã¾ã›ã‚“。" + +#: lib/luks2/luks2_json_metadata.c:2859 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "å†æš—å·åŒ–ãŒå®Ÿè¡Œä¸ãªã®ã§ãƒ‡ãƒã‚¤ã‚¹ã®ãƒ‡ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ãƒˆã§ãã¾ã›ã‚“。. Cannot deactivate device." -#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 +#: lib/luks2/luks2_json_metadata.c:2870 lib/luks2/luks2_reencrypt.c:4159 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "サスペンドã•ã‚ŒãŸãƒ‡ãƒã‚¤ã‚¹ %s ã‚’ dm-error ターゲットã§ç½®ãæ›ãˆã‚‰ã‚Œã¾ã›ã‚“。" -#: lib/luks2/luks2_json_metadata.c:2792 +#: lib/luks2/luks2_json_metadata.c:2939 lib/luks2/luks2_json_metadata.c:2961 +#, c-format +msgid "Device %s was deactivated but hardware OPAL device cannot be locked." +msgstr "デãƒã‚¤ã‚¹ %s ã¯ãƒ‡ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ãƒˆã•ã‚Œã¾ã—ãŸãŒã€ãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ OPAL デãƒã‚¤ã‚¹ã¯ãƒãƒƒã‚¯ã§ãã¾ã›ã‚“。" + +#: lib/luks2/luks2_json_metadata.c:2980 msgid "Failed to read LUKS2 requirements." msgstr "LUKS2 ã®å¿…è¦æ¡ä»¶ã‚’èªã¿è¾¼ã‚ã¾ã›ã‚“ã§ã—ãŸã€‚" -#: lib/luks2/luks2_json_metadata.c:2799 +#: lib/luks2/luks2_json_metadata.c:2987 msgid "Unmet LUKS2 requirements detected." msgstr "満ãŸã›ãªã„ LUKS2 ã®å¿…è¦æ¡ä»¶ãŒã‚ã‚Šã¾ã™ã€‚" -#: lib/luks2/luks2_json_metadata.c:2807 +#: lib/luks2/luks2_json_metadata.c:2995 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "æ“作ãŒãƒ¬ã‚¬ã‚·ãƒ¼å†æš—å·åŒ–ã¨ãƒžãƒ¼ã‚¯ã•ã‚ŒãŸãƒ‡ãƒã‚¤ã‚¹ã¨äº’æ›æ€§ãŒã‚ã‚Šã¾ã›ã‚“。ä¸æ¢ã—ã¾ã™ã€‚" -#: lib/luks2/luks2_json_metadata.c:2809 +#: lib/luks2/luks2_json_metadata.c:2997 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "æ“作㌠LUKS2 å†æš—å·åŒ–ã¨ãƒžãƒ¼ã‚¯ã•ã‚ŒãŸãƒ‡ãƒã‚¤ã‚¹ã¨äº’æ›æ€§ãŒã‚ã‚Šã¾ã›ã‚“。ä¸æ¢ã—ã¾ã™ã€‚" -#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 +#: lib/luks2/luks2_json_metadata.c:2999 +msgid "Operation incompatible with device using OPAL. Aborting." +msgstr "æ“作㌠OPAL を用ã„ãŸãƒ‡ãƒã‚¤ã‚¹ã¨äº’æ›æ€§ãŒã‚ã‚Šã¾ã›ã‚“。ä¸æ¢ã—ã¾ã™ã€‚" + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:602 msgid "Not enough available memory to open a keyslot." msgstr "ã‚ースãƒãƒƒãƒˆã‚’オープンã™ã‚‹ã®ã«ãƒ¡ãƒ¢ãƒªãŒè¶³ã‚Šã¾ã›ã‚“。" -#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:604 msgid "Keyslot open failed." msgstr "ã‚ースãƒãƒƒãƒˆã®ã‚ªãƒ¼ãƒ—ンã«å¤±æ•—ã—ã¾ã—ãŸã€‚" @@ -1516,330 +1666,342 @@ msgstr "ã‚ースãƒãƒƒãƒˆã®ã‚ªãƒ¼ãƒ—ンã«å¤±æ•—ã—ã¾ã—ãŸã€‚" msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "ã‚ースãƒãƒƒãƒˆã®æš—å·åŒ–ã« %s- %s æš—å·ã¯ä½¿ãˆã¾ã›ã‚“。" -#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:404 +#: lib/luks2/luks2_keyslot_reenc.c:447 lib/luks2/luks2_reencrypt.c:2714 #, c-format msgid "Hash algorithm %s is not available." msgstr "ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ %s ãŒåˆ©ç”¨ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_keyslot_luks2.c:510 +#: lib/luks2/luks2_keyslot_luks2.c:371 +msgid "Warning: keyslot operation could fail as it requires more than available memory.\n" +msgstr "è¦å‘Š: メモリãŒä¸è¶³ã—ã¦ã„ã‚‹ãŸã‚ã‚ースãƒãƒƒãƒˆæ“作ãŒå¤±æ•—ã™ã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚\n" + +#: lib/luks2/luks2_keyslot_luks2.c:520 msgid "No space for new keyslot." msgstr "æ–°ã—ã„ã‚ースãƒãƒƒãƒˆç”¨ã®é ˜åŸŸãŒã‚ã‚Šã¾ã›ã‚“。" -#: lib/luks2/luks2_keyslot_reenc.c:593 +#: lib/luks2/luks2_keyslot_reenc.c:596 msgid "Invalid reencryption resilience mode change requested." msgstr "ä¸æ£ãªå†æš—å·åŒ–è€æ€§ãƒ¢ãƒ¼ãƒ‰å¤‰æ›´ã‚’è¦æ±‚ã•ã‚Œã¾ã—ãŸã€‚" -#: lib/luks2/luks2_keyslot_reenc.c:714 +#: lib/luks2/luks2_keyslot_reenc.c:717 #, c-format msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes." msgstr "è€æ€§ã‚¿ã‚¤ãƒ—ã‚’æ›´æ–°ã§ãã¾ã›ã‚“。新ã—ã„タイプ㯠%<PRIu64> ãƒã‚¤ãƒˆã—ã‹ã‚ã‚Šã¾ã›ã‚“ãŒã€%<PRIu64> ãƒã‚¤ãƒˆå¿…è¦ã§ã™ã€‚" -#: lib/luks2/luks2_keyslot_reenc.c:724 +#: lib/luks2/luks2_keyslot_reenc.c:727 msgid "Failed to refresh reencryption verification digest." msgstr "å†æš—å·åŒ–検証ダイジェストã®ãƒªãƒ•ãƒ¬ãƒƒã‚·ãƒ¥ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_luks1_convert.c:512 +#: lib/luks2/luks2_luks1_convert.c:545 #, c-format msgid "Cannot check status of device with uuid: %s." msgstr "UUID ㌠%s ã®ãƒ‡ãƒã‚¤ã‚¹ã®çŠ¶æ…‹ãŒç¢ºèªã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_luks1_convert.c:538 +#: lib/luks2/luks2_luks1_convert.c:571 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "LUKSMETA メタデータ付ãã®ãƒ˜ãƒƒãƒ€ã¯å¤‰æ›ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 +#: lib/luks2/luks2_luks1_convert.c:602 lib/luks2/luks2_reencrypt.c:3795 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "æš—å·ã‚¹ãƒšãƒƒã‚¯ %s-%s 㯠LUKS2 ã«ä½¿ãˆã¾ã›ã‚“。" -#: lib/luks2/luks2_luks1_convert.c:584 +#: lib/luks2/luks2_luks1_convert.c:617 msgid "Unable to move keyslot area. Not enough space." msgstr "é ˜åŸŸãŒè¶³ã‚Šãªã„ã®ã§ã‚ースãƒãƒƒãƒˆé ˜åŸŸã‚’å‹•ã‹ã›ã¾ã›ã‚“。" -#: lib/luks2/luks2_luks1_convert.c:619 +#: lib/luks2/luks2_luks1_convert.c:652 msgid "Cannot convert to LUKS2 format - invalid metadata." msgstr "LUKS2 å½¢å¼ã«å¤‰æ›ã§ãã¾ã›ã‚“ - メタデータãŒä¸æ£ã§ã™ã€‚" -#: lib/luks2/luks2_luks1_convert.c:636 +#: lib/luks2/luks2_luks1_convert.c:669 msgid "Unable to move keyslot area. LUKS2 keyslots area too small." msgstr "LUKS2 ã‚ースãƒãƒƒãƒˆé ˜åŸŸãŒè¶³ã‚Šãªã„ã®ã§ã‚ースãƒãƒƒãƒˆé ˜åŸŸã‚’å‹•ã‹ã›ã¾ã›ã‚“。" -#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 +#: lib/luks2/luks2_luks1_convert.c:675 lib/luks2/luks2_luks1_convert.c:969 msgid "Unable to move keyslot area." msgstr "ã‚ースãƒãƒƒãƒˆé ˜åŸŸã‚’å‹•ã‹ã›ã¾ã›ã‚“。" -#: lib/luks2/luks2_luks1_convert.c:732 +#: lib/luks2/luks2_luks1_convert.c:765 msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." msgstr "LUKS1 å½¢å¼ã«å¤‰æ›ã§ãã¾ã›ã‚“ - デフォルトã®æš—å·ã‚»ã‚¯ã‚¿ã‚µã‚¤ã‚ºãŒ 512 ãƒã‚¤ãƒˆã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: lib/luks2/luks2_luks1_convert.c:740 +#: lib/luks2/luks2_luks1_convert.c:773 msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "LUKS1 å½¢å¼ã«å¤‰æ›ã§ãã¾ã›ã‚“ - ã‚ースãƒãƒƒãƒˆã®ãƒãƒƒã‚·ãƒ¥é–¢æ•°ãŒ LUKS1 互æ›ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: lib/luks2/luks2_luks1_convert.c:752 +#: lib/luks2/luks2_luks1_convert.c:785 #, c-format msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "LUKS1 å½¢å¼ã«å¤‰æ›ã§ãã¾ã›ã‚“ - ラップã•ã‚ŒãŸã‚ーã®æš—å·ã« %s ãŒä½¿ã‚ã‚Œã¦ã„ã¾ã™ã€‚" -#: lib/luks2/luks2_luks1_convert.c:757 +#: lib/luks2/luks2_luks1_convert.c:790 msgid "Cannot convert to LUKS1 format - device uses more segments." msgstr "LUKS1 å½¢å¼ã«å¤‰æ›ã§ãã¾ã›ã‚“ - デãƒã‚¤ã‚¹ãŒå¤šãã®ã‚»ã‚°ãƒ¡ãƒ³ãƒˆã‚’使ã£ã¦ã„ã¾ã™ã€‚" -#: lib/luks2/luks2_luks1_convert.c:765 +#: lib/luks2/luks2_luks1_convert.c:798 #, c-format msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "LUKS1 å½¢å¼ã«å¤‰æ›ã§ãã¾ã›ã‚“ - LUKS2 ヘッダ %u 個ã®ãƒˆãƒ¼ã‚¯ãƒ³ã‚’å«ã‚“ã§ã„ã¾ã™ã€‚" -#: lib/luks2/luks2_luks1_convert.c:779 +#: lib/luks2/luks2_luks1_convert.c:812 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "LUKS1 å½¢å¼ã«å¤‰æ›ã§ãã¾ã›ã‚“ - ã‚ースãƒãƒƒãƒˆ %u ãŒä¸æ£ãªçŠ¶æ…‹ã§ã™ã€‚" -#: lib/luks2/luks2_luks1_convert.c:784 +#: lib/luks2/luks2_luks1_convert.c:817 #, c-format msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." msgstr "LUKS1 å½¢å¼ã«å¤‰æ›ã§ãã¾ã›ã‚“ - スãƒãƒƒãƒˆ %u ãŒ(最大個数を超éŽã—ã¦)有効ã§ã™ã€‚" -#: lib/luks2/luks2_luks1_convert.c:789 +#: lib/luks2/luks2_luks1_convert.c:822 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "LUKS1 å½¢å¼ã«å¤‰æ›ã§ãã¾ã›ã‚“ - ã‚ースãƒãƒƒãƒˆ %u ㌠LUKS1 ã¨äº’æ›ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:1152 +#: lib/luks2/luks2_reencrypt.c:1181 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "ホットゾーンサイズã¯è¨ˆç®—ã•ã‚ŒãŸã‚¾ãƒ¼ãƒ³ã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆã®å€æ•°ã§ã‚ã‚‹å¿…è¦ãŒã‚ã‚Šã™ (%zu ãƒã‚¤ãƒˆ)." -#: lib/luks2/luks2_reencrypt.c:1157 +#: lib/luks2/luks2_reencrypt.c:1186 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "デãƒã‚¤ã‚¹ã‚µã‚¤ã‚ºãŒè¨ˆç®—ゾーンアライメント (%zu ãƒã‚¤ãƒˆ) ã«åˆã£ã¦ã„ã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 -#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 -#: lib/luks2/luks2_reencrypt.c:3877 +#: lib/luks2/luks2_reencrypt.c:1393 lib/luks2/luks2_reencrypt.c:1580 +#: lib/luks2/luks2_reencrypt.c:1663 lib/luks2/luks2_reencrypt.c:1705 +#: lib/luks2/luks2_reencrypt.c:3954 msgid "Failed to initialize old segment storage wrapper." msgstr "å¤ã„セグメントã®ã‚¹ãƒˆãƒ¬ãƒ¼ã‚¸ãƒ©ãƒƒãƒ‘ã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 +#: lib/luks2/luks2_reencrypt.c:1407 lib/luks2/luks2_reencrypt.c:1558 msgid "Failed to initialize new segment storage wrapper." msgstr "æ–°ã—ã„セグメントã®ã‚¹ãƒˆãƒ¬ãƒ¼ã‚¸ãƒ©ãƒƒãƒ‘ã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 +#: lib/luks2/luks2_reencrypt.c:1534 lib/luks2/luks2_reencrypt.c:3966 msgid "Failed to initialize hotzone protection." msgstr "ホットゾーンä¿è·ã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:1578 +#: lib/luks2/luks2_reencrypt.c:1607 msgid "Failed to read checksums for current hotzone." msgstr "ç¾åœ¨ã®ãƒ›ãƒƒãƒˆã‚¾ãƒ¼ãƒ³ã®ãƒã‚§ãƒƒã‚¯ã‚µãƒ ã‚’èªã¿è¾¼ã‚ã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:1614 lib/luks2/luks2_reencrypt.c:3980 #, c-format msgid "Failed to read hotzone area starting at %<PRIu64>." msgstr "%<PRIu64> ã‹ã‚‰å§‹ã‚るホットゾーンエリアをèªã¿è¾¼ã‚ã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:1604 +#: lib/luks2/luks2_reencrypt.c:1633 #, c-format msgid "Failed to decrypt sector %zu." msgstr "セクタ %zu を復å·ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:1610 +#: lib/luks2/luks2_reencrypt.c:1639 #, c-format msgid "Failed to recover sector %zu." msgstr "セクタ %zu を復元ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:2174 +#: lib/luks2/luks2_reencrypt.c:2203 #, c-format msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>." msgstr "ソースã¨ã‚¿ãƒ¼ã‚²ãƒƒãƒˆãƒ‡ãƒã‚¤ã‚¹ã®ã‚µã‚¤ã‚ºãŒä¸€è‡´ã—ã¾ã›ã‚“。ソース %<PRIu64>, ターゲット: %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2272 +#: lib/luks2/luks2_reencrypt.c:2301 #, c-format msgid "Failed to activate hotzone device %s." msgstr "ホットゾーンデãƒã‚¤ã‚¹ %s ãŒã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ãƒˆã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:2289 +#: lib/luks2/luks2_reencrypt.c:2318 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "実際㮠origin table ãŒã‚るオーãƒãƒ¼ãƒ¬ã‚¤ãƒ‡ãƒã‚¤ã‚¹ %s をアクティベートã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:2296 +#: lib/luks2/luks2_reencrypt.c:2325 #, c-format msgid "Failed to load new mapping for device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®æ–°ã—ã„マッピングをãƒãƒ¼ãƒ‰ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:2367 +#: lib/luks2/luks2_reencrypt.c:2396 msgid "Failed to refresh reencryption devices stack." msgstr "å†æš—å·åŒ–デãƒã‚¤ã‚¹ã‚¹ã‚¿ãƒƒã‚¯ã®ãƒªãƒ•ãƒ¬ãƒƒã‚·ãƒ¥ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:2550 +#: lib/luks2/luks2_reencrypt.c:2596 msgid "Failed to set new keyslots area size." msgstr "æ–°ã—ã„ã‚ースãƒãƒƒãƒˆã‚¨ãƒªã‚¢ã‚µã‚¤ã‚ºã‚’è¨å®šã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:2686 +#: lib/luks2/luks2_reencrypt.c:2732 #, c-format msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "データシフト値ãŒè¦æ±‚ã•ã‚ŒãŸæš—å·åŒ–セクタサイズã«ã‚¢ãƒ©ã‚¤ãƒ³ã•ã‚Œã¦ã„ã¾ã›ã‚“(%<PRIu32> ãƒã‚¤ãƒˆ)。" -#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 +#: lib/luks2/luks2_reencrypt.c:2769 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "è€æ€§(resilience)モード %s ã¯ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“" -#: lib/luks2/luks2_reencrypt.c:2760 +#: lib/luks2/luks2_reencrypt.c:2806 msgid "Moved segment size can not be greater than data shift value." msgstr "移動ã•ã‚Œã‚‹ã‚»ã‚°ãƒ¡ãƒ³ãƒˆã‚µã‚¤ã‚ºã¯ãƒ‡ãƒ¼ã‚¿ã‚·ãƒ•ãƒˆå€¤ã‚ˆã‚Šå¤§ããã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:2802 +#: lib/luks2/luks2_reencrypt.c:2848 msgid "Invalid reencryption resilience parameters." msgstr "ä¸æ£ãªå†æš—å·åŒ–è€æ€§ãƒ‘ラメータをè¦æ±‚ã•ã‚Œã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:2824 +#: lib/luks2/luks2_reencrypt.c:2870 #, c-format msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>." msgstr "移動ã•ã‚Œã‚‹ã‚»ã‚°ãƒ¡ãƒ³ãƒˆãŒå¤§ãã™ãŽã¾ã™ã€‚è¦æ±‚ã•ã‚Œã¦ã„るサイズ㯠%<PRIu64> ã§ã™ãŒã€ä½¿ãˆã‚‹ã‚µã‚¤ã‚ºã¯ %<PRIu64> ã§ã™ã€‚" -#: lib/luks2/luks2_reencrypt.c:2911 +#: lib/luks2/luks2_reencrypt.c:2957 msgid "Failed to clear table." msgstr "テーブルをクリアã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:2997 +#: lib/luks2/luks2_reencrypt.c:3043 msgid "Reduced data size is larger than real device size." msgstr "å°ã•ãã—ãŸãƒ‡ãƒ¼ã‚¿ã‚µã‚¤ã‚ºãŒå®Ÿéš›ã®ãƒ‡ãƒã‚¤ã‚¹ã‚µã‚¤ã‚ºã‚ˆã‚Šå¤§ãã„ã§ã™ã€‚" -#: lib/luks2/luks2_reencrypt.c:3004 +#: lib/luks2/luks2_reencrypt.c:3050 #, c-format msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "データデãƒã‚¤ã‚¹ãŒæš—å·åŒ–セクタサイズã«ã‚¢ãƒ©ã‚¤ãƒ³ã•ã‚Œã¦ã„ã¾ã›ã‚“(%<PRIu32> ãƒã‚¤ãƒˆ)." -#: lib/luks2/luks2_reencrypt.c:3038 +#: lib/luks2/luks2_reencrypt.c:3084 #, c-format msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)." msgstr "データシフト (%<PRIu64> セクタ) ãŒä»Šå¾Œã®ãƒ‡ãƒ¼ã‚¿ã‚ªãƒ•ã‚»ãƒƒãƒˆã‚ˆã‚Šå°‘ãªã„ã§ã™ (%<PRIu64> セクタ)。" -#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 -#: lib/luks2/luks2_reencrypt.c:3554 +#: lib/luks2/luks2_reencrypt.c:3091 lib/luks2/luks2_reencrypt.c:3589 +#: lib/luks2/luks2_reencrypt.c:3610 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "デãƒã‚¤ã‚¹ %s を排他モードã§ã‚ªãƒ¼ãƒ—ンã§ã¾ã›ã‚“ (æ—¢ã«ãƒžãƒƒãƒ—ã•ã‚Œã¦ã„ã‚‹ã‹ãƒžã‚¦ãƒ³ãƒˆã•ã‚Œã¦ã„ã¾ã™)。" -#: lib/luks2/luks2_reencrypt.c:3234 +#: lib/luks2/luks2_reencrypt.c:3280 msgid "Device not marked for LUKS2 reencryption." msgstr "デãƒã‚¤ã‚¹ã¯ LUKS2 å†æš—å·åŒ–å‘ã‘ã«ãƒžãƒ¼ã‚¯ã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 +#: lib/luks2/luks2_reencrypt.c:3297 lib/luks2/luks2_reencrypt.c:4271 msgid "Failed to load LUKS2 reencryption context." msgstr "LUKS2 å†æš—å·åŒ–コンテã‚ストをãƒãƒ¼ãƒ‰ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:3331 +#: lib/luks2/luks2_reencrypt.c:3387 msgid "Failed to get reencryption state." msgstr "å†æš—å·åŒ–状態をå–å¾—ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 +#: lib/luks2/luks2_reencrypt.c:3391 lib/luks2/luks2_reencrypt.c:3705 msgid "Device is not in reencryption." msgstr "デãƒã‚¤ã‚¹ %s ã¯å†æš—å·åŒ–ä¸ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 +#: lib/luks2/luks2_reencrypt.c:3398 lib/luks2/luks2_reencrypt.c:3712 msgid "Reencryption process is already running." msgstr "æ—¢ã«å†æš—å·åŒ–ä¸ã§ã™ã€‚" -#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 +#: lib/luks2/luks2_reencrypt.c:3400 lib/luks2/luks2_reencrypt.c:3714 msgid "Failed to acquire reencryption lock." msgstr "å†æš—å·åŒ–ãƒãƒƒã‚¯ã‚’å–å¾—ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:3362 +#: lib/luks2/luks2_reencrypt.c:3418 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "å†æš—å·åŒ–を開始ã§ãã¾ã›ã‚“。å†æš—å·åŒ–ã®ãƒªã‚«ãƒãƒªã‚’å…ˆã«ã—ã¦ãã ã•ã„。" -#: lib/luks2/luks2_reencrypt.c:3497 +#: lib/luks2/luks2_reencrypt.c:3553 msgid "Active device size and requested reencryption size don't match." msgstr "実際ã®ãƒ‡ãƒã‚¤ã‚¹ã‚µã‚¤ã‚ºã¨è¦æ±‚ã•ã‚ŒãŸå†æš—å·åŒ–サイズãŒä¸€è‡´ã—ã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:3511 +#: lib/luks2/luks2_reencrypt.c:3567 msgid "Illegal device size requested in reencryption parameters." msgstr "å†æš—å·åŒ–ã®ãƒ‘ラメータã¨ã—ã¦ä¸æ£ãªãƒ‡ãƒã‚¤ã‚¹ã‚µã‚¤ã‚ºãŒè¦æ±‚ã•ã‚Œã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:3588 +#: lib/luks2/luks2_reencrypt.c:3644 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "æ—¢ã«å†æš—å·åŒ–ä¸ã§ã™ã€‚復元を実行ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:3757 +#: lib/luks2/luks2_reencrypt.c:3812 msgid "LUKS2 reencryption already initialized in metadata." msgstr "メタデータ㮠LUKS2 ã®å†æš—å·åŒ–ã¯æ—¢ã«åˆæœŸåŒ–ã•ã‚Œã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:3764 +#: lib/luks2/luks2_reencrypt.c:3819 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "メタデータ㮠LUKS2 å†æš—å·åŒ–ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:3859 +#: lib/luks2/luks2_reencrypt.c:3872 lib/luks2/luks2_reencrypt.c:3907 +msgid "Reencryption is not supported for DAX (persistent memory) devices." +msgstr "å†æš—å·åŒ–㯠DAX デãƒã‚¤ã‚¹ã§ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" + +#: lib/luks2/luks2_reencrypt.c:3879 +msgid "Failed to read passphrase from keyring." +msgstr "ã‚ーリングã‹ã‚‰ãƒ‘スフレーズãŒèªã¿å‡ºã›ã¾ã›ã‚“。" + +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to set device segments for next reencryption hotzone." msgstr "デãƒã‚¤ã‚¹ã‚»ã‚°ãƒ¡ãƒ³ãƒˆã®æ¬¡ã®å†æš—å·åŒ–ホットゾーンã®è¨å®šã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3988 msgid "Failed to write reencryption resilience metadata." msgstr "å†æš—å·åŒ–ã—ãŸè€æ€§ç”¨ãƒ¡ã‚¿ãƒ‡ãƒ¼ã‚¿ã‚’書ãè¾¼ã‚ã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:3918 +#: lib/luks2/luks2_reencrypt.c:3995 msgid "Decryption failed." msgstr "復å·ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:3923 +#: lib/luks2/luks2_reencrypt.c:4000 #, c-format msgid "Failed to write hotzone area starting at %<PRIu64>." msgstr "%<PRIu64> ã‹ã‚‰å§‹ã¾ã‚‹ãƒ›ãƒƒãƒˆã‚¾ãƒ¼ãƒ³ã‚¨ãƒªã‚¢ã«æ›¸ãè¾¼ã‚ã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:3928 +#: lib/luks2/luks2_reencrypt.c:4005 msgid "Failed to sync data." msgstr "データを sync ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:3936 +#: lib/luks2/luks2_reencrypt.c:4013 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "ç¾åœ¨ã®ãƒ›ãƒƒãƒˆã‚¾ãƒ¼ãƒ³ã®å†æš—å·åŒ–完了後ã«ãƒ¡ã‚¿ãƒ‡ãƒ¼ã‚¿ãŒæ›´æ–°ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:4025 +#: lib/luks2/luks2_reencrypt.c:4102 msgid "Failed to write LUKS2 metadata." msgstr "LUKS2 メタデータãŒæ›¸ãè¾¼ã‚ã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:4048 +#: lib/luks2/luks2_reencrypt.c:4125 msgid "Failed to wipe unused data device area." msgstr "未使用データデãƒã‚¤ã‚¹é ˜åŸŸã‚’消ã›ã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:4054 +#: lib/luks2/luks2_reencrypt.c:4131 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "未使用ã®ã‚ースãƒãƒƒãƒˆ %d を削除ã§ãã¾ã›ã‚“ã§ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:4064 +#: lib/luks2/luks2_reencrypt.c:4141 msgid "Failed to remove reencryption keyslot." msgstr "å†æš—å·åŒ–ã‚ースãƒãƒƒãƒˆãŒå‰Šé™¤ã§ãã¾ã›ã‚“。" -#: lib/luks2/luks2_reencrypt.c:4074 +#: lib/luks2/luks2_reencrypt.c:4151 #, c-format msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long." msgstr "%<PRIu64> ã‹ã‚‰ %<PRIu64> セクタã®ãƒãƒ£ãƒ³ã‚¯ã®å†æš—å·åŒ–ä¸ã«è‡´å‘½çš„ãªã‚¨ãƒ©ãƒ¼ã€‚" -#: lib/luks2/luks2_reencrypt.c:4078 +#: lib/luks2/luks2_reencrypt.c:4155 msgid "Online reencryption failed." msgstr "オンラインå†æš—å·åŒ–ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:4083 +#: lib/luks2/luks2_reencrypt.c:4160 msgid "Do not resume the device unless replaced with error target manually." msgstr "手動ã§ã‚¨ãƒ©ãƒ¼ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã«ç½®ãæ›ãˆãŸå ´åˆä»¥å¤–ã¯ãƒ‡ãƒã‚¤ã‚¹ã®ãƒ¬ã‚¸ãƒ¥ãƒ¼ãƒ ã‚’ã—ãªã„ã§ãã ã•ã„。" -#: lib/luks2/luks2_reencrypt.c:4137 +#: lib/luks2/luks2_reencrypt.c:4212 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "å†æš—å·åŒ–を開始ã§ãã¾ã›ã‚“。予期ã—ãªã„å†æš—å·åŒ–状態ã§ã™ã€‚" -#: lib/luks2/luks2_reencrypt.c:4143 +#: lib/luks2/luks2_reencrypt.c:4218 msgid "Missing or invalid reencrypt context." msgstr "ãªã„ã‹ä¸æ£ãªå†æš—å·åŒ–コンテã‚ストã§ã™ã€‚" -#: lib/luks2/luks2_reencrypt.c:4150 +#: lib/luks2/luks2_reencrypt.c:4225 msgid "Failed to initialize reencryption device stack." msgstr "å†æš—å·åŒ–デãƒã‚¤ã‚¹ã‚¹ã‚¿ãƒƒã‚¯ã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 +#: lib/luks2/luks2_reencrypt.c:4247 lib/luks2/luks2_reencrypt.c:4284 msgid "Failed to update reencryption context." msgstr "å†æš—å·åŒ–コンテã‚ストãŒæ›´æ–°ã§ãã¾ã›ã‚“。" @@ -1847,80 +2009,121 @@ msgstr "å†æš—å·åŒ–コンテã‚ストãŒæ›´æ–°ã§ãã¾ã›ã‚“。" msgid "Reencryption metadata is invalid." msgstr "å†æš—å·åŒ–メタデータãŒä¸æ£ã§ã™ã€‚" +#: lib/luks2/hw_opal/hw_opal.c:335 +#, c-format +msgid "OPAL range %d offset %<PRIu64> does not match expected values %<PRIu64>." +msgstr "OPAL レンジ %d オフセット %<PRIu64> ãŒæœŸå¾…値 %<PRIu64> ã¨ä¸€è‡´ã—ã¾ã›ã‚“。" + +#: lib/luks2/hw_opal/hw_opal.c:344 +#, c-format +msgid "OPAL range %d length %<PRIu64> does not match device length %<PRIu64>." +msgstr "OPAL レンジ %d é•·ã• %<PRIu64> ãŒãƒ‡ãƒã‚¤ã‚¹é•· %<PRIu64> ã¨ä¸€è‡´ã—ã¾ã›ã‚“。" + +#: lib/luks2/hw_opal/hw_opal.c:351 +#, c-format +msgid "OPAL range %d locking is disabled." +msgstr "OPAL レンジ %d ãƒãƒƒã‚¯ã¯ç„¡åŠ¹ã§ã™ã€‚" + +#: lib/luks2/hw_opal/hw_opal.c:361 lib/luks2/hw_opal/hw_opal.c:368 +#, c-format +msgid "Unexpected OPAL range %d lock state." +msgstr "OPAL レンジ %d ã®ãƒãƒƒã‚¯çŠ¶æ…‹ãŒæœŸå¾…ã•ã‚ŒãŸã‚‚ã®ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" + #: src/cryptsetup.c:85 msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "ã‚ースãƒãƒƒãƒˆã®æš—å·åŒ–パラメータ㯠LUKS2 デãƒã‚¤ã‚¹ã§ã—ã‹è¨å®šã§ãã¾ã›ã‚“。" -#: src/cryptsetup.c:108 src/cryptsetup.c:1901 +#: src/cryptsetup.c:128 src/cryptsetup.c:2145 #, c-format msgid "Enter token PIN: " msgstr "トークンPINを入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:110 src/cryptsetup.c:1903 +#: src/cryptsetup.c:130 src/cryptsetup.c:2147 #, c-format msgid "Enter token %d PIN: " msgstr "トークン %d PINを入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 -#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:188 src/cryptsetup.c:1174 src/cryptsetup.c:1515 +#: src/utils_reencrypt.c:1137 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "未知ã®æš—å·ã‚¹ãƒšãƒƒã‚¯ã§ã™ã€‚" -#: src/cryptsetup.c:167 +#: src/cryptsetup.c:198 +#, c-format +msgid "WARNING: Using default options for cipher (%s-%s, key size %u bits) that could be incompatible with older versions." +msgstr "è¦å‘Š: å¤ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¨äº’æ›æ€§ãŒãªã„å¯èƒ½æ€§ãŒã‚ã‚‹æš—å· (%s-%s, ã‚ーサイズ %u ビット) ã®ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã‚ªãƒ—ションを使用ã—ã¾ã™ã€‚" + +#: src/cryptsetup.c:203 +#, c-format +msgid "WARNING: Using default options for hash (%s) that could be incompatible with older versions." +msgstr "è¦å‘Š: å¤ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¨äº’æ›æ€§ãŒãªã„å¯èƒ½æ€§ãŒã‚ã‚‹ãƒãƒƒã‚·ãƒ¥ (%s) ã®ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã‚ªãƒ—ションを使用ã—ã¾ã™ã€‚" + +#: src/cryptsetup.c:207 +msgid "For plain mode, always use options --cipher, --key-size and if no keyfile is used, then also --hash." +msgstr "プレインモードã§ã¯å¸¸ã« --cipher, --key-size オプションを使ã„ã€keyfile も使ã‚ãªã„å ´åˆã¯ --hash も使用ã—ã¦ãã ã•ã„。" + +#: src/cryptsetup.c:213 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" msgstr "è¦å‘Š: --hash パラメータ㯠plain モードã§ã‚ーファイルãŒæŒ‡å®šã•ã‚Œã¦ã„ã‚‹ã¨ç„¡è¦–ã•ã‚Œã¾ã™ã€‚\n" -#: src/cryptsetup.c:175 +#: src/cryptsetup.c:221 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" msgstr "è¦å‘Š: --keyfile-size オプションã¯ç„¡è¦–ã•ã‚Œã¦ã€èªã¿è¾¼ã¿ã‚µã‚¤ã‚ºã¯æš—å·éµã®ã‚µã‚¤ã‚ºã¨åŒã˜ã«ãªã‚Šã¾ã™ã€‚\n" -#: src/cryptsetup.c:215 +#: src/cryptsetup.c:258 src/cryptsetup.c:1360 src/cryptsetup.c:1558 +#: src/integritysetup.c:197 src/utils_reencrypt.c:1346 +#, c-format +msgid "Blkid scan failed for %s." +msgstr "%s ã® Blkid スã‚ャンãŒå¤±æ•—ã—ã¾ã—ãŸã€‚" + +#: src/cryptsetup.c:264 #, c-format msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "%s ã«ãƒ‡ãƒã‚¤ã‚¹ç½²åãŒæ¤œå‡ºã•ã‚Œã¾ã—ãŸã€‚æ—¢ã«ã‚ã‚‹ãƒ‡ãƒ¼ã‚¿ã‚’ç ´å£Šã—ã‹ãã¾ã›ã‚“。" -#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 -#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 -#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 +#: src/cryptsetup.c:270 src/cryptsetup.c:1248 src/cryptsetup.c:1296 +#: src/cryptsetup.c:1367 src/cryptsetup.c:1492 src/cryptsetup.c:1570 +#: src/cryptsetup.c:2525 src/cryptsetup.c:2952 src/integritysetup.c:187 +#: src/utils_reencrypt.c:138 src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:764 msgid "Operation aborted.\n" msgstr "ä¸æ¢ã•ã‚Œã¾ã—ãŸã€‚\n" -#: src/cryptsetup.c:294 +#: src/cryptsetup.c:343 msgid "Option --key-file is required." msgstr "オプション --key-file ãŒå¿…è¦ã§ã™ã€‚" -#: src/cryptsetup.c:345 +#: src/cryptsetup.c:394 msgid "Enter VeraCrypt PIM: " msgstr "VeraCrypt PIM を入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:354 +#: src/cryptsetup.c:403 msgid "Invalid PIM value: parse error." msgstr "ä¸æ£ãª PIM: 解釈ã§ãã¾ã›ã‚“。" -#: src/cryptsetup.c:357 +#: src/cryptsetup.c:406 msgid "Invalid PIM value: 0." msgstr "ä¸æ£ PIM ã®å€¤ã§ 0 ã§ã™ã€‚" -#: src/cryptsetup.c:360 +#: src/cryptsetup.c:409 msgid "Invalid PIM value: outside of range." msgstr "ä¸æ£ãª PIM ã®å€¤: 範囲外ã§ã™ã€‚" -#: src/cryptsetup.c:383 +#: src/cryptsetup.c:432 msgid "No device header detected with this passphrase." msgstr "ã“ã®ãƒ‘スフレーズã§ã¯ãƒ‡ãƒã‚¤ã‚¹ãƒ˜ãƒƒãƒ€ãŒæ¤œå‡ºã•ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚" -#: src/cryptsetup.c:456 src/cryptsetup.c:632 +#: src/cryptsetup.c:505 src/cryptsetup.c:681 #, c-format msgid "Device %s is not a valid BITLK device." msgstr "デãƒã‚¤ã‚¹ %s ã¯æœ‰åŠ¹ãª BITLK デãƒã‚¤ã‚¹ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: src/cryptsetup.c:464 +#: src/cryptsetup.c:513 msgid "Cannot determine volume key size for BITLK, please use --key-size option." msgstr "BITLK ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ ã‚ーサイズãŒæ±ºå®šã§ããªã„ã®ã§ã€--key-size を使ã£ã¦ãã ã•ã„。" -#: src/cryptsetup.c:506 +#: src/cryptsetup.c:555 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" @@ -1930,7 +2133,7 @@ msgstr "" "æš—å·åŒ–ã•ã‚ŒãŸãƒ‘ーティションã«ãƒ‘スフレーズãªã—ã§ã‚¢ã‚¯ã‚»ã‚¹å¯èƒ½ã«ã¾ã™ã€‚\n" "ã“ã®ãƒ€ãƒ³ãƒ—ã¯æš—å·åŒ–ã•ã‚ŒãŸå®‰å…¨ãªæ‰€ã«ä¿å˜ã—ã¦ãã ã•ã„。" -#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 +#: src/cryptsetup.c:622 src/cryptsetup.c:703 src/cryptsetup.c:2550 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1940,77 +2143,84 @@ msgstr "" "æš—å·åŒ–ã•ã‚ŒãŸãƒ‘ーティションã«ãƒ‘スフレーズãªã—ã§ã‚¢ã‚¯ã‚»ã‚¹å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚\n" "ã“ã®ãƒ€ãƒ³ãƒ—ã¯æš—å·åŒ–ã•ã‚ŒãŸå®‰å…¨ãªæ‰€ã«ä¿å˜ã—ã¦ãã ã•ã„。" -#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#: src/cryptsetup.c:758 src/cryptsetup.c:788 #, c-format msgid "Device %s is not a valid FVAULT2 device." msgstr "デãƒã‚¤ã‚¹ %s ã¯æœ‰åŠ¹ãª FVAULT2 デãƒã‚¤ã‚¹ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: src/cryptsetup.c:747 +#: src/cryptsetup.c:796 msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." msgstr "FVAULT2 ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ ã‚ーサイズãŒæ±ºå®šã§ããªã„ã®ã§ã€--key-size を使ã£ã¦ãã ã•ã„。" -#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 +#: src/cryptsetup.c:850 src/veritysetup.c:323 src/integritysetup.c:409 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "デãƒã‚¤ã‚¹ %s ã¯ã¾ãŸã‚¢ã‚¯ãƒ†ã‚£ãƒ–ã§å¾Œã‹ã‚‰å‰Šé™¤ã•ã‚Œã‚‹äºˆå®šã«ãªã£ã¦ã„ã¾ã™ã€‚.\n" -#: src/cryptsetup.c:835 +#: src/cryptsetup.c:884 src/cryptsetup.c:1824 src/cryptsetup.c:2080 +#: src/cryptsetup.c:2234 src/cryptsetup.c:2681 src/cryptsetup.c:2763 +#: src/cryptsetup.c:3290 +#, c-format +msgid "Failed to set external tokens path %s." +msgstr "外部トークンパス %s ã®è¨å®šã«å¤±æ•—ã—ã¾ã—ãŸã€‚" + +#: src/cryptsetup.c:893 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "アクティブãªãƒ‡ãƒã‚¤ã‚¹ã‚’リサイズã™ã‚‹ã«ã¯ãƒœãƒªãƒ¥ãƒ¼ãƒ ã‚ーãŒã‚ーリングã«å¿…è¦ã§ã™ãŒã€--disable-keyring ãŒæŒ‡å®šã•ã‚Œã¦ã„ã¾ã™ã€‚" -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1053 msgid "Benchmark interrupted." msgstr "ベンãƒãƒžãƒ¼ã‚¯ãŒä¸æ¢ã•ã‚Œã¾ã—ãŸã€‚" -#: src/cryptsetup.c:1003 +#: src/cryptsetup.c:1074 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s 計測値ãªã—\n" -#: src/cryptsetup.c:1005 +#: src/cryptsetup.c:1076 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u 回/秒 (%zu ビットã®éµ)\n" -#: src/cryptsetup.c:1019 +#: src/cryptsetup.c:1090 #, c-format msgid "%-10s N/A\n" msgstr "%-10s 計測値ãªã—\n" -#: src/cryptsetup.c:1021 +#: src/cryptsetup.c:1092 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u 回, %5u KB使用, %1u スレッド (%zu ã®ãƒ“ットã®éµ) (%u ms 計測)\n" -#: src/cryptsetup.c:1045 +#: src/cryptsetup.c:1116 msgid "Result of benchmark is not reliable." msgstr "ベンãƒãƒžãƒ¼ã‚¯ã®çµæžœã¯ä¿¡é ¼ã§ãã¾ã›ã‚“。" -#: src/cryptsetup.c:1095 +#: src/cryptsetup.c:1166 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# テストã¯ã‚¹ãƒˆãƒ¬ãƒ¼ã‚¸I/OãŒãªãメモリ上ã®ã‚‚ã®ã®ãŸã‚目安ã§ã™ã€‚\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1115 +#: src/cryptsetup.c:1186 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Algorithm | ã‚ー | æš—å·åŒ– | 復å·åŒ–\n" -#: src/cryptsetup.c:1119 +#: src/cryptsetup.c:1190 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "æš—å· %s (ã‚ーサイズ %i ビット) ã¯åˆ©ç”¨ã§ãã¾ã›ã‚“。" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1138 +#: src/cryptsetup.c:1209 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algorithm | ã‚ー | æš—å·åŒ– | 復å·åŒ–\n" -#: src/cryptsetup.c:1149 +#: src/cryptsetup.c:1220 msgid "N/A" msgstr "計測値ãªã—" -#: src/cryptsetup.c:1174 +#: src/cryptsetup.c:1245 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -2018,27 +2228,27 @@ msgstr "" "ä¿è·ã•ã‚Œã¦ã„ãªã„ LUKS2 å†æš—å·åŒ–メタデータãŒæ¤œå‡ºã•ã‚Œã¾ã—ãŸã€‚å†æš—å·åŒ–æ“作ãŒæœ›ã¾ã—ã„ã‚‚ã®ã‹ç¢ºèªã—ã¦ãã ã•ã„。(luksDump ã®å‡ºåŠ›ã‚’見ã¦ãã ã•ã„)\n" "ãã®ã†ãˆã§ã€ã“ã®æ“作ãŒå•é¡Œãªã„ã¨ç¢ºèªã§ããŸã‚‰ç¶™ç¶š(メタデータã®ã‚¢ãƒƒãƒ—グレード)ã—ã¦ãã ã•ã„。" -#: src/cryptsetup.c:1180 +#: src/cryptsetup.c:1251 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "å†æš—å·åŒ–メタデータã®ä¿è·ã¨ã‚¢ãƒƒãƒ—グレードã®ãŸã‚ã®ãƒ‘スフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:1224 +#: src/cryptsetup.c:1295 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "本当㫠LUKS2 å†æš—å·åŒ–リカãƒãƒªã‚’è¡Œã„ã¾ã™ã‹ï¼Ÿ" -#: src/cryptsetup.c:1233 +#: src/cryptsetup.c:1304 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "å†æš—å·åŒ–メタデータダイジェストを検証ã™ã‚‹ãŸã‚ã®ãƒ‘スフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:1235 +#: src/cryptsetup.c:1306 msgid "Enter passphrase for reencryption recovery: " msgstr "å†æš—å·åŒ–ã®ãƒªã‚«ãƒãƒªã®ãŸã‚ã®ãƒ‘スフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:1290 +#: src/cryptsetup.c:1366 msgid "Really try to repair LUKS device header?" msgstr "本当㫠LUKS デãƒã‚¤ã‚¹ãƒ˜ãƒƒãƒ€ã®å¾©å…ƒã‚’試ã¿ã¦ã„ã„ã§ã™ã‹ï¼Ÿ" -#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1390 src/integritysetup.c:89 src/integritysetup.c:247 msgid "" "\n" "Wipe interrupted." @@ -2046,7 +2256,7 @@ msgstr "" "\n" "ワイプãŒä¸æ–ã•ã‚Œã¾ã—ãŸã€‚" -#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1395 src/integritysetup.c:94 src/integritysetup.c:284 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2054,128 +2264,144 @@ msgstr "" "æ•´åˆæ€§ãƒã‚§ãƒƒã‚¯ã‚µãƒ ã®åˆæœŸåŒ–ã®ãŸã‚ã«ãƒ‡ãƒã‚¤ã‚¹ã®ãƒ‡ãƒ¼ã‚¿ã‚’消去ã—ã¦ã„ã¾ã™ã€‚\n" "CTRL+c ã§ä¸æ¢ã§ãã¾ã™ (åˆæœŸåŒ–ã•ã‚Œãªã‹ã£ãŸãƒ‡ãƒã‚¤ã‚¹ã®ãƒã‚§ãƒƒã‚¯ã‚µãƒ ã¯æ£ã—ããªããªã‚Šã¾ã™)。\n" -#: src/cryptsetup.c:1341 src/integritysetup.c:116 +#: src/cryptsetup.c:1417 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "一時的デãƒã‚¤ã‚¹ %s ã‚’éžã‚¢ã‚¯ãƒ†ã‚£ãƒ–ã«ã§ãã¾ã›ã‚“。" -#: src/cryptsetup.c:1392 +#: src/cryptsetup.c:1472 msgid "Integrity option can be used only for LUKS2 format." msgstr "æ•´åˆæ€§ã‚ªãƒ—ション㯠LUKS2 å½¢å¼ã§ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 +#: src/cryptsetup.c:1477 src/cryptsetup.c:1542 msgid "Unsupported LUKS2 metadata size options." msgstr "サãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ãªã„ LUKS2 メタデータã®ã‚µã‚¤ã‚ºã‚ªãƒ—ションã§ã™ã€‚" -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:1482 +msgid "OPAL is supported only for LUKS2 format." +msgstr "OPAL 㯠LUKS2 フォーマットã§ã—ã‹ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" + +#: src/cryptsetup.c:1491 msgid "Header file does not exist, do you want to create it?" msgstr "ヘッダファイルãŒã‚ã‚Šã¾ã›ã‚“。作æˆã—ã¾ã™ã‹ï¼Ÿ" -#: src/cryptsetup.c:1414 +#: src/cryptsetup.c:1499 #, c-format msgid "Cannot create header file %s." msgstr "ヘッダファイル %s を作æˆã§ãã¾ã›ã‚“。" -#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 -#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 -#: src/integritysetup.c:333 +#: src/cryptsetup.c:1522 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:324 src/integritysetup.c:332 +#: src/integritysetup.c:342 msgid "No known integrity specification pattern detected." msgstr "サãƒãƒ¼ãƒˆã—ã¦ã„ã‚‹æ•´åˆæ€§ç¢ºèªæ–¹å¼ãŒæ¤œå‡ºã•ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚" -#: src/cryptsetup.c:1450 +#: src/cryptsetup.c:1535 #, c-format msgid "Cannot use %s as on-disk header." msgstr "%s ã‚’ on-disk ヘッダã¨ã—ã¦ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:1474 src/integritysetup.c:181 +#: src/cryptsetup.c:1564 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "%s ã®ãƒ‡ãƒ¼ã‚¿ã‚’上書ãã—ã¾ã™ã€‚戻ã›ã¾ã›ã‚“。" -#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 -#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1601 +msgid "OPAL Admin password cannot be empty." +msgstr "OPAL 管ç†è€…パスワードã¯ç©ºã§ã¯ã„ã‘ã¾ã›ã‚“。" + +#: src/cryptsetup.c:1615 src/cryptsetup.c:2097 src/cryptsetup.c:2247 +#: src/cryptsetup.c:2407 src/cryptsetup.c:2473 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "pbkdf パラメータをè¨å®šã§ãã¾ã›ã‚“。" -#: src/cryptsetup.c:1593 +#: src/cryptsetup.c:1745 +msgid "Type specification in --link-vk-to-keyring keyring specification is ignored." +msgstr "--link-vk-to-keyring ã®ã‚ーリングスペックã¸ã®ã‚¿ã‚¤ãƒ—指定ã¯ç„¡è¦–ã•ã‚Œã¾ã—ãŸã€‚" + +#: src/cryptsetup.c:1765 +msgid "Invalid --link-vk-to-keyring value." +msgstr "--link-vk-to-keyring ã®å€¤ãŒä¸æ£ã§ã™ã€‚" + +#: src/cryptsetup.c:1805 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "分離ã•ã‚ŒãŸ LUKS ヘッダã§ã®ã¿å°‘ãªã„データオフセットãŒä½¿ãˆã¾ã™ã€‚" -#: src/cryptsetup.c:1600 +#: src/cryptsetup.c:1812 #, c-format msgid "LUKS file container %s is too small for activation, there is no remaining space for data." msgstr "LUKS ファイルコンテナ %s ãŒã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ãƒˆã™ã‚‹ã«ã¯å°ã•ã™ãŽã¾ã™ã€‚データ用ã®é ˜åŸŸã«ç©ºããŒã‚ã‚Šã¾ã›ã‚“。" -#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 +#: src/cryptsetup.c:1839 src/cryptsetup.c:2253 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "ã‚ースãƒãƒƒãƒˆã®ãªã„ LUKS ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ ã‚ーサイズãŒæ±ºå®šã§ããªã„ã®ã§ã€--key-size を使ã£ã¦ãã ã•ã„。" -#: src/cryptsetup.c:1658 +#: src/cryptsetup.c:1890 msgid "Device activated but cannot make flags persistent." msgstr "デãƒã‚¤ã‚¹ã¯ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ãƒˆã•ã‚Œã¾ã—ãŸãŒã€ãƒ•ãƒ©ã‚°ã‚’æ’常的ãªã‚‚ã®ã«ã§ãã¾ã›ã‚“。" -#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 +#: src/cryptsetup.c:1972 src/cryptsetup.c:2040 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "ã‚ースãƒãƒƒãƒˆ %d ã¯å‰Šé™¤å¯¾è±¡ã¨ã—ã¦é¸æŠžã•ã‚Œã¾ã—ãŸã€‚" -#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 +#: src/cryptsetup.c:1984 src/cryptsetup.c:2044 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "ã“ã‚Œã¯æœ€å¾Œã®ã‚ースãƒãƒƒãƒˆã§ã™ã€‚ã“ã®ã‚ーãŒãªããªã‚‹ã¨ãƒ‡ãƒã‚¤ã‚¹ã¯ä½¿ç”¨ä¸èƒ½ã«ãªã‚Šã¾ã™ã€‚" -#: src/cryptsetup.c:1750 +#: src/cryptsetup.c:1985 msgid "Enter any remaining passphrase: " msgstr "残ã£ã¦ã„るパスフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 +#: src/cryptsetup.c:1986 src/cryptsetup.c:2046 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "æ“作ã¯ä¸æ¢ã•ã‚Œã¾ã—ãŸã€‚ã‚ースãƒãƒƒãƒˆã¯æ¶ˆåŽ»ã•ã‚Œã¦ã„ã¾ã›ã‚“。\n" -#: src/cryptsetup.c:1787 +#: src/cryptsetup.c:2022 msgid "Enter passphrase to be deleted: " msgstr "削除ã™ã‚‹ã‚ーã®ãƒ‘スフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 -#: src/cryptsetup.c:2948 +#: src/cryptsetup.c:2072 src/cryptsetup.c:2456 src/cryptsetup.c:3114 +#: src/cryptsetup.c:3281 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "デãƒã‚¤ã‚¹ %s ã¯æœ‰åŠ¹ãª LUKS2 デãƒã‚¤ã‚¹ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 +#: src/cryptsetup.c:2111 src/cryptsetup.c:2330 msgid "Enter new passphrase for key slot: " msgstr "ã‚ースãƒãƒƒãƒˆã®æ–°ã—ã„パスフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:1968 +#: src/cryptsetup.c:2213 msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" msgstr "è¦å‘Š: --key-slot パラメータã¯æ–°ã—ã„ã‚ースãƒãƒƒãƒˆç•ªå·ã«ä½¿ã‚ã‚Œã¾ã™ã€‚\n" -#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:2286 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "有効ãªãƒ‘スフレーズをã©ã‚Œã‹å…¥åŠ›ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:2152 +#: src/cryptsetup.c:2411 msgid "Enter passphrase to be changed: " msgstr "変更ã™ã‚‹ã‚ーã®ãƒ‘スフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2427 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "æ–°ã—ã„ã‚ーã®ãƒ‘スフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:2218 +#: src/cryptsetup.c:2477 msgid "Enter passphrase for keyslot to be converted: " msgstr "変æ›ã•ã‚Œã‚‹ã‚ースãƒãƒƒãƒˆã®ãƒ‘スフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/cryptsetup.c:2242 +#: src/cryptsetup.c:2501 msgid "Only one device argument for isLuks operation is supported." msgstr "isLuks ã¯ä¸€ã¤ã®ãƒ‡ãƒã‚¤ã‚¹å¼•æ•°ã—ã‹ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: src/cryptsetup.c:2350 +#: src/cryptsetup.c:2609 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "ã‚ースãƒãƒƒãƒˆ %d 㯠unbound ã‚ーをå«ã‚“ã§ã„ã¾ã›ã‚“。" -#: src/cryptsetup.c:2355 +#: src/cryptsetup.c:2614 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2183,40 +2409,52 @@ msgstr "" "unbound ã‚ーを使ã£ãŸãƒ˜ãƒƒãƒ€ãƒ€ãƒ³ãƒ—ã¯å–り扱ã„ã«æ³¨æ„ã™ã¹ãæƒ…å ±ã§ã™ã€‚\n" "ã“ã®ãƒ€ãƒ³ãƒ—ã¯æš—å·åŒ–ã•ã‚ŒãŸå®‰å…¨ãªæ‰€ã«ä¿å˜ã—ã¦ãã ã•ã„。" -#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 +#: src/cryptsetup.c:2709 src/cryptsetup.c:2746 #, c-format msgid "%s is not active %s device name." msgstr "%s ã¯ã‚¢ã‚¯ãƒ†ã‚£ãƒ–㪠%s デãƒã‚¤ã‚¹ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: src/cryptsetup.c:2465 +#: src/cryptsetup.c:2741 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s ã¯ã‚¢ã‚¯ãƒ†ã‚£ãƒ–㪠LUKS デãƒã‚¤ã‚¹åã§ã¯ãªã„ã‹ã€ãƒ˜ãƒƒãƒ€ãŒã‚ã‚Šã¾ã›ã‚“。" -#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 +#: src/cryptsetup.c:2819 src/cryptsetup.c:2838 msgid "Option --header-backup-file is required." msgstr "オプション --header-backup-file ãŒå¿…è¦ã§ã™ã€‚" -#: src/cryptsetup.c:2577 +#: src/cryptsetup.c:2869 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s 㯠cryptsetup ã§ç®¡ç†ã•ã‚Œã¦ã„るデãƒã‚¤ã‚¹ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: src/cryptsetup.c:2588 +#: src/cryptsetup.c:2880 #, c-format msgid "Refresh is not supported for device type %s" msgstr "リフレッシュã¯ãƒ‡ãƒã‚¤ã‚¹ã‚¿ã‚¤ãƒ— %s ã§ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: src/cryptsetup.c:2638 +#: src/cryptsetup.c:2930 #, c-format msgid "Unrecognized metadata device type %s." msgstr "%s ã¯èªè˜ã§ããªã„メタデータデータタイプã§ã™ã€‚" -#: src/cryptsetup.c:2640 +#: src/cryptsetup.c:2932 msgid "Command requires device and mapped name as arguments." msgstr "コマンドã¯ãƒ‡ãƒã‚¤ã‚¹ã¨ãƒžãƒƒãƒ—ã•ã‚ŒãŸåå‰ã‚’引数ã¨ã—ã¦å¿…è¦ã¨ã—ã¾ã™ã€‚" -#: src/cryptsetup.c:2661 +#: src/cryptsetup.c:2942 +msgid "Enter OPAL PSID: " +msgstr "OPAL PSID を入力ã—ã¦ãã ã•ã„: " + +#: src/cryptsetup.c:2942 +msgid "Enter OPAL Admin password: " +msgstr "OPAL 管ç†è€…パスワードを入力ã—ã¦ãã ã•ã„: " + +#: src/cryptsetup.c:2951 +msgid "WARNING: WHOLE disk will be factory reset and all data will be lost! Continue?" +msgstr "è¦å‘Š: ディスク「全体ã€ãŒå‡ºè·çŠ¶æ…‹ã«ãƒªã‚»ãƒƒãƒˆã•ã‚Œã€ãƒ‡ãƒ¼ã‚¿ã¯å…¨ã¦æ¶ˆå¤±ã—ã¾ã™ï¼ç¶šã‘ã¾ã™ã‹ï¼Ÿ" + +#: src/cryptsetup.c:2994 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2225,351 +2463,351 @@ msgstr "" "ã“ã®å‡¦ç†ã¯ãƒ‡ãƒã‚¤ã‚¹ %s ã®å…¨ã¦ã®ã‚ースãƒãƒƒãƒˆã‚’消去ã—ã¾ã™ã€‚\n" "デãƒã‚¤ã‚¹ã®ãƒ‡ãƒ¼ã‚¿ã¯ä½¿ç”¨ã§ããªããªã‚Šã¾ã™ã€‚" -#: src/cryptsetup.c:2668 +#: src/cryptsetup.c:3001 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "処ç†ã¯ä¸æ¢ã•ã‚Œã¾ã—ãŸã€‚ã‚ースãƒãƒƒãƒˆã¯æ¶ˆåŽ»ã•ã‚Œã¾ã›ã‚“。\n" -#: src/cryptsetup.c:2707 +#: src/cryptsetup.c:3040 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "ä¸æ£ãª LUKS タイプã§ã™ã€‚luks1 㨠luks2 ã—ã‹ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: src/cryptsetup.c:2723 +#: src/cryptsetup.c:3056 #, c-format msgid "Device is already %s type." msgstr "デãƒã‚¤ã‚¹ã¯æ—¢ã«ã‚¿ã‚¤ãƒ— %s ã§ã™ã€‚" -#: src/cryptsetup.c:2730 +#: src/cryptsetup.c:3063 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "ã“ã®å‡¦ç†ã¯ %s ã‹ã‚‰ %s フォーマットã«å¤‰æ›ã—ã¾ã™ã€‚\n" -#: src/cryptsetup.c:2733 +#: src/cryptsetup.c:3066 msgid "Operation aborted, device was NOT converted.\n" msgstr "処ç†ã¯ä¸æ¢ã•ã‚Œã¾ã—ãŸã€‚デãƒã‚¤ã‚¹ã¯å¤‰æ›ã•ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚\n" -#: src/cryptsetup.c:2773 +#: src/cryptsetup.c:3106 msgid "Option --priority, --label or --subsystem is missing." msgstr "オプション --priority, --label ã‹ --subsystem ãŒã‚ã‚Šã¾ã›ã‚“。" -#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 +#: src/cryptsetup.c:3140 src/cryptsetup.c:3180 src/cryptsetup.c:3200 #, c-format msgid "Token %d is invalid." msgstr "トークン %d ã¯ä¸æ£ã§ã™ã€‚" -#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 +#: src/cryptsetup.c:3143 src/cryptsetup.c:3203 #, c-format msgid "Token %d in use." msgstr "トークン %d ã¯ä½¿ç”¨ä¸ã§ã™ã€‚" -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3155 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "luks2-ã‚ーリングトークン %d ã‚’è¿½åŠ ã§ãã¾ã›ã‚“ã§ã—ãŸã€‚" -#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3229 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "トークン %d ã‚’ã‚ースãƒãƒƒãƒˆ %d ã«å‰²ã‚Šã‚ã¦ã‚‰ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚" -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3183 #, c-format msgid "Token %d is not in use." msgstr "トークン %d ã¯ä½¿ã‚ã‚Œã¦ã„ã¾ã›ã‚“。" -#: src/cryptsetup.c:2887 +#: src/cryptsetup.c:3220 msgid "Failed to import token from file." msgstr "ファイルã‹ã‚‰ãƒˆãƒ¼ã‚¯ãƒ³ã‚’インãƒãƒ¼ãƒˆã§ãã¾ã›ã‚“。" -#: src/cryptsetup.c:2912 +#: src/cryptsetup.c:3245 #, c-format msgid "Failed to get token %d for export." msgstr "トークン %d をエクスãƒãƒ¼ãƒˆã®ãŸã‚ã«å–å¾—ã§ãã¾ã›ã‚“ã§ã—ãŸã€‚" -#: src/cryptsetup.c:2925 +#: src/cryptsetup.c:3258 #, c-format msgid "Token %d is not assigned to keyslot %d." msgstr "トークン %d ã‚’ã‚ースãƒãƒƒãƒˆ %d ã«å‰²ã‚Šã‚ã¦ã‚‰ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚" -#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#: src/cryptsetup.c:3260 src/cryptsetup.c:3267 #, c-format msgid "Failed to unassign token %d from keyslot %d." msgstr "トークン %d ã‚’ã‚ースãƒãƒƒãƒˆ %d ã®å‰²ã‚Šå½“ã¦ã‹ã‚‰è§£é™¤ã§ãã¾ã›ã‚“ã§ã—ãŸã€‚" -#: src/cryptsetup.c:2983 +#: src/cryptsetup.c:3326 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "--tcrypt-hidden 㨠--tcrypt-system 㨠--tcrypt-backup 㯠TCRYPT デãƒã‚¤ã‚¹ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:2986 +#: src/cryptsetup.c:3329 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "--veracrypt ã‚„ --disable-veracrypt 㯠TCRYPT デãƒã‚¤ã‚¹ã§ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:2989 +#: src/cryptsetup.c:3332 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "--veracrypt-pim 㯠VeraCrypt 互æ›ãƒ‡ãƒã‚¤ã‚¹ã«ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:2993 +#: src/cryptsetup.c:3336 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "--veracrypt-query-pim 㯠VeraCrypt 互æ›ãƒ‡ãƒã‚¤ã‚¹ã«ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:2995 +#: src/cryptsetup.c:3338 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "--veracrypt-pim 㨠--veracrypt-query-pim ã¯ã©ã¡ã‚‰ã‹ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3004 +#: src/cryptsetup.c:3347 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "--persistent 㯠--test-passphrase ã¨ä¸€ç·’ã«ã¯ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3007 +#: src/cryptsetup.c:3350 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "--refresh 㨠--test-passphrase ã¯åŒæ™‚ã«ã¯ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3010 +#: src/cryptsetup.c:3353 msgid "Option --shared is allowed only for open of plain device." msgstr "--shared 㯠plain デãƒã‚¤ã‚¹ã® open ã«ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3013 +#: src/cryptsetup.c:3356 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "--skip 㯠plain ã‹ loopaes デãƒã‚¤ã‚¹ã® open ã«ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3016 +#: src/cryptsetup.c:3359 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "--offset 㯠plain ã‹ loopaes デãƒã‚¤ã‚¹ã® open ã«ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3019 +#: src/cryptsetup.c:3362 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "--tcrypt-hidden 㯠--allow-discards ã¨ä¸€ç·’ã«ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3023 +#: src/cryptsetup.c:3366 msgid "Sector size option with open action is supported only for plain devices." msgstr "オープン時ã®ã‚»ã‚¯ã‚¿ã‚µã‚¤ã‚ºã‚ªãƒ—ション㯠plain デãƒã‚¤ã‚¹ã§ã—ã‹ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: src/cryptsetup.c:3027 +#: src/cryptsetup.c:3370 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "大ã㪠IV セクタオプション㯠plain タイプã§ã‚»ã‚¯ã‚¿ã‚µã‚¤ã‚ºãŒ 512 ãƒã‚¤ãƒˆã‚ˆã‚Šå¤§ãã„ã‚‚ã®ã‚’オープンã™ã‚‹æ™‚ã—ã‹ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。" -#: src/cryptsetup.c:3032 +#: src/cryptsetup.c:3375 msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." msgstr "--test-passphrase 㯠LUKS ã‹ TCRYPT ã‹ BITLK ã‹ FVAULT2 デãƒã‚¤ã‚¹ã® open ã«ã—ã‹ä½¿ãˆã¾ã›ã‚“。." -#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 +#: src/cryptsetup.c:3378 src/cryptsetup.c:3401 msgid "Options --device-size and --size cannot be combined." msgstr "--device-size 㨠--size ã¯ä¸€ç·’ã«ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3038 +#: src/cryptsetup.c:3381 msgid "Option --unbound is allowed only for open of luks device." msgstr "オプション --unbound 㯠luks デãƒã‚¤ã‚¹ã® open ã«ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3041 +#: src/cryptsetup.c:3384 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "オプション --unbound 㯠--test-passphrase ãŒãªã„ã¨ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 +#: src/cryptsetup.c:3393 src/veritysetup.c:671 src/integritysetup.c:767 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "オプション --cancel-deferred 㨠--deferred ã¯åŒæ™‚ã«ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3066 -msgid "Options --reduce-device-size and --data-size cannot be combined." -msgstr "オプション --reduce-device-size 㨠--data-size ã¯ä¸€ç·’ã«ä½¿ãˆã¾ã›ã‚“。" +#: src/cryptsetup.c:3409 +msgid "Options --reduce-device-size and --device-size cannot be combined." +msgstr "オプション --reduce-device-size 㨠--device-size ã¯ä¸€ç·’ã«ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3069 +#: src/cryptsetup.c:3412 msgid "Option --active-name can be set only for LUKS2 device." msgstr "オプション --active-name㯠LUKS2 デãƒã‚¤ã‚¹ã§ã—ã‹è¨å®šã§ãã¾ã›ã‚“。" -#: src/cryptsetup.c:3072 +#: src/cryptsetup.c:3415 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "オプション --active-name 㨠--force-offline-reencrypt ã¯ä¸€ç·’ã«ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 +#: src/cryptsetup.c:3423 src/cryptsetup.c:3453 msgid "Keyslot specification is required." msgstr "ã‚ースãƒãƒƒãƒˆã®æŒ‡å®šãŒå¿…è¦ã§ã™ã€‚" -#: src/cryptsetup.c:3088 +#: src/cryptsetup.c:3431 msgid "Options --align-payload and --offset cannot be combined." msgstr "--align-payload 㨠--offset ã¯ä¸€ç·’ã«ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3091 +#: src/cryptsetup.c:3434 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "--integrity-no-wipe 㯠format 㧠integrity extension 付ãã®æ™‚ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3094 +#: src/cryptsetup.c:3437 msgid "Only one of --use-[u]random options is allowed." msgstr "--use-[u]random ã¯ä¸€ã¤ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3102 +#: src/cryptsetup.c:3445 msgid "Key size is required with --unbound option." msgstr "--unbound ã«ã¯ã‚ーサイズãŒå¿…è¦ã§ã™ã€‚" -#: src/cryptsetup.c:3122 +#: src/cryptsetup.c:3465 msgid "Invalid token action." msgstr "ä¸æ£ãªãƒˆãƒ¼ã‚¯ãƒ³ã‚¢ã‚¯ã‚·ãƒ§ãƒ³ã§ã™ã€‚" -#: src/cryptsetup.c:3125 +#: src/cryptsetup.c:3468 msgid "--key-description parameter is mandatory for token add action." msgstr "--key-description ã¯ãƒˆãƒ¼ã‚¯ãƒ³è¿½åŠ ã«ã¯å¿…é ˆã§ã™ã€‚" -#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 +#: src/cryptsetup.c:3472 src/cryptsetup.c:3485 msgid "Action requires specific token. Use --token-id parameter." msgstr "トークンを必è¦ã¨ã—ã¦ã„ã¾ã™ã€‚--token-id を使用ã—ã¦ãã ã•ã„。" -#: src/cryptsetup.c:3133 +#: src/cryptsetup.c:3476 msgid "Option --unbound is valid only with token add action." msgstr "オプション --unbound ã¯ãƒˆãƒ¼ã‚¯ãƒ³ã®è¿½åŠ ã«ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3135 +#: src/cryptsetup.c:3478 msgid "Options --key-slot and --unbound cannot be combined." msgstr "--key-slot 㨠--unbound ã¯ä¸€ç·’ã«ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3140 +#: src/cryptsetup.c:3483 msgid "Action requires specific keyslot. Use --key-slot parameter." msgstr "特定ã®ã‚ースãƒãƒƒãƒˆã‚’å¿…è¦ã¨ã—ã¦ã„ã¾ã™ã€‚--key-slot を使用ã—ã¦ãã ã•ã„。" -#: src/cryptsetup.c:3156 +#: src/cryptsetup.c:3499 msgid "<device> [--type <type>] [<name>]" msgstr "<デãƒã‚¤ã‚¹> [--type <タイプ>] [<åå‰>]" -#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 +#: src/cryptsetup.c:3499 src/veritysetup.c:491 src/integritysetup.c:544 msgid "open device as <name>" msgstr "デãƒã‚¤ã‚¹ã‚’ <åå‰> ã¨ã—ã¦ã‚ªãƒ¼ãƒ—ン" -#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 -#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 -#: src/integritysetup.c:537 src/integritysetup.c:539 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3501 src/cryptsetup.c:3502 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:545 +#: src/integritysetup.c:546 src/integritysetup.c:548 msgid "<name>" msgstr "<åå‰>" -#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 +#: src/cryptsetup.c:3500 src/veritysetup.c:492 src/integritysetup.c:545 msgid "close device (remove mapping)" msgstr "デãƒã‚¤ã‚¹ã‚’クãƒãƒ¼ã‚ºã—ã¾ã™ (マッピングを削除ã—ã¾ã™)" -#: src/cryptsetup.c:3158 src/integritysetup.c:539 +#: src/cryptsetup.c:3501 src/integritysetup.c:548 msgid "resize active device" msgstr "アクティブデãƒã‚¤ã‚¹ã‚’リサイズ" -#: src/cryptsetup.c:3159 +#: src/cryptsetup.c:3502 msgid "show device status" msgstr "デãƒã‚¤ã‚¹ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã‚’表示" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "[--cipher <cipher>]" msgstr "[--cipher <æš—å·>]" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "benchmark cipher" msgstr "æš—å·ãƒ™ãƒ³ãƒãƒžãƒ¼ã‚¯" -#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 -#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 -#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 -#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 -#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 +#: src/cryptsetup.c:3504 src/cryptsetup.c:3505 src/cryptsetup.c:3506 +#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3515 +#: src/cryptsetup.c:3516 src/cryptsetup.c:3517 src/cryptsetup.c:3518 +#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521 +#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524 msgid "<device>" msgstr "<デãƒã‚¤ã‚¹>" -#: src/cryptsetup.c:3161 +#: src/cryptsetup.c:3504 msgid "try to repair on-disk metadata" msgstr "on-disk メタデータを修復ã—よã†ã¨ã—ã¦ã„ã¾ã™" -#: src/cryptsetup.c:3162 +#: src/cryptsetup.c:3505 msgid "reencrypt LUKS2 device" msgstr "LUKS2 デãƒã‚¤ã‚¹ã‚’å†æš—å·åŒ–" -#: src/cryptsetup.c:3163 +#: src/cryptsetup.c:3506 msgid "erase all keyslots (remove encryption key)" msgstr "å…¨ã¦ã®ã‚ースãƒãƒƒãƒˆã‚’消去ã—ã¾ã™ (æš—å·éµã‚‚削除ã—ã¾ã™)" -#: src/cryptsetup.c:3164 +#: src/cryptsetup.c:3507 msgid "convert LUKS from/to LUKS2 format" msgstr "LUKS2 ã‹ã‚‰ LUKS ã‚‚ã—ã㯠LUKS ã‹ã‚‰ LUKS2 å½¢å¼ã«å¤‰æ›ã—ã¾ã™" -#: src/cryptsetup.c:3165 +#: src/cryptsetup.c:3508 msgid "set permanent configuration options for LUKS2" msgstr "LUKS2 ã® permanent configuration オプションをè¨å®šã—ã¾ã™" -#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 +#: src/cryptsetup.c:3509 src/cryptsetup.c:3510 msgid "<device> [<new key file>]" msgstr "<デãƒã‚¤ã‚¹> [<æ–°ã—ã„ã‚ーファイル>]" -#: src/cryptsetup.c:3166 +#: src/cryptsetup.c:3509 msgid "formats a LUKS device" msgstr "LUKS デãƒã‚¤ã‚¹ã‚’フォーマットã—ã¾ã™" -#: src/cryptsetup.c:3167 +#: src/cryptsetup.c:3510 msgid "add key to LUKS device" msgstr "LUKS デãƒã‚¤ã‚¹ã«ã‚ãƒ¼ã‚’è¿½åŠ ã—ã¾ã™" -#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 +#: src/cryptsetup.c:3511 src/cryptsetup.c:3512 src/cryptsetup.c:3513 msgid "<device> [<key file>]" msgstr "<デãƒã‚¤ã‚¹> [<ã‚ーファイル>]" -#: src/cryptsetup.c:3168 +#: src/cryptsetup.c:3511 msgid "removes supplied key or key file from LUKS device" msgstr "与ãˆã‚‰ã‚ŒãŸã‚ーã‹ã‚ーファイルを LUKS デãƒã‚¤ã‚¹ã‹ã‚‰å‰Šé™¤ã—ã¾ã™ã€‚" -#: src/cryptsetup.c:3169 +#: src/cryptsetup.c:3512 msgid "changes supplied key or key file of LUKS device" msgstr "与ãˆã‚‰ã‚ŒãŸ LUKS デãƒã‚¤ã‚¹ã®ã‚ーã‹ã‚ーファイルを変更ã—ã¾ã™" -#: src/cryptsetup.c:3170 +#: src/cryptsetup.c:3513 msgid "converts a key to new pbkdf parameters" msgstr "ã‚ーを新ã—ã„ pbkdf パラメータã«å¤‰æ›ã—ã¾ã™" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "<device> <key slot>" msgstr "<デãƒã‚¤ã‚¹> <ã‚ースãƒãƒƒãƒˆ>" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "wipes key with number <key slot> from LUKS device" msgstr "<ã‚ースãƒãƒƒãƒˆ>ã®ã‚ーを LUKS デãƒã‚¤ã‚¹ã‹ã‚‰å‰Šé™¤ã—ã¾ã™" -#: src/cryptsetup.c:3172 +#: src/cryptsetup.c:3515 msgid "print UUID of LUKS device" msgstr "LUKS デãƒã‚¤ã‚¹ã® UUID を表示" -#: src/cryptsetup.c:3173 +#: src/cryptsetup.c:3516 msgid "tests <device> for LUKS partition header" msgstr "<デãƒã‚¤ã‚¹> ã® LUKS パーティションヘッダをテストã—ã¾ã™" -#: src/cryptsetup.c:3174 +#: src/cryptsetup.c:3517 msgid "dump LUKS partition information" msgstr "LUKS ãƒ‘ãƒ¼ãƒ†ã‚£ã‚·ãƒ§ãƒ³æƒ…å ±ã‚’ãƒ€ãƒ³ãƒ—ã—ã¾ã™" -#: src/cryptsetup.c:3175 +#: src/cryptsetup.c:3518 msgid "dump TCRYPT device information" msgstr "TCRYPT デãƒã‚¤ã‚¹æƒ…å ±ã‚’ãƒ€ãƒ³ãƒ—ã—ã¾ã™" -#: src/cryptsetup.c:3176 +#: src/cryptsetup.c:3519 msgid "dump BITLK device information" msgstr "BITLK デãƒã‚¤ã‚¹æƒ…å ±ã‚’ãƒ€ãƒ³ãƒ—ã—ã¾ã™" -#: src/cryptsetup.c:3177 +#: src/cryptsetup.c:3520 msgid "dump FVAULT2 device information" msgstr "FVAULT2 デãƒã‚¤ã‚¹æƒ…å ±ã‚’ãƒ€ãƒ³ãƒ—ã—ã¾ã™" -#: src/cryptsetup.c:3178 +#: src/cryptsetup.c:3521 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "LUKS デãƒã‚¤ã‚¹ã‚’åœæ¢ã—ã¦ã‚ーを削除ã—ã¾ã™ (å…¨ã¦ã®I/Oã¯åœæ¢ã—ã¾ã™)" -#: src/cryptsetup.c:3179 +#: src/cryptsetup.c:3522 msgid "Resume suspended LUKS device" msgstr "åœæ¢ã—ã¦ã„㟠LUKS デãƒã‚¤ã‚¹ã‚’å†é–‹ã—ã¾ã™" -#: src/cryptsetup.c:3180 +#: src/cryptsetup.c:3523 msgid "Backup LUKS device header and keyslots" msgstr "LUKS デãƒã‚¤ã‚¹ãƒ˜ãƒƒãƒ€ã¨ã‚ースãƒãƒƒãƒˆã‚’ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã—ã¾ã™" -#: src/cryptsetup.c:3181 +#: src/cryptsetup.c:3524 msgid "Restore LUKS device header and keyslots" msgstr "LUKS デãƒã‚¤ã‚¹ãƒ˜ãƒƒãƒ€ã¨ã‚ースãƒãƒƒãƒˆã‚’リストアã—ã¾ã™" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "<add|remove|import|export> <device>" msgstr "<add|remove|import|export> <デãƒã‚¤ã‚¹>" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "Manipulate LUKS2 tokens" msgstr "LUKS2 トークンをæ“作ã—ã¾ã™" -#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 +#: src/cryptsetup.c:3544 src/veritysetup.c:509 src/integritysetup.c:563 msgid "" "\n" "<action> is one of:\n" @@ -2577,7 +2815,7 @@ msgstr "" "\n" "<action> ã¯ä»¥ä¸‹ã®ã†ã¡ã®ä¸€ã¤ã§ã™:\n" -#: src/cryptsetup.c:3207 +#: src/cryptsetup.c:3550 msgid "" "\n" "You can also use old <action> syntax aliases:\n" @@ -2589,7 +2827,7 @@ msgstr "" "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:3211 +#: src/cryptsetup.c:3554 #, c-format msgid "" "\n" @@ -2604,7 +2842,7 @@ msgstr "" "<ã‚ースãƒãƒƒãƒˆ> ã¯å¤‰æ›´ã™ã‚‹ LUKS ã‚ースãƒãƒƒãƒˆç•ªå·\n" "<ã‚ーファイル> 㯠luskAddKey ã§ã‚ªãƒ—ションã§ä¸Žãˆã‚‰ã‚Œã‚‹æ–°ã—ã„ã‚ーã®ã‚ーファイル\n" -#: src/cryptsetup.c:3218 +#: src/cryptsetup.c:3561 #, c-format msgid "" "\n" @@ -2613,29 +2851,28 @@ msgstr "" "\n" "デフォルトã®ã‚³ãƒ³ãƒ‘イル時ã«æ±ºã‚られãŸãƒ¡ã‚¿ãƒ‡ãƒ¼ã‚¿å½¢å¼ã¯ %s ã§ã™(luksFormat ã§ä½¿ã‚ã‚Œã¾ã™)。\n" -#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 -#, c-format +#: src/cryptsetup.c:3566 msgid "" "\n" -"LUKS2 external token plugin support is %s.\n" +"LUKS2 external token plugin support is enabled.\n" msgstr "" "\n" -"LUKS2 外部トークンプラグインサãƒãƒ¼ãƒˆ: %s\n" - -#: src/cryptsetup.c:3223 -msgid "compiled-in" -msgstr "本体ã«å†…蔵" +"LUKS2 外部トークンプラグインサãƒãƒ¼ãƒˆã¯æœ‰åŠ¹ã§ã™ã€‚\n" -#: src/cryptsetup.c:3224 +#: src/cryptsetup.c:3567 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "LUKS2 外部トークンプラグインパス: %s.\n" -#: src/cryptsetup.c:3226 -msgid "disabled" -msgstr "利用ä¸å¯" +#: src/cryptsetup.c:3569 +msgid "" +"\n" +"LUKS2 external token plugin support is disabled.\n" +msgstr "" +"\n" +"LUKS2 外部トークンプラグインサãƒãƒ¼ãƒˆã¯ç„¡åŠ¹ã§ã™ã€‚\n" -#: src/cryptsetup.c:3230 +#: src/cryptsetup.c:3573 #, c-format msgid "" "\n" @@ -2652,7 +2889,7 @@ msgstr "" "デフォルト LUKS2 å‘ã‘ PBKDF: %s\n" "\tç¹°ã‚Šè¿”ã™æ™‚é–“: %d, 使ã†ãƒ¡ãƒ¢ãƒª: %dkB, 並列スレッド: %d\n" -#: src/cryptsetup.c:3241 +#: src/cryptsetup.c:3584 #, c-format msgid "" "\n" @@ -2667,96 +2904,100 @@ msgstr "" "\tplain: %s, ã‚ー: %d ビット, パスワードãƒãƒƒã‚·ãƒ¥: %s\n" "\tLUKS: %s, ã‚ー: %d ビット, LUKS ヘッダãƒãƒƒã‚·ãƒ¥: %s, 乱数生æˆ: %s\n" -#: src/cryptsetup.c:3250 +#: src/cryptsetup.c:3593 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: XTS モードã®ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã‚ーサイズ㯠(2ã¤ã®å†…部ã‚ーãŒã‚ã‚‹ãŸã‚) å€ã«ãªã‚Šã¾ã™ã€‚\n" -#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 +#: src/cryptsetup.c:3611 src/veritysetup.c:651 src/integritysetup.c:723 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: 㯠%s を引数ã§ä¸Žãˆã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™" -#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 +#: src/cryptsetup.c:3651 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "ã‚ースãƒãƒƒãƒˆã¯ä¸æ£ã§ã™ã€‚" -#: src/cryptsetup.c:3335 +#: src/cryptsetup.c:3678 msgid "Device size must be multiple of 512 bytes sector." msgstr "デãƒã‚¤ã‚¹ã‚µã‚¤ã‚ºã¯ 512 ãƒã‚¤ãƒˆã‚»ã‚¯ã‚¿ã®å€æ•°ã§ã‚ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" -#: src/cryptsetup.c:3340 +#: src/cryptsetup.c:3683 msgid "Invalid max reencryption hotzone size specification." msgstr "å†æš—å·åŒ–ホットゾーン最大サイズã®æŒ‡å®šãŒä¸æ£ã§ã™ã€‚" -#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 +#: src/cryptsetup.c:3697 src/cryptsetup.c:3709 msgid "Key size must be a multiple of 8 bits" msgstr "ã‚ーサイズ㯠8bit ã®å€æ•°ã§ãªã‘ã‚Œã°ãªã‚Šã¾ã›ã‚“" -#: src/cryptsetup.c:3371 +#: src/cryptsetup.c:3714 msgid "Maximum device reduce size is 1 GiB." msgstr "デãƒã‚¤ã‚¹ã‚’減らã›ã‚‹æœ€å¤§å€¤ã¯ 1 GiB ã§ã™ã€‚" -#: src/cryptsetup.c:3374 +#: src/cryptsetup.c:3717 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "減らã™ã‚µã‚¤ã‚ºã¯ 512 ãƒã‚¤ãƒˆã‚»ã‚¯ã‚¿ã®å€æ•°ã§ã‚ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" -#: src/cryptsetup.c:3391 +#: src/cryptsetup.c:3734 msgid "Option --priority can be only ignore/normal/prefer." msgstr "--priority ã®å¼•æ•°ã¯ ignore/normal/prefer ã®ã„ãšã‚Œã‹ã®ã¿ã§ã™ã€‚" -#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 +#: src/cryptsetup.c:3753 src/veritysetup.c:572 src/integritysetup.c:643 msgid "Show this help message" msgstr "ã“ã®ãƒ˜ãƒ«ãƒ—を表示ã—ã¾ã™" -#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 +#: src/cryptsetup.c:3754 src/veritysetup.c:573 src/integritysetup.c:644 msgid "Display brief usage" msgstr "コンパクトãªä½¿ç”¨æ³•è¡¨ç¤ºã‚’ã—ã¾ã™" -#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 +#: src/cryptsetup.c:3755 src/veritysetup.c:574 src/integritysetup.c:645 msgid "Print package version" msgstr "パッケージã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’表示" -#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 +#: src/cryptsetup.c:3766 src/veritysetup.c:585 src/integritysetup.c:656 msgid "Help options:" msgstr "ヘルプオプション:" -#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 +#: src/cryptsetup.c:3789 src/veritysetup.c:606 src/integritysetup.c:676 msgid "[OPTION...] <action> <action-specific>" msgstr "[オプション...] <アクション> <アクション特有>" -#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 +#: src/cryptsetup.c:3798 src/veritysetup.c:615 src/integritysetup.c:687 msgid "Argument <action> missing." msgstr "<アクション> ãŒã‚ã‚Šã¾ã›ã‚“。" -#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 +#: src/cryptsetup.c:3877 src/veritysetup.c:646 src/integritysetup.c:718 msgid "Unknown action." msgstr "未知ã®ã‚¢ã‚¯ã‚·ãƒ§ãƒ³ã§ã™ã€‚" -#: src/cryptsetup.c:3546 +#: src/cryptsetup.c:3895 msgid "Option --key-file takes precedence over specified key file argument." msgstr "--key-file ã¯ä»–ã§æŒ‡å®šã•ã‚ŒãŸã‚ーファイルを上書ãã—ã¾ã™ã€‚" -#: src/cryptsetup.c:3552 +#: src/cryptsetup.c:3901 msgid "Only one --key-file argument is allowed." msgstr "--key-file ã¯ä¸€ã¤ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/cryptsetup.c:3557 +#: src/cryptsetup.c:3906 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "パスワードã‹ã‚‰ã‚ーを作る関数 (PBKDF) 㯠pbkdf2 argon2i argon2id ã®ã„ãšã‚Œã‹ã®ã¿ã§ã™ã€‚" -#: src/cryptsetup.c:3562 +#: src/cryptsetup.c:3911 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "PBKDF ã®ç¹°ã‚Šè¿”ã—回数ã®å¼·åˆ¶ã¨ç¹°ã‚Šè¿”ã—時間指定オプションã¯å…±å˜ã§ãã¾ã›ã‚“。" -#: src/cryptsetup.c:3573 +#: src/cryptsetup.c:3916 +msgid "Cannot link volume key to a keyring when keyring is disabled." +msgstr "ã‚ーリングãŒç„¡åŠ¹åŒ–ã•ã‚Œã¦ã„ã‚‹ãŸã‚ボリュームã‚ーをã‚ーリングã«ãƒªãƒ³ã‚¯ã§ãã¾ã›ã‚“。" + +#: src/cryptsetup.c:3927 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "--keyslot-cipher 㨠--keyslot-key-size ã¯åŒæ™‚ã«ä½¿ã†å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" -#: src/cryptsetup.c:3581 +#: src/cryptsetup.c:3935 msgid "No action taken. Invoked with --test-args option.\n" msgstr "--test-args オプションã¤ãã ã£ãŸãŸã‚ã€ä½•ã‚‚ã—ã¾ã›ã‚“。\n" -#: src/cryptsetup.c:3594 +#: src/cryptsetup.c:3948 msgid "Cannot disable metadata locking." msgstr "メタデータãƒãƒƒã‚¯ã‚’ç¦æ¢ã§ãã¾ã›ã‚“。" @@ -2821,7 +3062,7 @@ msgstr "コマンド㯠<root_hash> ã‹ --root-hash-file ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’å¼•æ• msgid "<data_device> <hash_device>" msgstr "<データデãƒã‚¤ã‚¹> <ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒã‚¤ã‚¹>" -#: src/veritysetup.c:489 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:543 msgid "format device" msgstr "デãƒã‚¤ã‚¹ã‚’フォーマット" @@ -2837,7 +3078,7 @@ msgstr "デãƒã‚¤ã‚¹ã‚’検証" msgid "<data_device> <name> <hash_device> [<root_hash>]" msgstr "<データデãƒã‚¤ã‚¹> <åå‰> <ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒã‚¤ã‚¹> [<ルートãƒãƒƒã‚·ãƒ¥>]" -#: src/veritysetup.c:493 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:546 msgid "show active device status" msgstr "アクティブデãƒã‚¤ã‚¹ã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã‚’表示" @@ -2845,7 +3086,7 @@ msgstr "アクティブデãƒã‚¤ã‚¹ã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã‚’表示" msgid "<hash_device>" msgstr "<ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒã‚¤ã‚¹>" -#: src/veritysetup.c:494 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:547 msgid "show on-disk information" msgstr "ディスク上ã®æƒ…å ±ã‚’è¡¨ç¤º" @@ -2875,11 +3116,11 @@ msgstr "" "コンパイル時ã«æ±ºã‚㟠dm-verity ã®ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆãƒ‘ラメータ:\n" "\tãƒãƒƒã‚·ãƒ¥: %s, データブãƒãƒƒã‚¯ (ãƒã‚¤ãƒˆ): %u, ãƒãƒƒã‚·ãƒ¥ãƒ–ãƒãƒƒã‚¯ (ãƒã‚¤ãƒˆ): %u, ソルトサイズ: %u, ãƒãƒƒã‚·ãƒ¥ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆ: %u\n" -#: src/veritysetup.c:658 +#: src/veritysetup.c:661 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "--ignore-corruption 㨠--restart-on-corruption ã¯åŒæ™‚ã«ä½¿ãˆã¾ã›ã‚“。" -#: src/veritysetup.c:663 +#: src/veritysetup.c:666 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "--panic-on-corruption 㨠--restart-on-corruption ã¯åŒæ™‚ã«ä½¿ãˆã¾ã›ã‚“。" @@ -2892,29 +3133,29 @@ msgstr "" "%s 㨠%s ã®ãƒ‡ãƒ¼ã‚¿ã‚’復元ä¸èƒ½ãªå½¢ã§ä¸Šæ›¸ãã—ã¾ã™ã€‚\n" "データデãƒã‚¤ã‚¹ã‚’ä¿æŒã™ã‚‹ã«ã¯ã‚ªãƒ—ション --no-wipe を使ã£ã¦ãã ã•ã„ (ãã®å¾Œã€--integrity-recalculate を付ã‘ã¦ã‚¢ã‚¯ãƒ†ã‚£ãƒ™ãƒ¼ãƒˆã—ã¦ãã ã•ã„)。" -#: src/integritysetup.c:212 +#: src/integritysetup.c:217 #, c-format msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "タグサイズ %uã€å†…部整åˆæ€§ã¯ %s ã§ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã•ã‚Œã¾ã—ãŸã€‚\n" -#: src/integritysetup.c:289 +#: src/integritysetup.c:298 msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." msgstr "å†è¨ˆç®—フラグã®è¨å®šã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。代ã‚ã‚Šã« --wipe を使ã†ã“ã¨ã‚’検討ã—ã¦ãã ã•ã„。" -#: src/integritysetup.c:364 src/integritysetup.c:521 +#: src/integritysetup.c:373 src/integritysetup.c:530 #, c-format msgid "Device %s is not a valid INTEGRITY device." msgstr "デãƒã‚¤ã‚¹ %s ãŒæœ‰åŠ¹ãª INTEGRITY デãƒã‚¤ã‚¹ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: src/integritysetup.c:534 src/integritysetup.c:538 +#: src/integritysetup.c:543 src/integritysetup.c:547 msgid "<integrity_device>" msgstr "<æ•´åˆæ€§ãƒ‡ãƒã‚¤ã‚¹>" -#: src/integritysetup.c:535 +#: src/integritysetup.c:544 msgid "<integrity_device> <name>" msgstr "<æ•´åˆæ€§ãƒ‡ãƒã‚¤ã‚¹> <åå‰>" -#: src/integritysetup.c:558 +#: src/integritysetup.c:567 #, c-format msgid "" "\n" @@ -2925,7 +3166,7 @@ msgstr "" "<åå‰> 㯠%s ã«ä½œã‚‰ã‚Œã‚‹ãƒ‡ãƒã‚¤ã‚¹\n" "<æ•´åˆæ€§ãƒ‡ãƒã‚¤ã‚¹> ã¯æ•´åˆæ€§ã‚¿ã‚°ã‚’æ ¼ç´ã™ã‚‹ãƒ‡ãƒã‚¤ã‚¹\n" -#: src/integritysetup.c:563 +#: src/integritysetup.c:572 #, c-format msgid "" "\n" @@ -2938,40 +3179,40 @@ msgstr "" "\tãƒã‚§ãƒƒã‚¯ã‚µãƒ アルゴリズム: %s\n" " 最大ã‚ーファイルサイズ: %dkB\n" -#: src/integritysetup.c:620 +#: src/integritysetup.c:629 #, c-format msgid "Invalid --%s size. Maximum is %u bytes." msgstr "ä¸æ£ãª --%s サイズã§ã™ã€‚最大㯠%u ãƒã‚¤ãƒˆã§ã™ã€‚" -#: src/integritysetup.c:720 +#: src/integritysetup.c:732 msgid "Both key file and key size options must be specified." msgstr "ã‚ーファイルã¨ã‚ーサイズã®ä¸¡æ–¹ã®æŒ‡å®šãŒå¿…è¦ã§ã™ã€‚" -#: src/integritysetup.c:724 +#: src/integritysetup.c:736 msgid "Both journal integrity key file and key size options must be specified." msgstr "ジャーナル整åˆæ€§ã‚ーファイルã¨ã‚ーサイズã®ä¸¡æ–¹ã®æŒ‡å®šãŒå¿…è¦ã§ã™ã€‚" -#: src/integritysetup.c:727 +#: src/integritysetup.c:739 msgid "Journal integrity algorithm must be specified if journal integrity key is used." msgstr "ジャーナル整åˆæ€§ã‚ーを使ã†å ´åˆã¯ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®æŒ‡å®šãŒå¿…è¦ã§ã™ã€‚" -#: src/integritysetup.c:731 +#: src/integritysetup.c:743 msgid "Both journal encryption key file and key size options must be specified." msgstr "ジャーナル暗å·ã‚ーファイルã¨ã‚ーサイズã®ä¸¡æ–¹ã®æŒ‡å®šãŒå¿…è¦ã§ã™ã€‚" -#: src/integritysetup.c:734 +#: src/integritysetup.c:746 msgid "Journal encryption algorithm must be specified if journal encryption key is used." msgstr "ジャーナル暗å·ã‚ーを使ã†å ´åˆã¯ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®æŒ‡å®šãŒå¿…è¦ã§ã™ã€‚" -#: src/integritysetup.c:738 +#: src/integritysetup.c:750 msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "リカãƒãƒªã¨ bitmap モードオプションã¯åŒæ™‚ã«ã¯ä½¿ãˆã¾ã›ã‚“。" -#: src/integritysetup.c:745 +#: src/integritysetup.c:757 msgid "Journal options cannot be used in bitmap mode." msgstr "ジャーナルオプション㯠bitmap モードã§ã¯ä½¿ãˆã¾ã›ã‚“。" -#: src/integritysetup.c:750 +#: src/integritysetup.c:762 msgid "Bitmap options can be used only in bitmap mode." msgstr "bitmap オプション㯠bitmap モードã§ã—ã‹ä½¿ãˆã¾ã›ã‚“。" @@ -3183,58 +3424,58 @@ msgstr "" msgid "Password quality check failed: Bad passphrase (%s)" msgstr "パスワードã®è³ªãŒç¢ºèªã§ãã¾ã›ã‚“: 質ã®æ‚ªã„パスフレーズ (%s)" -#: src/utils_password.c:230 src/utils_password.c:244 +#: src/utils_password.c:231 src/utils_password.c:245 msgid "Error reading passphrase from terminal." msgstr "端末ã‹ã‚‰ãƒ‘スフレーズをèªã¿è¾¼ã‚ã¾ã›ã‚“。" -#: src/utils_password.c:242 +#: src/utils_password.c:243 msgid "Verify passphrase: " msgstr "åŒã˜ãƒ‘スフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/utils_password.c:249 +#: src/utils_password.c:250 msgid "Passphrases do not match." msgstr "パスフレーズãŒä¸€è‡´ã—ã¾ã›ã‚“。" -#: src/utils_password.c:287 +#: src/utils_password.c:288 msgid "Cannot use offset with terminal input." msgstr "端末ã‹ã‚‰ã®å…¥åŠ›ã§ã‚ªãƒ•ã‚»ãƒƒãƒˆã¯ä½¿ç”¨ã§ãã¾ã›ã‚“。" -#: src/utils_password.c:291 +#: src/utils_password.c:292 #, c-format msgid "Enter passphrase: " msgstr "パスフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/utils_password.c:294 +#: src/utils_password.c:295 #, c-format msgid "Enter passphrase for %s: " msgstr "%s ã®ãƒ‘スフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/utils_password.c:328 +#: src/utils_password.c:329 msgid "No key available with this passphrase." msgstr "ã“ã®ãƒ‘スフレーズã§ä½¿ç”¨å¯èƒ½ãªã‚ーã¯ã‚ã‚Šã¾ã›ã‚“。" -#: src/utils_password.c:330 +#: src/utils_password.c:331 msgid "No usable keyslot is available." msgstr "使用å¯èƒ½ãªã‚ースãƒãƒƒãƒˆãŒã‚ã‚Šã¾ã›ã‚“。" -#: src/utils_luks.c:67 +#: src/utils_luks.c:68 msgid "Can't do passphrase verification on non-tty inputs." msgstr "tty 入力以外ã§ã¯ãƒ‘スフレーズèªè¨¼ã§ãã¾ã›ã‚“。" -#: src/utils_luks.c:182 +#: src/utils_luks.c:183 #, c-format msgid "Failed to open file %s in read-only mode." msgstr "ファイル %s ã‚’èªã¿è¾¼ã¿å°‚用モードã§ã‚ªãƒ¼ãƒ—ンã§ãã¾ã›ã‚“。" -#: src/utils_luks.c:195 +#: src/utils_luks.c:196 msgid "Provide valid LUKS2 token JSON:\n" msgstr "妥当㪠LUKS2 トークンを JSON ã§ä¸Žãˆã¦ãã ã•ã„:\n" -#: src/utils_luks.c:202 +#: src/utils_luks.c:203 msgid "Failed to read JSON file." msgstr "JSON ファイルをèªã¿è¾¼ã‚ã¾ã›ã‚“。" -#: src/utils_luks.c:207 +#: src/utils_luks.c:208 msgid "" "\n" "Read interrupted." @@ -3242,12 +3483,12 @@ msgstr "" "\n" "èªã¿è¾¼ã¿ãŒä¸æ–ã•ã‚Œã¾ã—ãŸã€‚" -#: src/utils_luks.c:248 +#: src/utils_luks.c:249 #, c-format msgid "Failed to open file %s in write mode." msgstr "ファイル %s を書ãè¾¼ã¿ãƒ¢ãƒ¼ãƒ‰ã§ã‚ªãƒ¼ãƒ—ンã§ãã¾ã›ã‚“。" -#: src/utils_luks.c:257 +#: src/utils_luks.c:258 msgid "" "\n" "Write interrupted." @@ -3255,7 +3496,7 @@ msgstr "" "\n" "書ãè¾¼ã¿ãŒä¸æ–ã•ã‚Œã¾ã—ãŸã€‚" -#: src/utils_luks.c:261 +#: src/utils_luks.c:262 msgid "Failed to write JSON file." msgstr "JSON ファイルã«æ›¸ãè¾¼ã‚ã¾ã›ã‚“。" @@ -3322,15 +3563,19 @@ msgstr "デãƒã‚¤ã‚¹ã¯å†æš—å·åŒ–リカãƒãƒªãŒå¿…è¦ã§ã™ã€‚å…ˆã«ä¿®å¾©ã— msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "デãƒã‚¤ã‚¹ %s ã¯æ—¢ã« LUKS2 å†æš—å·åŒ–状態ã«ã‚ã‚Šã¾ã™ã€‚以å‰ã«åˆæœŸåŒ–ã•ã‚ŒãŸå‡¦ç†ã«å¾©å¸°ã—ã¾ã™ã‹ï¼Ÿ" -#: src/utils_reencrypt.c:353 +#: src/utils_reencrypt.c:416 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "å¤ã„ LUKS2 å†æš—å·åŒ–ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œãªããªã‚Šã¾ã—ãŸã€‚" -#: src/utils_reencrypt.c:418 +#: src/utils_reencrypt.c:421 +msgid "Can not reencrypt LUKS2 device configured to use OPAL." +msgstr "OPAL を使ã†ã‚ˆã†è¨å®šã•ã‚ŒãŸ LUKS2 デãƒã‚¤ã‚¹ã¯å†æš—å·åŒ–ã§ãã¾ã›ã‚“。" + +#: src/utils_reencrypt.c:427 msgid "Reencryption of device with integrity profile is not supported." msgstr "æ•´åˆæ€§ãƒ—ãƒãƒ•ã‚¡ã‚¤ãƒ«ã¤ãã®ãƒ‡ãƒã‚¤ã‚¹ã®å†æš—å·åŒ–ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" -#: src/utils_reencrypt.c:449 +#: src/utils_reencrypt.c:464 #, c-format msgid "" "Requested --sector-size %<PRIu32> is incompatible with %s superblock\n" @@ -3339,103 +3584,103 @@ msgstr "" "è¦æ±‚ã•ã‚ŒãŸ --sector-size %<PRIu32> 㯠%s superblock\n" "(ブãƒãƒƒã‚¯ã‚µã‚¤ã‚º: %<PRIu32> ãƒã‚¤ãƒˆã€ãƒ‡ãƒã‚¤ã‚¹ %s)ã¨äº’æ›æ€§ãŒã‚ã‚Šã¾ã›ã‚“。" -#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 +#: src/utils_reencrypt.c:533 src/utils_reencrypt.c:1412 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "データデãƒã‚¤ã‚¹ã‚µã‚¤ã‚ºã®ç¸®å°(--reduce-device-size)ãªã—ã«åˆ†é›¢ãƒ˜ãƒƒãƒ€(--header)ã«ã‚ˆã‚‹æš—å·åŒ–ã¯ã§ãã¾ã›ã‚“。" -#: src/utils_reencrypt.c:525 +#: src/utils_reencrypt.c:540 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "è¦æ±‚ã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã‚ªãƒ•ã‚»ãƒƒãƒˆã¯ --reduce-device-size パラメータã®åŠåˆ†ä»¥ä¸‹ã§ã‚ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:550 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n" msgstr "--reduce-device-size ã®å€¤ã‚’ --offset %<PRIu64> (セクタ) ã®å€ã«ã—ã¾ã™ã€‚\n" -#: src/utils_reencrypt.c:565 +#: src/utils_reencrypt.c:580 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "テンãƒãƒ©ãƒªãƒ˜ãƒƒãƒ€ãƒ•ã‚¡ã‚¤ãƒ« %s ã¯æ—¢ã«å˜åœ¨ã—ã¦ã„ã‚‹ã®ã§ã€ä¸æ¢ã—ã¾ã™ã€‚" -#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 +#: src/utils_reencrypt.c:582 src/utils_reencrypt.c:589 #, c-format msgid "Cannot create temporary header file %s." msgstr "テンãƒãƒ©ãƒªãƒ˜ãƒƒãƒ€ãƒ•ã‚¡ã‚¤ãƒ« %s を作æˆã§ãã¾ã›ã‚“。" -#: src/utils_reencrypt.c:599 +#: src/utils_reencrypt.c:614 msgid "LUKS2 metadata size is larger than data shift value." msgstr "LUKS2 メタデータサイズãŒãƒ‡ãƒ¼ã‚¿ã‚·ãƒ•ãƒˆå€¤ã‚ˆã‚Šå¤§ãã„ã§ã™ã€‚" -#: src/utils_reencrypt.c:636 +#: src/utils_reencrypt.c:651 #, c-format msgid "Failed to place new header at head of device %s." msgstr "デãƒã‚¤ã‚¹ %s ã®å…ˆé ã«æ–°ã—ã„ヘッダを置ã‘ã¾ã›ã‚“。" -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:661 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s ãŒã‚¢ã‚¯ãƒ†ã‚£ãƒ–ã§ã‚ªãƒ³ãƒ©ã‚¤ãƒ³æš—å·åŒ–å¯èƒ½ã§ã™ã€‚\n" -#: src/utils_reencrypt.c:682 +#: src/utils_reencrypt.c:697 #, c-format msgid "Active device %s is not LUKS2." msgstr "アクティブãªãƒ‡ãƒã‚¤ã‚¹ %s 㯠LUKS2 ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: src/utils_reencrypt.c:710 +#: src/utils_reencrypt.c:725 msgid "Restoring original LUKS2 header." msgstr "オリジナル㮠LUKS2 ヘッダを復元ã—ã¦ã„ã¾ã™ã€‚" -#: src/utils_reencrypt.c:718 +#: src/utils_reencrypt.c:733 msgid "Original LUKS2 header restore failed." msgstr "オリジナル㮠LUKS ヘッダã®å¾©å…ƒã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: src/utils_reencrypt.c:744 +#: src/utils_reencrypt.c:759 #, c-format msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" msgstr "ヘッダファイル %s ãŒå˜åœ¨ã—ã¾ã›ã‚“。デãƒã‚¤ã‚¹ %s ã®å¾©å·åŒ–ã‚’ã—㦠LUKS2 ヘッダをファイル %s ã«å‡ºåŠ›ã—ã¾ã™ã‹ï¼Ÿ" -#: src/utils_reencrypt.c:792 +#: src/utils_reencrypt.c:807 msgid "Failed to add read/write permissions to exported header file." msgstr "エクスãƒãƒ¼ãƒˆã•ã‚ŒãŸãƒ˜ãƒƒãƒ€ãƒ•ã‚¡ã‚¤ãƒ«ã«èªã¿æ›¸ã権é™ã‚’付与ã§ãã¾ã›ã‚“。" -#: src/utils_reencrypt.c:845 +#: src/utils_reencrypt.c:860 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "å†æš—å·åŒ–ã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ヘッダã®ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—㯠%s ã«ã‚ã‚Šã¾ã™ã€‚" -#: src/utils_reencrypt.c:873 +#: src/utils_reencrypt.c:888 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "LUKS2 復å·ã¯åˆ†é›¢(detached)ヘッダデãƒã‚¤ã‚¹ã—ã‹ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“(データã¸ã®ã‚ªãƒ•ã‚»ãƒƒãƒˆãŒ0)。" -#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 +#: src/utils_reencrypt.c:1023 src/utils_reencrypt.c:1032 msgid "Not enough free keyslots for reencryption." msgstr "å†æš—å·åŒ–ã«å¿…è¦ãªç©ºãã‚ースãƒãƒƒãƒˆãŒã‚ã‚Šã¾ã›ã‚“。" -#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1053 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "ã‚ーファイル㯠--key-slot ã¨ä½¿ã†ã‹ã€1 ã¤ã®ã‚ースãƒãƒƒãƒˆã ã‘アクティブã®æ™‚ã«ã—ã‹ä½¿ãˆã¾ã›ã‚“。" -#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1062 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "ã‚ースãƒãƒƒãƒˆ %d ã®ãƒ‘スフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/utils_reencrypt.c:1059 +#: src/utils_reencrypt.c:1074 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "ã‚ースãƒãƒƒãƒˆ %u ã®ãƒ‘スフレーズを入力ã—ã¦ãã ã•ã„: " -#: src/utils_reencrypt.c:1111 +#: src/utils_reencrypt.c:1126 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "データã®æš—å·åŒ–用ã®æš—å·ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã‚’ %s ã«ã—ã¾ã™ã€‚\n" -#: src/utils_reencrypt.c:1165 +#: src/utils_reencrypt.c:1180 msgid "No data segment parameters changed. Reencryption aborted." msgstr "データセグメントã®ãƒ‘ラメータãŒå¤‰ã‚ã£ã¦ã„ã¾ã›ã‚“。å†æš—å·åŒ–ã‚’ä¸æ¢ã—ã¾ã™ã€‚" -#: src/utils_reencrypt.c:1267 +#: src/utils_reencrypt.c:1282 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3443,7 +3688,7 @@ msgstr "" "オフラインデãƒã‚¤ã‚¹ã®æš—å·åŒ–セクタサイズã®å¢—åŠ ã¯ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。\n" "ã¾ãšãƒ‡ãƒã‚¤ã‚¹ã‚’アクティベートã™ã‚‹ã‹ã€--force-offline-reencrypt オプションを使ã£ã¦ãã ã•ã„ (ãŸã ã—å±é™ºã§ã™ï¼)。" -#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1322 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3452,62 +3697,62 @@ msgstr "" "\n" "å†æš—å·åŒ–ãŒä¸æ–ã•ã‚Œã¾ã—ãŸã€‚" -#: src/utils_reencrypt.c:1312 +#: src/utils_reencrypt.c:1327 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "LUKS å†æš—å·åŒ–を強制オフラインモードã§å†é–‹ã—ã¾ã™ã€‚\n" -#: src/utils_reencrypt.c:1329 +#: src/utils_reencrypt.c:1350 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "デãƒã‚¤ã‚¹ %s ã¯å£Šã‚ŒãŸ LUKS メタデータをå«ã‚“ã§ã„ã¾ã™ã€‚処ç†ã‚’ä¸æ¢ã—ã¾ã™ã€‚" -#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 +#: src/utils_reencrypt.c:1366 src/utils_reencrypt.c:1388 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "デãƒã‚¤ã‚¹ %s ã¯æ—¢ã« LUKS デãƒã‚¤ã‚¹ã§ã™ã€‚処ç†ã‚’ä¸æ¢ã—ã¾ã™ã€‚" -#: src/utils_reencrypt.c:1373 +#: src/utils_reencrypt.c:1394 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "デãƒã‚¤ã‚¹ %s ã¯æ—¢ã« LUKS å†æš—å·åŒ–状態ã«ã‚ã‚Šã¾ã™ã€‚処ç†ã‚’ä¸æ¢ã—ã¾ã™ã€‚" -#: src/utils_reencrypt.c:1453 +#: src/utils_reencrypt.c:1476 msgid "LUKS2 decryption requires --header option." msgstr "LUKS2 復å·ã«ã¯ --header オプションãŒå¿…è¦ã§ã™ã€‚" -#: src/utils_reencrypt.c:1501 +#: src/utils_reencrypt.c:1524 msgid "Command requires device as argument." msgstr "コマンドã¯ãƒ‡ãƒã‚¤ã‚¹ã‚’引数ã¨ã—ã¦å¿…è¦ã¨ã—ã¾ã™ã€‚" -#: src/utils_reencrypt.c:1514 +#: src/utils_reencrypt.c:1537 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒè¡çªã—ã¦ã„ã¾ã™ã€‚デãƒã‚¤ã‚¹ %s 㯠LUKS1 ã§ã™ã€‚" -#: src/utils_reencrypt.c:1520 +#: src/utils_reencrypt.c:1543 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒè¡çªã—ã¦ã„ã¾ã™ã€‚デãƒã‚¤ã‚¹ %s 㯠LUKS1 å†æš—å·åŒ–状態ã«ã‚ã‚Šã¾ã™ã€‚" -#: src/utils_reencrypt.c:1526 +#: src/utils_reencrypt.c:1549 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒè¡çªã—ã¦ã„ã¾ã™ã€‚デãƒã‚¤ã‚¹ %s 㯠LUKS2 ã§ã™ã€‚" -#: src/utils_reencrypt.c:1532 +#: src/utils_reencrypt.c:1555 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒè¡çªã—ã¦ã„ã¾ã™ã€‚デãƒã‚¤ã‚¹ %s 㯠LUKS2 å†æš—å·åŒ–状態ã«ã‚ã‚Šã¾ã™ã€‚" -#: src/utils_reencrypt.c:1538 +#: src/utils_reencrypt.c:1561 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "LUKS2 å†æš—å·åŒ–ãŒæ—¢ã«åˆæœŸåŒ–済ãªã®ã§æ“作をä¸æ¢ã—ã¾ã™ã€‚" -#: src/utils_reencrypt.c:1545 +#: src/utils_reencrypt.c:1568 msgid "Device reencryption not in progress." msgstr "å†æš—å·åŒ–処ç†ã‚’実行ä¸ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" -#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:295 #, c-format msgid "Cannot exclusively open %s, device in use." msgstr "デãƒã‚¤ã‚¹ãŒä½¿ç”¨ä¸ã®ãŸã‚ %s を排他的ã«ã‚ªãƒ¼ãƒ—ンã§ãã¾ã›ã‚“。" @@ -3643,35 +3888,35 @@ msgstr "è¦å‘Š: デãƒã‚¤ã‚¹ %s ãŒæ—¢ã« '%s' パーティションシグãƒãƒ msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" msgstr "è¦å‘Š: デãƒã‚¤ã‚¹ %s ãŒæ—¢ã« '%s' ã®ã‚¹ãƒ¼ãƒ‘ーブãƒãƒƒã‚¯ã‚·ã‚°ãƒãƒãƒ£ã‚’å«ã‚“ã§ã„ã¾ã™ã€‚\n" -#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 +#: src/utils_blockdev.c:219 src/utils_blockdev.c:302 src/utils_blockdev.c:354 msgid "Failed to initialize device signature probes." msgstr "デãƒã‚¤ã‚¹ã‚·ã‚°ãƒãƒãƒ£æ¤œå‡ºã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: src/utils_blockdev.c:274 +#: src/utils_blockdev.c:282 #, c-format msgid "Failed to stat device %s." msgstr "デãƒã‚¤ã‚¹ %s ã® stat() ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" -#: src/utils_blockdev.c:289 +#: src/utils_blockdev.c:297 #, c-format msgid "Failed to open file %s in read/write mode." msgstr "ファイル %s ã‚’èªã¿æ›¸ãå¯èƒ½ãªãƒ¢ãƒ¼ãƒ‰ã§ã‚ªãƒ¼ãƒ—ンã§ãã¾ã›ã‚“。" -#: src/utils_blockdev.c:307 +#: src/utils_blockdev.c:317 #, c-format msgid "Existing '%s' partition signature on device %s will be wiped." msgstr "今ã‚ã‚‹ '%s' パーティションシグãƒãƒãƒ£ã¯ãƒ‡ãƒã‚¤ã‚¹ %s ã‹ã‚‰æ¶ˆã•ã‚Œã¾ã™ã€‚" -#: src/utils_blockdev.c:310 +#: src/utils_blockdev.c:320 #, c-format msgid "Existing '%s' superblock signature on device %s will be wiped." msgstr "今ã‚ã‚‹ '%s' スーパーブãƒãƒƒã‚¯ã‚·ã‚°ãƒãƒãƒ£ã¯ãƒ‡ãƒã‚¤ã‚¹ %s ã‹ã‚‰æ¶ˆã•ã‚Œã¾ã™ã€‚" -#: src/utils_blockdev.c:313 +#: src/utils_blockdev.c:323 msgid "Failed to wipe device signature." msgstr "デãƒã‚¤ã‚¹ã‚·ã‚°ãƒãƒãƒ£ã‚’消ã›ã¾ã›ã‚“。" -#: src/utils_blockdev.c:320 +#: src/utils_blockdev.c:330 #, c-format msgid "Failed to probe device %s for a signature." msgstr "デãƒã‚¤ã‚¹ %s ã®ã‚·ã‚°ãƒãƒãƒ£ãŒæ¤œå‡ºã§ãã¾ã›ã‚“。" @@ -3686,11 +3931,11 @@ msgstr "--%s ã®ã‚µã‚¤ã‚ºã®æŒ‡å®šãŒä¸æ£ã§ã™ã€‚" msgid "Option --%s is not allowed with %s action." msgstr "オプション --%s 㯠%s アクションã¨ä¸€ç·’ã«ã¯ä½¿ãˆã¾ã›ã‚“。" -#: tokens/ssh/cryptsetup-ssh.c:110 +#: tokens/ssh/cryptsetup-ssh.c:123 msgid "Failed to write ssh token json." msgstr "ssh token json ファイルã«æ›¸ãè¾¼ã‚ã¾ã›ã‚“。" -#: tokens/ssh/cryptsetup-ssh.c:128 +#: tokens/ssh/cryptsetup-ssh.c:141 msgid "" "Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" "\n" @@ -3706,105 +3951,109 @@ msgstr "" "\n" "Note: ãƒˆãƒ¼ã‚¯ãƒ³ã‚’è¿½åŠ ã™ã‚‹æ™‚ã«ä¸Žãˆã‚‰ã‚Œã‚‹æƒ…å ± (SSH server address, user and paths) 㯠LUKS2 ヘッダã«å¹³æ–‡ã§ä¿å˜ã•ã‚Œã¾ã™ã€‚" -#: tokens/ssh/cryptsetup-ssh.c:138 +#: tokens/ssh/cryptsetup-ssh.c:151 msgid "<action> <device>" msgstr "<アクション> <デãƒã‚¤ã‚¹>" -#: tokens/ssh/cryptsetup-ssh.c:141 +#: tokens/ssh/cryptsetup-ssh.c:154 msgid "Options for the 'add' action:" msgstr "'add' アクションã®ã‚ªãƒ—ション:" -#: tokens/ssh/cryptsetup-ssh.c:142 +#: tokens/ssh/cryptsetup-ssh.c:155 msgid "IP address/URL of the remote server for this token" msgstr "ã“ã®ãƒˆãƒ¼ã‚¯ãƒ³ã®ãƒªãƒ¢ãƒ¼ãƒˆã‚µãƒ¼ãƒã®IPアドレス/URL" -#: tokens/ssh/cryptsetup-ssh.c:143 +#: tokens/ssh/cryptsetup-ssh.c:156 msgid "Username used for the remote server" msgstr "リモートサーãƒã§ä½¿ã†ãƒ¦ãƒ¼ã‚¶å" -#: tokens/ssh/cryptsetup-ssh.c:144 +#: tokens/ssh/cryptsetup-ssh.c:157 msgid "Path to the key file on the remote server" msgstr "リモートサーãƒã®ã‚ーファイルã®ãƒ‘ス" -#: tokens/ssh/cryptsetup-ssh.c:145 +#: tokens/ssh/cryptsetup-ssh.c:158 msgid "Path to the SSH key for connecting to the remote server" msgstr "リモートサーãƒã«æŽ¥ç¶šã™ã‚‹ãŸã‚ã® SSH ã‚ーã¸ã®ãƒ‘ス" -#: tokens/ssh/cryptsetup-ssh.c:146 +#: tokens/ssh/cryptsetup-ssh.c:160 +msgid "Path to directory containinig libcryptsetup external tokens" +msgstr "libcryptsetup 外部トークンをå«ã‚€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãƒ‘ス" + +#: tokens/ssh/cryptsetup-ssh.c:161 msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." msgstr "トークンãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚Œã‚‹ã‚ースãƒãƒƒãƒˆã€‚指定ã•ã‚Œãªã‘ã‚Œã°ãƒˆãƒ¼ã‚¯ãƒ³ã¯ä¸Žãˆã‚‰ã‚ŒãŸãƒ‘スフレーズãŒãƒžãƒƒãƒã™ã‚‹æœ€åˆã®ã‚ースãƒãƒƒãƒˆã«å‰²ã‚Šå½“ã¦ã‚‰ã‚Œã¾ã™ã€‚" -#: tokens/ssh/cryptsetup-ssh.c:148 +#: tokens/ssh/cryptsetup-ssh.c:163 msgid "Generic options:" msgstr "一般オプション:" -#: tokens/ssh/cryptsetup-ssh.c:149 +#: tokens/ssh/cryptsetup-ssh.c:164 msgid "Shows more detailed error messages" msgstr "より詳細ãªã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’表示ã—ã¾ã™" -#: tokens/ssh/cryptsetup-ssh.c:150 +#: tokens/ssh/cryptsetup-ssh.c:165 msgid "Show debug messages" msgstr "デãƒãƒƒã‚°ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’表示ã—ã¾ã™" -#: tokens/ssh/cryptsetup-ssh.c:151 +#: tokens/ssh/cryptsetup-ssh.c:166 msgid "Show debug messages including JSON metadata" msgstr "JSON メタデータをå«ã‚€ãƒ‡ãƒãƒƒã‚°ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’表示ã™ã‚‹" -#: tokens/ssh/cryptsetup-ssh.c:262 +#: tokens/ssh/cryptsetup-ssh.c:281 msgid "Failed to open and import private key:\n" msgstr "秘密éµã‚’é–‹ã„ã¦ã‚¤ãƒ³ãƒãƒ¼ãƒˆã§ãã¾ã›ã‚“ã§ã—ãŸ:\n" -#: tokens/ssh/cryptsetup-ssh.c:266 +#: tokens/ssh/cryptsetup-ssh.c:285 msgid "Failed to import private key (password protected?).\n" msgstr "秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«å¤±æ•—ã—ã¾ã—ãŸ(パスワードã§ä¿è·ã•ã‚Œã¦ã„ã‚‹ã®ã§ã¯ï¼Ÿ)。\n" #. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " -#: tokens/ssh/cryptsetup-ssh.c:268 +#: tokens/ssh/cryptsetup-ssh.c:287 #, c-format msgid "%s@%s's password: " msgstr "%s@%s ã®ãƒ‘スワード: " -#: tokens/ssh/cryptsetup-ssh.c:357 +#: tokens/ssh/cryptsetup-ssh.c:376 #, c-format msgid "Failed to parse arguments.\n" msgstr "引数ã®è§£é‡ˆã«å¤±æ•—ã—ã¾ã—ãŸã€‚\n" -#: tokens/ssh/cryptsetup-ssh.c:368 +#: tokens/ssh/cryptsetup-ssh.c:387 #, c-format msgid "An action must be specified\n" msgstr "アクションã®æŒ‡å®šãŒå¿…è¦ã§ã™\n" -#: tokens/ssh/cryptsetup-ssh.c:374 +#: tokens/ssh/cryptsetup-ssh.c:393 #, c-format msgid "Device must be specified for '%s' action.\n" msgstr "'%s' アクションã«ã¯ãƒ‡ãƒã‚¤ã‚¹ã®æŒ‡å®šãŒå¿…è¦ã§ã™ã€‚\n" -#: tokens/ssh/cryptsetup-ssh.c:379 +#: tokens/ssh/cryptsetup-ssh.c:398 #, c-format msgid "SSH server must be specified for '%s' action.\n" msgstr "'%s' アクションã«ã¯ SSH サーãƒã®æŒ‡å®šãŒå¿…è¦ã§ã™ã€‚\n" -#: tokens/ssh/cryptsetup-ssh.c:384 +#: tokens/ssh/cryptsetup-ssh.c:403 #, c-format msgid "SSH user must be specified for '%s' action.\n" msgstr "'%s' アクションã«ã¯ SSH ユーザã®æŒ‡å®šãŒå¿…è¦ã§ã™ã€‚\n" -#: tokens/ssh/cryptsetup-ssh.c:389 +#: tokens/ssh/cryptsetup-ssh.c:408 #, c-format msgid "SSH path must be specified for '%s' action.\n" msgstr "'%s' アクションã«ã¯ SSH パスã®æŒ‡å®šãŒå¿…è¦ã§ã™ã€‚\n" -#: tokens/ssh/cryptsetup-ssh.c:394 +#: tokens/ssh/cryptsetup-ssh.c:413 #, c-format msgid "SSH key path must be specified for '%s' action.\n" msgstr "'%s' アクションã«ã¯ SSH ã‚ーパスã®æŒ‡å®šãŒå¿…è¦ã§ã™ã€‚\n" -#: tokens/ssh/cryptsetup-ssh.c:401 +#: tokens/ssh/cryptsetup-ssh.c:420 #, c-format msgid "Failed open %s using provided credentials.\n" msgstr "与ãˆã‚‰ã‚ŒãŸ credential ã§ã¯ãƒ•ã‚¡ã‚¤ãƒ« %s をオープンã§ãã¾ã›ã‚“。\n" -#: tokens/ssh/cryptsetup-ssh.c:417 +#: tokens/ssh/cryptsetup-ssh.c:437 #, c-format msgid "Only 'add' action is currently supported by this plugin.\n" msgstr "今ã®ã¨ã“ã‚ã€ã“ã®ãƒ—ラグインã§ã¯ 'add' アクションã—ã‹ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。\n" diff --git a/po/meson.build b/po/meson.build new file mode 100644 index 0000000..c61a953 --- /dev/null +++ b/po/meson.build @@ -0,0 +1,7 @@ +if get_option('nls') + i18n = import('i18n') + i18n.gettext(meson.project_name(), + preset: 'glib', + data_dirs: '.', + install: true) +endif @@ -1,14 +1,14 @@ # Polish translation for cryptsetup. # Copyright (C) 2010 Free Software Foundation, Inc. # This file is put in the public domain. -# Jakub Bogusz <qboosh@pld-linux.org>, 2010-2022. +# Jakub Bogusz <qboosh@pld-linux.org>, 2010-2023. # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.6.0-rc1\n" +"Project-Id-Version: cryptsetup 2.7.0-rc1\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2022-11-20 12:38+0100\n" -"PO-Revision-Date: 2022-11-20 20:45+0100\n" +"POT-Creation-Date: 2023-12-20 15:16+0100\n" +"PO-Revision-Date: 2023-12-22 20:05+0100\n" "Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n" "Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n" "Language: pl\n" @@ -26,58 +26,62 @@ msgstr "Nie można zainicjować device-mappera w czasie dziaÅ‚ania jako nie-root msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Nie można zainicjować device-mappera. Czy moduÅ‚ jÄ…dra dm_mod jest wczytany?" -#: lib/libdevmapper.c:1102 +#: lib/libdevmapper.c:1103 msgid "Requested deferred flag is not supported." msgstr "Żądana flaga odroczona nie jest obsÅ‚ugiwana." -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1172 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "DM-UUID dla urzÄ…dzenia %s zostaÅ‚ skrócony." -#: lib/libdevmapper.c:1501 +#: lib/libdevmapper.c:1510 msgid "Unknown dm target type." msgstr "Nieznany typ celu dm." -#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 -#: lib/libdevmapper.c:1727 +#: lib/libdevmapper.c:1629 lib/libdevmapper.c:1635 lib/libdevmapper.c:1738 +#: lib/libdevmapper.c:1741 msgid "Requested dm-crypt performance options are not supported." msgstr "Żądane opcje dm-crypta dotyczÄ…ce wydajnoÅ›ci nie sÄ… obsÅ‚ugiwane." -#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 +#: lib/libdevmapper.c:1644 lib/libdevmapper.c:1656 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Żądane opcje dm-verity dotyczÄ…ce obsÅ‚ugi uszkodzenia danych nie sÄ… obsÅ‚ugiwane." -#: lib/libdevmapper.c:1641 +#: lib/libdevmapper.c:1650 msgid "Requested dm-verity tasklets option is not supported." msgstr "Żądana opcja taskletów dm-verity nie jest obsÅ‚ugiwana." -#: lib/libdevmapper.c:1653 +#: lib/libdevmapper.c:1662 msgid "Requested dm-verity FEC options are not supported." msgstr "Żądane opcje FEC dm-verity nie sÄ… obsÅ‚ugiwane." -#: lib/libdevmapper.c:1659 +#: lib/libdevmapper.c:1668 msgid "Requested data integrity options are not supported." msgstr "Żądane opcje integralnoÅ›ci danych nie sÄ… obsÅ‚ugiwane." -#: lib/libdevmapper.c:1663 +#: lib/libdevmapper.c:1672 msgid "Requested sector_size option is not supported." msgstr "Żądana opcja sector_size nie jest obsÅ‚ugiwana." -#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 +#: lib/libdevmapper.c:1677 +msgid "The device size is not multiple of the requested sector size." +msgstr "Rozmiar urzÄ…dzenia nie jest wielokrotnoÅ›ciÄ… żądanego rozmiaru sektura." + +#: lib/libdevmapper.c:1684 lib/libdevmapper.c:1690 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Żądane automatyczne przeliczenie znaczników integralnoÅ›ci nie jest obsÅ‚ugiwane." -#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 -#: lib/luks2/luks2_json_metadata.c:2620 +#: lib/libdevmapper.c:1696 lib/libdevmapper.c:1744 lib/libdevmapper.c:1747 +#: lib/luks2/luks2_json_metadata.c:2754 msgid "Discard/TRIM is not supported." msgstr "Porzucenie/TRIM nie jest obsÅ‚ugiwane." -#: lib/libdevmapper.c:1688 +#: lib/libdevmapper.c:1702 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Żądany tryb bitmapy dm-integrity nie jest obsÅ‚ugiwany." -#: lib/libdevmapper.c:2724 +#: lib/libdevmapper.c:2738 #, c-format msgid "Failed to query dm-%s segment." msgstr "Nie udaÅ‚o siÄ™ odpytać segmentu dm-%s." @@ -111,653 +115,743 @@ msgstr "Nieznane żądanie jakoÅ›ci RNG." msgid "Error reading from RNG." msgstr "BÅ‚Ä…d odczytu z RNG." -#: lib/setup.c:231 +#: lib/setup.c:261 +msgid "OPAL support is disabled in libcryptsetup." +msgstr "ObsÅ‚uga OPAL jest wyÅ‚Ä…czona w libcryptsetup." + +#: lib/setup.c:263 +#, c-format +msgid "Device %s or kernel does not support OPAL encryption." +msgstr "UrzÄ…dzenie %s lub jÄ…dro nie obsÅ‚uguje szyfrowania OPAL." + +#: lib/setup.c:279 msgid "Cannot initialize crypto RNG backend." msgstr "Nie można zainicjować backendu kryptograficznego RNG." -#: lib/setup.c:237 +#: lib/setup.c:285 msgid "Cannot initialize crypto backend." msgstr "Nie można zainicjować backendu kryptograficznego." -#: lib/setup.c:268 lib/setup.c:2139 lib/verity/verity.c:122 +#: lib/setup.c:317 lib/setup.c:2777 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Algorytm skrótu %s nie jest obsÅ‚ugiwany." -#: lib/setup.c:271 lib/loopaes/loopaes.c:90 +#: lib/setup.c:320 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "BÅ‚Ä…d przetwarzania klucza (użyto algorytmu skrótu %s)." -#: lib/setup.c:342 lib/setup.c:369 +#: lib/setup.c:391 lib/setup.c:428 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Nie można okreÅ›lić rodzaju urzÄ…dzenia. Niezgodny sposób uaktywniania urzÄ…dzenia?" -#: lib/setup.c:348 lib/setup.c:3308 +#: lib/setup.c:397 lib/setup.c:3971 msgid "This operation is supported only for LUKS device." msgstr "Ta operacja jest obsÅ‚ugiwana tylko dla urzÄ…dzeÅ„ LUKS." -#: lib/setup.c:375 +#: lib/setup.c:434 msgid "This operation is supported only for LUKS2 device." msgstr "Ta operacja jest obsÅ‚ugiwana tylko dla urzÄ…dzeÅ„ LUKS2." -#: lib/setup.c:430 lib/luks2/luks2_reencrypt.c:3010 +#: lib/setup.c:491 lib/luks2/luks2_reencrypt.c:3056 msgid "All key slots full." msgstr "Wszyskie miejsca na klucze sÄ… peÅ‚ne." -#: lib/setup.c:441 +#: lib/setup.c:502 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Numer klucza %d jest bÅ‚Ä™dny, proszÄ™ wybrać wartość miÄ™dzy 0 a %d." -#: lib/setup.c:447 +#: lib/setup.c:508 #, c-format msgid "Key slot %d is full, please select another one." msgstr "Miejsce na klucz %d jest peÅ‚ne, proszÄ™ wybrać inne." -#: lib/setup.c:532 lib/setup.c:3030 +#: lib/setup.c:619 lib/setup.c:3672 msgid "Device size is not aligned to device logical block size." msgstr "Rozmiar urzÄ…dzenia nie jest wyrównany do rozmiaru bloku logicznego urzÄ…dzenia." -#: lib/setup.c:630 +#: lib/setup.c:717 #, c-format msgid "Header detected but device %s is too small." msgstr "Wykryto nagłówek, ale urzÄ…dzenie %s jest zbyt maÅ‚e." -#: lib/setup.c:671 lib/setup.c:2930 lib/setup.c:4275 -#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 +#: lib/setup.c:758 lib/setup.c:3563 lib/setup.c:5163 +#: lib/luks2/luks2_reencrypt.c:3848 lib/luks2/luks2_reencrypt.c:4305 msgid "This operation is not supported for this device type." msgstr "Ta operacja nie jest obsÅ‚ugiwana dla tego rodzaju urzÄ…dzenia." -#: lib/setup.c:676 +#: lib/setup.c:763 msgid "Illegal operation with reencryption in-progress." msgstr "Niedozwolona operacja w trakcie ponownego szyfrowania." -#: lib/setup.c:762 +#: lib/setup.c:895 msgid "Failed to rollback LUKS2 metadata in memory." msgstr "Nie udaÅ‚o siÄ™ wycofać zmian w metadanych LUKS2 w pamiÄ™ci." -#: lib/setup.c:849 lib/luks1/keymanage.c:247 lib/luks1/keymanage.c:525 -#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 -#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 -#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 -#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1433 -#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:982 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1374 src/cryptsetup.c:1799 +#: src/cryptsetup.c:1962 src/cryptsetup.c:2017 src/cryptsetup.c:2222 +#: src/cryptsetup.c:2392 src/cryptsetup.c:2673 src/cryptsetup.c:2981 +#: src/cryptsetup.c:3049 src/utils_reencrypt.c:1488 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:85 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "UrzÄ…dzenie %s nie jest prawidÅ‚owym urzÄ…dzeniem LUKS." -#: lib/setup.c:852 lib/luks1/keymanage.c:528 +#: lib/setup.c:985 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "NieobsÅ‚ugiwana wersja LUKS %d." -#: lib/setup.c:1479 lib/setup.c:2679 lib/setup.c:2761 lib/setup.c:2773 -#: lib/setup.c:2940 lib/setup.c:4752 +#: lib/setup.c:1358 +#, c-format +msgid "No known cipher specification pattern detected for active device %s." +msgstr "Nie wykryto znanego wzorca okreÅ›lajÄ…cego szyfr dla aktywnego urzÄ…dzenia %s." + +#: lib/setup.c:1604 lib/setup.c:3317 lib/setup.c:3399 lib/setup.c:3411 +#: lib/setup.c:3581 lib/setup.c:5755 #, c-format msgid "Device %s is not active." msgstr "UrzÄ…dzenie %s nie jest aktywne." -#: lib/setup.c:1496 +#: lib/setup.c:1621 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "UrzÄ…dzenie stojÄ…ce za urzÄ…dzeniem szyfrowanym %s zniknęło." -#: lib/setup.c:1578 +#: lib/setup.c:1703 msgid "Invalid plain crypt parameters." msgstr "BÅ‚Ä™dne parametry szyfru plain." -#: lib/setup.c:1583 lib/setup.c:2042 +#: lib/setup.c:1708 lib/setup.c:2680 msgid "Invalid key size." msgstr "BÅ‚Ä™dny rozmiar klucza." -#: lib/setup.c:1588 lib/setup.c:2047 lib/setup.c:2250 +#: lib/setup.c:1713 lib/setup.c:2685 lib/setup.c:2888 msgid "UUID is not supported for this crypt type." msgstr "UUID nie jest obsÅ‚ugiwany dla tego rodzaju szyfrowania." -#: lib/setup.c:1593 lib/setup.c:2052 +#: lib/setup.c:1718 lib/setup.c:2690 msgid "Detached metadata device is not supported for this crypt type." msgstr "Osobne urzÄ…dzenie metadanych nie jest obsÅ‚ugiwane dla tego rodzaju szyfrowania." -#: lib/setup.c:1603 lib/setup.c:1819 lib/luks2/luks2_reencrypt.c:2966 -#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 +#: lib/setup.c:1728 lib/setup.c:1963 lib/luks2/luks2_reencrypt.c:3012 +#: src/cryptsetup.c:1467 src/cryptsetup.c:3726 msgid "Unsupported encryption sector size." msgstr "NieobsÅ‚ugiwany rozmiar sektora szyfrowania." -#: lib/setup.c:1611 lib/setup.c:1947 lib/setup.c:3024 +#: lib/setup.c:1736 lib/setup.c:1992 lib/setup.c:3666 msgid "Device size is not aligned to requested sector size." msgstr "Rozmiar urzÄ…dzenia nie jest wyrównany do żądanego rozmiaru sektura." -#: lib/setup.c:1663 lib/setup.c:1787 +#: lib/setup.c:1788 lib/setup.c:2025 lib/setup.c:2357 msgid "Can't format LUKS without device." msgstr "Nie można sformatować LUKS-a bez urzÄ…dzenia." -#: lib/setup.c:1669 lib/setup.c:1793 +#: lib/setup.c:1794 lib/setup.c:2031 lib/setup.c:2363 msgid "Requested data alignment is not compatible with data offset." msgstr "Żądane wyrównanie metadanych nie jest zgodne z offsetem danych." -#: lib/setup.c:1744 lib/setup.c:1964 lib/setup.c:1985 lib/setup.c:2262 +#: lib/setup.c:1834 lib/setup.c:2049 +msgid "WARNING: DAX device can corrupt data as it does not guarantee atomic sector updates.\n" +msgstr "UWAGA: urzÄ…dzenie DAX może uszkodzić dane, ponieważ nie gwarantuje atomowych uaktualnieÅ„ sektorów.\n" + +#: lib/setup.c:1872 lib/setup.c:2144 lib/setup.c:2165 lib/setup.c:2541 +#: lib/setup.c:2587 lib/setup.c:2900 #, c-format msgid "Cannot wipe header on device %s." msgstr "Nie można wymazać nagłówka na urzÄ…dzeniu %s." -#: lib/setup.c:1757 lib/setup.c:2024 +#: lib/setup.c:1885 lib/setup.c:2204 #, c-format msgid "Device %s is too small for activation, there is no remaining space for data.\n" msgstr "UrzÄ…dzenie %s jest zbyt maÅ‚e do uaktywnienia, nie ma miejsca pozostaÅ‚ego na dane.\n" -#: lib/setup.c:1828 -msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" -msgstr "UWAGA: uaktywnienie urzÄ…dzenia siÄ™ nie powiedzie, dm-crypt nie ma obsÅ‚ugi żądanego rozmiaru sektora szyfrowania.\n" - -#: lib/setup.c:1851 +#: lib/setup.c:1925 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Klucz wolumenu jest zbyt maÅ‚y do szyfrowania z rozszerzeniami integralnoÅ›ci." -#: lib/setup.c:1911 +#: lib/setup.c:1934 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Szyfr %s-%s (rozmiar klucza w bitach: %zd) nie jest dostÄ™pny." -#: lib/setup.c:1937 -#, c-format -msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" -msgstr "UWAGA: rozmiar metadanych LUKS2 zmieniÅ‚ siÄ™ na %<PRIu64> (w bajtach).\n" - -#: lib/setup.c:1941 -#, c-format -msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" -msgstr "UWAGA: rozmiar obszaru kluczy LUKS2 zmieniÅ‚ siÄ™ na %<PRIu64> (w bajtach).\n" +#: lib/setup.c:1973 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "UWAGA: uaktywnienie urzÄ…dzenia siÄ™ nie powiedzie, dm-crypt nie ma obsÅ‚ugi żądanego rozmiaru sektora szyfrowania.\n" -#: lib/setup.c:1967 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 +#: lib/setup.c:2147 lib/setup.c:2484 lib/setup.c:2544 lib/utils_device.c:917 +#: lib/luks1/keyencryption.c:255 lib/luks2/luks2_reencrypt.c:3080 +#: lib/luks2/luks2_reencrypt.c:4364 #, c-format msgid "Device %s is too small." msgstr "UrzÄ…dzenie %s jest zbyt maÅ‚e." -#: lib/setup.c:1978 lib/setup.c:2004 +#: lib/setup.c:2158 lib/setup.c:2184 lib/setup.c:2580 lib/setup.c:2626 #, c-format msgid "Cannot format device %s in use." msgstr "Nie można sformatować urzÄ…dzenia %s, które jest w użyciu." -#: lib/setup.c:1981 lib/setup.c:2007 +#: lib/setup.c:2161 lib/setup.c:2187 lib/setup.c:2583 lib/setup.c:2629 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Nie można sformatować urzÄ…dzenia %s, brak uprawnieÅ„." -#: lib/setup.c:1993 lib/setup.c:2322 +#: lib/setup.c:2173 lib/setup.c:2600 lib/setup.c:2960 #, c-format msgid "Cannot format integrity for device %s." msgstr "Nie można sformatować integralnoÅ›ci dla urzÄ…dzenia %s." -#: lib/setup.c:2011 +#: lib/setup.c:2191 lib/setup.c:2637 #, c-format msgid "Cannot format device %s." msgstr "Nie można sformatować urzÄ…dzenia %s." -#: lib/setup.c:2037 +#: lib/setup.c:2234 +msgid "Cannot get OPAL alignment parameters." +msgstr "Nie można pobrać parametrów wyrównania OPAL." + +#: lib/setup.c:2243 +msgid "Bogus OPAL logical block size." +msgstr "BÅ‚Ä™dny rozmiar bloku logicznego OPAL." + +#: lib/setup.c:2249 +msgid "Requested data offset is not compatible with OPAL block size." +msgstr "Żądana pozycja danych nie jest zgodna z rozmiarem bloku OPAL." + +#: lib/setup.c:2256 +msgid "Requested data alignment is not compatible with OPAL alignment." +msgstr "Żądane wyrównanie danych nie jest zgodne z wyrównaniem OPAL." + +#: lib/setup.c:2276 +msgid "Data offset does not satisfy OPAL alignment requirements." +msgstr "Pozycja danych nie jest zgodna z wymaganiami wyrównania OPAL." + +#: lib/setup.c:2289 +msgid "Requested data alignment does not satisfy locking range alignment requirements." +msgstr "Żądane wyrównanie danych nie jest zgodne z wymaganiami wyrównania zakresu blokowania." + +#: lib/setup.c:2494 +#, c-format +msgid "Compensating device size by %<PRIu64> sectors to align it with OPAL alignment granularity." +msgstr "Kompensacja rozmiaru urzÄ…dzenia o %<PRIu64> sektorów, aby wyrównać do rozdzielczoÅ›ci wyrównania OPAL." + +#: lib/setup.c:2552 lib/setup.c:4068 lib/setup.c:4223 lib/utils_wipe.c:368 +#: lib/luks2/luks2_json_metadata.c:2703 lib/luks2/luks2_json_metadata.c:2955 +#, c-format +msgid "Failed to acquire OPAL lock on device %s." +msgstr "Nie udaÅ‚o siÄ™ uzyskać blokady OPAL na urzÄ…dzeniu %s." + +#: lib/setup.c:2561 +msgid "Incorrect OPAL Admin key." +msgstr "Niepoprawny klucz administratora OPAL." + +#: lib/setup.c:2563 +msgid "Cannot setup OPAL segment." +msgstr "Nie można ustawić segmentu OPAL." + +#: lib/setup.c:2633 +#, c-format +msgid "Cannot format device %s, OPAL device seems to be fully write-protected now." +msgstr "Nie można sformatować urzÄ…dzenia %s, urzÄ…dzenie OPAL obecnie wyglÄ…da na w peÅ‚ni zabezpieczone przed zapisem." + +#: lib/setup.c:2635 +msgid "This is perhaps a bug in firmware. Run OPAL PSID reset and reconnect for recovery." +msgstr "To prawdopodobnie bÅ‚Ä…d w oprogramowaniu sprzÄ™towym. W celu odtworzenia można zresetować PSID OPAL i poÅ‚Ä…czyć ponownie." + +#: lib/setup.c:2655 +#, c-format +msgid "Locking range %d reset on device %s failed." +msgstr "Reset zakresu blokowania %d na urzÄ…dzeniu %s nie powiódÅ‚ siÄ™." + +#: lib/setup.c:2675 msgid "Can't format LOOPAES without device." msgstr "Nie można sformatować urzÄ…dzenia LUKSAES bez urzÄ…dzenia." -#: lib/setup.c:2082 +#: lib/setup.c:2720 msgid "Can't format VERITY without device." msgstr "Nie można sformatować VERITY bez urzÄ…dzenia." -#: lib/setup.c:2093 lib/verity/verity.c:101 +#: lib/setup.c:2731 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "NieobsÅ‚ugiwany typ hasza VERITY %d." -#: lib/setup.c:2099 lib/verity/verity.c:109 +#: lib/setup.c:2737 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "NieobsÅ‚ugiwany rozmiar bloku VERITY." -#: lib/setup.c:2104 lib/verity/verity.c:74 +#: lib/setup.c:2742 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "NieobsÅ‚ugiwany offset hasza VERITY." -#: lib/setup.c:2109 +#: lib/setup.c:2747 msgid "Unsupported VERITY FEC offset." msgstr "NieobsÅ‚ugiwany offset FEC VERITY." -#: lib/setup.c:2133 +#: lib/setup.c:2771 msgid "Data area overlaps with hash area." msgstr "Obszar danych zachodzi na obszar skrótów." -#: lib/setup.c:2158 +#: lib/setup.c:2796 msgid "Hash area overlaps with FEC area." msgstr "Obszar skrótu zachodzi na obszar FEC." -#: lib/setup.c:2165 +#: lib/setup.c:2803 msgid "Data area overlaps with FEC area." msgstr "Obszar danych zachodzi na obszar FEC." -#: lib/setup.c:2301 +#: lib/setup.c:2939 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "UWAGA: żądany rozmiar znacznika %d B różni siÄ™ od rozmiaru wyjÅ›cia %s (%d B).\n" -#: lib/setup.c:2380 +#: lib/setup.c:3018 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Nieznany typ żądanego urzÄ…dzenia szyfrujÄ…cego %s." -#: lib/setup.c:2687 lib/setup.c:2766 lib/setup.c:2779 +#: lib/setup.c:3325 lib/setup.c:3404 lib/setup.c:3417 #, c-format msgid "Unsupported parameters on device %s." msgstr "NieobsÅ‚ugiwane parametry urzÄ…dzenia %s." -#: lib/setup.c:2693 lib/setup.c:2786 lib/luks2/luks2_reencrypt.c:2862 -#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 +#: lib/setup.c:3331 lib/setup.c:3424 lib/luks2/luks2_reencrypt.c:2908 +#: lib/luks2/luks2_reencrypt.c:3145 lib/luks2/luks2_reencrypt.c:3540 #, c-format msgid "Mismatching parameters on device %s." msgstr "Niezgodne parametry dla urzÄ…dzenia %s." -#: lib/setup.c:2810 +#: lib/setup.c:3448 msgid "Crypt devices mismatch." msgstr "UrzÄ…dzenia szyfrowane nie zgadzajÄ… siÄ™." -#: lib/setup.c:2847 lib/setup.c:2852 lib/luks2/luks2_reencrypt.c:2361 -#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 +#: lib/setup.c:3485 lib/setup.c:3490 lib/luks2/luks2_reencrypt.c:2390 +#: lib/luks2/luks2_reencrypt.c:2924 lib/luks2/luks2_reencrypt.c:4109 #, c-format msgid "Failed to reload device %s." msgstr "Nie udaÅ‚o siÄ™ przeÅ‚adować urzÄ…dzenia %s." -#: lib/setup.c:2858 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2332 -#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 +#: lib/setup.c:3496 lib/setup.c:3502 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2368 lib/luks2/luks2_reencrypt.c:2938 #, c-format msgid "Failed to suspend device %s." msgstr "Nie udaÅ‚o siÄ™ wstrzymać urzÄ…dzenia %s." -#: lib/setup.c:2870 lib/luks2/luks2_reencrypt.c:2346 -#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 -#: lib/luks2/luks2_reencrypt.c:4036 +#: lib/setup.c:3508 lib/luks2/luks2_reencrypt.c:2375 +#: lib/luks2/luks2_reencrypt.c:2959 lib/luks2/luks2_reencrypt.c:4022 +#: lib/luks2/luks2_reencrypt.c:4113 #, c-format msgid "Failed to resume device %s." msgstr "Nie udaÅ‚o wznowić urzÄ…dzenia %s." -#: lib/setup.c:2885 +#: lib/setup.c:3523 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "BÅ‚Ä…d krytyczny przy przeÅ‚adowywaniu urzÄ…dzenia %s (w oparciu o urzÄ…dzenie %s)." -#: lib/setup.c:2888 lib/setup.c:2890 +#: lib/setup.c:3526 lib/setup.c:3528 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Nie udaÅ‚o siÄ™ przeÅ‚Ä…czyć urzÄ…dzenia %s na dm-error." -#: lib/setup.c:2972 +#: lib/setup.c:3568 +msgid "Can not resize LUKS2 device with static size." +msgstr "Nie można zmienić rozmiaru urzÄ…dzenia LUKS2 o rozmiarze statycznym." + +#: lib/setup.c:3613 msgid "Cannot resize loop device." msgstr "Nie można zmienić rozmiaru urzÄ…dzenia loopback." -#: lib/setup.c:3015 +#: lib/setup.c:3657 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "UWAGA: maksymalny rozmiar jest już ustawiony lub jÄ…dro nie obsÅ‚uguje zmiany rozmiaru.\n" -#: lib/setup.c:3076 +#: lib/setup.c:3723 msgid "Resize failed, the kernel doesn't support it." msgstr "Zmiana rozmiaru nie powiodÅ‚a siÄ™, jÄ…dro tego nie obsÅ‚uguje." -#: lib/setup.c:3108 +#: lib/setup.c:3755 msgid "Do you really want to change UUID of device?" msgstr "Czy na pewno zmienić UUID urzÄ…dzenia?" -#: lib/setup.c:3200 +#: lib/setup.c:3847 msgid "Header backup file does not contain compatible LUKS header." msgstr "Plik nagłówka kopii zapasowej nie zawiera zgodnego nagłówka LUKS." -#: lib/setup.c:3316 +#: lib/setup.c:3956 #, c-format msgid "Volume %s is not active." msgstr "Wolumen %s nie jest aktywny." -#: lib/setup.c:3327 +#: lib/setup.c:4022 #, c-format msgid "Volume %s is already suspended." msgstr "Wolumen %s już zostaÅ‚ wstrzymany." -#: lib/setup.c:3340 +#: lib/setup.c:4050 #, c-format msgid "Suspend is not supported for device %s." msgstr "Wstrzymywanie nie jest obsÅ‚ugiwane dla urzÄ…dzenia %s." -#: lib/setup.c:3342 +#: lib/setup.c:4052 lib/setup.c:4060 #, c-format msgid "Error during suspending device %s." msgstr "BÅ‚Ä…d podczas wstrzymywania urzÄ…dzenia %s." -#: lib/setup.c:3377 +#: lib/setup.c:4074 +#, c-format +msgid "Device %s was suspended but hardware OPAL device cannot be locked." +msgstr "UrzÄ…dzenie %s zostaÅ‚o wstrzymane, ale sprzÄ™towe urzÄ…dzenie OPAL nie może być zablokowane." + +#: lib/setup.c:4106 lib/setup.c:4250 #, c-format msgid "Resume is not supported for device %s." msgstr "Wznawianie nie jest obsÅ‚ugiwane dla urzÄ…dzenia %s." -#: lib/setup.c:3379 +#: lib/setup.c:4108 lib/setup.c:4241 lib/setup.c:4252 #, c-format msgid "Error during resuming device %s." msgstr "BÅ‚Ä…d podczas wznawiania urzÄ…dzenia %s." -#: lib/setup.c:3413 lib/setup.c:3461 lib/setup.c:3532 lib/setup.c:3577 -#: src/cryptsetup.c:2479 +#: lib/setup.c:4131 +msgid "Failed to link key to the specified keyring." +msgstr "Nie udaÅ‚o siÄ™ doÅ‚Ä…czyć klucza do okreÅ›lonego pÄ™ku kluczy." + +#: lib/setup.c:4150 +msgid "Failed to unlink volume key from user specified keyring." +msgstr "Nie udaÅ‚o siÄ™ odÅ‚Ä…czyć klucza wolumenu z pÄ™ku kluczy podanego przez użytkownika." + +#: lib/setup.c:4213 lib/setup.c:4934 lib/setup.c:5549 +msgid "Failed to link volume key in user defined keyring." +msgstr "Nie udaÅ‚o siÄ™ doÅ‚Ä…czuć klucza wolumenu do pÄ™ku kluczy zdefiniowanego przez użytkownika." + +#: lib/setup.c:4313 src/cryptsetup.c:2755 #, c-format msgid "Volume %s is not suspended." msgstr "Wolumen %s nie jest wstrzymany." -#: lib/setup.c:3547 lib/setup.c:4528 lib/setup.c:4541 lib/setup.c:4549 -#: lib/setup.c:4562 lib/setup.c:6145 lib/setup.c:6167 lib/setup.c:6216 -#: src/cryptsetup.c:2011 +#: lib/setup.c:4414 lib/setup.c:5310 lib/setup.c:5317 lib/setup.c:7176 +#: lib/setup.c:7198 lib/setup.c:7247 src/cryptsetup.c:2265 msgid "Volume key does not match the volume." msgstr "Klucz wolumenu nie pasuje do wolumenu." -#: lib/setup.c:3725 +#: lib/setup.c:4568 msgid "Failed to swap new key slot." msgstr "Nie udaÅ‚o siÄ™ podstawić nowego klucza." -#: lib/setup.c:3823 +#: lib/setup.c:4666 #, c-format msgid "Key slot %d is invalid." msgstr "Numer klucza %d jest nieprawidÅ‚owy." -#: lib/setup.c:3829 src/cryptsetup.c:1740 src/cryptsetup.c:2208 -#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 +#: lib/setup.c:4672 src/cryptsetup.c:1975 src/cryptsetup.c:2467 +#: src/cryptsetup.c:3149 src/cryptsetup.c:3209 #, c-format msgid "Keyslot %d is not active." msgstr "Klucz %d nie jest aktywny." -#: lib/setup.c:3848 +#: lib/setup.c:4691 msgid "Device header overlaps with data area." msgstr "Nagłówek urzÄ…dzenia zachodzi na obszar danych." -#: lib/setup.c:4153 +#: lib/setup.c:5041 msgid "Reencryption in-progress. Cannot activate device." msgstr "Ponowne szyfrowanie trwa. Nie można uaktywnić urzÄ…dzenia." -#: lib/setup.c:4155 lib/luks2/luks2_json_metadata.c:2703 -#: lib/luks2/luks2_reencrypt.c:3590 +#: lib/setup.c:5043 lib/luks2/luks2_json_metadata.c:2861 +#: lib/luks2/luks2_reencrypt.c:3646 msgid "Failed to get reencryption lock." msgstr "Nie udaÅ‚o siÄ™ uzyskać blokady ponownego szyfrowania." -#: lib/setup.c:4168 lib/luks2/luks2_reencrypt.c:3609 +#: lib/setup.c:5056 lib/luks2/luks2_reencrypt.c:3665 msgid "LUKS2 reencryption recovery failed." msgstr "Odtwarzanie ponownego szyfrowania LUKS2 nie powiodÅ‚o siÄ™." -#: lib/setup.c:4340 lib/setup.c:4606 +#: lib/setup.c:5228 lib/setup.c:5328 lib/setup.c:5386 msgid "Device type is not properly initialized." msgstr "Typ urzÄ…dzenia nie zostaÅ‚ wÅ‚aÅ›ciwie zainicjalizowany." -#: lib/setup.c:4388 +#: lib/setup.c:5283 #, c-format msgid "Device %s already exists." msgstr "UrzÄ…dzenie %s już istnieje." -#: lib/setup.c:4395 +#: lib/setup.c:5290 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Nie można użyć urzÄ…dzenia %s, nazwa jest nieprawidÅ‚owa lub nadal w użyciu." -#: lib/setup.c:4515 +#: lib/setup.c:5306 msgid "Incorrect volume key specified for plain device." msgstr "Podano niewÅ‚aÅ›ciwy klucz wolumenu dla zwykÅ‚ego urzÄ…dzenia." -#: lib/setup.c:4632 -msgid "Incorrect root hash specified for verity device." -msgstr "Podano niewÅ‚aÅ›ciwy hasz główny dla urzÄ…dzenia VERITY." - -#: lib/setup.c:4642 -msgid "Root hash signature required." -msgstr "Wymagany podpis hasza głównego." +#: lib/setup.c:5424 +msgid "Kernel keyring is not supported by the kernel." +msgstr "PÄ™k kluczy w jÄ…drze nie jest obsÅ‚ugiwany przez jÄ…dro." -#: lib/setup.c:4651 +#: lib/setup.c:5428 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Brak pÄ™ku kluczy w jÄ…drze: wymagany do przekazania podpisu do jÄ…dra." -#: lib/setup.c:4668 lib/setup.c:6411 -msgid "Failed to load key in kernel keyring." -msgstr "Nie udaÅ‚o siÄ™ zaÅ‚adować klucza do pÄ™ku kluczy w jÄ…drze." +#: lib/setup.c:5668 +msgid "Incorrect root hash specified for verity device." +msgstr "Podano niewÅ‚aÅ›ciwy hasz główny dla urzÄ…dzenia VERITY." + +#: lib/setup.c:5711 +msgid "OPAL does not support deferred deactivation." +msgstr "OPAL nie obsÅ‚uguje odroczonej dezaktywacji." -#: lib/setup.c:4724 +#: lib/setup.c:5727 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Nie udaÅ‚o siÄ™ anulować opóźnionego usuwania z urzÄ…dzenia %s." -#: lib/setup.c:4731 lib/setup.c:4747 lib/luks2/luks2_json_metadata.c:2756 +#: lib/setup.c:5734 lib/setup.c:5750 lib/luks2/luks2_json_metadata.c:2915 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "UrzÄ…dzenie %s jest nadal w użyciu." -#: lib/setup.c:4756 +#: lib/setup.c:5759 #, c-format msgid "Invalid device %s." msgstr "BÅ‚Ä™dne urzÄ…dzenie %s." -#: lib/setup.c:4896 +#: lib/setup.c:5899 msgid "Volume key buffer too small." msgstr "Bufor klucza wolumenu zbyt maÅ‚y." -#: lib/setup.c:4913 +#: lib/setup.c:5916 msgid "Cannot retrieve volume key for LUKS2 device." msgstr "Nie można odtworzyć klucza wolumenu dla urzÄ…dzenia LUKS2." -#: lib/setup.c:4922 +#: lib/setup.c:5925 msgid "Cannot retrieve volume key for LUKS1 device." msgstr "Nie można odtworzyć klucza wolumenu dla urzÄ…dzenia LUKS1." -#: lib/setup.c:4932 +#: lib/setup.c:5935 msgid "Cannot retrieve volume key for plain device." msgstr "Nie można odtworzyć klucza wolumenu dla zwykÅ‚ego urzÄ…dzenia." -#: lib/setup.c:4940 +#: lib/setup.c:5943 msgid "Cannot retrieve root hash for verity device." msgstr "Nie można odtworzyć hasza głównego dla urzÄ…dzenia VERITY." -#: lib/setup.c:4947 +#: lib/setup.c:5950 msgid "Cannot retrieve volume key for BITLK device." msgstr "Nie można odtworzyć klucza wolumenu dla urzÄ…dzenia BITLK." -#: lib/setup.c:4952 +#: lib/setup.c:5955 msgid "Cannot retrieve volume key for FVAULT2 device." msgstr "Nie można odtworzyć klucza wolumenu dla urzÄ…dzenia FVAULT2." -#: lib/setup.c:4954 +#: lib/setup.c:5957 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Ta operacja nie jest obsÅ‚ugiwana dla urzÄ…dzenia szyfrujÄ…cego %s." -#: lib/setup.c:5135 lib/setup.c:5146 +#: lib/setup.c:6141 lib/setup.c:6152 msgid "Dump operation is not supported for this device type." msgstr "Operacja zrzutu nie jest obsÅ‚ugiwana dla tego rodzaju urzÄ…dzenia." -#: lib/setup.c:5488 +#: lib/setup.c:6511 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Offset danych nie jest wielokrotnoÅ›ciÄ… liczby bajtów %u." -#: lib/setup.c:5776 +#: lib/setup.c:6819 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Nie można przekonwertować urzÄ…dzenia %s, które jest nadal w użyciu." -#: lib/setup.c:6086 lib/setup.c:6225 +#: lib/setup.c:7117 lib/setup.c:7256 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Nie udaÅ‚o siÄ™ przypisać klucza %u jako nowego klucza wolumenu." -#: lib/setup.c:6110 +#: lib/setup.c:7141 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Nie udaÅ‚o siÄ™ zainicjować domyÅ›lnych parametrów klucza LUKS2." -#: lib/setup.c:6116 +#: lib/setup.c:7147 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Nie udaÅ‚o siÄ™ przypisać klucza %d do skrótu." -#: lib/setup.c:6341 +#: lib/setup.c:7372 msgid "Cannot add key slot, all slots disabled and no volume key provided." msgstr "Nie można dodać klucza, wszystkie miejsca na klucze wyÅ‚Ä…czone i nie podano klucza wolumenu." -#: lib/setup.c:6478 -msgid "Kernel keyring is not supported by the kernel." -msgstr "PÄ™k kluczy w jÄ…drze nie jest obsÅ‚ugiwany przez jÄ…dro." +#: lib/setup.c:7441 lib/verity/verity.c:343 +msgid "Failed to load key in kernel keyring." +msgstr "Nie udaÅ‚o siÄ™ zaÅ‚adować klucza do pÄ™ku kluczy w jÄ…drze." + +#: lib/setup.c:7559 +msgid "Failed to unlink volume key from thread keyring." +msgstr "Nie udaÅ‚o siÄ™ odÅ‚Ä…czyć klucza wolumenu z pÄ™ku klucza wÄ…tku." -#: lib/setup.c:6488 lib/luks2/luks2_reencrypt.c:3807 +#: lib/setup.c:7586 #, c-format -msgid "Failed to read passphrase from keyring (error %d)." -msgstr "Nie udaÅ‚o siÄ™ odczytać hasÅ‚a z pÄ™ku kluczy (bÅ‚Ä…d %d)." +msgid "Could not find keyring described by \"%s\"." +msgstr "Nie udaÅ‚o siÄ™ odnaleźć pÄ™ku kluczy opisanego przez \"%s\"." -#: lib/setup.c:6512 +#: lib/setup.c:7645 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Nie udaÅ‚o siÄ™ uzyskać globalnej blokady serializacji dostÄ™pu ciężkiego pamiÄ™ciowo." -#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 +#: lib/utils.c:205 lib/tcrypt/tcrypt.c:503 msgid "Failed to open key file." msgstr "Nie udaÅ‚o siÄ™ otworzyć pliku klucza." -#: lib/utils.c:163 +#: lib/utils.c:210 msgid "Cannot read keyfile from a terminal." msgstr "Nie można odczytać pliku klucza z terminala." -#: lib/utils.c:179 +#: lib/utils.c:226 msgid "Failed to stat key file." msgstr "Nie udaÅ‚o siÄ™ wykonać stat na pliku klucza." -#: lib/utils.c:187 lib/utils.c:208 +#: lib/utils.c:234 lib/utils.c:255 msgid "Cannot seek to requested keyfile offset." msgstr "Nie można przemieÅ›cić siÄ™ do żądanego poÅ‚ożenia pliku klucza." -#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:227 -#: src/utils_password.c:239 +#: lib/utils.c:249 lib/utils.c:264 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "Brak pamiÄ™ci podczas odczytu hasÅ‚a." -#: lib/utils.c:237 +#: lib/utils.c:284 msgid "Error reading passphrase." msgstr "BÅ‚Ä…d podczas odczytu hasÅ‚a." -#: lib/utils.c:254 +#: lib/utils.c:301 msgid "Nothing to read on input." msgstr "Na wejÅ›ciu nie ma nic do odczytu." -#: lib/utils.c:261 +#: lib/utils.c:308 msgid "Maximum keyfile size exceeded." msgstr "Przekroczono maksymalny rozmiar pliku klucza." -#: lib/utils.c:266 +#: lib/utils.c:313 msgid "Cannot read requested amount of data." msgstr "Nie można odczytać żądanej iloÅ›ci danych." -#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1408 +#: lib/utils_device.c:213 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1461 #, c-format msgid "Device %s does not exist or access denied." msgstr "UrzÄ…dzenie %s nie istnieje lub dostÄ™p jest zabroniony." -#: lib/utils_device.c:217 +#: lib/utils_device.c:223 #, c-format msgid "Device %s is not compatible." msgstr "UrzÄ…dzenie %s nie jest zgodne." -#: lib/utils_device.c:561 +#: lib/utils_device.c:567 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "Zignorowano niewÅ‚aÅ›ciwy rozmiar optimal-io dla urzÄ…dzenia danych (%u bajtów)." -#: lib/utils_device.c:722 +#: lib/utils_device.c:728 #, c-format msgid "Device %s is too small. Need at least %<PRIu64> bytes." msgstr "UrzÄ…dzenie %s jest zbyt maÅ‚e. Wymagane przynajmniej %<PRIu64> bajtów." -#: lib/utils_device.c:803 +#: lib/utils_device.c:809 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Nie można użyć urzÄ…dzenia %s, które jest w użyciu (już podmapowane lub zamontowane)." -#: lib/utils_device.c:807 +#: lib/utils_device.c:813 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Nie można użyć urzÄ…dzenia %s, brak uprawnieÅ„." -#: lib/utils_device.c:810 +#: lib/utils_device.c:816 #, c-format msgid "Cannot get info about device %s." msgstr "Nie można uzyskać informacji o urzÄ…dzeniu %s." -#: lib/utils_device.c:833 +#: lib/utils_device.c:839 msgid "Cannot use a loopback device, running as non-root user." msgstr "Nie można użyć urzÄ…dzenia loopback w czasie dziaÅ‚ania jako nie-root." -#: lib/utils_device.c:844 +#: lib/utils_device.c:850 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "Nie udaÅ‚o siÄ™ podÅ‚Ä…czyć urzÄ…dzenia loopback (wymagane urzÄ…dzenie loop z flagÄ… autoclear)." -#: lib/utils_device.c:892 +#: lib/utils_device.c:898 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Żądany offset jest poza rzeczywistym rozmiarem urzÄ…dzenia %s." -#: lib/utils_device.c:900 +#: lib/utils_device.c:906 #, c-format msgid "Device %s has zero size." msgstr "UrzÄ…dzenie %s ma zerowy rozmiar." -#: lib/utils_pbkdf.c:100 +#: lib/utils_pbkdf.c:116 msgid "Requested PBKDF target time cannot be zero." msgstr "Żądany czas docelowy PBKDF nie może być zerowy." -#: lib/utils_pbkdf.c:106 +#: lib/utils_pbkdf.c:122 #, c-format msgid "Unknown PBKDF type %s." msgstr "Nieznany typ PBKDF %s." -#: lib/utils_pbkdf.c:111 +#: lib/utils_pbkdf.c:127 #, c-format msgid "Requested hash %s is not supported." msgstr "Żądany skrót %s nie jest obsÅ‚ugiwany." -#: lib/utils_pbkdf.c:122 +#: lib/utils_pbkdf.c:138 msgid "Requested PBKDF type is not supported for LUKS1." msgstr "Żądany typ PBKDF nie jest obsÅ‚ugiwany dla LUKS1." -#: lib/utils_pbkdf.c:128 +#: lib/utils_pbkdf.c:144 msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "WartoÅ›ci maksymalnej pamiÄ™ci lub liczby wÄ…tków PBKDF nie mogÄ… być ustawione dla PBKDF2." -#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#: lib/utils_pbkdf.c:149 lib/utils_pbkdf.c:159 #, c-format msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "Wymuszona liczba iteracji jest zbyt maÅ‚a dla %s (minimum to %u)." -#: lib/utils_pbkdf.c:148 +#: lib/utils_pbkdf.c:164 #, c-format msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." msgstr "Wymuszony koszt pamiÄ™ciowy jest zbyt maÅ‚y dla %s (minimum to %u kB)." -#: lib/utils_pbkdf.c:155 +#: lib/utils_pbkdf.c:171 #, c-format msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." msgstr "Żądany maksymalny koszt pamiÄ™ciowy PBKDF jest zbyt duży (maksimum to %d kB)." -#: lib/utils_pbkdf.c:160 +#: lib/utils_pbkdf.c:176 msgid "Requested maximum PBKDF memory cannot be zero." msgstr "Żądana maksymalna pamięć PBKDF nie może być zerowa." -#: lib/utils_pbkdf.c:164 +#: lib/utils_pbkdf.c:180 msgid "Requested PBKDF parallel threads cannot be zero." msgstr "Żądana liczba wÄ…tków PBKDF nie może być zerowa." -#: lib/utils_pbkdf.c:184 +#: lib/utils_pbkdf.c:200 msgid "Only PBKDF2 is supported in FIPS mode." msgstr "W trybie FIPS obsÅ‚ugiwana jest tylko PBKDF2." -#: lib/utils_benchmark.c:174 +#: lib/utils_benchmark.c:184 msgid "PBKDF benchmark disabled but iterations not set." msgstr "Test wydajnoÅ›ci PBKDF jest wyÅ‚Ä…czony, ale nie ustawiono liczby iteracji." -#: lib/utils_benchmark.c:193 +#: lib/utils_benchmark.c:203 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "Niekompatybilne opcje PBKDF2 (przy użyciu algorytmu skrótu %s)." -#: lib/utils_benchmark.c:213 +#: lib/utils_benchmark.c:223 msgid "Not compatible PBKDF options." msgstr "Niekompatybilne opcje PBKDF." @@ -771,16 +865,24 @@ msgstr "Blokowanie nie powiodÅ‚o siÄ™. Åšcieżka blokady %s/%s jest nieużywalna msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Blokowanie przerwane. Åšcieżka blokady %s/%s jest nieużywalna (%s nie jest katalogiem)." -#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: lib/utils_wipe.c:156 lib/utils_wipe.c:227 src/utils_reencrypt_luks1.c:734 #: src/utils_reencrypt_luks1.c:832 msgid "Cannot seek to device offset." msgstr "Nie można przemieÅ›cić siÄ™ we wÅ‚aÅ›ciwe poÅ‚ożenie urzÄ…dzenia." -#: lib/utils_wipe.c:247 +#: lib/utils_wipe.c:249 #, c-format msgid "Device wipe error, offset %<PRIu64>." msgstr "BÅ‚Ä…d wymazywania urzÄ…dzenia, offset %<PRIu64>." +#: lib/utils_wipe.c:344 +msgid "Incorrect OPAL PSID." +msgstr "Niepoprawny PSID OPAL." + +#: lib/utils_wipe.c:346 +msgid "Cannot erase OPAL device." +msgstr "Nie można wymazać urzÄ…dzenia OPAL." + #: lib/luks1/keyencryption.c:39 #, c-format msgid "" @@ -798,9 +900,9 @@ msgstr "Rozmiar klucza w trybie XTS musi wynosić 256 lub 512 bitów." msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." msgstr "OkreÅ›lenie szyfru powinno być w formacie [szyfr]-[tryb]-[iv]." -#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 -#: lib/luks1/keymanage.c:675 lib/luks1/keymanage.c:1126 -#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1528 lib/luks2/luks2_keyslot.c:712 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Nie można zapisać na urzÄ…dzenie %s, brak uprawnieÅ„." @@ -813,87 +915,87 @@ msgstr "Nie udaÅ‚o siÄ™ otworzyć urzÄ…dzenia do tymczasowego przechowywania klu msgid "Failed to access temporary keystore device." msgstr "Nie udaÅ‚o siÄ™ uzyskać dostÄ™pu do urzÄ…dzenia do tymczasowego przechowywania kluczy." -#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:61 -#: lib/luks2/luks2_keyslot_luks2.c:79 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:197 msgid "IO error while encrypting keyslot." msgstr "BÅ‚Ä…d we/wy podczas szyfrowania klucza." -#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:628 lib/luks1/keymanage.c:678 lib/tcrypt/tcrypt.c:679 +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:681 #: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 #: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 #: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 #: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 -#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: lib/luks2/luks2_json_metadata.c:1531 src/utils_reencrypt_luks1.c:121 #: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "Nie można otworzyć urzÄ…dzenia %s." -#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:138 +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 msgid "IO error while decrypting keyslot." msgstr "BÅ‚Ä…d we/wy podczas odszyfrowywania klucza." -#: lib/luks1/keymanage.c:129 +#: lib/luks1/keymanage.c:130 #, c-format msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)" msgstr "UrzÄ…dzenie %s jest zbyt maÅ‚e (LUKS1 wymaga przynajmniej %<PRIu64> bajtów)." -#: lib/luks1/keymanage.c:150 lib/luks1/keymanage.c:158 -#: lib/luks1/keymanage.c:170 lib/luks1/keymanage.c:181 -#: lib/luks1/keymanage.c:193 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159 +#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182 +#: lib/luks1/keymanage.c:194 #, c-format msgid "LUKS keyslot %u is invalid." msgstr "Numer klucza LUKS %u jest nieprawidÅ‚owy." -#: lib/luks1/keymanage.c:265 lib/luks2/luks2_json_metadata.c:1353 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1391 #, c-format msgid "Requested header backup file %s already exists." msgstr "Żądany plik kopii zapasowej nagłówka %s już istnieje." -#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1355 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1393 #, c-format msgid "Cannot create header backup file %s." msgstr "Nie można utworzyć pliku kopii zapasowej nagłówka %s." -#: lib/luks1/keymanage.c:274 lib/luks2/luks2_json_metadata.c:1362 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1400 #, c-format msgid "Cannot write header backup file %s." msgstr "Nie można zapisać pliku kopii zapasowej nagłówka %s." -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1399 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1437 msgid "Backup file does not contain valid LUKS header." msgstr "Plik kopii zapasowej nie zawiera prawidÅ‚owego nagłówka LUKS." -#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:591 -#: lib/luks2/luks2_json_metadata.c:1420 +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1458 #, c-format msgid "Cannot open header backup file %s." msgstr "Nie można otworzyć pliku kopii zapasowej nagłówka %s." -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1428 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1466 #, c-format msgid "Cannot read header backup file %s." msgstr "Nie można odczytać pliku kopii zapasowej nagłówka %s." -#: lib/luks1/keymanage.c:337 +#: lib/luks1/keymanage.c:339 msgid "Data offset or key size differs on device and backup, restore failed." msgstr "Offset danych lub rozmiar klucza różniÄ… siÄ™ miÄ™dzy urzÄ…dzeniem a kopiÄ… zapasowÄ…; przywrócenie nie powiodÅ‚o siÄ™." -#: lib/luks1/keymanage.c:345 +#: lib/luks1/keymanage.c:347 #, c-format msgid "Device %s %s%s" msgstr "UrzÄ…dzenie %s %s%s" -#: lib/luks1/keymanage.c:346 +#: lib/luks1/keymanage.c:348 msgid "does not contain LUKS header. Replacing header can destroy data on that device." msgstr "nie zawiera nagłówka LUKS. Nadpisanie nagłówka może zniszczyć dane na tym urzÄ…dzeniu." -#: lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:349 msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "już zawiera nagłówek LUKS. Nadpisanie nagłówka zniszczy istniejÄ…ce klucze." -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1462 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1500 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -901,126 +1003,130 @@ msgstr "" "\n" "UWAGA: nagłówek prawdziwego urzÄ…dzenia ma inny UUID niż kopia zapasowa!" -#: lib/luks1/keymanage.c:396 +#: lib/luks1/keymanage.c:398 msgid "Non standard key size, manual repair required." msgstr "Niestandardowy rozmiar klucza, wymagana rÄ™czna naprawa." -#: lib/luks1/keymanage.c:406 +#: lib/luks1/keymanage.c:408 msgid "Non standard keyslots alignment, manual repair required." msgstr "Niestandardowe wyrównanie kluczy, wymagana rÄ™czna naprawa." -#: lib/luks1/keymanage.c:415 +#: lib/luks1/keymanage.c:417 #, c-format msgid "Cipher mode repaired (%s -> %s)." msgstr "Tryb szyfru poprawiony (%s -> %s)." -#: lib/luks1/keymanage.c:426 +#: lib/luks1/keymanage.c:428 #, c-format msgid "Cipher hash repaired to lowercase (%s)." msgstr "Skrót szyfru poprawiony na maÅ‚e litery (%s)." -#: lib/luks1/keymanage.c:428 lib/luks1/keymanage.c:534 -#: lib/luks1/keymanage.c:790 +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 #, c-format msgid "Requested LUKS hash %s is not supported." msgstr "Żądany skrót LUKS %s nie jest obsÅ‚ugiwany." -#: lib/luks1/keymanage.c:442 +#: lib/luks1/keymanage.c:444 msgid "Repairing keyslots." msgstr "Naprawianie kluczy." -#: lib/luks1/keymanage.c:461 +#: lib/luks1/keymanage.c:463 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "Klucz %i: naprawiono offset (%u -> %u)." -#: lib/luks1/keymanage.c:469 +#: lib/luks1/keymanage.c:471 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "Klucz %i: naprawiono pasy (%u -> %u)." -#: lib/luks1/keymanage.c:478 +#: lib/luks1/keymanage.c:480 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "Klucz %i: bÅ‚Ä™dna sygnatura partycji." -#: lib/luks1/keymanage.c:483 +#: lib/luks1/keymanage.c:485 #, c-format msgid "Keyslot %i: salt wiped." msgstr "Klucz %i: zarodek wymazany." -#: lib/luks1/keymanage.c:500 +#: lib/luks1/keymanage.c:502 msgid "Writing LUKS header to disk." msgstr "Zapis nagłówka LUKS na dysk." -#: lib/luks1/keymanage.c:505 +#: lib/luks1/keymanage.c:507 msgid "Repair failed." msgstr "Naprawa nie powiodÅ‚a siÄ™." -#: lib/luks1/keymanage.c:560 +#: lib/luks1/keymanage.c:562 #, c-format msgid "LUKS cipher mode %s is invalid." msgstr "Tryb szyfru LUKS %s jest nieprawidÅ‚owy." -#: lib/luks1/keymanage.c:565 +#: lib/luks1/keymanage.c:567 #, c-format msgid "LUKS hash %s is invalid." msgstr "Skrót LUKS %s jest nieprawidÅ‚owy." -#: lib/luks1/keymanage.c:572 src/cryptsetup.c:1281 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1352 msgid "No known problems detected for LUKS header." msgstr "W nagłówku LUKS nie wykryto żadnych znanych problemów." -#: lib/luks1/keymanage.c:700 +#: lib/luks1/keymanage.c:702 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "BÅ‚Ä…d podczas uaktualniania nagłówka LUKS na urzÄ…dzeniu %s." -#: lib/luks1/keymanage.c:708 +#: lib/luks1/keymanage.c:710 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "BÅ‚Ä™d podczas ponownego odczytu nagłówka LUKS po uaktualnieniu na urzÄ…dzeniu %s." -#: lib/luks1/keymanage.c:784 +#: lib/luks1/keymanage.c:786 msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "Offset danych dla nagłówka LUKS musi wynosić 0 lub wiÄ™cej niż rozmiar nagłówka." -#: lib/luks1/keymanage.c:795 lib/luks1/keymanage.c:864 -#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 -#: src/utils_reencrypt.c:514 +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:243 lib/luks2/luks2_json_metadata.c:1274 +#: src/utils_reencrypt.c:554 msgid "Wrong LUKS UUID format provided." msgstr "Podano zÅ‚y format LUKS UUID." -#: lib/luks1/keymanage.c:817 +#: lib/luks1/keymanage.c:819 msgid "Cannot create LUKS header: reading random salt failed." msgstr "Nie można utworzyć nagłówka LUKS: odczyt losowego zarodka nie powiódÅ‚ siÄ™." -#: lib/luks1/keymanage.c:843 +#: lib/luks1/keymanage.c:845 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "Nie można utworzyć nagłówka LUKS: uzyskanie skrótu nagłówka nie powiodÅ‚o siÄ™ (przy użyciu algorytmu %s)." -#: lib/luks1/keymanage.c:887 +#: lib/luks1/keymanage.c:889 #, c-format msgid "Key slot %d active, purge first." msgstr "Klucz numer %d jest aktywny, należy go najpierw wyczyÅ›cić." -#: lib/luks1/keymanage.c:893 +#: lib/luks1/keymanage.c:895 #, c-format msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "Klucz %d zawiera zbyt maÅ‚o pasów. Zmieniony nagłówek?" -#: lib/luks1/keymanage.c:1034 +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "PrzepeÅ‚nienie wartoÅ›ci iteracji PBKDF2" + +#: lib/luks1/keymanage.c:1040 #, c-format msgid "Cannot open keyslot (using hash %s)." msgstr "Nie można otworzyć klucza (przy użyciu skrótu %s)." -#: lib/luks1/keymanage.c:1112 +#: lib/luks1/keymanage.c:1118 #, c-format msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Numer klucza %d jest bÅ‚Ä™dny, proszÄ™ wybrać numer od 0 do %d." -#: lib/luks1/keymanage.c:1130 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:716 #, c-format msgid "Cannot wipe device %s." msgstr "Nie można wymazać urzÄ…dzenia %s." @@ -1041,174 +1147,174 @@ msgstr "Wykryto niekompatybilny plik klucza loop-AES." msgid "Kernel does not support loop-AES compatible mapping." msgstr "JÄ…dro nie obsÅ‚uguje odwzorowaÅ„ zgodnych z loop-AES." -#: lib/tcrypt/tcrypt.c:508 +#: lib/tcrypt/tcrypt.c:510 #, c-format msgid "Error reading keyfile %s." msgstr "BÅ‚Ä…d odczytu pliku klucza %s." -#: lib/tcrypt/tcrypt.c:558 +#: lib/tcrypt/tcrypt.c:560 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Przekroczono maksymalnÄ… dÅ‚ugość hasÅ‚a TCRYPT (%zu)." -#: lib/tcrypt/tcrypt.c:600 +#: lib/tcrypt/tcrypt.c:602 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "Algorytm skrótu PBKDF2 %s nie jest dostÄ™pny, pominiÄ™to." -#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1227 msgid "Required kernel crypto interface not available." msgstr "Wymagany interfejs kryptograficzny jÄ…dra nie jest dostÄ™pny." -#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 +#: lib/tcrypt/tcrypt.c:623 src/cryptsetup.c:1229 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "ProszÄ™ upewnić siÄ™, że moduÅ‚ jÄ…dra algif_skcipher zostaÅ‚ zaÅ‚adowany." -#: lib/tcrypt/tcrypt.c:762 +#: lib/tcrypt/tcrypt.c:764 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Uaktywnianie nie jest obsÅ‚ugiwane dla rozmiaru sektora %d." -#: lib/tcrypt/tcrypt.c:768 +#: lib/tcrypt/tcrypt.c:770 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "JÄ…dro nie obsÅ‚uguje uaktywniania dla tego starego trybu TCRYPT." -#: lib/tcrypt/tcrypt.c:799 +#: lib/tcrypt/tcrypt.c:801 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "WÅ‚Ä…czanie szyfrowania systemu TCRYPT dla partycji %s." -#: lib/tcrypt/tcrypt.c:882 +#: lib/tcrypt/tcrypt.c:884 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "JÄ…dro nie obsÅ‚uguje odwzorowaÅ„ zgodnych z TCRYPT." -#: lib/tcrypt/tcrypt.c:1095 +#: lib/tcrypt/tcrypt.c:1097 msgid "This function is not supported without TCRYPT header load." msgstr "Ta funkcja nie jest obsÅ‚ugiwana bez zaÅ‚adowanego nagłówka TCRYPT." -#: lib/bitlk/bitlk.c:275 +#: lib/bitlk/bitlk.c:278 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "Przy analizie obsÅ‚ugiwanego Głównego Klucza Wolumenu napotkano nieoczekiwany wpis metadanych typu '%u'." -#: lib/bitlk/bitlk.c:328 +#: lib/bitlk/bitlk.c:337 msgid "Invalid string found when parsing Volume Master Key." msgstr "Przy analizie Głównego Klucza Wolumenu napotkano bÅ‚Ä™dny ciÄ…g znaków." -#: lib/bitlk/bitlk.c:332 +#: lib/bitlk/bitlk.c:341 #, c-format msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "Przy analizie obsÅ‚ugiwanego Głównego Klucza Wolumenu napotkano nieoczekiwany ciÄ…g znaków ('%s')." -#: lib/bitlk/bitlk.c:349 +#: lib/bitlk/bitlk.c:358 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "Przy analizie obsÅ‚ugiwanego Głównego Klucza Wolumenu napotkano nieoczekiwanÄ… wartość wpisu metadanych '%u'." -#: lib/bitlk/bitlk.c:451 +#: lib/bitlk/bitlk.c:460 msgid "BITLK version 1 is currently not supported." msgstr "BITLK w wersji 1 nie jest obecnie obsÅ‚ugiwany." -#: lib/bitlk/bitlk.c:457 +#: lib/bitlk/bitlk.c:466 msgid "Invalid or unknown boot signature for BITLK device." msgstr "BÅ‚Ä™dna lub nieznana sygnatura rozruchowa urzÄ…dzenia BITLK." -#: lib/bitlk/bitlk.c:469 +#: lib/bitlk/bitlk.c:478 #, c-format msgid "Unsupported sector size %<PRIu16>." msgstr "NieobsÅ‚ugiwany rozmiar sektora %<PRIu16>." -#: lib/bitlk/bitlk.c:477 +#: lib/bitlk/bitlk.c:486 #, c-format msgid "Failed to read BITLK header from %s." msgstr "Nie udaÅ‚o siÄ™ odczytać nagłówka BITLK z %s." -#: lib/bitlk/bitlk.c:502 +#: lib/bitlk/bitlk.c:511 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "Nie udaÅ‚o siÄ™ odczytać metadanych BITLK FVE z %s." -#: lib/bitlk/bitlk.c:554 +#: lib/bitlk/bitlk.c:562 msgid "Unknown or unsupported encryption type." msgstr "Nieznany lub nieobsÅ‚ugiwany rodzaj szyfrowania." -#: lib/bitlk/bitlk.c:587 +#: lib/bitlk/bitlk.c:602 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "Nie udaÅ‚o siÄ™ odczytać wpisów metadanych BITLK z %s." -#: lib/bitlk/bitlk.c:681 +#: lib/bitlk/bitlk.c:719 msgid "Failed to convert BITLK volume description" msgstr "Nie udaÅ‚o siÄ™ przekonwertować opisu wolumenu BITLK" -#: lib/bitlk/bitlk.c:841 +#: lib/bitlk/bitlk.c:884 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Przy analizie zewnÄ™trznego klucza napotkano nieoczekiwany wpis metadanych typu '%u'." -#: lib/bitlk/bitlk.c:860 +#: lib/bitlk/bitlk.c:907 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "GUI pliku BEK '%s' nie pasuje do GUID-a wolumenu." -#: lib/bitlk/bitlk.c:864 +#: lib/bitlk/bitlk.c:911 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "Przy analizie zewnÄ™trznego klucza napotkano nieoczekiwanÄ… wartość wpisu metadanych '%u'." -#: lib/bitlk/bitlk.c:903 +#: lib/bitlk/bitlk.c:950 #, c-format msgid "Unsupported BEK metadata version %<PRIu32>" msgstr "NieobsÅ‚ugiwana wersja metadanych BEK %<PRIu32>" -#: lib/bitlk/bitlk.c:908 +#: lib/bitlk/bitlk.c:955 #, c-format msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length" msgstr "Nieoczekiwany rozmiar metadanych BEK %<PRIu32> nie zgadza siÄ™ z dÅ‚ugoÅ›ciÄ… pliku BEK" -#: lib/bitlk/bitlk.c:933 +#: lib/bitlk/bitlk.c:981 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Przy analizie klucza poczÄ…tkowego napotkano nieoczekiwany wpis metadanych." -#: lib/bitlk/bitlk.c:1029 +#: lib/bitlk/bitlk.c:1076 msgid "This operation is not supported." msgstr "Ta operacja nie jest obsÅ‚ugiwana." -#: lib/bitlk/bitlk.c:1037 +#: lib/bitlk/bitlk.c:1084 msgid "Unexpected key data size." msgstr "Nieoczekiwany rozmiar danych klucza." -#: lib/bitlk/bitlk.c:1163 +#: lib/bitlk/bitlk.c:1210 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "To urzÄ…dzenie BITLK jest w nieobsÅ‚ugiwanym stanie i może być uaktywnione." -#: lib/bitlk/bitlk.c:1168 +#: lib/bitlk/bitlk.c:1215 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "UrzÄ…dzenia BITLK o typie '%s' nie mogÄ… być uaktywnione." -#: lib/bitlk/bitlk.c:1175 +#: lib/bitlk/bitlk.c:1222 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Uaktywnianie częściowo odszyfrowanych urzÄ…dzeÅ„ BITLK nie jest obsÅ‚ugiwane." -#: lib/bitlk/bitlk.c:1216 +#: lib/bitlk/bitlk.c:1263 #, c-format msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>" msgstr "UWAGA: rozmiar wolumenu BitLockera %<PRIu64> nie zgadza siÄ™ z rozmiarem urzÄ…dzenia %<PRIu64>" -#: lib/bitlk/bitlk.c:1343 +#: lib/bitlk/bitlk.c:1390 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Nie można uaktywnić urzÄ…dzenia, brak obsÅ‚ugi BITLK IV w module dm-crypt jÄ…dra." -#: lib/bitlk/bitlk.c:1347 +#: lib/bitlk/bitlk.c:1394 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Nie można uaktywnić urzÄ…dzenia, brak obsÅ‚ugi dyfuzora BITLK Elephant w module dm-crypt jÄ…dra." -#: lib/bitlk/bitlk.c:1351 +#: lib/bitlk/bitlk.c:1398 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "Nie można uaktywnić urzÄ…dzenia, brak obsÅ‚ugi dużego rozmiaru sektora w module dm-crypt jÄ…dra." -#: lib/bitlk/bitlk.c:1355 +#: lib/bitlk/bitlk.c:1402 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Nie można uaktywnić urzÄ…dzenia, brak moduÅ‚u jÄ…dra dm-zero." @@ -1246,28 +1352,32 @@ msgstr "Podano zÅ‚y format UUID-a VERITY na urzÄ…dzeniu %s." msgid "Error during update of verity header on device %s." msgstr "BÅ‚Ä…d podczas uaktualniania nagłówka VERITY na urzÄ…dzeniu %s." -#: lib/verity/verity.c:278 +#: lib/verity/verity.c:274 msgid "Root hash signature verification is not supported." msgstr "Weryfikacja podpisu hasza głównego nie jest obsÅ‚ugiwana." -#: lib/verity/verity.c:290 +#: lib/verity/verity.c:279 +msgid "Root hash signature required." +msgstr "Wymagany podpis hasza głównego." + +#: lib/verity/verity.c:294 msgid "Errors cannot be repaired with FEC device." msgstr "BÅ‚Ä™dów nie można naprawić z urzÄ…dzeniem FEC." -#: lib/verity/verity.c:292 +#: lib/verity/verity.c:296 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "Znaleziono %u bÅ‚Ä™dów możliwych do naprawienia z urzÄ…dzeniem FEC." -#: lib/verity/verity.c:335 +#: lib/verity/verity.c:377 msgid "Kernel does not support dm-verity mapping." msgstr "JÄ…dro nie obsÅ‚uguje odwzorowaÅ„ dm-verity." -#: lib/verity/verity.c:339 +#: lib/verity/verity.c:381 msgid "Kernel does not support dm-verity signature option." msgstr "JÄ…dro nie obsÅ‚uguje opcji podpisu dm-verity." -#: lib/verity/verity.c:350 +#: lib/verity/verity.c:392 msgid "Verity device detected corruption after activation." msgstr "UrzÄ…dzenie VERITY wykryÅ‚o uszkodzenie po uaktywnieniu." @@ -1361,7 +1471,7 @@ msgstr "Nie udaÅ‚o siÄ™ okreÅ›lić rozmiaru urzÄ…dzenia %s." msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." msgstr "Wykryto niezgodne metadane dm-integrity jÄ…dra (wersja %u) na %s." -#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:454 msgid "Kernel does not support dm-integrity mapping." msgstr "JÄ…dro nie obsÅ‚uguje odwzorowaÅ„ dm-integrity." @@ -1373,8 +1483,8 @@ msgstr "JÄ…dro nie obsÅ‚uguje staÅ‚ego wyrównania metadanych dm-integrity." msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "JÄ…dro odmawia uaktywnienia niebezpiecznej opcji przeliczenia (p. stare opcje aktywacji, aby wymusić)." -#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 -#: lib/luks2/luks2_json_metadata.c:1482 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1197 +#: lib/luks2/luks2_json_metadata.c:1520 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Nie udaÅ‚o siÄ™ uzyskać blokady dla zapisu na urzÄ…dzeniu %s." @@ -1391,49 +1501,59 @@ msgstr "" "UrzÄ…dzenie zawiera niejednoznaczne sygnatury, nie można automatycznie odtworzyć LUKS2.\n" "W celu odtworzenia należy uruchomić \"cryptsetup repair\"." -#: lib/luks2/luks2_json_format.c:229 +#: lib/luks2/luks2_json_format.c:231 +#, c-format +msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "UWAGA: obszar kluczy (%<PRIu64> bajtów) bardzo maÅ‚y, dostÄ™pna liczba kluczy LUKS2 jest bardzo ograniczona.\n" + +#: lib/luks2/luks2_json_format.c:427 msgid "Requested data offset is too small." msgstr "Żądany offset danych jest zbyt maÅ‚y." -#: lib/luks2/luks2_json_format.c:274 +#: lib/luks2/luks2_json_format.c:468 #, c-format -msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" -msgstr "UWAGA: obszar kluczy (%<PRIu64> bajtów) bardzo maÅ‚y, dostÄ™pna liczba kluczy LUKS2 jest bardzo ograniczona.\n" +msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" +msgstr "UWAGA: rozmiar metadanych LUKS2 zmieniÅ‚ siÄ™ na %<PRIu64> (w bajtach).\n" -#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 -#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:93 -#: lib/luks2/luks2_keyslot_luks2.c:115 +#: lib/luks2/luks2_json_format.c:472 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" +msgstr "UWAGA: rozmiar obszaru kluczy LUKS2 zmieniÅ‚ siÄ™ na %<PRIu64> (w bajtach).\n" + +#: lib/luks2/luks2_json_metadata.c:1184 lib/luks2/luks2_json_metadata.c:1366 +#: lib/luks2/luks2_json_metadata.c:1426 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Nie udaÅ‚o siÄ™ uzyskać blokady do odczytu na urzÄ…dzeniu %s." -#: lib/luks2/luks2_json_metadata.c:1405 +#: lib/luks2/luks2_json_metadata.c:1443 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "Wykryto zabronione wymagania LUKS2 w kopii zapasowej %s." -#: lib/luks2/luks2_json_metadata.c:1446 +#: lib/luks2/luks2_json_metadata.c:1484 msgid "Data offset differ on device and backup, restore failed." msgstr "Offset danych różni siÄ™ miÄ™dzy urzÄ…dzeniem a kopiÄ… zapasowÄ…; przywrócenie nie powiodÅ‚o siÄ™." -#: lib/luks2/luks2_json_metadata.c:1452 +#: lib/luks2/luks2_json_metadata.c:1490 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Nagłówek binarny z rozmiarem obszarów kluczy różni siÄ™ miÄ™dzy urzÄ…dzeniem a kopiÄ… zapasowÄ…; przywrócenie nie powiodÅ‚o siÄ™." -#: lib/luks2/luks2_json_metadata.c:1459 +#: lib/luks2/luks2_json_metadata.c:1497 #, c-format msgid "Device %s %s%s%s%s" msgstr "UrzÄ…dzenie %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1460 +#: lib/luks2/luks2_json_metadata.c:1498 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "nie zawiera nagłówka LUKS2. Nadpisanie nagłówka może zniszczyć dane na tym urzÄ…dzeniu." -#: lib/luks2/luks2_json_metadata.c:1461 +#: lib/luks2/luks2_json_metadata.c:1499 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "już zawiera nagłówek LUKS2. Nadpisanie nagłówka zniszczy istniejÄ…ce klucze." -#: lib/luks2/luks2_json_metadata.c:1463 +#: lib/luks2/luks2_json_metadata.c:1501 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1443,7 +1563,7 @@ msgstr "" "UWAGA: wykryto nieznane wymagania LUKS2 w nagłówku prawdziwego urzÄ…dzenia!\n" "Nadpisanie nagłówka kopiÄ… zapasowÄ… może uszkodzić dane na tym urzÄ…dzeniu!" -#: lib/luks2/luks2_json_metadata.c:1465 +#: lib/luks2/luks2_json_metadata.c:1503 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1453,390 +1573,436 @@ msgstr "" "UWAGA: wykryto nie zakoÅ„czone ponowne szyfrowanie offline na urzÄ…dzeniu!\n" "Nadpisanie nagłówka kopiÄ… zapasowÄ… może uszkodzić dane." -#: lib/luks2/luks2_json_metadata.c:1562 +#: lib/luks2/luks2_json_metadata.c:1600 #, c-format msgid "Ignored unknown flag %s." msgstr "Zignorowano nieznanÄ… flagÄ™ %s." -#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 +#: lib/luks2/luks2_json_metadata.c:2525 lib/luks2/luks2_reencrypt.c:2090 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Brak klucza dla segmentu dm-crypt %u" -#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 +#: lib/luks2/luks2_json_metadata.c:2537 lib/luks2/luks2_reencrypt.c:2104 msgid "Failed to set dm-crypt segment." msgstr "Nie udaÅ‚o siÄ™ ustawić segmentu dm-crypt." -#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 +#: lib/luks2/luks2_json_metadata.c:2543 lib/luks2/luks2_reencrypt.c:2110 msgid "Failed to set dm-linear segment." msgstr "Nie udaÅ‚o siÄ™ ustawić segmentu dm-linear." -#: lib/luks2/luks2_json_metadata.c:2615 +#: lib/luks2/luks2_json_metadata.c:2662 src/utils_reencrypt.c:433 +msgid "No known cipher specification pattern detected in LUKS2 header." +msgstr "Nie wykryto znanego wzorca okreÅ›lajÄ…cego szyfr w nagłówku LUKS2." + +#: lib/luks2/luks2_json_metadata.c:2670 +msgid "OPAL device must have static device size." +msgstr "UrzÄ…dzenie OPAL musi mieć statyczny rozmiar." + +#: lib/luks2/luks2_json_metadata.c:2690 +msgid "Encrypted OPAL device with integrity must be smaller than locking range." +msgstr "Szyfrowane urzÄ…dzenie OPAL z integralnoÅ›ciÄ… musi być mniejsze, niż zakres blokowania." + +#: lib/luks2/luks2_json_metadata.c:2695 +msgid "OPAL device must have same size as locking range." +msgstr "UrzÄ…dzenie OPAL musi mieć ten sam rozmiar, co zakres blokowania." + +#: lib/luks2/luks2_json_metadata.c:2715 +#, c-format +msgid "OPAL device is %s already unlocked.\n" +msgstr "UrzÄ…dzenie OPAL %s jest już odblokowane.\n" + +#: lib/luks2/luks2_json_metadata.c:2748 msgid "Unsupported device integrity configuration." msgstr "NieobsÅ‚ugiwana konfiguracja integralnoÅ›ci urzÄ…dzenia." -#: lib/luks2/luks2_json_metadata.c:2701 +#: lib/luks2/luks2_json_metadata.c:2764 +msgid "Underlying dm-integrity device with unexpected provided data sectors." +msgstr "UrzÄ…dzenie dm-integrity stojÄ…ce poniżej o nieoczekiwanych sektorach danych." + +#: lib/luks2/luks2_json_metadata.c:2859 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Podobne szyfrowanie trwa. Nie można dezaktywować urzÄ…dzenia." -#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 +#: lib/luks2/luks2_json_metadata.c:2870 lib/luks2/luks2_reencrypt.c:4159 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Nie udaÅ‚o siÄ™ zastÄ…pić wstrzymanego urzÄ…dzenia %s celem dm-error." -#: lib/luks2/luks2_json_metadata.c:2792 +#: lib/luks2/luks2_json_metadata.c:2939 lib/luks2/luks2_json_metadata.c:2961 +#, c-format +msgid "Device %s was deactivated but hardware OPAL device cannot be locked." +msgstr "UrzÄ…dzenie %s zostaÅ‚o dezaktywowane, ale sprzÄ™towe urzÄ…dzenie OPAL nie może być zablokowane." + +#: lib/luks2/luks2_json_metadata.c:2980 msgid "Failed to read LUKS2 requirements." msgstr "Nie udaÅ‚o siÄ™ odczytać wymagaÅ„ LUKS2." -#: lib/luks2/luks2_json_metadata.c:2799 +#: lib/luks2/luks2_json_metadata.c:2987 msgid "Unmet LUKS2 requirements detected." msgstr "Wykryto nie speÅ‚nione wymagania LUKS2." -#: lib/luks2/luks2_json_metadata.c:2807 +#: lib/luks2/luks2_json_metadata.c:2995 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Operacja niezgodna z urzÄ…dzeniem oznaczonym do ponownego szyfrowania starym szyfrem. Przerwano." -#: lib/luks2/luks2_json_metadata.c:2809 +#: lib/luks2/luks2_json_metadata.c:2997 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Operacja niezgodna z urzÄ…dzeniem oznaczonym do ponownego szyfrowania LUKS2. Przerwano." -#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 +#: lib/luks2/luks2_json_metadata.c:2999 +msgid "Operation incompatible with device using OPAL. Aborting." +msgstr "Operacja niezgodna z urzÄ…dzeniem używajÄ…cym OPAL. Przerwano." + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:602 msgid "Not enough available memory to open a keyslot." msgstr "Za maÅ‚o dostÄ™pnej pamiÄ™ci, aby otworzyć klucz." -#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:604 msgid "Keyslot open failed." msgstr "Nie udaÅ‚o siÄ™ otworzyć klucza." -#: lib/luks2/luks2_keyslot_luks2.c:54 lib/luks2/luks2_keyslot_luks2.c:109 +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 #, c-format msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Nie można użyć szyfru %s-%s do szyfrowania kluczy." -#: lib/luks2/luks2_keyslot_luks2.c:281 lib/luks2/luks2_keyslot_luks2.c:390 -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:404 +#: lib/luks2/luks2_keyslot_reenc.c:447 lib/luks2/luks2_reencrypt.c:2714 #, c-format msgid "Hash algorithm %s is not available." msgstr "Algorytm skrótu %s nie jest dostÄ™pny." -#: lib/luks2/luks2_keyslot_luks2.c:506 +#: lib/luks2/luks2_keyslot_luks2.c:371 +msgid "Warning: keyslot operation could fail as it requires more than available memory.\n" +msgstr "Uwaga: operacja na kluczu może siÄ™ nie powieść, bo wymaga wiÄ™cej pamiÄ™ci, niż dostÄ™pna.\n" + +#: lib/luks2/luks2_keyslot_luks2.c:520 msgid "No space for new keyslot." msgstr "Brak miejsca na nowy klucz." -#: lib/luks2/luks2_keyslot_reenc.c:593 +#: lib/luks2/luks2_keyslot_reenc.c:596 msgid "Invalid reencryption resilience mode change requested." msgstr "BÅ‚Ä™dne żądanie zmiany trybu odpornoÅ›ci przy ponownym szyfrowaniu." -#: lib/luks2/luks2_keyslot_reenc.c:714 +#: lib/luks2/luks2_keyslot_reenc.c:717 #, c-format msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes." msgstr "Nie można uaktualnić rodzaju odpornoÅ›ci. Nowy typ zapewnia %<PRIu64> B, wymagane miejsce to %<PRIu64> B." -#: lib/luks2/luks2_keyslot_reenc.c:724 +#: lib/luks2/luks2_keyslot_reenc.c:727 msgid "Failed to refresh reencryption verification digest." msgstr "Nie udaÅ‚o siÄ™ odÅ›wieżyć skrótu weryfikacji ponownego szyfrowania." -#: lib/luks2/luks2_luks1_convert.c:512 +#: lib/luks2/luks2_luks1_convert.c:545 #, c-format msgid "Cannot check status of device with uuid: %s." msgstr "Nie można sprawdzić stanu urzÄ…dzenia majÄ…cego UUID: %s." -#: lib/luks2/luks2_luks1_convert.c:538 +#: lib/luks2/luks2_luks1_convert.c:571 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Nie można przekonwertować nagłówka z dodatkowymi metadanymi LUKSMETA." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 +#: lib/luks2/luks2_luks1_convert.c:602 lib/luks2/luks2_reencrypt.c:3795 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "Nie można użyć okreÅ›lenia szyfru %s-%s dla LUKS2." -#: lib/luks2/luks2_luks1_convert.c:584 +#: lib/luks2/luks2_luks1_convert.c:617 msgid "Unable to move keyslot area. Not enough space." msgstr "Nie można przenieść obszaru kluczy. Brak miejsca." -#: lib/luks2/luks2_luks1_convert.c:619 +#: lib/luks2/luks2_luks1_convert.c:652 msgid "Cannot convert to LUKS2 format - invalid metadata." msgstr "Nie można przekonwertować do formatu LUKS1 - bÅ‚Ä™dne metadane." -#: lib/luks2/luks2_luks1_convert.c:636 +#: lib/luks2/luks2_luks1_convert.c:669 msgid "Unable to move keyslot area. LUKS2 keyslots area too small." msgstr "Nie można przenieść obszaru kluczy. Obszar kluczy LUKS2 zbyt maÅ‚y." -#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 +#: lib/luks2/luks2_luks1_convert.c:675 lib/luks2/luks2_luks1_convert.c:969 msgid "Unable to move keyslot area." msgstr "Nie można przenieść obszaru kluczy." -#: lib/luks2/luks2_luks1_convert.c:732 +#: lib/luks2/luks2_luks1_convert.c:765 msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." msgstr "Nie można przekonwertować do formatu LUKS1 - domyÅ›lny rozmiar sektora szyfrowania segmentu nie wynosi 512 bajtów." -#: lib/luks2/luks2_luks1_convert.c:740 +#: lib/luks2/luks2_luks1_convert.c:773 msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "Nie można przekonwertować formatu LUKS1 - skróty kluczy nie sÄ… zgodne z LUKS1." -#: lib/luks2/luks2_luks1_convert.c:752 +#: lib/luks2/luks2_luks1_convert.c:785 #, c-format msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "Nie można przekonwertować formatu LUKS1 - urzÄ…dzenie używa szyfru %s z obudowanym kluczem." -#: lib/luks2/luks2_luks1_convert.c:757 +#: lib/luks2/luks2_luks1_convert.c:790 msgid "Cannot convert to LUKS1 format - device uses more segments." msgstr "Nie można przekonwertować formatu LUKS1 - urzÄ…dzenie używa wiÄ™kszej liczby segmentów." -#: lib/luks2/luks2_luks1_convert.c:765 +#: lib/luks2/luks2_luks1_convert.c:798 #, c-format msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "Nie można przekonwertować do formatu LUKS1 - nagłówek LUKS2 zawiera %u token(ów)." -#: lib/luks2/luks2_luks1_convert.c:779 +#: lib/luks2/luks2_luks1_convert.c:812 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "Nie można przekonwertować do formatu LUKS1 - klucz %u jest w bÅ‚Ä™dnym stanie." -#: lib/luks2/luks2_luks1_convert.c:784 +#: lib/luks2/luks2_luks1_convert.c:817 #, c-format msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." msgstr "Nie można przekonwertować do formatu LUKS1 - klucz %u (powyzej maksimum) jest nadal aktywny." -#: lib/luks2/luks2_luks1_convert.c:789 +#: lib/luks2/luks2_luks1_convert.c:822 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Nie można przekonwertować do formatu LUKS1 - klucz %u nie jest zgodny z LUKS1." -#: lib/luks2/luks2_reencrypt.c:1152 +#: lib/luks2/luks2_reencrypt.c:1181 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Rozmiar strefy hotzone musi być wielokrotnoÅ›ciÄ… wyliczonego wyrównania strefy (bajtów: %zu)." -#: lib/luks2/luks2_reencrypt.c:1157 +#: lib/luks2/luks2_reencrypt.c:1186 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Rozmiar urzÄ…dzenia musi być wielokrotnoÅ›ciÄ… wyliczonego wyrównania strefy (bajtów: %zu)." -#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 -#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 -#: lib/luks2/luks2_reencrypt.c:3877 +#: lib/luks2/luks2_reencrypt.c:1393 lib/luks2/luks2_reencrypt.c:1580 +#: lib/luks2/luks2_reencrypt.c:1663 lib/luks2/luks2_reencrypt.c:1705 +#: lib/luks2/luks2_reencrypt.c:3954 msgid "Failed to initialize old segment storage wrapper." msgstr "Nie udaÅ‚o siÄ™ zainicjować obudowania przestrzeni starego segmentu." -#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 +#: lib/luks2/luks2_reencrypt.c:1407 lib/luks2/luks2_reencrypt.c:1558 msgid "Failed to initialize new segment storage wrapper." msgstr "Nie udaÅ‚o siÄ™ zainicjować obudowania przestrzeni nowego segmentu." -#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 +#: lib/luks2/luks2_reencrypt.c:1534 lib/luks2/luks2_reencrypt.c:3966 msgid "Failed to initialize hotzone protection." msgstr "Nie udaÅ‚o siÄ™ zainicjować ochrony strefy hotzone." -#: lib/luks2/luks2_reencrypt.c:1578 +#: lib/luks2/luks2_reencrypt.c:1607 msgid "Failed to read checksums for current hotzone." msgstr "Nie udaÅ‚o siÄ™ odczytać sum kontrolnych dla aktualnej strefy hotzone." -#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:1614 lib/luks2/luks2_reencrypt.c:3980 #, c-format msgid "Failed to read hotzone area starting at %<PRIu64>." msgstr "Nie udaÅ‚o siÄ™ odczytać obszaru hotzone zaczynajÄ…cego siÄ™ od %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:1604 +#: lib/luks2/luks2_reencrypt.c:1633 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Nie udaÅ‚o siÄ™ odszyfrować sektora %zu." -#: lib/luks2/luks2_reencrypt.c:1610 +#: lib/luks2/luks2_reencrypt.c:1639 #, c-format msgid "Failed to recover sector %zu." msgstr "Nie udaÅ‚o siÄ™ odtworzyć sektora %zu." -#: lib/luks2/luks2_reencrypt.c:2174 +#: lib/luks2/luks2_reencrypt.c:2203 #, c-format msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>." msgstr "Rozmiary urzÄ…dzenia źródÅ‚owego i docelowego różniÄ… siÄ™. ŹródÅ‚owe %<PRIu64>, docelowe: %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2272 +#: lib/luks2/luks2_reencrypt.c:2301 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Nie udaÅ‚o siÄ™ uaktywnić urzÄ…dzenia hotzone %s." -#: lib/luks2/luks2_reencrypt.c:2289 +#: lib/luks2/luks2_reencrypt.c:2318 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Nie udaÅ‚o siÄ™ uaktywnić urzÄ…dzenia nakÅ‚adkowego %s z aktualnÄ… tablicÄ… źródÅ‚a." -#: lib/luks2/luks2_reencrypt.c:2296 +#: lib/luks2/luks2_reencrypt.c:2325 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Nie udaÅ‚o siÄ™ zaÅ‚adować nowego odwzorowania dla urzÄ…dzenia %s." -#: lib/luks2/luks2_reencrypt.c:2367 +#: lib/luks2/luks2_reencrypt.c:2396 msgid "Failed to refresh reencryption devices stack." msgstr "Nie udaÅ‚o siÄ™ odÅ›wieżyć stosu urzÄ…dzenia ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:2550 +#: lib/luks2/luks2_reencrypt.c:2596 msgid "Failed to set new keyslots area size." msgstr "Nie udaÅ‚o siÄ™ ustawić nowego rozmiaru obszaru kluczy." -#: lib/luks2/luks2_reencrypt.c:2686 +#: lib/luks2/luks2_reencrypt.c:2732 #, c-format msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "Wartość przesuniÄ™cia danych nie jest wyrównana do rozmiaru sektora szyfrowania (%<PRIu32> B)." -#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 +#: lib/luks2/luks2_reencrypt.c:2769 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "NieobsÅ‚ugiwany tryb odpornoÅ›ci %s" -#: lib/luks2/luks2_reencrypt.c:2760 +#: lib/luks2/luks2_reencrypt.c:2806 msgid "Moved segment size can not be greater than data shift value." msgstr "Rozmiar przenoszonego segmentu nie może być wiÄ™kszy niż wartość przesuniÄ™cia danych." -#: lib/luks2/luks2_reencrypt.c:2802 +#: lib/luks2/luks2_reencrypt.c:2848 msgid "Invalid reencryption resilience parameters." msgstr "BÅ‚Ä™dne parametry odpornoÅ›ci przy ponownym szyfrowaniu." -#: lib/luks2/luks2_reencrypt.c:2824 +#: lib/luks2/luks2_reencrypt.c:2870 #, c-format msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>." msgstr "Przenoszony segment zbyt duży. Żądany rozmiar %<PRIu64>, dostÄ™pne miejsce: %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2911 +#: lib/luks2/luks2_reencrypt.c:2957 msgid "Failed to clear table." msgstr "Nie udaÅ‚o siÄ™ wyczyÅ›cić tablicy." -#: lib/luks2/luks2_reencrypt.c:2997 +#: lib/luks2/luks2_reencrypt.c:3043 msgid "Reduced data size is larger than real device size." msgstr "Zmniejszony rozmiar danych jest wiÄ™kszy niż rzeczywisty rozmiar urzÄ…dzenia." -#: lib/luks2/luks2_reencrypt.c:3004 +#: lib/luks2/luks2_reencrypt.c:3050 #, c-format msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "UrzÄ™dzenie danych nie jest wyrównane do rozmiaru sektora szyfrowania (%<PRIu32> B)." -#: lib/luks2/luks2_reencrypt.c:3038 +#: lib/luks2/luks2_reencrypt.c:3084 #, c-format msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)." msgstr "PrzesuniÄ™cie danych (sektorów: %<PRIu64>) jest mniejsze niż przyszÅ‚y offset danych (sektorów: %<PRIu64>)." -#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 -#: lib/luks2/luks2_reencrypt.c:3554 +#: lib/luks2/luks2_reencrypt.c:3091 lib/luks2/luks2_reencrypt.c:3589 +#: lib/luks2/luks2_reencrypt.c:3610 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Nie udaÅ‚o siÄ™ otworzyć %s w trybie wyÅ‚Ä…cznoÅ›ci (już odwzorowano lub zamontowano)." -#: lib/luks2/luks2_reencrypt.c:3234 +#: lib/luks2/luks2_reencrypt.c:3280 msgid "Device not marked for LUKS2 reencryption." msgstr "UrzÄ…dzenie nie jest oznaczone do ponownego szyfrowania LUKS2." -#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 +#: lib/luks2/luks2_reencrypt.c:3297 lib/luks2/luks2_reencrypt.c:4271 msgid "Failed to load LUKS2 reencryption context." msgstr "Nie udaÅ‚o siÄ™ zaÅ‚adować kontekstu ponownego szyfrowania LUKS2." -#: lib/luks2/luks2_reencrypt.c:3331 +#: lib/luks2/luks2_reencrypt.c:3387 msgid "Failed to get reencryption state." msgstr "Nie udaÅ‚o siÄ™ pobrać stanu ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 +#: lib/luks2/luks2_reencrypt.c:3391 lib/luks2/luks2_reencrypt.c:3705 msgid "Device is not in reencryption." msgstr "UrzÄ…dzenie nie jest w trakcie ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 +#: lib/luks2/luks2_reencrypt.c:3398 lib/luks2/luks2_reencrypt.c:3712 msgid "Reencryption process is already running." msgstr "Proces ponownego szyfrowania już trwa." -#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 +#: lib/luks2/luks2_reencrypt.c:3400 lib/luks2/luks2_reencrypt.c:3714 msgid "Failed to acquire reencryption lock." msgstr "Nie udaÅ‚o siÄ™ uzyskać blokady dla ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3362 +#: lib/luks2/luks2_reencrypt.c:3418 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Nie można kontynuować ponownego szyfrowania. Należy najpierw uruchomić odtworzenie ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3497 +#: lib/luks2/luks2_reencrypt.c:3553 msgid "Active device size and requested reencryption size don't match." msgstr "Rozmiar urzÄ…dzenia aktywnego oraz żądany rozmiar ponownego szyfrowania różniÄ… siÄ™." -#: lib/luks2/luks2_reencrypt.c:3511 +#: lib/luks2/luks2_reencrypt.c:3567 msgid "Illegal device size requested in reencryption parameters." msgstr "W parametrach ponownego szyfrowania zażądano niedozwolonego rozmiaru urzÄ…dzenia." -#: lib/luks2/luks2_reencrypt.c:3588 +#: lib/luks2/luks2_reencrypt.c:3644 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Ponowne szyfrowanie trwa. Nie można wykonać odzyskiwania." -#: lib/luks2/luks2_reencrypt.c:3757 +#: lib/luks2/luks2_reencrypt.c:3812 msgid "LUKS2 reencryption already initialized in metadata." msgstr "Ponowne szyfrowanie LUKS2 jest już zainicjowane w metadanych." -#: lib/luks2/luks2_reencrypt.c:3764 +#: lib/luks2/luks2_reencrypt.c:3819 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Nie udaÅ‚o siÄ™ zainicjować ponownego szyfrowania LUKS2 w metadanych." -#: lib/luks2/luks2_reencrypt.c:3859 +#: lib/luks2/luks2_reencrypt.c:3872 lib/luks2/luks2_reencrypt.c:3907 +msgid "Reencryption is not supported for DAX (persistent memory) devices." +msgstr "Ponowne szyfrowanie nie jest obsÅ‚ugiwane dla urzÄ…dzeÅ„ DAX (pamiÄ™ci trwaÅ‚ej)." + +#: lib/luks2/luks2_reencrypt.c:3879 +msgid "Failed to read passphrase from keyring." +msgstr "Nie udaÅ‚o siÄ™ odczytać hasÅ‚a z pÄ™ku kluczy." + +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Nie udaÅ‚o siÄ™ ustawić segmentów urzÄ…dzeÅ„ dla nastÄ™pnej strefy hotzone ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3988 msgid "Failed to write reencryption resilience metadata." msgstr "Nie udaÅ‚o siÄ™ zapisać metadanych odpornoÅ›ci ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:3918 +#: lib/luks2/luks2_reencrypt.c:3995 msgid "Decryption failed." msgstr "Odszyfrowanie nie powiodÅ‚o siÄ™." -#: lib/luks2/luks2_reencrypt.c:3923 +#: lib/luks2/luks2_reencrypt.c:4000 #, c-format msgid "Failed to write hotzone area starting at %<PRIu64>." msgstr "Nie udaÅ‚o siÄ™ zapisać obszaru hotzone zaczynajÄ…cego siÄ™ od %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:3928 +#: lib/luks2/luks2_reencrypt.c:4005 msgid "Failed to sync data." msgstr "Nie udaÅ‚o siÄ™ zsynchronizować danych." -#: lib/luks2/luks2_reencrypt.c:3936 +#: lib/luks2/luks2_reencrypt.c:4013 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Nie udaÅ‚o siÄ™ uaktualnić metadanych po zakoÅ„czeniu aktualnej strefy hotzone ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:4025 +#: lib/luks2/luks2_reencrypt.c:4102 msgid "Failed to write LUKS2 metadata." msgstr "Nie udaÅ‚o siÄ™ zapisać metadanych LUKS2." -#: lib/luks2/luks2_reencrypt.c:4048 +#: lib/luks2/luks2_reencrypt.c:4125 msgid "Failed to wipe unused data device area." msgstr "Nie udaÅ‚o siÄ™ wymazać nie używanego obszaru urzÄ…dzenia danych." -#: lib/luks2/luks2_reencrypt.c:4054 +#: lib/luks2/luks2_reencrypt.c:4131 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "Nie udaÅ‚o siÄ™ usunąć nie używanego (nie przypisanego) obszaru klucza %d." -#: lib/luks2/luks2_reencrypt.c:4064 +#: lib/luks2/luks2_reencrypt.c:4141 msgid "Failed to remove reencryption keyslot." msgstr "Nie udaÅ‚o siÄ™ usunąć obszaru klucza ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:4074 +#: lib/luks2/luks2_reencrypt.c:4151 #, c-format msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long." msgstr "BÅ‚Ä…d krytyczny podczas ponownego szyfrowania fragmentu zaczynajÄ…cego siÄ™ od %<PRIu64> o dÅ‚ugoÅ›ci w sektorach %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:4078 +#: lib/luks2/luks2_reencrypt.c:4155 msgid "Online reencryption failed." msgstr "Ponowne szyfrowanie online nie powiodÅ‚o siÄ™." -#: lib/luks2/luks2_reencrypt.c:4083 +#: lib/luks2/luks2_reencrypt.c:4160 msgid "Do not resume the device unless replaced with error target manually." msgstr "ProszÄ™ nie wznawiać urzÄ…dzenia dopóki nie zostanie zastÄ…pione celem bÅ‚Ä™dnym rÄ™cznie." -#: lib/luks2/luks2_reencrypt.c:4137 +#: lib/luks2/luks2_reencrypt.c:4212 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Nie można kontynuować ponownego szyfrowania. Nieoczekiwany stan ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:4143 +#: lib/luks2/luks2_reencrypt.c:4218 msgid "Missing or invalid reencrypt context." msgstr "Brak lub bÅ‚Ä™dny kontekst ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:4150 +#: lib/luks2/luks2_reencrypt.c:4225 msgid "Failed to initialize reencryption device stack." msgstr "Nie udaÅ‚o siÄ™ zainicjować stosu urzÄ…dzenia ponownego szyfrowania." -#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 +#: lib/luks2/luks2_reencrypt.c:4247 lib/luks2/luks2_reencrypt.c:4284 msgid "Failed to update reencryption context." msgstr "Nie udaÅ‚o siÄ™ uaktualnić kontekstu ponownego szyfrowania." @@ -1844,80 +2010,121 @@ msgstr "Nie udaÅ‚o siÄ™ uaktualnić kontekstu ponownego szyfrowania." msgid "Reencryption metadata is invalid." msgstr "Metadane ponownego szyfrowania sÄ… bÅ‚Ä™dne." +#: lib/luks2/hw_opal/hw_opal.c:335 +#, c-format +msgid "OPAL range %d offset %<PRIu64> does not match expected values %<PRIu64>." +msgstr "Pozycja zakresu OPAL %d %<PRIu64> nie pasuje do oczekiwanych wartoÅ›ci %<PRIu64>." + +#: lib/luks2/hw_opal/hw_opal.c:344 +#, c-format +msgid "OPAL range %d length %<PRIu64> does not match device length %<PRIu64>." +msgstr "DÅ‚ugość zakresu OPAL %d %<PRIu64> nie pasuje do dÅ‚ugoÅ›ci urzÄ…dzenia %<PRIu64>." + +#: lib/luks2/hw_opal/hw_opal.c:351 +#, c-format +msgid "OPAL range %d locking is disabled." +msgstr "Blokowanie zakresu OPAL %d wyÅ‚Ä…czone." + +#: lib/luks2/hw_opal/hw_opal.c:361 lib/luks2/hw_opal/hw_opal.c:368 +#, c-format +msgid "Unexpected OPAL range %d lock state." +msgstr "Nieoczekiwany stan blokowania zakresu OPAL %d." + #: src/cryptsetup.c:85 msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Parametry szyfrowania kluczy mogÄ… być ustawione tylko dla urzÄ…dzeÅ„ LUKS2." -#: src/cryptsetup.c:108 src/cryptsetup.c:1901 +#: src/cryptsetup.c:128 src/cryptsetup.c:2145 #, c-format msgid "Enter token PIN: " msgstr "ProszÄ™ wprowadzić PIN: " -#: src/cryptsetup.c:110 src/cryptsetup.c:1903 +#: src/cryptsetup.c:130 src/cryptsetup.c:2147 #, c-format msgid "Enter token %d PIN: " msgstr "ProszÄ™ wprowadzić PIN tokenu %d: " -#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 -#: src/utils_reencrypt.c:1097 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:188 src/cryptsetup.c:1174 src/cryptsetup.c:1515 +#: src/utils_reencrypt.c:1137 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Nie wykryto znanego wzorca okreÅ›lajÄ…cego szyfr." -#: src/cryptsetup.c:167 +#: src/cryptsetup.c:198 +#, c-format +msgid "WARNING: Using default options for cipher (%s-%s, key size %u bits) that could be incompatible with older versions." +msgstr "UWAGA: użycie domyÅ›lnych opcji szyfru (%s-%s, rozmiar klucza w bitach %u) może być niezgodne ze starszymi wersjami." + +#: src/cryptsetup.c:203 +#, c-format +msgid "WARNING: Using default options for hash (%s) that could be incompatible with older versions." +msgstr "UWAGA: użycie domyÅ›lnych opcji skrótu (%s) może być niezgodne ze starszymi wersjami." + +#: src/cryptsetup.c:207 +msgid "For plain mode, always use options --cipher, --key-size and if no keyfile is used, then also --hash." +msgstr "W trybie zwykÅ‚ym bez podania klucza zawsze należy użyć opcji --cipher, --key-size, a nastÄ™pnie --hash." + +#: src/cryptsetup.c:213 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" msgstr "UWAGA: Parametr --hash jest ignorowany w trybie zwykÅ‚ym z podanym plikiem klucza.\n" -#: src/cryptsetup.c:175 +#: src/cryptsetup.c:221 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" msgstr "UWAGA: Opcja --keyfile-size jest ignorowana, rozmiar odczytu jest taki sam, jak rozmiar klucza szyfrujÄ…cego.\n" -#: src/cryptsetup.c:215 +#: src/cryptsetup.c:258 src/cryptsetup.c:1360 src/cryptsetup.c:1558 +#: src/integritysetup.c:197 src/utils_reencrypt.c:1346 +#, c-format +msgid "Blkid scan failed for %s." +msgstr "Skanowanie blkid dla %s nie powiodÅ‚o siÄ™." + +#: src/cryptsetup.c:264 #, c-format msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Wykryto sygnatury urzÄ…dzeÅ„ na %s. Dalsze operacje mogÄ… uszkodzić istniejÄ…ce dane." -#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 -#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 -#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:724 +#: src/cryptsetup.c:270 src/cryptsetup.c:1248 src/cryptsetup.c:1296 +#: src/cryptsetup.c:1367 src/cryptsetup.c:1492 src/cryptsetup.c:1570 +#: src/cryptsetup.c:2525 src/cryptsetup.c:2952 src/integritysetup.c:187 +#: src/utils_reencrypt.c:138 src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:764 msgid "Operation aborted.\n" msgstr "Operacja przerwana.\n" -#: src/cryptsetup.c:294 +#: src/cryptsetup.c:343 msgid "Option --key-file is required." msgstr "Wymagana jest opcja --key-file." -#: src/cryptsetup.c:345 +#: src/cryptsetup.c:394 msgid "Enter VeraCrypt PIM: " msgstr "ProszÄ™ wprowadzić PIM VeraCrypt: " -#: src/cryptsetup.c:354 +#: src/cryptsetup.c:403 msgid "Invalid PIM value: parse error." msgstr "BÅ‚Ä™dna wartość PIM: bÅ‚Ä…d skÅ‚adni." -#: src/cryptsetup.c:357 +#: src/cryptsetup.c:406 msgid "Invalid PIM value: 0." msgstr "BÅ‚Ä™dna wartość PIM: 0." -#: src/cryptsetup.c:360 +#: src/cryptsetup.c:409 msgid "Invalid PIM value: outside of range." msgstr "BÅ‚Ä™dna wartość PIM: poza zakresem." -#: src/cryptsetup.c:383 +#: src/cryptsetup.c:432 msgid "No device header detected with this passphrase." msgstr "Nie wykryto nagłówka urzÄ…dzenia z tym hasÅ‚em." -#: src/cryptsetup.c:456 src/cryptsetup.c:632 +#: src/cryptsetup.c:505 src/cryptsetup.c:681 #, c-format msgid "Device %s is not a valid BITLK device." msgstr "UrzÄ…dzenie %s nie jest prawidÅ‚owym urzÄ…dzeniem BITLK." -#: src/cryptsetup.c:464 +#: src/cryptsetup.c:513 msgid "Cannot determine volume key size for BITLK, please use --key-size option." msgstr "Nie można okreÅ›lić rozmiaru klucza wolumenu dla BITLK, proszÄ™ użyć opcji --key-size." -#: src/cryptsetup.c:506 +#: src/cryptsetup.c:555 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" @@ -1928,7 +2135,7 @@ msgstr "" "Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n" "w bezpiecznym miejscu." -#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 +#: src/cryptsetup.c:622 src/cryptsetup.c:703 src/cryptsetup.c:2550 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1939,77 +2146,84 @@ msgstr "" "Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n" "w bezpiecznym miejscu." -#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#: src/cryptsetup.c:758 src/cryptsetup.c:788 #, c-format msgid "Device %s is not a valid FVAULT2 device." msgstr "UrzÄ…dzenie %s nie jest prawidÅ‚owym urzÄ…dzeniem FVAULT2." -#: src/cryptsetup.c:747 +#: src/cryptsetup.c:796 msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." msgstr "Nie można okreÅ›lić rozmiaru klucza wolumenu dla FVAULT2, proszÄ™ użyć opcji --key-size." -#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 +#: src/cryptsetup.c:850 src/veritysetup.c:323 src/integritysetup.c:409 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "UrzÄ…dzenie %s jest nadal aktywne i zaplanowane do odroczonego usuniÄ™cia.\n" -#: src/cryptsetup.c:835 +#: src/cryptsetup.c:884 src/cryptsetup.c:1824 src/cryptsetup.c:2080 +#: src/cryptsetup.c:2234 src/cryptsetup.c:2681 src/cryptsetup.c:2763 +#: src/cryptsetup.c:3290 +#, c-format +msgid "Failed to set external tokens path %s." +msgstr "Nie udaÅ‚o siÄ™ ustawić Å›cieżki tokenów zewnÄ™trznych %s." + +#: src/cryptsetup.c:893 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Zmiana rozmiaru aktywnego urzÄ…dzenia wymaga klucza wolumenu w pÄ™ku, ale ustawiono opcjÄ™ --disable-keyring." -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1053 msgid "Benchmark interrupted." msgstr "Test szybkoÅ›ci przerwany." -#: src/cryptsetup.c:1003 +#: src/cryptsetup.c:1074 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s N/D\n" -#: src/cryptsetup.c:1005 +#: src/cryptsetup.c:1076 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u iteracji/sekundÄ™ dla klucza %zu-bitowego\n" -#: src/cryptsetup.c:1019 +#: src/cryptsetup.c:1090 #, c-format msgid "%-10s N/A\n" msgstr "%-10s N/D\n" -#: src/cryptsetup.c:1021 +#: src/cryptsetup.c:1092 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u iteracji, pamięć: %5u, równolegÅ‚e wÄ…tki (CPU): %1u dla klucza %zu-bitowego (żądany czas %u ms)\n" -#: src/cryptsetup.c:1045 +#: src/cryptsetup.c:1116 msgid "Result of benchmark is not reliable." msgstr "Wynik testu wydajnoÅ›ci nie jest wiarygodny." -#: src/cryptsetup.c:1095 +#: src/cryptsetup.c:1166 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Testy sÄ… przybliżone tylko z użyciem pamiÄ™ci (bez we/wy na dysk).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1115 +#: src/cryptsetup.c:1186 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Algorytm | Klucz | Szyfrowanie | Odszyfrowywanie\n" -#: src/cryptsetup.c:1119 +#: src/cryptsetup.c:1190 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Szyfr %s (rozmiar klucza w bitach: %i) nie jest dostÄ™pny." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1138 +#: src/cryptsetup.c:1209 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algorytm | Klucz | Szyfrowanie | Odszyfrowywanie\n" -#: src/cryptsetup.c:1149 +#: src/cryptsetup.c:1220 msgid "N/A" msgstr "N/D" -#: src/cryptsetup.c:1174 +#: src/cryptsetup.c:1245 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -2017,27 +2231,27 @@ msgstr "" "Wybryto nie zabezpieczone metadane ponownego szyfrowania LUKS2. ProszÄ™ sprawdzić, czy operacja ponownego szyfrowania jest pożądana (p. wyjÅ›cie luksDump)\n" "i kontynuować (uaktualnić metadane) tylko jeÅ›li ta operacja ma być faktycznie wykonana." -#: src/cryptsetup.c:1180 +#: src/cryptsetup.c:1251 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "HasÅ‚o do zabezpieczenia i uaktualnienia metadanych ponownego szyfrowania: " -#: src/cryptsetup.c:1224 +#: src/cryptsetup.c:1295 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "NaprawdÄ™ kontynuować odtwarzanie ponownego szyfrowania LUKS2?" -#: src/cryptsetup.c:1233 +#: src/cryptsetup.c:1304 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "HasÅ‚o do weryfikacji skrótu metadanych ponownego szyfrowania: " -#: src/cryptsetup.c:1235 +#: src/cryptsetup.c:1306 msgid "Enter passphrase for reencryption recovery: " msgstr "HasÅ‚o do odtwarzania ponownego szyfrowania: " -#: src/cryptsetup.c:1290 +#: src/cryptsetup.c:1366 msgid "Really try to repair LUKS device header?" msgstr "NaprawdÄ™ próbować naprawić nagłówek urzÄ…dzenia LUKS?" -#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1390 src/integritysetup.c:89 src/integritysetup.c:247 msgid "" "\n" "Wipe interrupted." @@ -2045,7 +2259,7 @@ msgstr "" "\n" "Wymazywanie przerwane." -#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1395 src/integritysetup.c:94 src/integritysetup.c:284 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2053,128 +2267,144 @@ msgstr "" "Czyszczenie urzÄ…dzenia w celu zainicjowania sumy kontrolnej integralnoÅ›ci.\n" "Można przerwać ten proces wciskajÄ…c Ctrl+C (reszta nie wymazanego urzÄ…dzenia bÄ™dzie zawierać bÅ‚Ä™dnÄ… sumÄ™ kontrolnÄ…).\n" -#: src/cryptsetup.c:1341 src/integritysetup.c:116 +#: src/cryptsetup.c:1417 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Nie można dezaktywować urzÄ…dzenia tymczasowego %s." -#: src/cryptsetup.c:1392 +#: src/cryptsetup.c:1472 msgid "Integrity option can be used only for LUKS2 format." msgstr "Opcja integralnoÅ›ci może być używana tylko dla formatu LUKS2." -#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 +#: src/cryptsetup.c:1477 src/cryptsetup.c:1542 msgid "Unsupported LUKS2 metadata size options." msgstr "NieobsÅ‚ugiwane opcje rozmiaru metadanych LUKS2." -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:1482 +msgid "OPAL is supported only for LUKS2 format." +msgstr "OPAL jest obsÅ‚ugiwany tylko dla formatu LUKS2." + +#: src/cryptsetup.c:1491 msgid "Header file does not exist, do you want to create it?" msgstr "Plik nagłówka nie istnieje, czy utworzyć go?" -#: src/cryptsetup.c:1414 +#: src/cryptsetup.c:1499 #, c-format msgid "Cannot create header file %s." msgstr "Nie można utworzyć pliku nagłówka %s." -#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 -#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 -#: src/integritysetup.c:333 +#: src/cryptsetup.c:1522 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:324 src/integritysetup.c:332 +#: src/integritysetup.c:342 msgid "No known integrity specification pattern detected." msgstr "Nie wykryto znanego wzorca okreÅ›lajÄ…cego integralność." -#: src/cryptsetup.c:1450 +#: src/cryptsetup.c:1535 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Nie można użyć %s jako nagłówka na dysku." -#: src/cryptsetup.c:1474 src/integritysetup.c:181 +#: src/cryptsetup.c:1564 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "To nieodwoÅ‚alnie nadpisze dane na %s." -#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 -#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1601 +msgid "OPAL Admin password cannot be empty." +msgstr "HasÅ‚o administratora OPAL nie może być puste." + +#: src/cryptsetup.c:1615 src/cryptsetup.c:2097 src/cryptsetup.c:2247 +#: src/cryptsetup.c:2407 src/cryptsetup.c:2473 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Nie udaÅ‚o siÄ™ ustawić parametrów PBKDF." -#: src/cryptsetup.c:1593 +#: src/cryptsetup.c:1745 +msgid "Type specification in --link-vk-to-keyring keyring specification is ignored." +msgstr "Opis typu w opisie pÄ™ku kluczy --link-vk-to-keyring jest ignorowany." + +#: src/cryptsetup.c:1765 +msgid "Invalid --link-vk-to-keyring value." +msgstr "BÅ‚Ä™dna wartość --link-vk-to-keyring." + +#: src/cryptsetup.c:1805 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Offset zmniejszonych danych jest dozwolony tylko dla odÅ‚Ä…czonego nagłówka LUKS." -#: src/cryptsetup.c:1600 +#: src/cryptsetup.c:1812 #, c-format msgid "LUKS file container %s is too small for activation, there is no remaining space for data." msgstr "Kontener plikowy LUKS %s jest zbyt maÅ‚y do uaktywnienia, nie ma miejsca pozostaÅ‚ego na dane." -#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 +#: src/cryptsetup.c:1839 src/cryptsetup.c:2253 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Nie można okreÅ›lić rozmiaru klucza wolumenu dla LUKS bez kluczy, proszÄ™ użyć opcji --key-size." -#: src/cryptsetup.c:1658 +#: src/cryptsetup.c:1890 msgid "Device activated but cannot make flags persistent." msgstr "UrzÄ…dzenie uaktywnione, ale nie można uczynić flag trwaÅ‚ymi." -#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 +#: src/cryptsetup.c:1972 src/cryptsetup.c:2040 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Klucz %d jest wybrany do usuniÄ™cia." -#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 +#: src/cryptsetup.c:1984 src/cryptsetup.c:2044 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "To jest ostatni klucz. UrzÄ…dzenie stanie siÄ™ bezużyteczne po usuniÄ™ciu tego klucza." -#: src/cryptsetup.c:1750 +#: src/cryptsetup.c:1985 msgid "Enter any remaining passphrase: " msgstr "Dowolne pozostaÅ‚e hasÅ‚o: " -#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 +#: src/cryptsetup.c:1986 src/cryptsetup.c:2046 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Operacja przerwana, klucz NIE zostaÅ‚ wymazany.\n" -#: src/cryptsetup.c:1787 +#: src/cryptsetup.c:2022 msgid "Enter passphrase to be deleted: " msgstr "HasÅ‚o do usuniÄ™cia: " -#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 -#: src/cryptsetup.c:2948 +#: src/cryptsetup.c:2072 src/cryptsetup.c:2456 src/cryptsetup.c:3114 +#: src/cryptsetup.c:3281 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "UrzÄ…dzenie %s nie jest prawidÅ‚owym urzÄ…dzeniem LUKS2." -#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 +#: src/cryptsetup.c:2111 src/cryptsetup.c:2330 msgid "Enter new passphrase for key slot: " msgstr "Nowe hasÅ‚o dla klucza: " -#: src/cryptsetup.c:1968 +#: src/cryptsetup.c:2213 msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" msgstr "UWAGA: Parametr --key-slot jest używany do numeru nowego klucza.\n" -#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:2286 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Dowolne istniejÄ…ce hasÅ‚o: " -#: src/cryptsetup.c:2152 +#: src/cryptsetup.c:2411 msgid "Enter passphrase to be changed: " msgstr "HasÅ‚o, które ma być zmienione: " -#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2427 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Nowe hasÅ‚o: " -#: src/cryptsetup.c:2218 +#: src/cryptsetup.c:2477 msgid "Enter passphrase for keyslot to be converted: " msgstr "HasÅ‚o dla klucza do konwersji: " -#: src/cryptsetup.c:2242 +#: src/cryptsetup.c:2501 msgid "Only one device argument for isLuks operation is supported." msgstr "Dla operacji isLuks obsÅ‚ugiwany jest tylko jeden argument bÄ™dÄ…cy urzÄ…dzeniem." -#: src/cryptsetup.c:2350 +#: src/cryptsetup.c:2609 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Miejsce %d nie zawiera niepowiÄ…zanego klucza." -#: src/cryptsetup.c:2355 +#: src/cryptsetup.c:2614 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2183,40 +2413,52 @@ msgstr "" "Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n" "w bezpiecznym miejscu." -#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 +#: src/cryptsetup.c:2709 src/cryptsetup.c:2746 #, c-format msgid "%s is not active %s device name." msgstr "%s nie jest nazwÄ… aktywnego urzÄ…dzenia %s." -#: src/cryptsetup.c:2465 +#: src/cryptsetup.c:2741 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s nie jest nazwÄ… aktywnego urzÄ…dzenia LUKS lub brak nagłówka." -#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 +#: src/cryptsetup.c:2819 src/cryptsetup.c:2838 msgid "Option --header-backup-file is required." msgstr "Wymagana jest opcja --header-backup-file." -#: src/cryptsetup.c:2577 +#: src/cryptsetup.c:2869 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s nie jest urzÄ…dzeniem zarzÄ…dzanym przez cryptsetup." -#: src/cryptsetup.c:2588 +#: src/cryptsetup.c:2880 #, c-format msgid "Refresh is not supported for device type %s" msgstr "OdÅ›wieżanie nie jest obsÅ‚ugiwane dla typu urzÄ…dzenia %s" -#: src/cryptsetup.c:2638 +#: src/cryptsetup.c:2930 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Nie rozpoznany typ urzÄ…dzenia metadanych %s." -#: src/cryptsetup.c:2640 +#: src/cryptsetup.c:2932 msgid "Command requires device and mapped name as arguments." msgstr "Polecenie wymaga urzÄ…dzenia i nazwy odwzorowywanej jako argumentów." -#: src/cryptsetup.c:2661 +#: src/cryptsetup.c:2942 +msgid "Enter OPAL PSID: " +msgstr "ProszÄ™ wprowadzić PSID OPAL: " + +#: src/cryptsetup.c:2942 +msgid "Enter OPAL Admin password: " +msgstr "HasÅ‚o administratora OPAL: " + +#: src/cryptsetup.c:2951 +msgid "WARNING: WHOLE disk will be factory reset and all data will be lost! Continue?" +msgstr "UWAGA: CAÅY dysk bÄ™dzie przywrócony do stanu fabrycznego i wszystkie dane zostanÄ… utracone! Kontynuować?" + +#: src/cryptsetup.c:2994 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2225,351 +2467,351 @@ msgstr "" "Ta operacja usuniÄ™ wszystkie klucze na urzÄ…dzeniu %s.\n" "UrzÄ…dzenie po tej operacji stanie siÄ™ bezużyteczne." -#: src/cryptsetup.c:2668 +#: src/cryptsetup.c:3001 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Operacja przerwana, klucze NIE zostaÅ‚y wymazane.\n" -#: src/cryptsetup.c:2707 +#: src/cryptsetup.c:3040 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "BÅ‚Ä™dny typ LUKS, obsÅ‚ugiwane sÄ… tylko luks1 i luks2." -#: src/cryptsetup.c:2723 +#: src/cryptsetup.c:3056 #, c-format msgid "Device is already %s type." msgstr "UrzÄ…dzenie już ma typ %s." -#: src/cryptsetup.c:2730 +#: src/cryptsetup.c:3063 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Ta operacja przekonwertuje %s do formatu %s.\n" -#: src/cryptsetup.c:2733 +#: src/cryptsetup.c:3066 msgid "Operation aborted, device was NOT converted.\n" msgstr "Operacja przerwana, urzÄ…dzenie NIE zostaÅ‚o skonwertowane.\n" -#: src/cryptsetup.c:2773 +#: src/cryptsetup.c:3106 msgid "Option --priority, --label or --subsystem is missing." msgstr "Brak opcji --priority, --label lub --subsystem." -#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 +#: src/cryptsetup.c:3140 src/cryptsetup.c:3180 src/cryptsetup.c:3200 #, c-format msgid "Token %d is invalid." msgstr "Token %d jest bÅ‚Ä™dny." -#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 +#: src/cryptsetup.c:3143 src/cryptsetup.c:3203 #, c-format msgid "Token %d in use." msgstr "Token %d jest w użyciu." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3155 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Nie udaÅ‚o siÄ™ dodać tokenu %d do pÄ™ku kluczy luks2." -#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3229 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Nie udaÅ‚o siÄ™ przypisać tokenu %d do klucza %d." -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3183 #, c-format msgid "Token %d is not in use." msgstr "Token %d nie jest w użyciu." -#: src/cryptsetup.c:2887 +#: src/cryptsetup.c:3220 msgid "Failed to import token from file." msgstr "Nie udaÅ‚o siÄ™ zaimportować tokenu z pliku." -#: src/cryptsetup.c:2912 +#: src/cryptsetup.c:3245 #, c-format msgid "Failed to get token %d for export." msgstr "Nie udaÅ‚o siÄ™ pobrać tokenu %d do eksportu." -#: src/cryptsetup.c:2925 +#: src/cryptsetup.c:3258 #, c-format msgid "Token %d is not assigned to keyslot %d." msgstr "Token %d nie jest przypisany do klucza %d." -#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#: src/cryptsetup.c:3260 src/cryptsetup.c:3267 #, c-format msgid "Failed to unassign token %d from keyslot %d." msgstr "Nie udaÅ‚o siÄ™ usunąć przypisania tokenu %d do klucza %d." -#: src/cryptsetup.c:2983 +#: src/cryptsetup.c:3326 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "Opcje --tcrypt-hidden, --tcrypt-system i --tcrypt-backup sÄ… obsÅ‚ugiwane tylko dla urzÄ…dzeÅ„ TCRYPT." -#: src/cryptsetup.c:2986 +#: src/cryptsetup.c:3329 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "Opcje --veracrypt i --disable-veracrypt sÄ… obsÅ‚ugiwane tylko dla typu urzÄ…dzeÅ„ TCRYPT." -#: src/cryptsetup.c:2989 +#: src/cryptsetup.c:3332 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "Opcja --veracrypt-pim jest obsÅ‚ugiwana tylko dla urzÄ…dzeÅ„ zgodnych z VeraCryptem." -#: src/cryptsetup.c:2993 +#: src/cryptsetup.c:3336 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "Opcja --veracrypt-query-pim jest obsÅ‚ugiwana tylko dla urzÄ…dzeÅ„ zgodnych z VeraCryptem." -#: src/cryptsetup.c:2995 +#: src/cryptsetup.c:3338 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "Opcje --veracrypt-pim i --veracrypt-query-pim wykluczajÄ… siÄ™ wzajemnie." -#: src/cryptsetup.c:3004 +#: src/cryptsetup.c:3347 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "Opcja --persistent nie jest dozwolona z --test-passphrase." -#: src/cryptsetup.c:3007 +#: src/cryptsetup.c:3350 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "Opcje --refresh i --test-passphrase wykluczajÄ… siÄ™ wzajemnie." -#: src/cryptsetup.c:3010 +#: src/cryptsetup.c:3353 msgid "Option --shared is allowed only for open of plain device." msgstr "Opcja --shared jest dozwolona tylko dla operacji otwarcia zwykÅ‚ego urzÄ…dzenia." -#: src/cryptsetup.c:3013 +#: src/cryptsetup.c:3356 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "Opcja --skip jest obsÅ‚ugiwana tylko przy otwieraniu urzÄ…dzeÅ„ plain i loopaes." -#: src/cryptsetup.c:3016 +#: src/cryptsetup.c:3359 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "Opcja --offset z akcjÄ… open jest obsÅ‚ugiwana tylko dla urzÄ…dzeÅ„ plain i loopaes." -#: src/cryptsetup.c:3019 +#: src/cryptsetup.c:3362 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "Opcji --tcrypt-hidden nie można Å‚Ä…czyć z --allow-discards." -#: src/cryptsetup.c:3023 +#: src/cryptsetup.c:3366 msgid "Sector size option with open action is supported only for plain devices." msgstr "Opcja rozmiaru sektora z akcjÄ… open jest obsÅ‚ugiwana tylko dla urzÄ…dzeÅ„ plain." -#: src/cryptsetup.c:3027 +#: src/cryptsetup.c:3370 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "Opcja dużych rozmiarów sektorów IV jest obsÅ‚ugiwana tylko przy otwieraniu urzÄ…dzeÅ„ typu plain z sektorem wiÄ™kszym niż 512 bajtów." -#: src/cryptsetup.c:3032 +#: src/cryptsetup.c:3375 msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." msgstr "Opcja --test-passphrase jest dozwolona tylko przy otwieraniu urzÄ…dzeÅ„ LUKS, TRCYPT, BITLK i FVAULT2." -#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 +#: src/cryptsetup.c:3378 src/cryptsetup.c:3401 msgid "Options --device-size and --size cannot be combined." msgstr "Opcji --device-size i --size nie można Å‚Ä…czyć." -#: src/cryptsetup.c:3038 +#: src/cryptsetup.c:3381 msgid "Option --unbound is allowed only for open of luks device." msgstr "Opcja --unbound jest dozwolona tylko dla operacji otwarcia urzÄ…dzenia LUKS." -#: src/cryptsetup.c:3041 +#: src/cryptsetup.c:3384 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "Opcja --unbound nie może być użyta bez --test-passphrase." -#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 +#: src/cryptsetup.c:3393 src/veritysetup.c:671 src/integritysetup.c:767 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "Opcje --cancel-deferred i --deferred nie mogÄ… być użyte naraz." -#: src/cryptsetup.c:3066 -msgid "Options --reduce-device-size and --data-size cannot be combined." -msgstr "Opcji --reduce-device-size i --data-size nie można Å‚Ä…czyć." +#: src/cryptsetup.c:3409 +msgid "Options --reduce-device-size and --device-size cannot be combined." +msgstr "Opcji --reduce-device-size i --device-size nie można Å‚Ä…czyć." -#: src/cryptsetup.c:3069 +#: src/cryptsetup.c:3412 msgid "Option --active-name can be set only for LUKS2 device." msgstr "Opcja --active-name może być ustawiona tylko dla urzÄ…dzenia LUKS2." -#: src/cryptsetup.c:3072 +#: src/cryptsetup.c:3415 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "Opcji --active-name i --force-offline-reencrypt nie można Å‚Ä…czyć." -#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 +#: src/cryptsetup.c:3423 src/cryptsetup.c:3453 msgid "Keyslot specification is required." msgstr "Wymagane jest okreÅ›lenie klucza." -#: src/cryptsetup.c:3088 +#: src/cryptsetup.c:3431 msgid "Options --align-payload and --offset cannot be combined." msgstr "Opcji --align-payload i --offset nie można Å‚Ä…czyć." -#: src/cryptsetup.c:3091 +#: src/cryptsetup.c:3434 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "Opcja --integrity-no-wipe może być użyta tylko do akcji formatowania z rozszerzeniem integralnoÅ›ci." -#: src/cryptsetup.c:3094 +#: src/cryptsetup.c:3437 msgid "Only one of --use-[u]random options is allowed." msgstr "Dozwolona jest tylko jedna z opcji --use-[u]random." -#: src/cryptsetup.c:3102 +#: src/cryptsetup.c:3445 msgid "Key size is required with --unbound option." msgstr "Przy opcji --unbound wymagany jest rozmiar klucza." -#: src/cryptsetup.c:3122 +#: src/cryptsetup.c:3465 msgid "Invalid token action." msgstr "BÅ‚Ä™dna akcja token." -#: src/cryptsetup.c:3125 +#: src/cryptsetup.c:3468 msgid "--key-description parameter is mandatory for token add action." msgstr "Parametr --key-description jest wymagany do akcji dodania tokenu." -#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 +#: src/cryptsetup.c:3472 src/cryptsetup.c:3485 msgid "Action requires specific token. Use --token-id parameter." msgstr "Akcja wymaga okreÅ›lonego tokenu. Należy użyć parametru --token-id." -#: src/cryptsetup.c:3133 +#: src/cryptsetup.c:3476 msgid "Option --unbound is valid only with token add action." msgstr "Opcja --unbound jest dozwolona tylko dla operacji dodania tokenu." -#: src/cryptsetup.c:3135 +#: src/cryptsetup.c:3478 msgid "Options --key-slot and --unbound cannot be combined." msgstr "Opcji --key-slot i --unbound nie można Å‚Ä…czyć." -#: src/cryptsetup.c:3140 +#: src/cryptsetup.c:3483 msgid "Action requires specific keyslot. Use --key-slot parameter." msgstr "Akcja wymaga okreÅ›lonego klucza. Należy użyć parametru --key-slot." -#: src/cryptsetup.c:3156 +#: src/cryptsetup.c:3499 msgid "<device> [--type <type>] [<name>]" msgstr "<uzÄ…dzenie> [--type <typ>] [<nazwa>]" -#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 +#: src/cryptsetup.c:3499 src/veritysetup.c:491 src/integritysetup.c:544 msgid "open device as <name>" msgstr "otwarcie urzÄ…dzenia jako <nazwa>" -#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 -#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 -#: src/integritysetup.c:537 src/integritysetup.c:539 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3501 src/cryptsetup.c:3502 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:545 +#: src/integritysetup.c:546 src/integritysetup.c:548 msgid "<name>" msgstr "<nazwa>" -#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 +#: src/cryptsetup.c:3500 src/veritysetup.c:492 src/integritysetup.c:545 msgid "close device (remove mapping)" msgstr "zamkniÄ™cie urzÄ…dzenia (usuniÄ™cie odwzorowania)" -#: src/cryptsetup.c:3158 src/integritysetup.c:539 +#: src/cryptsetup.c:3501 src/integritysetup.c:548 msgid "resize active device" msgstr "zmiana rozmiaru aktywnego urzÄ…dzenia" -#: src/cryptsetup.c:3159 +#: src/cryptsetup.c:3502 msgid "show device status" msgstr "pokazanie stanu urzÄ…dzenia" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "[--cipher <cipher>]" msgstr "[--cipher <szyfr>]" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "benchmark cipher" msgstr "test szybkoÅ›ci szyfru" -#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 -#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 -#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 -#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 -#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 +#: src/cryptsetup.c:3504 src/cryptsetup.c:3505 src/cryptsetup.c:3506 +#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3515 +#: src/cryptsetup.c:3516 src/cryptsetup.c:3517 src/cryptsetup.c:3518 +#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521 +#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524 msgid "<device>" msgstr "<urzÄ…dzenie>" -#: src/cryptsetup.c:3161 +#: src/cryptsetup.c:3504 msgid "try to repair on-disk metadata" msgstr "próba naprawy metadanych na dysku" -#: src/cryptsetup.c:3162 +#: src/cryptsetup.c:3505 msgid "reencrypt LUKS2 device" msgstr "ponowne szyfrowanie urzÄ…dzenia LUKS2" -#: src/cryptsetup.c:3163 +#: src/cryptsetup.c:3506 msgid "erase all keyslots (remove encryption key)" msgstr "usuniÄ™cie wszystkich kluczy (usuniÄ™cie klucza szyfrujÄ…cego)" -#: src/cryptsetup.c:3164 +#: src/cryptsetup.c:3507 msgid "convert LUKS from/to LUKS2 format" msgstr "przekonwertowanie formatu LUKS z/do LUKS2" -#: src/cryptsetup.c:3165 +#: src/cryptsetup.c:3508 msgid "set permanent configuration options for LUKS2" msgstr "ustawienie opcji trwaÅ‚ej konfiguracji dla LUKS2" -#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 +#: src/cryptsetup.c:3509 src/cryptsetup.c:3510 msgid "<device> [<new key file>]" msgstr "<urzÄ…dzenie> [<nowy plik klucza>]" -#: src/cryptsetup.c:3166 +#: src/cryptsetup.c:3509 msgid "formats a LUKS device" msgstr "sformatowanie urzÄ…dzenia LUKS" -#: src/cryptsetup.c:3167 +#: src/cryptsetup.c:3510 msgid "add key to LUKS device" msgstr "dodanie klucza do urzÄ…dzenia LUKS" -#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 +#: src/cryptsetup.c:3511 src/cryptsetup.c:3512 src/cryptsetup.c:3513 msgid "<device> [<key file>]" msgstr "<urzÄ…dzenie> [<plik klucza>]" -#: src/cryptsetup.c:3168 +#: src/cryptsetup.c:3511 msgid "removes supplied key or key file from LUKS device" msgstr "usuniÄ™cie podanego klucza lub pliku klucza z urzÄ…dzenia LUKS" -#: src/cryptsetup.c:3169 +#: src/cryptsetup.c:3512 msgid "changes supplied key or key file of LUKS device" msgstr "zmiana podanego klucza lub pliku klucza urzÄ…dzenia LUKS" -#: src/cryptsetup.c:3170 +#: src/cryptsetup.c:3513 msgid "converts a key to new pbkdf parameters" msgstr "konwersja klucza na nowe parametry pbkdf" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "<device> <key slot>" msgstr "<urzÄ…dzenie> <numer klucza>" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "wipes key with number <key slot> from LUKS device" msgstr "wymazanie klucza o numerze <numer klucza> z urzÄ…dzenia LUKS" -#: src/cryptsetup.c:3172 +#: src/cryptsetup.c:3515 msgid "print UUID of LUKS device" msgstr "wypisanie UUID-a urzÄ…dzenia LUKS" -#: src/cryptsetup.c:3173 +#: src/cryptsetup.c:3516 msgid "tests <device> for LUKS partition header" msgstr "sprawdzenie <urzÄ…dzenia> pod kÄ…tem nagłówka partycji LUKS" -#: src/cryptsetup.c:3174 +#: src/cryptsetup.c:3517 msgid "dump LUKS partition information" msgstr "zrzut informacji o partycji LUKS" -#: src/cryptsetup.c:3175 +#: src/cryptsetup.c:3518 msgid "dump TCRYPT device information" msgstr "zrzut informacji o urzÄ…dzeniu TCRYPT" -#: src/cryptsetup.c:3176 +#: src/cryptsetup.c:3519 msgid "dump BITLK device information" msgstr "zrzut informacji o urzÄ…dzeniu BITLK" -#: src/cryptsetup.c:3177 +#: src/cryptsetup.c:3520 msgid "dump FVAULT2 device information" msgstr "zrzut informacji o urzÄ…dzeniu FVAULT2" -#: src/cryptsetup.c:3178 +#: src/cryptsetup.c:3521 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Wstrzymanie urzÄ…dzenia LUKS i wymazanie klucza (zamraża wszystkie operacje we/wy)" -#: src/cryptsetup.c:3179 +#: src/cryptsetup.c:3522 msgid "Resume suspended LUKS device" msgstr "Wznowienie zatrzymanego urzÄ…dzenia LUKS" -#: src/cryptsetup.c:3180 +#: src/cryptsetup.c:3523 msgid "Backup LUKS device header and keyslots" msgstr "Kopia zapasowa nagłówka i kluczy urzÄ…dzenia LUKS" -#: src/cryptsetup.c:3181 +#: src/cryptsetup.c:3524 msgid "Restore LUKS device header and keyslots" msgstr "Odtworzenie nagłówka i kluczy urzÄ…dzenia LUKS z kopii zapasowej" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "<add|remove|import|export> <device>" msgstr "<add|remove|import|export> <urzÄ…dzenie>" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "Manipulate LUKS2 tokens" msgstr "Operacja na tokenach LUKS2" -#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 +#: src/cryptsetup.c:3544 src/veritysetup.c:509 src/integritysetup.c:563 msgid "" "\n" "<action> is one of:\n" @@ -2577,7 +2819,7 @@ msgstr "" "\n" "<akcja> to jedno z:\n" -#: src/cryptsetup.c:3207 +#: src/cryptsetup.c:3550 msgid "" "\n" "You can also use old <action> syntax aliases:\n" @@ -2589,7 +2831,7 @@ msgstr "" "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:3211 +#: src/cryptsetup.c:3554 #, c-format msgid "" "\n" @@ -2604,7 +2846,7 @@ msgstr "" "<numer klucza> to numer klucza LUKS do zmiany\n" "<plik klucza> to opcjonalny plik nowego klucza dla akcji luksAddKey\n" -#: src/cryptsetup.c:3218 +#: src/cryptsetup.c:3561 #, c-format msgid "" "\n" @@ -2613,29 +2855,28 @@ msgstr "" "\n" "DomyÅ›lny wkompilowany format metadanych to %s (dla akcji luksFormat).\n" -#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 -#, c-format +#: src/cryptsetup.c:3566 msgid "" "\n" -"LUKS2 external token plugin support is %s.\n" +"LUKS2 external token plugin support is enabled.\n" msgstr "" "\n" -"ObsÅ‚uga zewnÄ™trznych wtyczek tokenów LUKS2 jest %s.\n" +"ObsÅ‚uga zewnÄ™trznych wtyczek tokenów LUKS2 jest wÅ‚Ä…czona.\n" -#: src/cryptsetup.c:3223 -msgid "compiled-in" -msgstr "wkompilowana" - -#: src/cryptsetup.c:3224 +#: src/cryptsetup.c:3567 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Åšcieżka zewnÄ™trznych wtyczek tokenów LUKS2: %s.\n" -#: src/cryptsetup.c:3226 -msgid "disabled" -msgstr "wyÅ‚Ä…czona" +#: src/cryptsetup.c:3569 +msgid "" +"\n" +"LUKS2 external token plugin support is disabled.\n" +msgstr "" +"\n" +"ObsÅ‚uga zewnÄ™trznych wtyczek tokenów LUKS2 jest wyÅ‚Ä…czona.\n" -#: src/cryptsetup.c:3230 +#: src/cryptsetup.c:3573 #, c-format msgid "" "\n" @@ -2652,7 +2893,7 @@ msgstr "" "DomyÅ›lny PBKDF dla LUKS2: %s\n" "\tCzas iteracji: %d, wymagana pamięć: %dkB, liczba wÄ…tków: %d\n" -#: src/cryptsetup.c:3241 +#: src/cryptsetup.c:3584 #, c-format msgid "" "\n" @@ -2667,96 +2908,100 @@ msgstr "" "\tplain: %s, bitów klucza: %d, skrót hasÅ‚a: %s\n" "\tLUKS: %s, bitów klucza: %d, skrót nagłówka LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:3250 +#: src/cryptsetup.c:3593 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: DomyÅ›lny rozmiar klucza z trybem XTS (dwa klucze wewnÄ™trzne) bÄ™dzie podwojony.\n" -#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 +#: src/cryptsetup.c:3611 src/veritysetup.c:651 src/integritysetup.c:723 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: wymaga %s jako argumentów" -#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 +#: src/cryptsetup.c:3651 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Numer klucza jest nieprawidÅ‚owy." -#: src/cryptsetup.c:3335 +#: src/cryptsetup.c:3678 msgid "Device size must be multiple of 512 bytes sector." msgstr "Rozmiar urzÄ…dzenia musi być wielokrotnoÅ›ciÄ… 512-bajtowego sektora." -#: src/cryptsetup.c:3340 +#: src/cryptsetup.c:3683 msgid "Invalid max reencryption hotzone size specification." msgstr "BÅ‚Ä™dne okreÅ›lenie maksymalnego rozmiaru strefy hotzone ponownego szyfrowania." -#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 +#: src/cryptsetup.c:3697 src/cryptsetup.c:3709 msgid "Key size must be a multiple of 8 bits" msgstr "Rozmiar klucza musi być wielokrotnoÅ›ciÄ… 8 bitów" -#: src/cryptsetup.c:3371 +#: src/cryptsetup.c:3714 msgid "Maximum device reduce size is 1 GiB." msgstr "Maksymalna wartość ograniczenia rozmiaru urzÄ…dzenia to 1GiB." -#: src/cryptsetup.c:3374 +#: src/cryptsetup.c:3717 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Rozmiar ograniczenia musi być wielokrotnoÅ›ciÄ… 512-bajtowego sektora." -#: src/cryptsetup.c:3391 +#: src/cryptsetup.c:3734 msgid "Option --priority can be only ignore/normal/prefer." msgstr "Opcja --priority może mieć wartoÅ›ci tylko ignore/normal/prefer." -#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 +#: src/cryptsetup.c:3753 src/veritysetup.c:572 src/integritysetup.c:643 msgid "Show this help message" msgstr "WyÅ›wietlenie tego opisu" -#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 +#: src/cryptsetup.c:3754 src/veritysetup.c:573 src/integritysetup.c:644 msgid "Display brief usage" msgstr "WyÅ›wietlenie krótkiej informacji o skÅ‚adni" -#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 +#: src/cryptsetup.c:3755 src/veritysetup.c:574 src/integritysetup.c:645 msgid "Print package version" msgstr "Wypisanie wersji pakietu" -#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 +#: src/cryptsetup.c:3766 src/veritysetup.c:585 src/integritysetup.c:656 msgid "Help options:" msgstr "Opcje pomocnicze:" -#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 +#: src/cryptsetup.c:3789 src/veritysetup.c:606 src/integritysetup.c:676 msgid "[OPTION...] <action> <action-specific>" msgstr "[OPCJA...] <akcja> <parametry-akcji>" -#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 +#: src/cryptsetup.c:3798 src/veritysetup.c:615 src/integritysetup.c:687 msgid "Argument <action> missing." msgstr "Brak argumentu <akcja>." -#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 +#: src/cryptsetup.c:3877 src/veritysetup.c:646 src/integritysetup.c:718 msgid "Unknown action." msgstr "Nieznana akcja." -#: src/cryptsetup.c:3546 +#: src/cryptsetup.c:3895 msgid "Option --key-file takes precedence over specified key file argument." msgstr "Opcja --key-file ma priorytet nad podanym argumentem pliku klucza." -#: src/cryptsetup.c:3552 +#: src/cryptsetup.c:3901 msgid "Only one --key-file argument is allowed." msgstr "Dozwolony jest tylko jeden argument --key-file." -#: src/cryptsetup.c:3557 +#: src/cryptsetup.c:3906 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "Funkcja pochodna klucza oparta na haÅ›le (PBKDF) może być tylko pbkdf2 lub argon2i/argon2id." -#: src/cryptsetup.c:3562 +#: src/cryptsetup.c:3911 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "Wymuszonych iteracji PBKDF nie można Å‚Ä…czyć z opcjÄ… czasu iteracji." -#: src/cryptsetup.c:3573 +#: src/cryptsetup.c:3916 +msgid "Cannot link volume key to a keyring when keyring is disabled." +msgstr "Nie można doÅ‚Ä…czyć klucza wolumenu do pÄ™ku kluczy, kiedy pÄ™k kluczy jest wyÅ‚Ä…czony." + +#: src/cryptsetup.c:3927 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Opcje --keyslot-cipher i --keyslot-key-size muszÄ… być użyte Å‚Ä…cznie." -#: src/cryptsetup.c:3581 +#: src/cryptsetup.c:3935 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Nie wykonano akcji. WywoÅ‚ano z opcjÄ… --test-args.\n" -#: src/cryptsetup.c:3594 +#: src/cryptsetup.c:3948 msgid "Cannot disable metadata locking." msgstr "Nie można wyÅ‚Ä…czyć blokowania metadanych." @@ -2821,7 +3066,7 @@ msgstr "Polecenie wymaga <głównego_hasza> lub opcji --root-hash-file jako argu msgid "<data_device> <hash_device>" msgstr "<urzÄ…dzenie_danych> <urzÄ…dzenie_haszy>" -#: src/veritysetup.c:489 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:543 msgid "format device" msgstr "sformatowanie urzÄ…dzenia" @@ -2837,7 +3082,7 @@ msgstr "weryfikacja urzÄ…dzenia" msgid "<data_device> <name> <hash_device> [<root_hash>]" msgstr "<urzÄ…dzenie_danych> <nazwa> <urzÄ…dzenie_haszy> [<główny_hasz>]" -#: src/veritysetup.c:493 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:546 msgid "show active device status" msgstr "pokazanie stanu aktywnego urzÄ…dzenia" @@ -2845,7 +3090,7 @@ msgstr "pokazanie stanu aktywnego urzÄ…dzenia" msgid "<hash_device>" msgstr "<urzÄ…dzenie_haszy>" -#: src/veritysetup.c:494 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:547 msgid "show on-disk information" msgstr "wyÅ›wietlenie informacji z dysku" @@ -2875,11 +3120,11 @@ msgstr "" "DomyÅ›lnie wkompilowane parametry dm-verity:\n" "\tHasz: %s, blok danych (bajtów): %u, blok haszy (bajtów): %u, rozmiar zarodka: %u, format haszy: %u\n" -#: src/veritysetup.c:658 +#: src/veritysetup.c:661 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Opcji --ignore-corruption oraz --restart-on-corruption nie można użyć naraz." -#: src/veritysetup.c:663 +#: src/veritysetup.c:666 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Opcji --panic-on-corruption oraz --restart-on-corruption nie można użyć naraz." @@ -2892,29 +3137,29 @@ msgstr "" "Ta operacja nieodwracalnie nadpisze dane na %s i %s.\n" "Aby zachować urzÄ…dzenie danych, można użyć opcji --no-wipe (a nastÄ™pnie uaktywnić z --integrity-recalculate)." -#: src/integritysetup.c:212 +#: src/integritysetup.c:217 #, c-format msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "Sformatowano z rozmiarem znacznika %u, wewnÄ™trzna integralność %s.\n" -#: src/integritysetup.c:289 +#: src/integritysetup.c:298 msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." msgstr "Ustawianie flagi recalculate nie jest obsÅ‚ugiwane, zamiast tego można rozważyć użycie --wipe." -#: src/integritysetup.c:364 src/integritysetup.c:521 +#: src/integritysetup.c:373 src/integritysetup.c:530 #, c-format msgid "Device %s is not a valid INTEGRITY device." msgstr "UrzÄ…dzenie %s nie jest prawidÅ‚owym urzÄ…dzeniem INTEGRITY." -#: src/integritysetup.c:534 src/integritysetup.c:538 +#: src/integritysetup.c:543 src/integritysetup.c:547 msgid "<integrity_device>" msgstr "<urzÄ…dzenie_integralnoÅ›ci>" -#: src/integritysetup.c:535 +#: src/integritysetup.c:544 msgid "<integrity_device> <name>" msgstr "<urzÄ…dzenie_integralnoÅ›ci> <nazwa>" -#: src/integritysetup.c:558 +#: src/integritysetup.c:567 #, c-format msgid "" "\n" @@ -2925,7 +3170,7 @@ msgstr "" "<nazwa> to urzÄ…dzenie do utworzenia pod %s\n" "<urzÄ…dzenie_integralnoÅ›ci> to urzÄ…dzenie zawierajÄ…ce dane ze znacznikami integralnoÅ›ci\n" -#: src/integritysetup.c:563 +#: src/integritysetup.c:572 #, c-format msgid "" "\n" @@ -2938,40 +3183,40 @@ msgstr "" "\tAlgorytm sumy kontrolnej: %s\n" "\tMaksymalny rozmiar pliku klucza: %dkB\n" -#: src/integritysetup.c:620 +#: src/integritysetup.c:629 #, c-format msgid "Invalid --%s size. Maximum is %u bytes." msgstr "BÅ‚Ä™dny rozmiar --%s. Maksimum w bajtach to %u." -#: src/integritysetup.c:720 +#: src/integritysetup.c:732 msgid "Both key file and key size options must be specified." msgstr "MuszÄ… być podane obie opcje: pliku klucza i rozmiaru klucza." -#: src/integritysetup.c:724 +#: src/integritysetup.c:736 msgid "Both journal integrity key file and key size options must be specified." msgstr "MuszÄ… być podane obie opcje: pliku klucza integralnoÅ›ci i rozmiaru klucza." -#: src/integritysetup.c:727 +#: src/integritysetup.c:739 msgid "Journal integrity algorithm must be specified if journal integrity key is used." msgstr "Algorytm integralnoÅ›ci kroniki musi być podany, jeÅ›li używany jest klucz integralnoÅ›ci kroniki." -#: src/integritysetup.c:731 +#: src/integritysetup.c:743 msgid "Both journal encryption key file and key size options must be specified." msgstr "MuszÄ… być podane obie opcje: pliku szyfrowania kroniki i rozmiaru klucza." -#: src/integritysetup.c:734 +#: src/integritysetup.c:746 msgid "Journal encryption algorithm must be specified if journal encryption key is used." msgstr "Algorytm szyfrowania kroniki musi być podany, jeÅ›li używany jest klucz szyfrowania kroniki." -#: src/integritysetup.c:738 +#: src/integritysetup.c:750 msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "Opcje trybu odtwarzania i bitmapy wykluczajÄ… siÄ™ wzajemnie." -#: src/integritysetup.c:745 +#: src/integritysetup.c:757 msgid "Journal options cannot be used in bitmap mode." msgstr "Opcji kroniki nie można używać w trybie bitmapy." -#: src/integritysetup.c:750 +#: src/integritysetup.c:762 msgid "Bitmap options can be used only in bitmap mode." msgstr "Opcje bitmapy mogÄ… być używane tylko w trybie bitmapy." @@ -3164,7 +3409,7 @@ msgstr "PostÄ™p: %5.1f%%, przewidywany czas zakoÅ„czenia %s, %s, %s%s" msgid "Finished, time %s, %s, %s\n" msgstr "ZakoÅ„czono, czas %s, %s, %s\n" -#: src/utils_password.c:41 src/utils_password.c:74 +#: src/utils_password.c:41 src/utils_password.c:72 #, c-format msgid "Cannot check password quality: %s" msgstr "Nie można sprawdzić jakoÅ›ci hasÅ‚a: %s" @@ -3178,63 +3423,63 @@ msgstr "" "Sprawdzenie jakoÅ›ci hasÅ‚a nie powiodÅ‚o siÄ™:\n" " %s" -#: src/utils_password.c:81 +#: src/utils_password.c:79 #, c-format msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Sprawdzenie jakoÅ›ci hasÅ‚a nie powiodÅ‚o siÄ™: bÅ‚Ä™dne hasÅ‚o (%s)" -#: src/utils_password.c:232 src/utils_password.c:246 +#: src/utils_password.c:231 src/utils_password.c:245 msgid "Error reading passphrase from terminal." msgstr "BÅ‚Ä…d podczas odczytu hasÅ‚a z terminala." -#: src/utils_password.c:244 +#: src/utils_password.c:243 msgid "Verify passphrase: " msgstr "Weryfikacja hasÅ‚a: " -#: src/utils_password.c:251 +#: src/utils_password.c:250 msgid "Passphrases do not match." msgstr "HasÅ‚a nie zgadzajÄ… siÄ™." -#: src/utils_password.c:289 +#: src/utils_password.c:288 msgid "Cannot use offset with terminal input." msgstr "Nie można użyć offsetu, jeÅ›li wejÅ›ciem jest terminal." -#: src/utils_password.c:293 +#: src/utils_password.c:292 #, c-format msgid "Enter passphrase: " msgstr "HasÅ‚o: " -#: src/utils_password.c:296 +#: src/utils_password.c:295 #, c-format msgid "Enter passphrase for %s: " msgstr "HasÅ‚o dla %s: " -#: src/utils_password.c:330 +#: src/utils_password.c:329 msgid "No key available with this passphrase." msgstr "Dla tego hasÅ‚a nie ma dostÄ™pnego klucza." -#: src/utils_password.c:332 +#: src/utils_password.c:331 msgid "No usable keyslot is available." msgstr "Brak dostÄ™pnego miejsca na klucz." -#: src/utils_luks.c:67 +#: src/utils_luks.c:68 msgid "Can't do passphrase verification on non-tty inputs." msgstr "Nie można wykonać weryfikacji hasÅ‚a, jeÅ›li wejÅ›ciem nie jest terminal." -#: src/utils_luks.c:182 +#: src/utils_luks.c:183 #, c-format msgid "Failed to open file %s in read-only mode." msgstr "Nie udaÅ‚o siÄ™ otworzyć pliku %s tylko do odczytu." -#: src/utils_luks.c:195 +#: src/utils_luks.c:196 msgid "Provide valid LUKS2 token JSON:\n" msgstr "Poprawny token JSON dla LUKS2:\n" -#: src/utils_luks.c:202 +#: src/utils_luks.c:203 msgid "Failed to read JSON file." msgstr "Nie udaÅ‚o siÄ™ odczytać pliku JSON." -#: src/utils_luks.c:207 +#: src/utils_luks.c:208 msgid "" "\n" "Read interrupted." @@ -3242,12 +3487,12 @@ msgstr "" "\n" "Odczyt przerwany." -#: src/utils_luks.c:248 +#: src/utils_luks.c:249 #, c-format msgid "Failed to open file %s in write mode." msgstr "Nie udaÅ‚o siÄ™ otworzyć pliku %s do zapisu." -#: src/utils_luks.c:257 +#: src/utils_luks.c:258 msgid "" "\n" "Write interrupted." @@ -3255,7 +3500,7 @@ msgstr "" "\n" "Zapis przerwany." -#: src/utils_luks.c:261 +#: src/utils_luks.c:262 msgid "Failed to write JSON file." msgstr "Nie udaÅ‚o siÄ™ zapisać pliku JSON." @@ -3323,15 +3568,19 @@ msgstr "UrzÄ…dzenie wymaga odtwarzania ponownego szyfrowania. Najpierw należy u msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "UrzÄ…dzenie %s jest już w trybie ponownego szyfrowania LUKS2. Czy wznowić uprzednio zainicjowanÄ… operacjÄ™?" -#: src/utils_reencrypt.c:353 +#: src/utils_reencrypt.c:416 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Stara wersja ponownego szyfrowania LUKS2 nie jest już obsÅ‚ugiwana." -#: src/utils_reencrypt.c:418 +#: src/utils_reencrypt.c:421 +msgid "Can not reencrypt LUKS2 device configured to use OPAL." +msgstr "Nie można ponownie zaszyfrować urzÄ…dzenia LUKS2 skonfigurowanego do używania OPAL." + +#: src/utils_reencrypt.c:427 msgid "Reencryption of device with integrity profile is not supported." msgstr "Ponowne szyfrowanie urzÄ…dzenia z profilem integralnoÅ›ci nie jest obsÅ‚ugiwane." -#: src/utils_reencrypt.c:449 +#: src/utils_reencrypt.c:464 #, c-format msgid "" "Requested --sector-size %<PRIu32> is incompatible with %s superblock\n" @@ -3340,103 +3589,103 @@ msgstr "" "Żądany --sector-size %<PRIu32> jest niezgodny z superblokiem %s\n" "(rozmiar bloku: %<PRIu32> B), wykrytym na urzÄ…dzeniu %s." -#: src/utils_reencrypt.c:494 +#: src/utils_reencrypt.c:533 src/utils_reencrypt.c:1412 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Szyfrowanie bez odÅ‚Ä…czonego nagłówka (--header) jest niemożliwe bez ograniczenia rozmiaru urzÄ…dzenia danych (--reduce-device-size)." -#: src/utils_reencrypt.c:500 +#: src/utils_reencrypt.c:540 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Żądany offset danych musi być mniejszy lub równy poÅ‚owie parametru --reduce-device-size." -#: src/utils_reencrypt.c:510 +#: src/utils_reencrypt.c:550 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n" msgstr "Modyfikowanie wartoÅ›ci --reduce-device-size do dwukrotnoÅ›ci parametru --offset %<PRIu64> (w sektorach).\n" -#: src/utils_reencrypt.c:540 +#: src/utils_reencrypt.c:580 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "Plik nagłówka %s już istnieje. Przerwano." -#: src/utils_reencrypt.c:542 src/utils_reencrypt.c:549 +#: src/utils_reencrypt.c:582 src/utils_reencrypt.c:589 #, c-format msgid "Cannot create temporary header file %s." msgstr "Nie można utworzyć pliku tymczasowego nagłówka %s." -#: src/utils_reencrypt.c:574 +#: src/utils_reencrypt.c:614 msgid "LUKS2 metadata size is larger than data shift value." msgstr "Rozmiar metadanych LUKS2 jest wiÄ™kszy niż wartość przesuniÄ™cia danych." -#: src/utils_reencrypt.c:611 +#: src/utils_reencrypt.c:651 #, c-format msgid "Failed to place new header at head of device %s." msgstr "Nie udaÅ‚o siÄ™ umieÅ›cić nowego nagłówka na poczÄ…tku urzÄ…dzenia %s." -#: src/utils_reencrypt.c:621 +#: src/utils_reencrypt.c:661 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s jest teraz aktywne i gotowe do szyfrowania w locie.\n" -#: src/utils_reencrypt.c:657 +#: src/utils_reencrypt.c:697 #, c-format msgid "Active device %s is not LUKS2." msgstr "Aktywne urzÄ…dzenie %s nie jest urzÄ…dzeniem LUKS2." -#: src/utils_reencrypt.c:685 +#: src/utils_reencrypt.c:725 msgid "Restoring original LUKS2 header." msgstr "Odtwarzanie oryginalnego nagłówka LUKS2." -#: src/utils_reencrypt.c:693 +#: src/utils_reencrypt.c:733 msgid "Original LUKS2 header restore failed." msgstr "Odtwarzanie oryginalnego nagłówka LUKS2 nie powiodÅ‚o siÄ™." -#: src/utils_reencrypt.c:719 +#: src/utils_reencrypt.c:759 #, c-format msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" msgstr "Plik nagłówka %s nie istnieje. Czy zainicjować odszyfrowywanie LUKS2 urzÄ…dzenia %s i eksport nagłówka LUKS2 do pliku %s?" -#: src/utils_reencrypt.c:767 +#: src/utils_reencrypt.c:807 msgid "Failed to add read/write permissions to exported header file." msgstr "Nie udaÅ‚o siÄ™ dodać uprawnieÅ„ odczytu/zapisu do pliku wyeksportowanego nagłówka." -#: src/utils_reencrypt.c:820 +#: src/utils_reencrypt.c:860 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "Inicjowanie ponownego szyfrowania nie powiodÅ‚o siÄ™. Kopia zapasowa nagłówka jest dostÄ™pna w %s." -#: src/utils_reencrypt.c:848 +#: src/utils_reencrypt.c:888 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "Odszyfrowanie LUKS2 jest obsÅ‚ugiwane tylko z urzÄ…dzeniem z odÅ‚Ä…czonym nagłówkiem (z offsetem danych ustawionym na 0)." -#: src/utils_reencrypt.c:983 src/utils_reencrypt.c:992 +#: src/utils_reencrypt.c:1023 src/utils_reencrypt.c:1032 msgid "Not enough free keyslots for reencryption." msgstr "Za maÅ‚o wolnych kluczy do ponownego szyfrowania." -#: src/utils_reencrypt.c:1013 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1053 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Rozmiaru klucza można użyć tylko z --key-slot albo przy dokÅ‚adnie jednym aktywnym kluczu." -#: src/utils_reencrypt.c:1022 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1062 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "HasÅ‚o dla klucza %d: " -#: src/utils_reencrypt.c:1034 +#: src/utils_reencrypt.c:1074 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "HasÅ‚o dla klucza %u: " -#: src/utils_reencrypt.c:1086 +#: src/utils_reencrypt.c:1126 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "Zmiana szyfru do szyfrowania danych na %s.\n" -#: src/utils_reencrypt.c:1140 +#: src/utils_reencrypt.c:1180 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Nie zmieniono parametrów segmentu danych. Ponowne szyfrowanie przerwane." -#: src/utils_reencrypt.c:1242 +#: src/utils_reencrypt.c:1282 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3444,7 +3693,7 @@ msgstr "" "ZwiÄ™kszanie rozmiaru sektora szyfrowania na urzÄ…dzeniu offline nie jest obsÅ‚ugiwane.\n" "Należy najpierw uaktywnić urzÄ…dzenie lub użyć opcji --force-offline-reencrypt (niebezpieczna!)." -#: src/utils_reencrypt.c:1282 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1322 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3453,62 +3702,62 @@ msgstr "" "\n" "Ponowne szyfrowanie przerwane." -#: src/utils_reencrypt.c:1287 +#: src/utils_reencrypt.c:1327 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "Wznawianie ponownego szyfrowania LUKS w wymuszonym trybie offline.\n" -#: src/utils_reencrypt.c:1304 +#: src/utils_reencrypt.c:1350 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "UrzÄ…dzenie %s zawiera uszkodzone metadane LUKS. Przerwano operacjÄ™." -#: src/utils_reencrypt.c:1320 src/utils_reencrypt.c:1342 +#: src/utils_reencrypt.c:1366 src/utils_reencrypt.c:1388 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "UrzÄ…dzenie %s jest już urzÄ…dzeniem LUKS. Przerwano operacjÄ™." -#: src/utils_reencrypt.c:1348 +#: src/utils_reencrypt.c:1394 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "UrzÄ…dzenie %s jest już w trybie ponownego szyfrowania LUKS. Przerwano operacjÄ™." -#: src/utils_reencrypt.c:1421 +#: src/utils_reencrypt.c:1476 msgid "LUKS2 decryption requires --header option." msgstr "Odszyfrowanie LUKS2 wymaga opcji --header." -#: src/utils_reencrypt.c:1469 +#: src/utils_reencrypt.c:1524 msgid "Command requires device as argument." msgstr "Polecenie wymaga urzÄ…dzenia jako argumentu." -#: src/utils_reencrypt.c:1482 +#: src/utils_reencrypt.c:1537 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Konflikt wersji. UrzÄ…dzenie %s jest urzÄ…dzeniem LUKS1." -#: src/utils_reencrypt.c:1488 +#: src/utils_reencrypt.c:1543 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Konflikt wersji. UrzÄ…dzenie %s jest w trybie ponownego szyfrowania LUKS1." -#: src/utils_reencrypt.c:1494 +#: src/utils_reencrypt.c:1549 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Konflikt wersji. UrzÄ…dzenie %s jest urzÄ…dzeniem LUKS2." -#: src/utils_reencrypt.c:1500 +#: src/utils_reencrypt.c:1555 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Konflikt wersji. UrzÄ…dzenie %s jest w trybie ponownego szyfrowania LUKS2." -#: src/utils_reencrypt.c:1506 +#: src/utils_reencrypt.c:1561 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "Ponowne szyfrowanie LUKS2 jest już zainicjowane. Przerywanie operacji." -#: src/utils_reencrypt.c:1513 +#: src/utils_reencrypt.c:1568 msgid "Device reencryption not in progress." msgstr "Ponowne szyfrowanie urzÄ…dzenia nie jest w toku." -#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:295 #, c-format msgid "Cannot exclusively open %s, device in use." msgstr "Nie można otworzyć %s w trybie wyÅ‚Ä…cznym, urzÄ…dzenie jest w użyciu." @@ -3644,35 +3893,35 @@ msgstr "UWAGA: urzÄ…dzenie %s już zawiera sygnaturÄ™ partycji '%s'.\n" msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" msgstr "UWAGA: urzÄ…dzenie %s już zawiera sygnaturÄ™ superbloku '%s'.\n" -#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 +#: src/utils_blockdev.c:219 src/utils_blockdev.c:302 src/utils_blockdev.c:354 msgid "Failed to initialize device signature probes." msgstr "Nie udaÅ‚o siÄ™ zainicjować sond sygnatur urzÄ…dzeÅ„." -#: src/utils_blockdev.c:274 +#: src/utils_blockdev.c:282 #, c-format msgid "Failed to stat device %s." msgstr "Nie udaÅ‚o siÄ™ wykonać stat na urzÄ…dzeniu %s." -#: src/utils_blockdev.c:289 +#: src/utils_blockdev.c:297 #, c-format msgid "Failed to open file %s in read/write mode." msgstr "Nie udaÅ‚o siÄ™ otworzyć pliku %s do odczytu i zapisu." -#: src/utils_blockdev.c:307 +#: src/utils_blockdev.c:317 #, c-format msgid "Existing '%s' partition signature on device %s will be wiped." msgstr "IstniejÄ…ca sygnatura partycji '%s' na urzÄ…dzeniu %s zostanie wymazana." -#: src/utils_blockdev.c:310 +#: src/utils_blockdev.c:320 #, c-format msgid "Existing '%s' superblock signature on device %s will be wiped." msgstr "IstniejÄ…ca sygnatura superbloku '%s' na urzÄ…dzeniu %s zostanie wymazana." -#: src/utils_blockdev.c:313 +#: src/utils_blockdev.c:323 msgid "Failed to wipe device signature." msgstr "Nie udaÅ‚o siÄ™ wymazać sygnatury urzÄ…dzenia." -#: src/utils_blockdev.c:320 +#: src/utils_blockdev.c:330 #, c-format msgid "Failed to probe device %s for a signature." msgstr "Nie udaÅ‚o siÄ™ sprawdzić sygnatury urzÄ…dzenia %s." @@ -3687,11 +3936,11 @@ msgstr "BÅ‚Ä™dne okreÅ›lenie rozmiaru w parametrze --%s." msgid "Option --%s is not allowed with %s action." msgstr "Opcja --%s nie jest dozwolona z akcjÄ… %s." -#: tokens/ssh/cryptsetup-ssh.c:110 +#: tokens/ssh/cryptsetup-ssh.c:123 msgid "Failed to write ssh token json." msgstr "Nie udaÅ‚o siÄ™ zapisać danych JSON tokenu SSH." -#: tokens/ssh/cryptsetup-ssh.c:128 +#: tokens/ssh/cryptsetup-ssh.c:141 msgid "" "Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" "\n" @@ -3707,105 +3956,109 @@ msgstr "" "\n" "Uwaga: informacje dostarczone przy dodawaniu tokenu (adres serwera SSH, użytkownik i Å›cieżki) zostanÄ… zapisane w nagłówku LUKS2 czystym tekstem." -#: tokens/ssh/cryptsetup-ssh.c:138 +#: tokens/ssh/cryptsetup-ssh.c:151 msgid "<action> <device>" msgstr "<akcja> <urzÄ…dzenie>" -#: tokens/ssh/cryptsetup-ssh.c:141 +#: tokens/ssh/cryptsetup-ssh.c:154 msgid "Options for the 'add' action:" msgstr "Opcje dla akcji 'add':" -#: tokens/ssh/cryptsetup-ssh.c:142 +#: tokens/ssh/cryptsetup-ssh.c:155 msgid "IP address/URL of the remote server for this token" msgstr "Adres IP/URL zdalnego serwera dla tego tokenu" -#: tokens/ssh/cryptsetup-ssh.c:143 +#: tokens/ssh/cryptsetup-ssh.c:156 msgid "Username used for the remote server" msgstr "Nazwa użytkownika do użycia ze zdalnym serwerem" -#: tokens/ssh/cryptsetup-ssh.c:144 +#: tokens/ssh/cryptsetup-ssh.c:157 msgid "Path to the key file on the remote server" msgstr "Åšcieżka do pliku klucza na zdalnym serwerze" -#: tokens/ssh/cryptsetup-ssh.c:145 +#: tokens/ssh/cryptsetup-ssh.c:158 msgid "Path to the SSH key for connecting to the remote server" msgstr "Åšcieżka do klucza SSH do poÅ‚Ä…czenia ze zdalnym serwerem" -#: tokens/ssh/cryptsetup-ssh.c:146 +#: tokens/ssh/cryptsetup-ssh.c:160 +msgid "Path to directory containinig libcryptsetup external tokens" +msgstr "Åšcieżka do katalogu zawierajÄ…cego tokeny zewnÄ™trzne libcryptsetup" + +#: tokens/ssh/cryptsetup-ssh.c:161 msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." msgstr "Obszar klucza do przypisania tokenu. DomyÅ›lnie token zostanie przypisany do pierwszego obszaru pasujÄ…cego do podanego hasÅ‚a." -#: tokens/ssh/cryptsetup-ssh.c:148 +#: tokens/ssh/cryptsetup-ssh.c:163 msgid "Generic options:" msgstr "Opcje ogólne:" -#: tokens/ssh/cryptsetup-ssh.c:149 +#: tokens/ssh/cryptsetup-ssh.c:164 msgid "Shows more detailed error messages" msgstr "WyÅ›wietlanie bardziej szczegółowych komunikatów bÅ‚Ä™dów" -#: tokens/ssh/cryptsetup-ssh.c:150 +#: tokens/ssh/cryptsetup-ssh.c:165 msgid "Show debug messages" msgstr "WyÅ›wietlanie komunikatów diagnostycznych" -#: tokens/ssh/cryptsetup-ssh.c:151 +#: tokens/ssh/cryptsetup-ssh.c:166 msgid "Show debug messages including JSON metadata" msgstr "WyÅ›wietlanie komunikatów diagnostycznych wraz z metadanymi JSON" -#: tokens/ssh/cryptsetup-ssh.c:262 +#: tokens/ssh/cryptsetup-ssh.c:281 msgid "Failed to open and import private key:\n" msgstr "Nie udaÅ‚o siÄ™ otworzyć i zaimportować klucza prywatnego:\n" -#: tokens/ssh/cryptsetup-ssh.c:266 +#: tokens/ssh/cryptsetup-ssh.c:285 msgid "Failed to import private key (password protected?).\n" msgstr "Nie udaÅ‚o siÄ™ zaimportować klucza prywatnego (zabezpieczony hasÅ‚em?).\n" #. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " -#: tokens/ssh/cryptsetup-ssh.c:268 +#: tokens/ssh/cryptsetup-ssh.c:287 #, c-format msgid "%s@%s's password: " msgstr "HasÅ‚o %s@%s: " -#: tokens/ssh/cryptsetup-ssh.c:357 +#: tokens/ssh/cryptsetup-ssh.c:376 #, c-format msgid "Failed to parse arguments.\n" msgstr "Nie udaÅ‚o siÄ™ przeanalizować argumentów.\n" -#: tokens/ssh/cryptsetup-ssh.c:368 +#: tokens/ssh/cryptsetup-ssh.c:387 #, c-format msgid "An action must be specified\n" msgstr "Musi być podana akcja\n" -#: tokens/ssh/cryptsetup-ssh.c:374 +#: tokens/ssh/cryptsetup-ssh.c:393 #, c-format msgid "Device must be specified for '%s' action.\n" msgstr "Dla akcji '%s' musi być podane urzÄ…dzenie.\n" -#: tokens/ssh/cryptsetup-ssh.c:379 +#: tokens/ssh/cryptsetup-ssh.c:398 #, c-format msgid "SSH server must be specified for '%s' action.\n" msgstr "Dla akcji '%s' musi być podany serwer SSH.\n" -#: tokens/ssh/cryptsetup-ssh.c:384 +#: tokens/ssh/cryptsetup-ssh.c:403 #, c-format msgid "SSH user must be specified for '%s' action.\n" msgstr "Dla akcji '%s' musi być podany użytkownik SSH.\n" -#: tokens/ssh/cryptsetup-ssh.c:389 +#: tokens/ssh/cryptsetup-ssh.c:408 #, c-format msgid "SSH path must be specified for '%s' action.\n" msgstr "Dla akcji '%s' musi być podana Å›cieżka SSH.\n" -#: tokens/ssh/cryptsetup-ssh.c:394 +#: tokens/ssh/cryptsetup-ssh.c:413 #, c-format msgid "SSH key path must be specified for '%s' action.\n" msgstr "Dla akcji '%s' musi być podana Å›cieżka klucza SSH.\n" -#: tokens/ssh/cryptsetup-ssh.c:401 +#: tokens/ssh/cryptsetup-ssh.c:420 #, c-format msgid "Failed open %s using provided credentials.\n" msgstr "Nie udaÅ‚o siÄ™ otworzyć %s przy użyciu podanych danych uwierzytelniajÄ…cych.\n" -#: tokens/ssh/cryptsetup-ssh.c:417 +#: tokens/ssh/cryptsetup-ssh.c:437 #, c-format msgid "Only 'add' action is currently supported by this plugin.\n" msgstr "Ta wtyczka obecnie obsÅ‚uguje wyÅ‚Ä…cznie akcjÄ™ 'add'.\n" @@ -8,14 +8,16 @@ # Cronologia traducerii fiÈ™ierului „cryptsetupâ€: # Traducerea iniÈ›ială, făcută de R-GC, pentru versiunea cryptsetup 2.6.0-rc1. # Actualizare a traducerii pentru versiunea 2.6.1-rc0, făcută de R-GC, ian-2023. +# Actualizare a traducerii pentru versiunea 2.7.0-rc0, făcută de R-GC, noi-2023. +# Actualizare a traducerii pentru versiunea 2.7.0-rc1, făcută de R-GC, dec-2023. # Actualizare a traducerii pentru versiunea Y, făcută de X, Y(luna-anul). # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.6.1-rc0\n" +"Project-Id-Version: cryptsetup 2.7.0-rc1\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2023-02-01 15:58+0100\n" -"PO-Revision-Date: 2023-02-02 10:02+0100\n" +"POT-Creation-Date: 2023-12-20 15:16+0100\n" +"PO-Revision-Date: 2023-12-21 13:41+0100\n" "Last-Translator: Remus-Gabriel Chelu <remusgabriel.chelu@disroot.org>\n" "Language-Team: Romanian <translation-team-ro@lists.sourceforge.net>\n" "Language: ro\n" @@ -28,64 +30,68 @@ msgstr "" #: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." -msgstr "Nu se poate iniÈ›ializa device-mapper, rulând ca utilizator non-root." +msgstr "Nu se poate iniÈ›ializa «device-mapper», rulând ca utilizator non-root." #: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" -msgstr "Nu se poate iniÈ›ializa device-mapper. Este încărcat modulul nucleului, «dm_mod»?" +msgstr "Nu se poate iniÈ›ializa «device-mapper». Este încărcat modulul nucleului, «dm_mod»?" -#: lib/libdevmapper.c:1102 +#: lib/libdevmapper.c:1103 msgid "Requested deferred flag is not supported." msgstr "Fanionul de întârziere solicitat nu este acceptat." -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1172 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "DM-UUID pentru dispozitivul %s a fost trunchiat." -#: lib/libdevmapper.c:1501 +#: lib/libdevmapper.c:1510 msgid "Unknown dm target type." msgstr "Tip de È›intă dm necunoscut." -#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 -#: lib/libdevmapper.c:1727 +#: lib/libdevmapper.c:1629 lib/libdevmapper.c:1635 lib/libdevmapper.c:1738 +#: lib/libdevmapper.c:1741 msgid "Requested dm-crypt performance options are not supported." msgstr "OpÈ›iunile de performanță dm-crypt solicitate nu sunt acceptate." -#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 +#: lib/libdevmapper.c:1644 lib/libdevmapper.c:1656 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "OpÈ›iunile de gestionare a corupÈ›iei datelor dm-verity solicitate nu sunt acceptate." -#: lib/libdevmapper.c:1641 +#: lib/libdevmapper.c:1650 msgid "Requested dm-verity tasklets option is not supported." msgstr "OpÈ›iunea de tasklets dm-verity solicitată nu este acceptată." -#: lib/libdevmapper.c:1653 +#: lib/libdevmapper.c:1662 msgid "Requested dm-verity FEC options are not supported." msgstr "OpÈ›iunile FEC dm-verity solicitate nu sunt acceptate." -#: lib/libdevmapper.c:1659 +#: lib/libdevmapper.c:1668 msgid "Requested data integrity options are not supported." msgstr "OpÈ›iunile de integritate a datelor solicitate nu sunt acceptate." -#: lib/libdevmapper.c:1663 +#: lib/libdevmapper.c:1672 msgid "Requested sector_size option is not supported." msgstr "OpÈ›iunea sector_size solicitată nu este acceptată." -#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 +#: lib/libdevmapper.c:1677 +msgid "The device size is not multiple of the requested sector size." +msgstr "Dimensiunea dispozitivului nu este un multiplu al dimensiunii solicitate a sectorului." + +#: lib/libdevmapper.c:1684 lib/libdevmapper.c:1690 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Recalcularea automată a etichetelor de integritate solicitată nu este acceptată." -#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 -#: lib/luks2/luks2_json_metadata.c:2620 +#: lib/libdevmapper.c:1696 lib/libdevmapper.c:1744 lib/libdevmapper.c:1747 +#: lib/luks2/luks2_json_metadata.c:2754 msgid "Discard/TRIM is not supported." msgstr "ÃŽnlăturarea/Decuparea(TRIM) nu este acceptată." -#: lib/libdevmapper.c:1688 +#: lib/libdevmapper.c:1702 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Modul de hartă de biÈ›i dm-integrity solicitat nu este acceptat." -#: lib/libdevmapper.c:2724 +#: lib/libdevmapper.c:2738 #, c-format msgid "Failed to query dm-%s segment." msgstr "Nu s-a putut interoga segmentul dm-%s." @@ -119,676 +125,774 @@ msgstr "Calitatea solicitată pentru generatorul de numere aleatoare(RNG) este n msgid "Error reading from RNG." msgstr "Eroare la citirea din generatorul de numere aleatorii(RNG)." -#: lib/setup.c:231 +#: lib/setup.c:261 +msgid "OPAL support is disabled in libcryptsetup." +msgstr "Suportul pentru OPAL este dezactivat în libcryptsetup." + +#: lib/setup.c:263 +#, c-format +msgid "Device %s or kernel does not support OPAL encryption." +msgstr "Dispozitivul %s sau nucleul nu acceptă criptarea OPAL." + +#: lib/setup.c:279 msgid "Cannot initialize crypto RNG backend." msgstr "Nu s-a putut iniÈ›ializa utilitarul de criptare al generatorului de numere aleatorii(RNG)." -#: lib/setup.c:237 +#: lib/setup.c:285 msgid "Cannot initialize crypto backend." msgstr "Nu s-a putut iniÈ›ializa utilitarul de criptare ." -#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 +#: lib/setup.c:317 lib/setup.c:2777 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Algoritmul sumei de control %s nu este acceptat." -#: lib/setup.c:271 lib/loopaes/loopaes.c:90 +#: lib/setup.c:320 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Eroare de procesare a cheii (folosind suma de control %s)." -#: lib/setup.c:342 lib/setup.c:369 +#: lib/setup.c:391 lib/setup.c:428 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Nu se poate determina tipul de dispozitiv. Activare a dispozitivului incompatibilă?" -#: lib/setup.c:348 lib/setup.c:3320 +#: lib/setup.c:397 lib/setup.c:3971 msgid "This operation is supported only for LUKS device." msgstr "Această operaÈ›ie este acceptată doar pentru dispozitive LUKS." -#: lib/setup.c:375 +#: lib/setup.c:434 msgid "This operation is supported only for LUKS2 device." msgstr "Această operaÈ›ie este acceptată doar pentru dispozitive LUKS2." -#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 +#: lib/setup.c:491 lib/luks2/luks2_reencrypt.c:3056 msgid "All key slots full." msgstr "Toate sloturile pentru chei sunt ocupate." -#: lib/setup.c:438 +#: lib/setup.c:502 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Slotul de cheie %d este nu este valid, selectaÈ›i între 0 È™i %d." -#: lib/setup.c:444 +#: lib/setup.c:508 #, c-format msgid "Key slot %d is full, please select another one." msgstr "Slotul pentru chei %d este ocupat, selectaÈ›i altul." -#: lib/setup.c:529 lib/setup.c:3042 +#: lib/setup.c:619 lib/setup.c:3672 msgid "Device size is not aligned to device logical block size." msgstr "Dimensiunea dispozitivului nu este aliniată la dimensiunea blocului logic al dispozitivului." -#: lib/setup.c:627 +#: lib/setup.c:717 #, c-format msgid "Header detected but device %s is too small." msgstr "Antet detectat, dar dispozitivul %s este prea mic." -#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 -#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 +#: lib/setup.c:758 lib/setup.c:3563 lib/setup.c:5163 +#: lib/luks2/luks2_reencrypt.c:3848 lib/luks2/luks2_reencrypt.c:4305 msgid "This operation is not supported for this device type." msgstr "Această operaÈ›ie nu este suportată pentru acest tip de dispozitiv." -#: lib/setup.c:673 +#: lib/setup.c:763 msgid "Illegal operation with reencryption in-progress." msgstr "OperaÈ›ie ilegală cu recriptare în curs." -#: lib/setup.c:802 +#: lib/setup.c:895 msgid "Failed to rollback LUKS2 metadata in memory." msgstr "Nu s-au putut reîncărca metadatele LUKS2 în memorie." -#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 -#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 -#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 -#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 -#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 -#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:982 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1374 src/cryptsetup.c:1799 +#: src/cryptsetup.c:1962 src/cryptsetup.c:2017 src/cryptsetup.c:2222 +#: src/cryptsetup.c:2392 src/cryptsetup.c:2673 src/cryptsetup.c:2981 +#: src/cryptsetup.c:3049 src/utils_reencrypt.c:1488 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:85 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "Dispozitivul %s nu este un dispozitiv LUKS valid." -#: lib/setup.c:892 lib/luks1/keymanage.c:530 +#: lib/setup.c:985 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "Versiunea %d de LUKS nu este acceptată." -#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 -#: lib/setup.c:2952 lib/setup.c:4764 +#: lib/setup.c:1358 +#, c-format +msgid "No known cipher specification pattern detected for active device %s." +msgstr "Nu a fost detectat niciun model cunoscut de specificaÈ›ie de cifrare pentru dispozitivul activ %s." + +#: lib/setup.c:1604 lib/setup.c:3317 lib/setup.c:3399 lib/setup.c:3411 +#: lib/setup.c:3581 lib/setup.c:5755 #, c-format msgid "Device %s is not active." msgstr "Dispozitivul %s nu este activ." -#: lib/setup.c:1508 +#: lib/setup.c:1621 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Dispozitivul subiacent pentru dispozitivul criptat %s a dispărut." -#: lib/setup.c:1590 +#: lib/setup.c:1703 msgid "Invalid plain crypt parameters." msgstr "Parametrii de criptare simplă sunt incorecÈ›i." -#: lib/setup.c:1595 lib/setup.c:2054 +#: lib/setup.c:1708 lib/setup.c:2680 msgid "Invalid key size." msgstr "Dimensiunea cheii este nevalidă." -#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 +#: lib/setup.c:1713 lib/setup.c:2685 lib/setup.c:2888 msgid "UUID is not supported for this crypt type." msgstr "UUID-ul nu este acceptat pentru acest tip de criptare." -#: lib/setup.c:1605 lib/setup.c:2064 +#: lib/setup.c:1718 lib/setup.c:2690 msgid "Detached metadata device is not supported for this crypt type." msgstr "Dispozitivul cu metadate detaÈ™ate nu este acceptat pentru acest tip de criptare." -#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 -#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 +#: lib/setup.c:1728 lib/setup.c:1963 lib/luks2/luks2_reencrypt.c:3012 +#: src/cryptsetup.c:1467 src/cryptsetup.c:3726 msgid "Unsupported encryption sector size." msgstr "Dimensiunea sectorului de criptare nu este acceptată." -#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 +#: lib/setup.c:1736 lib/setup.c:1992 lib/setup.c:3666 msgid "Device size is not aligned to requested sector size." msgstr "Dimensiunea dispozitivului nu este aliniată la dimensiunea sectorului solicitată." -#: lib/setup.c:1675 lib/setup.c:1799 +#: lib/setup.c:1788 lib/setup.c:2025 lib/setup.c:2357 msgid "Can't format LUKS without device." msgstr "Formatarea LUKS fără dispozitiv nu este posibilă." -#: lib/setup.c:1681 lib/setup.c:1805 +#: lib/setup.c:1794 lib/setup.c:2031 lib/setup.c:2363 msgid "Requested data alignment is not compatible with data offset." msgstr "Alinierea datelor solicitată nu este compatibilă cu poziÈ›ia datelor." -#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 +#: lib/setup.c:1834 lib/setup.c:2049 +msgid "WARNING: DAX device can corrupt data as it does not guarantee atomic sector updates.\n" +msgstr "AVERTISMENT: Dispozitivul DAX poate corupe datele, deoarece nu garantează actualizări atomice ale sectoarelor.\n" + +#: lib/setup.c:1872 lib/setup.c:2144 lib/setup.c:2165 lib/setup.c:2541 +#: lib/setup.c:2587 lib/setup.c:2900 #, c-format msgid "Cannot wipe header on device %s." msgstr "Nu se poate È™terge antetul pe dispozitivul %s." -#: lib/setup.c:1769 lib/setup.c:2036 +#: lib/setup.c:1885 lib/setup.c:2204 #, c-format msgid "Device %s is too small for activation, there is no remaining space for data.\n" msgstr "Dispozitivul %s este prea mic pentru activare, nu a mai rămas spaÈ›iu pentru date.\n" -#: lib/setup.c:1840 -msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" -msgstr "AVERTISMENT: Activarea dispozitivului va eÈ™ua, dm-crypt nu are suport pentru dimensiunea sectorului de criptare solicitată.\n" - -#: lib/setup.c:1863 +#: lib/setup.c:1925 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Cheia de volum este prea mică pentru criptare cu extensii de integritate." -#: lib/setup.c:1923 +#: lib/setup.c:1934 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Cifrul %s-%s (dimensiunea cheii %zd biÈ›i) nu este disponibil." -#: lib/setup.c:1949 -#, c-format -msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" -msgstr "AVERTISMENT: dimensiunea metadatelor LUKS2 s-a schimbat la %<PRIu64> octeÈ›i.\n" - -#: lib/setup.c:1953 -#, c-format -msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" -msgstr "AVERTISMENT: dimensiunea zonei sloturilor de chei LUKS2 s-a schimbat la %<PRIu64> octeÈ›i.\n" +#: lib/setup.c:1973 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "AVERTISMENT: Activarea dispozitivului va eÈ™ua, dm-crypt nu are suport pentru dimensiunea sectorului de criptare solicitată.\n" -#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 +#: lib/setup.c:2147 lib/setup.c:2484 lib/setup.c:2544 lib/utils_device.c:917 +#: lib/luks1/keyencryption.c:255 lib/luks2/luks2_reencrypt.c:3080 +#: lib/luks2/luks2_reencrypt.c:4364 #, c-format msgid "Device %s is too small." msgstr "Dispozitivul %s este prea mic." -#: lib/setup.c:1990 lib/setup.c:2016 +#: lib/setup.c:2158 lib/setup.c:2184 lib/setup.c:2580 lib/setup.c:2626 #, c-format msgid "Cannot format device %s in use." msgstr "Nu se poate formata dispozitivul %s, este în uz." -#: lib/setup.c:1993 lib/setup.c:2019 +#: lib/setup.c:2161 lib/setup.c:2187 lib/setup.c:2583 lib/setup.c:2629 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Nu se poate formata dispozitivul %s; permisiune refuzată." -#: lib/setup.c:2005 lib/setup.c:2334 +#: lib/setup.c:2173 lib/setup.c:2600 lib/setup.c:2960 #, c-format msgid "Cannot format integrity for device %s." msgstr "Nu se poate formata integritatea pentru dispozitivul %s." -#: lib/setup.c:2023 +#: lib/setup.c:2191 lib/setup.c:2637 #, c-format msgid "Cannot format device %s." msgstr "Nu se poate formata dispozitivul %s." -#: lib/setup.c:2049 +#: lib/setup.c:2234 +msgid "Cannot get OPAL alignment parameters." +msgstr "Nu se pot obÈ›ine parametrii de aliniere OPAL." + +#: lib/setup.c:2243 +msgid "Bogus OPAL logical block size." +msgstr "Dimensiune falsă a blocului logic OPAL." + +#: lib/setup.c:2249 +msgid "Requested data offset is not compatible with OPAL block size." +msgstr "Intervalul(offset) de date solicitat nu este compatibil cu dimensiunea blocului OPAL." + +#: lib/setup.c:2256 +msgid "Requested data alignment is not compatible with OPAL alignment." +msgstr "Alinierea datelor solicitată nu este compatibilă cu alinierea OPAL." + +#: lib/setup.c:2276 +msgid "Data offset does not satisfy OPAL alignment requirements." +msgstr "Intervalul datelor nu îndeplineÈ™te cerinÈ›ele de aliniere OPAL." + +#: lib/setup.c:2289 +msgid "Requested data alignment does not satisfy locking range alignment requirements." +msgstr "Alinierea datelor solicitată nu satisface cerinÈ›ele de aliniere a intervalului de blocare." + +#: lib/setup.c:2494 +#, c-format +msgid "Compensating device size by %<PRIu64> sectors to align it with OPAL alignment granularity." +msgstr "Compensarea dimensiunii dispozitivului cu %<PRIu64> sectoare pentru a-l alinia cu gradul de fineÈ›e al alinierii OPAL." + +#: lib/setup.c:2552 lib/setup.c:4068 lib/setup.c:4223 lib/utils_wipe.c:368 +#: lib/luks2/luks2_json_metadata.c:2703 lib/luks2/luks2_json_metadata.c:2955 +#, c-format +msgid "Failed to acquire OPAL lock on device %s." +msgstr "Nu s-a putut obÈ›ine blocarea OPAL pe dispozitivul %s." + +#: lib/setup.c:2561 +msgid "Incorrect OPAL Admin key." +msgstr "Cheie de administrare OPAL incorectă." + +#: lib/setup.c:2563 +msgid "Cannot setup OPAL segment." +msgstr "Nu se poate configura segmentul OPAL." + +#: lib/setup.c:2633 +#, c-format +msgid "Cannot format device %s, OPAL device seems to be fully write-protected now." +msgstr "Nu se poate formata dispozitivul %s, dispozitivul OPAL pare a fi complet protejat la scriere acum." + +#: lib/setup.c:2635 +msgid "This is perhaps a bug in firmware. Run OPAL PSID reset and reconnect for recovery." +msgstr "Aceasta este probabil o eroare în firmware. EfectuaÈ›i reiniÈ›ierea PSID OPAL È™i reconectaÈ›i-vă pentru recuperare." + +#: lib/setup.c:2655 +#, c-format +msgid "Locking range %d reset on device %s failed." +msgstr "ReiniÈ›ierea intervalului de blocare %d pe dispozitivul %s a eÈ™uat." + +#: lib/setup.c:2675 msgid "Can't format LOOPAES without device." msgstr "Nu se poate formata LOOPAES fără dispozitiv." -#: lib/setup.c:2094 +#: lib/setup.c:2720 msgid "Can't format VERITY without device." msgstr "Nu se poate formata VERITY fără dispozitiv." -#: lib/setup.c:2105 lib/verity/verity.c:101 +#: lib/setup.c:2731 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Tip de sumă de control VERITY neacceptat %d." -#: lib/setup.c:2111 lib/verity/verity.c:109 +#: lib/setup.c:2737 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Dimensiunea blocului VERITY nu este acceptată." -#: lib/setup.c:2116 lib/verity/verity.c:74 +#: lib/setup.c:2742 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Decalajul sumei de control VERITY nu este acceptat." -#: lib/setup.c:2121 +#: lib/setup.c:2747 msgid "Unsupported VERITY FEC offset." msgstr "Decalajul FEC VERITY nu este acceptat." -#: lib/setup.c:2145 +#: lib/setup.c:2771 msgid "Data area overlaps with hash area." msgstr "Zona de date se suprapune cu zona de sume de control." -#: lib/setup.c:2170 +#: lib/setup.c:2796 msgid "Hash area overlaps with FEC area." msgstr "Zona sumelor de control se suprapune cu zona FEC." -#: lib/setup.c:2177 +#: lib/setup.c:2803 msgid "Data area overlaps with FEC area." msgstr "Zona de date se suprapune cu zona FEC." -#: lib/setup.c:2313 +#: lib/setup.c:2939 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "AVERTISMENT: Dimensiunea solicitată a etichetei %d octeÈ›i diferă de dimensiunea %s de ieÈ™ire (%d octeÈ›i).\n" -#: lib/setup.c:2392 +#: lib/setup.c:3018 #, c-format msgid "Unknown crypt device type %s requested." msgstr "A fost solicitat un tip de dispozitiv de criptare necunoscut %s." -#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 +#: lib/setup.c:3325 lib/setup.c:3404 lib/setup.c:3417 #, c-format msgid "Unsupported parameters on device %s." msgstr "Parametri neacceptaÈ›i pentru dispozitivul %s." -#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 -#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 +#: lib/setup.c:3331 lib/setup.c:3424 lib/luks2/luks2_reencrypt.c:2908 +#: lib/luks2/luks2_reencrypt.c:3145 lib/luks2/luks2_reencrypt.c:3540 #, c-format msgid "Mismatching parameters on device %s." msgstr "Parametrii nepotriviÈ›i în dispozitivul %s." -#: lib/setup.c:2822 +#: lib/setup.c:3448 msgid "Crypt devices mismatch." msgstr "Dispozitivele de criptare nu se potrivesc." -#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 -#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 +#: lib/setup.c:3485 lib/setup.c:3490 lib/luks2/luks2_reencrypt.c:2390 +#: lib/luks2/luks2_reencrypt.c:2924 lib/luks2/luks2_reencrypt.c:4109 #, c-format msgid "Failed to reload device %s." msgstr "Nu s-a putut reîncărca dispozitivul %s." -#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 -#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 +#: lib/setup.c:3496 lib/setup.c:3502 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2368 lib/luks2/luks2_reencrypt.c:2938 #, c-format msgid "Failed to suspend device %s." msgstr "Nu s-a putut suspenda dispozitivul %s." -#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 -#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 -#: lib/luks2/luks2_reencrypt.c:4036 +#: lib/setup.c:3508 lib/luks2/luks2_reencrypt.c:2375 +#: lib/luks2/luks2_reencrypt.c:2959 lib/luks2/luks2_reencrypt.c:4022 +#: lib/luks2/luks2_reencrypt.c:4113 #, c-format msgid "Failed to resume device %s." msgstr "Nu s-a putut reîncărca dispozitivul %s." -#: lib/setup.c:2897 +#: lib/setup.c:3523 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Eroare fatală la reîncărcarea dispozitivului %s (în partea superioară a dispozitivului %s)." -#: lib/setup.c:2900 lib/setup.c:2902 +#: lib/setup.c:3526 lib/setup.c:3528 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Nu s-a putut comuta dispozitivul %s la dm-error." -#: lib/setup.c:2984 +#: lib/setup.c:3568 +msgid "Can not resize LUKS2 device with static size." +msgstr "Nu se poate redimensiona dispozitivul LUKS2 cu o dimensiune statică." + +#: lib/setup.c:3613 msgid "Cannot resize loop device." msgstr "Nu se poate redimensiona dispozitivul de buclă." -#: lib/setup.c:3027 +#: lib/setup.c:3657 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "AVERTISMENT: Dimensiunea maximă a fost deja stabilită sau nucleul nu acceptă redimensionarea.\n" -#: lib/setup.c:3088 +#: lib/setup.c:3723 msgid "Resize failed, the kernel doesn't support it." msgstr "Redimensionarea nu a reuÈ™it, nucleul nu acceptă redimensionarea." -#: lib/setup.c:3120 +#: lib/setup.c:3755 msgid "Do you really want to change UUID of device?" msgstr "Chiar doriÈ›i să schimbaÈ›i UUID-ul dispozitivului?" -#: lib/setup.c:3212 +#: lib/setup.c:3847 msgid "Header backup file does not contain compatible LUKS header." msgstr "FiÈ™ierul de copie de rezervă pentru antet nu conÈ›ine un antet LUKS compatibil." -#: lib/setup.c:3328 +#: lib/setup.c:3956 #, c-format msgid "Volume %s is not active." msgstr "Volumul %s nu este activ." -#: lib/setup.c:3339 +#: lib/setup.c:4022 #, c-format msgid "Volume %s is already suspended." msgstr "Volumul %s este deja suspendat." -#: lib/setup.c:3352 +#: lib/setup.c:4050 #, c-format msgid "Suspend is not supported for device %s." msgstr "Suspendarea nu este acceptată pentru dispozitivul %s." -#: lib/setup.c:3354 +#: lib/setup.c:4052 lib/setup.c:4060 #, c-format msgid "Error during suspending device %s." msgstr "Eroare la suspendarea dispozitivului %s." -#: lib/setup.c:3389 +#: lib/setup.c:4074 +#, c-format +msgid "Device %s was suspended but hardware OPAL device cannot be locked." +msgstr "Dispozitivul %s a fost suspendat, dar dispozitivul hardware OPAL nu poate fi blocat." + +#: lib/setup.c:4106 lib/setup.c:4250 #, c-format msgid "Resume is not supported for device %s." msgstr "Reluarea activității nu este acceptată pentru dispozitivul %s." -#: lib/setup.c:3391 +#: lib/setup.c:4108 lib/setup.c:4241 lib/setup.c:4252 #, c-format msgid "Error during resuming device %s." msgstr "Eroare la reluarea activității dispozitivului %s." -#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 -#: src/cryptsetup.c:2479 +#: lib/setup.c:4131 +msgid "Failed to link key to the specified keyring." +msgstr "Nu s-a putut lega cheia la inelul de chei specificat." + +#: lib/setup.c:4150 +msgid "Failed to unlink volume key from user specified keyring." +msgstr "Nu s-a putut dezlega cheia de volum de la inelul de chei specificat de utilizator." + +#: lib/setup.c:4213 lib/setup.c:4934 lib/setup.c:5549 +msgid "Failed to link volume key in user defined keyring." +msgstr "Nu s-a putut leg cheia de volum la inelul de chei specificat de utilizator." + +#: lib/setup.c:4313 src/cryptsetup.c:2755 #, c-format msgid "Volume %s is not suspended." msgstr "Volumul %s nu este suspendat." -#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 -#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 -#: src/cryptsetup.c:2011 +#: lib/setup.c:4414 lib/setup.c:5310 lib/setup.c:5317 lib/setup.c:7176 +#: lib/setup.c:7198 lib/setup.c:7247 src/cryptsetup.c:2265 msgid "Volume key does not match the volume." msgstr "Cheia de volum nu se potriveÈ™te cu volumul." -#: lib/setup.c:3737 +#: lib/setup.c:4568 msgid "Failed to swap new key slot." msgstr "Nu s-a putut efectua interschimbarea cu noul slot pentru cheie." -#: lib/setup.c:3835 +#: lib/setup.c:4666 #, c-format msgid "Key slot %d is invalid." msgstr "Slotul de cheie %d nu este valid." -#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 -#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 +#: lib/setup.c:4672 src/cryptsetup.c:1975 src/cryptsetup.c:2467 +#: src/cryptsetup.c:3149 src/cryptsetup.c:3209 #, c-format msgid "Keyslot %d is not active." msgstr "Slotul de cheie %d nu este activ." -#: lib/setup.c:3860 +#: lib/setup.c:4691 msgid "Device header overlaps with data area." msgstr "Antetul dispozitivului se suprapune cu zona de date." -#: lib/setup.c:4165 +#: lib/setup.c:5041 msgid "Reencryption in-progress. Cannot activate device." msgstr "Recriptare în curs. Nu se poate activa dispozitivul." -#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 -#: lib/luks2/luks2_reencrypt.c:3590 +#: lib/setup.c:5043 lib/luks2/luks2_json_metadata.c:2861 +#: lib/luks2/luks2_reencrypt.c:3646 msgid "Failed to get reencryption lock." msgstr "Nu s-a putut obÈ›ine blocarea pentru recriptare." -#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 +#: lib/setup.c:5056 lib/luks2/luks2_reencrypt.c:3665 msgid "LUKS2 reencryption recovery failed." msgstr "Recuperarea recriptării LUKS2 a eÈ™uat." -#: lib/setup.c:4352 lib/setup.c:4618 +#: lib/setup.c:5228 lib/setup.c:5328 lib/setup.c:5386 msgid "Device type is not properly initialized." msgstr "Tipul de dispozitiv nu este iniÈ›ializat corect." -#: lib/setup.c:4400 +#: lib/setup.c:5283 #, c-format msgid "Device %s already exists." msgstr "Dispozitivul %s există deja." -#: lib/setup.c:4407 +#: lib/setup.c:5290 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Nu se poate folosi dispozitivul %s, numele este nevalid sau este încă în uz." -#: lib/setup.c:4527 +#: lib/setup.c:5306 msgid "Incorrect volume key specified for plain device." msgstr "Este specificată o cheie de volum incorectă pentru un dispozitiv cu criptare normală." -#: lib/setup.c:4644 -msgid "Incorrect root hash specified for verity device." -msgstr "Sumă de control rădăcină incorectă specificată pentru dispozitivul verity." - -#: lib/setup.c:4654 -msgid "Root hash signature required." -msgstr "Este necesară semnătura de sumă de control rădăcină." +#: lib/setup.c:5424 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Inelul de chei pentru nucleu nu este acceptat de nucleu actual." -#: lib/setup.c:4663 +#: lib/setup.c:5428 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "LipseÈ™te inelul de chei pentru nucleu: este necesar pentru transmiterea semnăturii către nucleu." -#: lib/setup.c:4680 lib/setup.c:6423 -msgid "Failed to load key in kernel keyring." -msgstr "Nu s-a putut încărca cheia în inelul de chei al nucleului." +#: lib/setup.c:5668 +msgid "Incorrect root hash specified for verity device." +msgstr "Sumă de control rădăcină incorectă specificată pentru dispozitivul verity." + +#: lib/setup.c:5711 +msgid "OPAL does not support deferred deactivation." +msgstr "OPAL nu acceptă dezactivarea amânată." -#: lib/setup.c:4736 +#: lib/setup.c:5727 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Nu s-a putut anula eliminarea întârziată din dispozitivul %s." -#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 +#: lib/setup.c:5734 lib/setup.c:5750 lib/luks2/luks2_json_metadata.c:2915 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Dispozitivul %s este încă în uz." -#: lib/setup.c:4768 +#: lib/setup.c:5759 #, c-format msgid "Invalid device %s." msgstr "Dispozitiv nevalid %s." -#: lib/setup.c:4908 +#: lib/setup.c:5899 msgid "Volume key buffer too small." msgstr "Memoria tampon a cheii de volum este prea mică." -#: lib/setup.c:4925 +#: lib/setup.c:5916 msgid "Cannot retrieve volume key for LUKS2 device." msgstr "Nu se poate recupera cheia de volum pentru dispozitivul LUKS2." -#: lib/setup.c:4934 +#: lib/setup.c:5925 msgid "Cannot retrieve volume key for LUKS1 device." msgstr "Nu se poate recupera cheia de volum pentru dispozitivul LUKS1." -#: lib/setup.c:4944 +#: lib/setup.c:5935 msgid "Cannot retrieve volume key for plain device." msgstr "Nu se poate recupera tasta de volum pentru dispozitivul normal." -#: lib/setup.c:4952 +#: lib/setup.c:5943 msgid "Cannot retrieve root hash for verity device." msgstr "Nu se poate recupera suma de control rădăcină pentru dispozitivul verity." -#: lib/setup.c:4959 +#: lib/setup.c:5950 msgid "Cannot retrieve volume key for BITLK device." msgstr "Nu se poate recupera cheia de volum pentru dispozitivul BITLK." -#: lib/setup.c:4964 +#: lib/setup.c:5955 msgid "Cannot retrieve volume key for FVAULT2 device." msgstr "Nu se poate recupera cheia de volum pentru dispozitivul FVAULT2." -#: lib/setup.c:4966 +#: lib/setup.c:5957 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Această operaÈ›ie nu este acceptată pentru dispozitivul criptat %s." -#: lib/setup.c:5147 lib/setup.c:5158 +#: lib/setup.c:6141 lib/setup.c:6152 msgid "Dump operation is not supported for this device type." msgstr "OperaÈ›ia de descărcare nu este acceptată pentru acest tip de dispozitiv." -#: lib/setup.c:5500 +#: lib/setup.c:6511 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Decalajul datelor nu este multiplu de %u octeÈ›i." -#: lib/setup.c:5788 +#: lib/setup.c:6819 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Nu se poate converti dispozitivul %s care este încă în uz." -#: lib/setup.c:6098 lib/setup.c:6237 +#: lib/setup.c:7117 lib/setup.c:7256 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Nu s-a putut atribui slotul %u ca nouă cheie de volum." -#: lib/setup.c:6122 +#: lib/setup.c:7141 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Nu s-au putut iniÈ›ializa parametrii impliciÈ›i pentru slotul de cheie LUKS2." -#: lib/setup.c:6128 +#: lib/setup.c:7147 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Nu s-a putut aloca slotul de cheie %d pentru a digera." -#: lib/setup.c:6353 +#: lib/setup.c:7372 msgid "Cannot add key slot, all slots disabled and no volume key provided." msgstr "Nu se poate adăuga slotul pentru cheie, toate sloturile sunt dezactivate È™i nu este furnizată nicio cheie pentru volum." -#: lib/setup.c:6490 -msgid "Kernel keyring is not supported by the kernel." -msgstr "Inelul de chei pentru nucleu nu este acceptat de nucleu actual." +#: lib/setup.c:7441 lib/verity/verity.c:343 +msgid "Failed to load key in kernel keyring." +msgstr "Nu s-a putut încărca cheia în inelul de chei al nucleului." + +#: lib/setup.c:7559 +msgid "Failed to unlink volume key from thread keyring." +msgstr "Nu s-a putut dezlega cheia de la inelul de chei al firului." -#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 +#: lib/setup.c:7586 #, c-format -msgid "Failed to read passphrase from keyring (error %d)." -msgstr "Nu s-a putut citi expresia de acces din inelul de chei (eroarea %d)." +msgid "Could not find keyring described by \"%s\"." +msgstr "Nu s-a putut găsi inelul de chei descris de „%sâ€." -#: lib/setup.c:6523 +#: lib/setup.c:7645 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Nu s-a putut obÈ›ine blocarea de serializare a accesului la memoria-hardwarw globală." -#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 +#: lib/utils.c:205 lib/tcrypt/tcrypt.c:503 msgid "Failed to open key file." msgstr "Nu s-a putut deschide fiÈ™ierul cheii." -#: lib/utils.c:163 +#: lib/utils.c:210 msgid "Cannot read keyfile from a terminal." msgstr "Nu se poate citi fiÈ™ierul de cheie de la un terminal." -#: lib/utils.c:179 +#: lib/utils.c:226 msgid "Failed to stat key file." msgstr "Nu s-a putut obÈ›ine starea fiÈ™ierului de cheie." -#: lib/utils.c:187 lib/utils.c:208 +#: lib/utils.c:234 lib/utils.c:255 msgid "Cannot seek to requested keyfile offset." msgstr "Nu se poate căuta poziÈ›ia fiÈ™ierului de cheie solicitat." -#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 -#: src/utils_password.c:237 +#: lib/utils.c:249 lib/utils.c:264 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "Memoria epuizată în timpul citirii frazei de acces." -#: lib/utils.c:237 +#: lib/utils.c:284 msgid "Error reading passphrase." msgstr "Eroare la citirea frazei de acces." -#: lib/utils.c:254 +#: lib/utils.c:301 msgid "Nothing to read on input." msgstr "Nimic de citit la intrare." -#: lib/utils.c:261 +#: lib/utils.c:308 msgid "Maximum keyfile size exceeded." msgstr "Dimensiunea maximă a fiÈ™ierului de cheie a fost depășită." -#: lib/utils.c:266 +#: lib/utils.c:313 msgid "Cannot read requested amount of data." msgstr "Nu se poate citi cantitatea de date solicitată." -#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 +#: lib/utils_device.c:213 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1461 #, c-format msgid "Device %s does not exist or access denied." msgstr "Dispozitivul %s nu există sau accesul a fost refuzat." -#: lib/utils_device.c:217 +#: lib/utils_device.c:223 #, c-format msgid "Device %s is not compatible." msgstr "Dispozitivul %s nu este compatibil." -#: lib/utils_device.c:561 +#: lib/utils_device.c:567 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "Se ignoră dimensiunea optimă de transfer de date falsă pentru dispozitivul de date (%u octeÈ›i)." -#: lib/utils_device.c:722 +#: lib/utils_device.c:728 #, c-format msgid "Device %s is too small. Need at least %<PRIu64> bytes." msgstr "Dispozitivul %s este prea mic. AveÈ›i nevoie de cel puÈ›in %<PRIu64> octeÈ›i." -#: lib/utils_device.c:803 +#: lib/utils_device.c:809 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Nu se poate utiliza dispozitivul %s care este în uz (deja cartografiat sau montat)." -#: lib/utils_device.c:807 +#: lib/utils_device.c:813 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Nu se poate utiliza dispozitivul %s, permisiune refuzată." -#: lib/utils_device.c:810 +#: lib/utils_device.c:816 #, c-format msgid "Cannot get info about device %s." msgstr "Nu se pot obÈ›ine informaÈ›ii despre dispozitivul %s." -#: lib/utils_device.c:833 +#: lib/utils_device.c:839 msgid "Cannot use a loopback device, running as non-root user." msgstr "Nu se poate utiliza un dispozitiv loopback, deoarece programul nu rulează cu privilegii de root." -#: lib/utils_device.c:844 +#: lib/utils_device.c:850 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "AtaÈ™area dispozitivului de loopback a eÈ™uat (este necesar un dispozitiv de buclă cu fanion de È™tergere automată)." -#: lib/utils_device.c:892 +#: lib/utils_device.c:898 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Decalajul solicitat depășeÈ™te dimensiunea reală a dispozitivului %s." -#: lib/utils_device.c:900 +#: lib/utils_device.c:906 #, c-format msgid "Device %s has zero size." msgstr "Dispozitivul %s are dimensiune zero." -#: lib/utils_pbkdf.c:100 +#: lib/utils_pbkdf.c:116 msgid "Requested PBKDF target time cannot be zero." msgstr "Ora specificată pentru PBKDF nu poate fi zero." -#: lib/utils_pbkdf.c:106 +#: lib/utils_pbkdf.c:122 #, c-format msgid "Unknown PBKDF type %s." msgstr "Tip PBKDF necunoscut %s." -#: lib/utils_pbkdf.c:111 +#: lib/utils_pbkdf.c:127 #, c-format msgid "Requested hash %s is not supported." msgstr "Suma de control solicitată %s nu este acceptată." -#: lib/utils_pbkdf.c:122 +#: lib/utils_pbkdf.c:138 msgid "Requested PBKDF type is not supported for LUKS1." msgstr "Tipul PBKDF solicitat nu este acceptat pentru LUKS1." -#: lib/utils_pbkdf.c:128 +#: lib/utils_pbkdf.c:144 msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "Memoria maximă PBKDF sau firele de execuÈ›ie paralele nu trebuie definite cu pbkdf2." -#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#: lib/utils_pbkdf.c:149 lib/utils_pbkdf.c:159 #, c-format msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "Numărul de iteraÈ›ii forÈ›ate este prea mic pentru %s (minimul este %u)." -#: lib/utils_pbkdf.c:148 +#: lib/utils_pbkdf.c:164 #, c-format msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." msgstr "Costul memoriei forÈ›ate este prea mic pentru %s (minimul este de %u kiloocteÈ›i)." -#: lib/utils_pbkdf.c:155 +#: lib/utils_pbkdf.c:171 #, c-format msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." msgstr "Costul maxim de memorie PBKDF solicitat este prea mare (maximul este de %d kiloocteÈ›i)." -#: lib/utils_pbkdf.c:160 +#: lib/utils_pbkdf.c:176 msgid "Requested maximum PBKDF memory cannot be zero." msgstr "Memoria PBKDF maximă solicitată nu poate fi zero." -#: lib/utils_pbkdf.c:164 +#: lib/utils_pbkdf.c:180 msgid "Requested PBKDF parallel threads cannot be zero." msgstr "Firele paralele de execuÈ›ie PBKDF solicitate nu pot fi zero." -#: lib/utils_pbkdf.c:184 +#: lib/utils_pbkdf.c:200 msgid "Only PBKDF2 is supported in FIPS mode." msgstr "Doar PBKDF2 este acceptat în modul FIPS." -#: lib/utils_benchmark.c:175 +#: lib/utils_benchmark.c:184 msgid "PBKDF benchmark disabled but iterations not set." msgstr "Testarea PBKDF este dezactivată, dar numărul de iteraÈ›ii nu este definit." -#: lib/utils_benchmark.c:194 +#: lib/utils_benchmark.c:203 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "OpÈ›iuni PBKDF2 incompatibile (folosind algoritmul de sumă de control %s)." -#: lib/utils_benchmark.c:214 +#: lib/utils_benchmark.c:223 msgid "Not compatible PBKDF options." msgstr "OpÈ›iuni PBKDF2 incompatibile." #: lib/utils_device_locking.c:101 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." -msgstr "Blocarea a fost anulată. Calea de blocare %s/%s este inutilizabilă (nu este un director sau lipseÈ™te)." +msgstr "Blocarea a fost anulată. Ruta de blocare %s/%s este inutilizabilă (nu este un director sau lipseÈ™te)." #: lib/utils_device_locking.c:118 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." -msgstr "Blocarea a fost anulată. Calea de blocare %s/%s este inutilizabilă (%s nu este un director)." +msgstr "Blocarea a fost anulată. Ruta de blocare %s/%s este inutilizabilă (%s nu este un director)." -#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: lib/utils_wipe.c:156 lib/utils_wipe.c:227 src/utils_reencrypt_luks1.c:734 #: src/utils_reencrypt_luks1.c:832 msgid "Cannot seek to device offset." msgstr "Nu se poate căuta la poziÈ›ia dispozitivului." -#: lib/utils_wipe.c:247 +#: lib/utils_wipe.c:249 #, c-format msgid "Device wipe error, offset %<PRIu64>." msgstr "Eroare de È™tergere a dispozitivului, decalaj %<PRIu64>." +#: lib/utils_wipe.c:344 +msgid "Incorrect OPAL PSID." +msgstr "PSID OPAL incorect." + +#: lib/utils_wipe.c:346 +msgid "Cannot erase OPAL device." +msgstr "Nu se poate È™terge dispozitivul OPAL." + #: lib/luks1/keyencryption.c:39 #, c-format msgid "" @@ -808,7 +912,7 @@ msgstr "SpecificaÈ›iile de cifrare ar trebui să fie în formatul [cifrarea]-[mo #: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 #: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 -#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 +#: lib/luks2/luks2_json_metadata.c:1528 lib/luks2/luks2_keyslot.c:712 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Nu se poate scrie în dispozitivul %s, permisiune refuzată." @@ -822,17 +926,17 @@ msgid "Failed to access temporary keystore device." msgstr "Nu s-a putut accesa dispozitivul pentru stocarea temporară a cheilor." #: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 -#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:197 msgid "IO error while encrypting keyslot." msgstr "Eroare de In/IeÈ™ în timpul criptării slotului de cheie." #: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 -#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:681 #: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 #: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 #: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 #: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 -#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: lib/luks2/luks2_json_metadata.c:1531 src/utils_reencrypt_luks1.c:121 #: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." @@ -854,32 +958,32 @@ msgstr "Dispozitivul %s este prea mic. (LUKS1 necesită cel puÈ›in %<PRIu64> oct msgid "LUKS keyslot %u is invalid." msgstr "Slotul de cheie LUKS %u nu este valid." -#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1391 #, c-format msgid "Requested header backup file %s already exists." msgstr "FiÈ™ierul de copie de rezervă pentru antetul solicitat %s există deja." -#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1393 #, c-format msgid "Cannot create header backup file %s." msgstr "Nu se poate crea fiÈ™ierul de copie de rezervă al antetului %s." -#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1400 #, c-format msgid "Cannot write header backup file %s." msgstr "Nu se poate scrie fiÈ™ierul de copie de rezervă al antetului %s." -#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1437 msgid "Backup file does not contain valid LUKS header." msgstr "FiÈ™ierul de copie de rezervă nu conÈ›ine antet LUKS valid." #: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 -#: lib/luks2/luks2_json_metadata.c:1420 +#: lib/luks2/luks2_json_metadata.c:1458 #, c-format msgid "Cannot open header backup file %s." msgstr "Nu se poate deschide fiÈ™ierul de copie de rezervă al antetului %s." -#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1466 #, c-format msgid "Cannot read header backup file %s." msgstr "Nu se poate citi fiÈ™ierul de copie de rezervă al antetului %s." @@ -901,7 +1005,7 @@ msgstr "nu conÈ›ine antetul LUKS. ÃŽnlocuirea antetului poate distruge datele de msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "conÈ›ine deja antetul LUKS. ÃŽnlocuirea antetului va distruge sloturile de chei existente." -#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1500 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -975,7 +1079,7 @@ msgstr "Modul de cifrare LUKS %s este nevalid." msgid "LUKS hash %s is invalid." msgstr "Suma de control(hash) LUKS %s nu este validă." -#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1352 msgid "No known problems detected for LUKS header." msgstr "Nu s-a detectat nicio problemă cunoscută pentru antetul LUKS." @@ -994,8 +1098,8 @@ msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "Decalajul datelor pentru antetul LUKS trebuie să fie 0 sau mai mare decât dimensiunea antetului." #: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 -#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 -#: src/utils_reencrypt.c:539 +#: lib/luks2/luks2_json_format.c:243 lib/luks2/luks2_json_metadata.c:1274 +#: src/utils_reencrypt.c:554 msgid "Wrong LUKS UUID format provided." msgstr "Formatul UUID LUKS furnizat este greÈ™it." @@ -1032,7 +1136,7 @@ msgstr "Nu se poate deschide slotul de cheie (folosind suma de control(hash) %s) msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Slotul de cheie %d nu este valid, selectaÈ›i slotul de cheie între 0 È™i %d." -#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:716 #, c-format msgid "Cannot wipe device %s." msgstr "Nu se poate È™terge dispozitivul %s." @@ -1053,48 +1157,48 @@ msgstr "S-a detectat un fiÈ™ier de cheie loop-AES incompatibil." msgid "Kernel does not support loop-AES compatible mapping." msgstr "Nucleul nu acceptă asocierea compatibilă cu bucla loop-AES." -#: lib/tcrypt/tcrypt.c:508 +#: lib/tcrypt/tcrypt.c:510 #, c-format msgid "Error reading keyfile %s." msgstr "Eroare la citirea fiÈ™ierului de cheie %s." -#: lib/tcrypt/tcrypt.c:558 +#: lib/tcrypt/tcrypt.c:560 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Lungimea maximă a frazei de acces TCRYPT (%zu) a fost depășită." -#: lib/tcrypt/tcrypt.c:600 +#: lib/tcrypt/tcrypt.c:602 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "Algoritmul sumei de control(hash) PBKDF2 %s nu este disponibil, se omite." -#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1227 msgid "Required kernel crypto interface not available." msgstr "InterfaÈ›a necesară de criptare a nucleului nu este disponibilă." -#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 +#: lib/tcrypt/tcrypt.c:623 src/cryptsetup.c:1229 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "AsiguraÈ›i-vă că aveÈ›i modulul nucleului «algif_skcipher», încărcat." -#: lib/tcrypt/tcrypt.c:762 +#: lib/tcrypt/tcrypt.c:764 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Activarea nu este acceptată pentru dimensiunea sectorului de %d." -#: lib/tcrypt/tcrypt.c:768 +#: lib/tcrypt/tcrypt.c:770 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Nucleul nu acceptă activarea pentru acest mod vechi TCRYPT." -#: lib/tcrypt/tcrypt.c:799 +#: lib/tcrypt/tcrypt.c:801 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Se activează criptarea sistemului TCRYPT pentru partiÈ›ia %s." -#: lib/tcrypt/tcrypt.c:882 +#: lib/tcrypt/tcrypt.c:884 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Nucleul nu acceptă asocierea compatibilă cu TCRYPT." -#: lib/tcrypt/tcrypt.c:1095 +#: lib/tcrypt/tcrypt.c:1097 msgid "This function is not supported without TCRYPT header load." msgstr "Această funcÈ›ie nu este acceptată fără încărcarea antetului TCRYPT." @@ -1153,74 +1257,74 @@ msgstr "Nu s-au putut citi intrările de metadate BITLK de la %s." msgid "Failed to convert BITLK volume description" msgstr "Nu s-a putut converti descrierea volumului BITLK" -#: lib/bitlk/bitlk.c:882 +#: lib/bitlk/bitlk.c:884 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Tip neaÈ™teptat de intrare de metadate „%u†găsit la analizarea cheii externe." -#: lib/bitlk/bitlk.c:905 +#: lib/bitlk/bitlk.c:907 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "GUID-ul fiÈ™ierului BEK „%sâ€, nu se potriveÈ™te cu GUID-ul volumului." -#: lib/bitlk/bitlk.c:909 +#: lib/bitlk/bitlk.c:911 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "Valoare neaÈ™teptată a intrării metadatelor „%uâ€, a fost găsită la analizarea cheii externe." -#: lib/bitlk/bitlk.c:948 +#: lib/bitlk/bitlk.c:950 #, c-format msgid "Unsupported BEK metadata version %<PRIu32>" msgstr "Versiune neacceptată de metadate BEK %<PRIu32>" -#: lib/bitlk/bitlk.c:953 +#: lib/bitlk/bitlk.c:955 #, c-format msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length" msgstr "Dimensiune neaÈ™teptată a metadatelor BEK %<PRIu32>, nu se potriveÈ™te cu lungimea fiÈ™ierului BEK" -#: lib/bitlk/bitlk.c:979 +#: lib/bitlk/bitlk.c:981 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Intrare neaÈ™teptată de metadate găsită la analizarea cheii de pornire." -#: lib/bitlk/bitlk.c:1075 +#: lib/bitlk/bitlk.c:1076 msgid "This operation is not supported." msgstr "Această operaÈ›ie nu este acceptată." -#: lib/bitlk/bitlk.c:1083 +#: lib/bitlk/bitlk.c:1084 msgid "Unexpected key data size." msgstr "Dimensiune neaÈ™teptată a datelor cheii." -#: lib/bitlk/bitlk.c:1209 +#: lib/bitlk/bitlk.c:1210 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Acest dispozitiv BITLK este într-o stare neacceptată È™i nu poate fi activat." -#: lib/bitlk/bitlk.c:1214 +#: lib/bitlk/bitlk.c:1215 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "Dispozitivele BITLK de tip „%s†nu pot fi activate." -#: lib/bitlk/bitlk.c:1221 +#: lib/bitlk/bitlk.c:1222 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Activarea dispozitivului BITLK parÈ›ial decriptat nu este acceptată." -#: lib/bitlk/bitlk.c:1262 +#: lib/bitlk/bitlk.c:1263 #, c-format msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>" msgstr "AVERTISMENT: dimensiunea volumului BitLocker %<PRIu64> nu se potriveÈ™te cu dimensiunea dispozitivului subiacent %<PRIu64>" -#: lib/bitlk/bitlk.c:1389 +#: lib/bitlk/bitlk.c:1390 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Nu se poate activa dispozitivul, modulul nucleului «dm-crypt» nu are suport pentru BITLK IV." -#: lib/bitlk/bitlk.c:1393 +#: lib/bitlk/bitlk.c:1394 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Dispozitivul nu poate fi activat, modulul nucleului «dm-crypt» nu are suport pentru difuzorul BITLK Elephant." -#: lib/bitlk/bitlk.c:1397 +#: lib/bitlk/bitlk.c:1398 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." -msgstr "Dispozitivul nu poate fi activat, kernel-ul dm-crypt nu are suport pentru dimensiune mare a sectorului." +msgstr "Dispozitivul nu poate fi activat, nucleul dm-crypt nu are suport pentru dimensiune mare a sectorului." -#: lib/bitlk/bitlk.c:1401 +#: lib/bitlk/bitlk.c:1402 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Dispozitivul nu se poate activa, modulul nucleului, «dm-zero», lipseÈ™te." @@ -1258,28 +1362,32 @@ msgstr "Formatul UUID VERITY furnizat pe dispozitivul %s este greÈ™it." msgid "Error during update of verity header on device %s." msgstr "Eroare la actualizarea antetului Verity pe dispozitivul %s." -#: lib/verity/verity.c:278 +#: lib/verity/verity.c:274 msgid "Root hash signature verification is not supported." msgstr "Verificarea semnăturii sumei de verificare(hash) rădăcină nu este acceptată." -#: lib/verity/verity.c:290 +#: lib/verity/verity.c:279 +msgid "Root hash signature required." +msgstr "Este necesară semnătura de sumă de control rădăcină." + +#: lib/verity/verity.c:294 msgid "Errors cannot be repaired with FEC device." msgstr "Erorile nu pot fi reparate cu dispozitivul FEC." -#: lib/verity/verity.c:292 +#: lib/verity/verity.c:296 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "S-au găsit %u erori reparabile cu dispozitivul FEC." -#: lib/verity/verity.c:335 +#: lib/verity/verity.c:377 msgid "Kernel does not support dm-verity mapping." msgstr "Nucleul nu acceptă asocierea dm-verity." -#: lib/verity/verity.c:339 +#: lib/verity/verity.c:381 msgid "Kernel does not support dm-verity signature option." msgstr "Nucleul nu acceptă opÈ›iunea de semnătură dm-verity." -#: lib/verity/verity.c:350 +#: lib/verity/verity.c:392 msgid "Verity device detected corruption after activation." msgstr "Dispozitivul verity a detectat corupÈ›ie după activare." @@ -1373,7 +1481,7 @@ msgstr "Nu s-a putut determina dimensiunea pentru dispozitivul %s." msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." msgstr "Metadate incompatibile cu modulul nucleului «dm-integrity» (versiunea %u) detectate pe %s." -#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:454 msgid "Kernel does not support dm-integrity mapping." msgstr "Nucleul nu acceptă asocierea dm-integrity." @@ -1385,8 +1493,8 @@ msgstr "Nucleul nu acceptă alinierea metadatelor fixe dm-integrity." msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Nucleul refuză să activeze opÈ›iunea de recalculare nesigură (consultaÈ›i opÈ›iunile de activare vechi pentru a le înlocui)." -#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 -#: lib/luks2/luks2_json_metadata.c:1482 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1197 +#: lib/luks2/luks2_json_metadata.c:1520 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Nu s-a putut obÈ›ine blocarea la scriere pe dispozitivul %s." @@ -1403,49 +1511,59 @@ msgstr "" "Dispozitivul conÈ›ine semnături ambigue, nu se poate recupera automat LUKS2.\n" "RulaÈ›i «cryptsetup repair» pentru recuperare." -#: lib/luks2/luks2_json_format.c:229 +#: lib/luks2/luks2_json_format.c:231 +#, c-format +msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "AVERTISMENT: zona sloturilor de chei (%<PRIu64> octeÈ›i) este foarte mică, numărul de sloturi de chei LUKS2 disponibil este foarte limitat.\n" + +#: lib/luks2/luks2_json_format.c:427 msgid "Requested data offset is too small." msgstr "Decalajul de date solicitat este prea mic." -#: lib/luks2/luks2_json_format.c:274 +#: lib/luks2/luks2_json_format.c:468 #, c-format -msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" -msgstr "AVERTISMENT: zona sloturilor de chei (%<PRIu64> octeÈ›i) este foarte mică, numărul de sloturi de chei LUKS2 disponibil este foarte limitat.\n" +msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" +msgstr "AVERTISMENT: dimensiunea metadatelor LUKS2 s-a schimbat la %<PRIu64> octeÈ›i.\n" -#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 -#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_json_format.c:472 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" +msgstr "AVERTISMENT: dimensiunea zonei sloturilor de chei LUKS2 s-a schimbat la %<PRIu64> octeÈ›i.\n" + +#: lib/luks2/luks2_json_metadata.c:1184 lib/luks2/luks2_json_metadata.c:1366 +#: lib/luks2/luks2_json_metadata.c:1426 lib/luks2/luks2_keyslot_luks2.c:94 #: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Nu s-a putut obÈ›ine blocarea pentru citire pe dispozitivul %s." -#: lib/luks2/luks2_json_metadata.c:1405 +#: lib/luks2/luks2_json_metadata.c:1443 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "CerinÈ›e LUKS2 interzise detectate în copia de rezervă %s." -#: lib/luks2/luks2_json_metadata.c:1446 +#: lib/luks2/luks2_json_metadata.c:1484 msgid "Data offset differ on device and backup, restore failed." msgstr "Decalajul datelor diferă între dispozitiv È™i copia de rezervă, restaurare eÈ™uată." -#: lib/luks2/luks2_json_metadata.c:1452 +#: lib/luks2/luks2_json_metadata.c:1490 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Antetul binar cu dimensiunea zonelor sloturilor pentru chei diferă între dispozitiv È™i copia de rezervă, restaurare eÈ™uată." -#: lib/luks2/luks2_json_metadata.c:1459 +#: lib/luks2/luks2_json_metadata.c:1497 #, c-format msgid "Device %s %s%s%s%s" msgstr "Dispozitiv %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1460 +#: lib/luks2/luks2_json_metadata.c:1498 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "nu conÈ›ine antetul LUKS2. ÃŽnlocuirea antetului poate distruge datele de pe acest dispozitiv." -#: lib/luks2/luks2_json_metadata.c:1461 +#: lib/luks2/luks2_json_metadata.c:1499 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "conÈ›ine deja antetul LUKS2. ÃŽnlocuirea antetului va distruge sloturile de chei existente." -#: lib/luks2/luks2_json_metadata.c:1463 +#: lib/luks2/luks2_json_metadata.c:1501 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1455,7 +1573,7 @@ msgstr "" "AVERTISMENT: cerinÈ›e necunoscute LUKS2 detectate în antetul dispozitivului real!\n" "ÃŽnlocuirea antetului cu copia de rezervă poate deteriora datele de pe acest dispozitiv!" -#: lib/luks2/luks2_json_metadata.c:1465 +#: lib/luks2/luks2_json_metadata.c:1503 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1465,58 +1583,92 @@ msgstr "" "AVERTISMENT: Recriptare „offline†nefinalizată detectată pe dispozitiv!\n" "ÃŽnlocuirea antetului cu copia de rezervă poate deteriora datele." -#: lib/luks2/luks2_json_metadata.c:1562 +#: lib/luks2/luks2_json_metadata.c:1600 #, c-format msgid "Ignored unknown flag %s." msgstr "S-a ignorat fanionul necunoscut %s." -#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 +#: lib/luks2/luks2_json_metadata.c:2525 lib/luks2/luks2_reencrypt.c:2090 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "LipseÈ™te cheia pentru segmentul dm-crypt %u" -#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 +#: lib/luks2/luks2_json_metadata.c:2537 lib/luks2/luks2_reencrypt.c:2104 msgid "Failed to set dm-crypt segment." msgstr "Nu s-a putut definii segmentul dm-crypt." -#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 +#: lib/luks2/luks2_json_metadata.c:2543 lib/luks2/luks2_reencrypt.c:2110 msgid "Failed to set dm-linear segment." msgstr "Nu s-a putut definii segmentul dm-linear." -#: lib/luks2/luks2_json_metadata.c:2615 +#: lib/luks2/luks2_json_metadata.c:2662 src/utils_reencrypt.c:433 +msgid "No known cipher specification pattern detected in LUKS2 header." +msgstr "Nu s-a detectat niciun model de specificaÈ›ie de cifrare cunoscut în antetul LUKS2." + +#: lib/luks2/luks2_json_metadata.c:2670 +msgid "OPAL device must have static device size." +msgstr "Dispozitivul OPAL trebuie să aibă dimensiunea dispozitivului statică." + +#: lib/luks2/luks2_json_metadata.c:2690 +msgid "Encrypted OPAL device with integrity must be smaller than locking range." +msgstr "Dispozitivul OPAL criptat cu integritate trebuie să fie mai mic decât intervalul de blocare." + +#: lib/luks2/luks2_json_metadata.c:2695 +msgid "OPAL device must have same size as locking range." +msgstr "Dispozitivul OPAL trebuie să aibă aceeaÈ™i dimensiune ca È™i intervalul de blocare." + +#: lib/luks2/luks2_json_metadata.c:2715 +#, c-format +msgid "OPAL device is %s already unlocked.\n" +msgstr "Dispozitivul OPAL %s este deja deblocat.\n" + +#: lib/luks2/luks2_json_metadata.c:2748 msgid "Unsupported device integrity configuration." msgstr "ConfiguraÈ›ie de integritate a dispozitivului neacceptată." -#: lib/luks2/luks2_json_metadata.c:2701 +#: lib/luks2/luks2_json_metadata.c:2764 +msgid "Underlying dm-integrity device with unexpected provided data sectors." +msgstr "Dispozitiv dm-integrity subiacent cu sectoare de date neaÈ™teptate furnizate." + +#: lib/luks2/luks2_json_metadata.c:2859 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Recriptare în curs. Nu se poate dezactiva dispozitivul." -#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 +#: lib/luks2/luks2_json_metadata.c:2870 lib/luks2/luks2_reencrypt.c:4159 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Nu s-a putut înlocui dispozitivul suspendat %s cu È›inta dm-error." -#: lib/luks2/luks2_json_metadata.c:2792 +#: lib/luks2/luks2_json_metadata.c:2939 lib/luks2/luks2_json_metadata.c:2961 +#, c-format +msgid "Device %s was deactivated but hardware OPAL device cannot be locked." +msgstr "Dispozitivul %s a fost dezactivat, dar dispozitivul hardware OPAL nu poate fi blocat." + +#: lib/luks2/luks2_json_metadata.c:2980 msgid "Failed to read LUKS2 requirements." msgstr "Nu s-au putut citi cerinÈ›ele LUKS2." -#: lib/luks2/luks2_json_metadata.c:2799 +#: lib/luks2/luks2_json_metadata.c:2987 msgid "Unmet LUKS2 requirements detected." msgstr "Au fost detectate cerinÈ›e LUKS2 neîndeplinite." -#: lib/luks2/luks2_json_metadata.c:2807 +#: lib/luks2/luks2_json_metadata.c:2995 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "OperaÈ›ie incompatibilă cu dispozitivul marcat pentru recriptare învechită. Se abandonează." -#: lib/luks2/luks2_json_metadata.c:2809 +#: lib/luks2/luks2_json_metadata.c:2997 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "OperaÈ›ie incompatibilă cu dispozitivul marcat pentru recriptare LUKS2. Se abandonează." -#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 +#: lib/luks2/luks2_json_metadata.c:2999 +msgid "Operation incompatible with device using OPAL. Aborting." +msgstr "OperaÈ›ie incompatibilă cu dispozitivul care utilizează OPAL. Se abandonează." + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:602 msgid "Not enough available memory to open a keyslot." msgstr "Nu există suficientă memorie disponibilă pentru a deschide un slot de cheie." -#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:604 msgid "Keyslot open failed." msgstr "Deschiderea slotului de cheie a eÈ™uat." @@ -1525,330 +1677,342 @@ msgstr "Deschiderea slotului de cheie a eÈ™uat." msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Nu se poate utiliza cifrul %s-%s pentru criptarea slotului de cheie." -#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:404 +#: lib/luks2/luks2_keyslot_reenc.c:447 lib/luks2/luks2_reencrypt.c:2714 #, c-format msgid "Hash algorithm %s is not available." msgstr "Algoritmul sumei de control(hash) %s nu este disponibil." -#: lib/luks2/luks2_keyslot_luks2.c:510 +#: lib/luks2/luks2_keyslot_luks2.c:371 +msgid "Warning: keyslot operation could fail as it requires more than available memory.\n" +msgstr "Avertisment: operaÈ›ia pe slotul de chei poate eÈ™ua, deoarece necesită mai mult decât memoria disponibilă.\n" + +#: lib/luks2/luks2_keyslot_luks2.c:520 msgid "No space for new keyslot." msgstr "Nu există spaÈ›iu pentru noul slot de cheie." -#: lib/luks2/luks2_keyslot_reenc.c:593 +#: lib/luks2/luks2_keyslot_reenc.c:596 msgid "Invalid reencryption resilience mode change requested." msgstr "A fost solicitată o schimbare incorectă a modului de adaptabilitate pentru recriptare." -#: lib/luks2/luks2_keyslot_reenc.c:714 +#: lib/luks2/luks2_keyslot_reenc.c:717 #, c-format msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes." msgstr "Nu se poate actualiza tipul de adaptabilitate. Tipul nou oferă numai %<PRIu64> octeÈ›i, spaÈ›iul necesar este: %<PRIu64> octeÈ›i." -#: lib/luks2/luks2_keyslot_reenc.c:724 +#: lib/luks2/luks2_keyslot_reenc.c:727 msgid "Failed to refresh reencryption verification digest." msgstr "Nu s-a putut reîmprospăta calcularea sumei de control de verificare a recriptării." -#: lib/luks2/luks2_luks1_convert.c:512 +#: lib/luks2/luks2_luks1_convert.c:545 #, c-format msgid "Cannot check status of device with uuid: %s." msgstr "Nu se poate verifica starea dispozitivului cu uuid: %s." -#: lib/luks2/luks2_luks1_convert.c:538 +#: lib/luks2/luks2_luks1_convert.c:571 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Nu s-a putut converti antetul cu metadate suplimentare LUKSMETA." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 +#: lib/luks2/luks2_luks1_convert.c:602 lib/luks2/luks2_reencrypt.c:3795 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "Nu se poate utiliza specificaÈ›ia de cifrare %s-%s pentru LUKS2." -#: lib/luks2/luks2_luks1_convert.c:584 +#: lib/luks2/luks2_luks1_convert.c:617 msgid "Unable to move keyslot area. Not enough space." msgstr "Nu se poate muta zona slotului pentru chei. SpaÈ›iu insuficient." -#: lib/luks2/luks2_luks1_convert.c:619 +#: lib/luks2/luks2_luks1_convert.c:652 msgid "Cannot convert to LUKS2 format - invalid metadata." msgstr "Nu se poate converti în format LUKS2 - metadate nevalide." -#: lib/luks2/luks2_luks1_convert.c:636 +#: lib/luks2/luks2_luks1_convert.c:669 msgid "Unable to move keyslot area. LUKS2 keyslots area too small." msgstr "Nu se poate muta zona slotului pentru chei. Zona sloturilor pentru chei LUKS2 este prea mică." -#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 +#: lib/luks2/luks2_luks1_convert.c:675 lib/luks2/luks2_luks1_convert.c:969 msgid "Unable to move keyslot area." msgstr "Nu se poate muta zona slotului pentru chei." -#: lib/luks2/luks2_luks1_convert.c:732 +#: lib/luks2/luks2_luks1_convert.c:765 msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." msgstr "Nu se poate converti în format LUKS1 - dimensiunea implicită a sectorului de criptare al segmentului nu este de 512 octeÈ›i." -#: lib/luks2/luks2_luks1_convert.c:740 +#: lib/luks2/luks2_luks1_convert.c:773 msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "Nu se poate converti în formatul LUKS1 - calcularea sumelor de control ale slotului de cheie nu este compatibilă cu LUKS1." -#: lib/luks2/luks2_luks1_convert.c:752 +#: lib/luks2/luks2_luks1_convert.c:785 #, c-format msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "Nu se poate converti în formatul LUKS1 - dispozitivul foloseÈ™te cifrul de cheie încapsulat %s." -#: lib/luks2/luks2_luks1_convert.c:757 +#: lib/luks2/luks2_luks1_convert.c:790 msgid "Cannot convert to LUKS1 format - device uses more segments." msgstr "Nu se poate converti în formatul LUKS1 - dispozitivul utilizează mai multe segmente." -#: lib/luks2/luks2_luks1_convert.c:765 +#: lib/luks2/luks2_luks1_convert.c:798 #, c-format msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "Nu se poate converti în formatul LUKS1 - antetul LUKS2 conÈ›ine %u jetoane(tokens)." -#: lib/luks2/luks2_luks1_convert.c:779 +#: lib/luks2/luks2_luks1_convert.c:812 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "Nu se poate converti în formatul LUKS1 - slotul de cheie %u este într-o stare nevalidă." -#: lib/luks2/luks2_luks1_convert.c:784 +#: lib/luks2/luks2_luks1_convert.c:817 #, c-format msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." msgstr "Nu se poate converti în formatul LUKS1 - slotul %u (peste sloturile maxime) este încă activ." -#: lib/luks2/luks2_luks1_convert.c:789 +#: lib/luks2/luks2_luks1_convert.c:822 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Nu se poate converti în formatul LUKS1 - slotul de cheie %u nu este compatibil cu LUKS1." -#: lib/luks2/luks2_reencrypt.c:1152 +#: lib/luks2/luks2_reencrypt.c:1181 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Dimensiunea zonei „fierbinÈ›i†(active) trebuie să fie multiplu al alinierii zonei calculate (%zu octeÈ›i)." -#: lib/luks2/luks2_reencrypt.c:1157 +#: lib/luks2/luks2_reencrypt.c:1186 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Dimensiunea dispozitivului trebuie să fie multiplu al alinierii zonei calculate (%zu octeÈ›i)." -#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 -#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 -#: lib/luks2/luks2_reencrypt.c:3877 +#: lib/luks2/luks2_reencrypt.c:1393 lib/luks2/luks2_reencrypt.c:1580 +#: lib/luks2/luks2_reencrypt.c:1663 lib/luks2/luks2_reencrypt.c:1705 +#: lib/luks2/luks2_reencrypt.c:3954 msgid "Failed to initialize old segment storage wrapper." msgstr "Nu s-a putut iniÈ›ializa vechea încapsulare de stocare a segmentului." -#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 +#: lib/luks2/luks2_reencrypt.c:1407 lib/luks2/luks2_reencrypt.c:1558 msgid "Failed to initialize new segment storage wrapper." msgstr "Nu s-a putut iniÈ›ializa noua încapsulare de stocare a segmentului." -#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 +#: lib/luks2/luks2_reencrypt.c:1534 lib/luks2/luks2_reencrypt.c:3966 msgid "Failed to initialize hotzone protection." msgstr "Nu s-a putut iniÈ›ializa protecÈ›ia zonei „fierbinÈ›i†(active)." -#: lib/luks2/luks2_reencrypt.c:1578 +#: lib/luks2/luks2_reencrypt.c:1607 msgid "Failed to read checksums for current hotzone." msgstr "Nu s-au putut citii sumele de control pentru zona „fierbinte†(activă) actuală." -#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:1614 lib/luks2/luks2_reencrypt.c:3980 #, c-format msgid "Failed to read hotzone area starting at %<PRIu64>." msgstr "Nu s-a putut citi zona „fierbinte†(activă) începând cu %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:1604 +#: lib/luks2/luks2_reencrypt.c:1633 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Nu s-a putut decripta sectorul %zu." -#: lib/luks2/luks2_reencrypt.c:1610 +#: lib/luks2/luks2_reencrypt.c:1639 #, c-format msgid "Failed to recover sector %zu." msgstr "Nu s-a putut recupera sectorul %zu." -#: lib/luks2/luks2_reencrypt.c:2174 +#: lib/luks2/luks2_reencrypt.c:2203 #, c-format msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>." msgstr "Dimensiunile dispozitivelor sursă È™i È›intă nu se potrivesc. Sursa %<PRIu64>, È›inta: %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2272 +#: lib/luks2/luks2_reencrypt.c:2301 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Nu s-a putut activa zona „fierbinte†(activă) a dispozitivului %s." -#: lib/luks2/luks2_reencrypt.c:2289 +#: lib/luks2/luks2_reencrypt.c:2318 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Nu s-a putut activa dispozitivul de suprapunere %s cu tabelul de origine actual." -#: lib/luks2/luks2_reencrypt.c:2296 +#: lib/luks2/luks2_reencrypt.c:2325 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Nu s-a putut încărca noua asociere pentru dispozitivul %s." -#: lib/luks2/luks2_reencrypt.c:2367 +#: lib/luks2/luks2_reencrypt.c:2396 msgid "Failed to refresh reencryption devices stack." msgstr "Nu s-a putut reîmprospăta stiva de dispozitive de recriptare." -#: lib/luks2/luks2_reencrypt.c:2550 +#: lib/luks2/luks2_reencrypt.c:2596 msgid "Failed to set new keyslots area size." msgstr "Nu s-a putut definii dimensiunea zonei noilor sloturi pentru chei." -#: lib/luks2/luks2_reencrypt.c:2686 +#: lib/luks2/luks2_reencrypt.c:2732 #, c-format msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "Valoarea deplasării datelor nu este aliniată la dimensiunea sectorului de criptare (%<PRIu32> octeÈ›i)." -#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 +#: lib/luks2/luks2_reencrypt.c:2769 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Modul de adaptabilitate neacceptat %s" -#: lib/luks2/luks2_reencrypt.c:2760 +#: lib/luks2/luks2_reencrypt.c:2806 msgid "Moved segment size can not be greater than data shift value." msgstr "Dimensiunea segmentului mutat nu poate fi mai mare decât valoarea deplasării de date." -#: lib/luks2/luks2_reencrypt.c:2802 +#: lib/luks2/luks2_reencrypt.c:2848 msgid "Invalid reencryption resilience parameters." msgstr "Parametri de adaptabilitate de recriptare nevalizi." -#: lib/luks2/luks2_reencrypt.c:2824 +#: lib/luks2/luks2_reencrypt.c:2870 #, c-format msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>." msgstr "Segmentul mutat este prea mare. Dimensiunea solicitată este de %<PRIu64>, iar spaÈ›iul disponibil pentru aceasta este de: %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2911 +#: lib/luks2/luks2_reencrypt.c:2957 msgid "Failed to clear table." msgstr "Nu s-a putut È™terge tabelul." -#: lib/luks2/luks2_reencrypt.c:2997 +#: lib/luks2/luks2_reencrypt.c:3043 msgid "Reduced data size is larger than real device size." msgstr "Dimensiunea redusă a datelor este mai mare decât dimensiunea dispozitivului real." -#: lib/luks2/luks2_reencrypt.c:3004 +#: lib/luks2/luks2_reencrypt.c:3050 #, c-format msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "Dispozitivul de date nu este aliniat la dimensiunea sectorului de criptare (%<PRIu32> octeÈ›i)." -#: lib/luks2/luks2_reencrypt.c:3038 +#: lib/luks2/luks2_reencrypt.c:3084 #, c-format msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)." msgstr "Deplasarea datelor (%<PRIu64> sectoare) este mai mică decât decalajul viitor al datelor (%<PRIu64> sectoare)." -#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 -#: lib/luks2/luks2_reencrypt.c:3554 +#: lib/luks2/luks2_reencrypt.c:3091 lib/luks2/luks2_reencrypt.c:3589 +#: lib/luks2/luks2_reencrypt.c:3610 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Nu s-a putut deschide %s în modul exclusiv (deja cartografiat sau montat)." -#: lib/luks2/luks2_reencrypt.c:3234 +#: lib/luks2/luks2_reencrypt.c:3280 msgid "Device not marked for LUKS2 reencryption." msgstr "Dispozitivul nu este marcat pentru recriptarea LUKS2." -#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 +#: lib/luks2/luks2_reencrypt.c:3297 lib/luks2/luks2_reencrypt.c:4271 msgid "Failed to load LUKS2 reencryption context." msgstr "Nu s-a putut încărca contextul de recriptare LUKS2." -#: lib/luks2/luks2_reencrypt.c:3331 +#: lib/luks2/luks2_reencrypt.c:3387 msgid "Failed to get reencryption state." msgstr "Nu s-a putut obÈ›ine stadiul recriptării." -#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 +#: lib/luks2/luks2_reencrypt.c:3391 lib/luks2/luks2_reencrypt.c:3705 msgid "Device is not in reencryption." msgstr "Dispozitivul nu se află în recriptare." -#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 +#: lib/luks2/luks2_reencrypt.c:3398 lib/luks2/luks2_reencrypt.c:3712 msgid "Reencryption process is already running." msgstr "Procesul de recriptare rulează deja." -#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 +#: lib/luks2/luks2_reencrypt.c:3400 lib/luks2/luks2_reencrypt.c:3714 msgid "Failed to acquire reencryption lock." msgstr "Nu s-a putut obÈ›ine blocarea pentru recriptare." -#: lib/luks2/luks2_reencrypt.c:3362 +#: lib/luks2/luks2_reencrypt.c:3418 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Nu se poate continua cu recriptarea. RulaÈ›i mai întâi recuperarea recriptării." -#: lib/luks2/luks2_reencrypt.c:3497 +#: lib/luks2/luks2_reencrypt.c:3553 msgid "Active device size and requested reencryption size don't match." msgstr "Dimensiunea dispozitivului activ È™i dimensiunea de recriptare solicitată nu se potrivesc." -#: lib/luks2/luks2_reencrypt.c:3511 +#: lib/luks2/luks2_reencrypt.c:3567 msgid "Illegal device size requested in reencryption parameters." msgstr "Dimensiunea dispozitivului solicitată în parametrii de recriptare este incorectă." -#: lib/luks2/luks2_reencrypt.c:3588 +#: lib/luks2/luks2_reencrypt.c:3644 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Recriptare în curs. Nu se poate efectua recuperarea." -#: lib/luks2/luks2_reencrypt.c:3757 +#: lib/luks2/luks2_reencrypt.c:3812 msgid "LUKS2 reencryption already initialized in metadata." msgstr "Recriptare LUKS2 deja iniÈ›ializată în metadate." -#: lib/luks2/luks2_reencrypt.c:3764 +#: lib/luks2/luks2_reencrypt.c:3819 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Nu s-a putut iniÈ›ializa recriptarea LUKS2 în metadate." -#: lib/luks2/luks2_reencrypt.c:3859 +#: lib/luks2/luks2_reencrypt.c:3872 lib/luks2/luks2_reencrypt.c:3907 +msgid "Reencryption is not supported for DAX (persistent memory) devices." +msgstr "Recriptarea nu este acceptată pentru dispozitivele DAX (memorie persistentă)." + +#: lib/luks2/luks2_reencrypt.c:3879 +msgid "Failed to read passphrase from keyring." +msgstr "Nu s-a putut citi expresia de acces din inelul de chei." + +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Nu s-au putut definii segmentele dispozitivului pentru următoarea zonă „fierbinte†(activă) de recriptare." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3988 msgid "Failed to write reencryption resilience metadata." msgstr "Nu s-au putut scrie metadatele adaptabilității recriptării." -#: lib/luks2/luks2_reencrypt.c:3918 +#: lib/luks2/luks2_reencrypt.c:3995 msgid "Decryption failed." msgstr "Decriptarea a eÈ™uat." -#: lib/luks2/luks2_reencrypt.c:3923 +#: lib/luks2/luks2_reencrypt.c:4000 #, c-format msgid "Failed to write hotzone area starting at %<PRIu64>." msgstr "Nu s-a putut scrie zona „fierbinte†(activă) începând de la %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:3928 +#: lib/luks2/luks2_reencrypt.c:4005 msgid "Failed to sync data." msgstr "Nu s-au putut sincroniza datele." -#: lib/luks2/luks2_reencrypt.c:3936 +#: lib/luks2/luks2_reencrypt.c:4013 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Nu s-au putut actualiza metadatele după finalizarea zonei „fierbinÈ›i†(active) de recriptare actuală." -#: lib/luks2/luks2_reencrypt.c:4025 +#: lib/luks2/luks2_reencrypt.c:4102 msgid "Failed to write LUKS2 metadata." msgstr "Nu s-au putut scrie metadatele LUKS2." -#: lib/luks2/luks2_reencrypt.c:4048 +#: lib/luks2/luks2_reencrypt.c:4125 msgid "Failed to wipe unused data device area." msgstr "Nu s-a putut È™terge zona nefolosită a dispozitivului de date." -#: lib/luks2/luks2_reencrypt.c:4054 +#: lib/luks2/luks2_reencrypt.c:4131 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "Nu s-a putut elimina slotul de cheie neutilizat (neasociat) %d." -#: lib/luks2/luks2_reencrypt.c:4064 +#: lib/luks2/luks2_reencrypt.c:4141 msgid "Failed to remove reencryption keyslot." msgstr "Nu s-a putut elimina slotul de cheie de recriptare." -#: lib/luks2/luks2_reencrypt.c:4074 +#: lib/luks2/luks2_reencrypt.c:4151 #, c-format msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long." msgstr "Eroare fatală la recriptarea porÈ›iunii începând de la %<PRIu64>, %<PRIu64> sectoare lungi." -#: lib/luks2/luks2_reencrypt.c:4078 +#: lib/luks2/luks2_reencrypt.c:4155 msgid "Online reencryption failed." msgstr "Recriptarea «online» a eÈ™uat." -#: lib/luks2/luks2_reencrypt.c:4083 +#: lib/luks2/luks2_reencrypt.c:4160 msgid "Do not resume the device unless replaced with error target manually." msgstr "Nu reluaÈ›i dispozitivul decât dacă este înlocuit manual cu È›inta erorii." -#: lib/luks2/luks2_reencrypt.c:4137 +#: lib/luks2/luks2_reencrypt.c:4212 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Nu se poate continua cu recriptarea. Stare neaÈ™teptată a recriptării." -#: lib/luks2/luks2_reencrypt.c:4143 +#: lib/luks2/luks2_reencrypt.c:4218 msgid "Missing or invalid reencrypt context." msgstr "Context de recriptare lipsă sau nevalid." -#: lib/luks2/luks2_reencrypt.c:4150 +#: lib/luks2/luks2_reencrypt.c:4225 msgid "Failed to initialize reencryption device stack." msgstr "Nu s-a putut iniÈ›ializa stiva dispozitivului de recriptare." -#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 +#: lib/luks2/luks2_reencrypt.c:4247 lib/luks2/luks2_reencrypt.c:4284 msgid "Failed to update reencryption context." msgstr "Nu s-a putut actualiza contextul de recriptare." @@ -1856,80 +2020,121 @@ msgstr "Nu s-a putut actualiza contextul de recriptare." msgid "Reencryption metadata is invalid." msgstr "Metadatele de recriptare sunt nevalide." +#: lib/luks2/hw_opal/hw_opal.c:335 +#, c-format +msgid "OPAL range %d offset %<PRIu64> does not match expected values %<PRIu64>." +msgstr "Intervalul OPAL %d poziÈ›ia %<PRIu64> nu se potriveÈ™te cu valorile aÈ™teptate %<PRIu64>." + +#: lib/luks2/hw_opal/hw_opal.c:344 +#, c-format +msgid "OPAL range %d length %<PRIu64> does not match device length %<PRIu64>." +msgstr "Intervalul OPAL %d lungime %<PRIu64> nu se potriveÈ™te cu lungimea dispozitivului %<PRIu64>." + +#: lib/luks2/hw_opal/hw_opal.c:351 +#, c-format +msgid "OPAL range %d locking is disabled." +msgstr "Intervalul OPAL %d de blocare este dezactivat." + +#: lib/luks2/hw_opal/hw_opal.c:361 lib/luks2/hw_opal/hw_opal.c:368 +#, c-format +msgid "Unexpected OPAL range %d lock state." +msgstr "Stare de blocare neaÈ™teptată a intervalului OPAL %d." + #: src/cryptsetup.c:85 msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Parametrii de criptare a slotului de cheie pot fi stabiliÈ›i numai pentru dispozitivul LUKS2." -#: src/cryptsetup.c:108 src/cryptsetup.c:1901 +#: src/cryptsetup.c:128 src/cryptsetup.c:2145 #, c-format msgid "Enter token PIN: " msgstr "IntroduceÈ›i codul PIN al jetonului: " -#: src/cryptsetup.c:110 src/cryptsetup.c:1903 +#: src/cryptsetup.c:130 src/cryptsetup.c:2147 #, c-format msgid "Enter token %d PIN: " msgstr "IntroduceÈ›i codul PIN al jetonului(token) %d: " -#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 -#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:188 src/cryptsetup.c:1174 src/cryptsetup.c:1515 +#: src/utils_reencrypt.c:1137 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Nu s-a detectat niciun model de specificaÈ›ie de cifrare cunoscut." -#: src/cryptsetup.c:167 +#: src/cryptsetup.c:198 +#, c-format +msgid "WARNING: Using default options for cipher (%s-%s, key size %u bits) that could be incompatible with older versions." +msgstr "AVERTISMENT: Se utilizează opÈ›iunile implicite pentru cifrare (%s-%s, dimensiunea cheii %u biÈ›i) care ar putea fi incompatibile cu versiunile mai vechi." + +#: src/cryptsetup.c:203 +#, c-format +msgid "WARNING: Using default options for hash (%s) that could be incompatible with older versions." +msgstr "AVERTISMENT: Se utilizează opÈ›iunile implicite pentru suma de control „hash†(%s) care ar putea fi incompatibile cu versiunile mai vechi." + +#: src/cryptsetup.c:207 +msgid "For plain mode, always use options --cipher, --key-size and if no keyfile is used, then also --hash." +msgstr "Pentru modul simplu, utilizaÈ›i întotdeauna opÈ›iunile „--cipherâ€, „--key-size†și dacă nu este folosit fiÈ™ierul de chei, atunci È™i opÈ›iunea „--hashâ€." + +#: src/cryptsetup.c:213 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" msgstr "AVERTISMENT: Parametrul „--hash†este ignorat în modul simplu, cu fiÈ™ierul de cheie specificat.\n" -#: src/cryptsetup.c:175 +#: src/cryptsetup.c:221 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" msgstr "AVERTISMENT: OpÈ›iunea „--keyfile-size†este ignorată, dimensiunea de citire este aceeaÈ™i cu dimensiunea cheii de criptare.\n" -#: src/cryptsetup.c:215 +#: src/cryptsetup.c:258 src/cryptsetup.c:1360 src/cryptsetup.c:1558 +#: src/integritysetup.c:197 src/utils_reencrypt.c:1346 +#, c-format +msgid "Blkid scan failed for %s." +msgstr "Scanarea «blkid» a eÈ™uat pentru %s." + +#: src/cryptsetup.c:264 #, c-format msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "S-au detectat semnături de dispozitiv pe %s. Continuarea operaÈ›iei, riscă să deterioreze datele existente." -#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 -#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 -#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 +#: src/cryptsetup.c:270 src/cryptsetup.c:1248 src/cryptsetup.c:1296 +#: src/cryptsetup.c:1367 src/cryptsetup.c:1492 src/cryptsetup.c:1570 +#: src/cryptsetup.c:2525 src/cryptsetup.c:2952 src/integritysetup.c:187 +#: src/utils_reencrypt.c:138 src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:764 msgid "Operation aborted.\n" msgstr "OperaÈ›ia se întrerupe.\n" -#: src/cryptsetup.c:294 +#: src/cryptsetup.c:343 msgid "Option --key-file is required." msgstr "OpÈ›iunea „--key-file†este necesară." -#: src/cryptsetup.c:345 +#: src/cryptsetup.c:394 msgid "Enter VeraCrypt PIM: " msgstr "IntroduceÈ›i PIM-ul VeraCrypt: " -#: src/cryptsetup.c:354 +#: src/cryptsetup.c:403 msgid "Invalid PIM value: parse error." msgstr "Valoare PIM nevalidă: eroare de analizare." -#: src/cryptsetup.c:357 +#: src/cryptsetup.c:406 msgid "Invalid PIM value: 0." msgstr "Valoare PIM nevalidă: 0." -#: src/cryptsetup.c:360 +#: src/cryptsetup.c:409 msgid "Invalid PIM value: outside of range." msgstr "Valoare PIM nevalidă: în afara intervalului." -#: src/cryptsetup.c:383 +#: src/cryptsetup.c:432 msgid "No device header detected with this passphrase." msgstr "Nu a fost detectat niciun antet de dispozitiv cu această frază de acces." -#: src/cryptsetup.c:456 src/cryptsetup.c:632 +#: src/cryptsetup.c:505 src/cryptsetup.c:681 #, c-format msgid "Device %s is not a valid BITLK device." msgstr "Dispozitivul %s nu este un dispozitiv BITLK valid." -#: src/cryptsetup.c:464 +#: src/cryptsetup.c:513 msgid "Cannot determine volume key size for BITLK, please use --key-size option." msgstr "Nu se poate determina dimensiunea cheii de volum pentru BITLK; utilizaÈ›i opÈ›iunea „--key-size†pentru a o furniza." -#: src/cryptsetup.c:506 +#: src/cryptsetup.c:555 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" @@ -1939,7 +2144,7 @@ msgstr "" "care permite accesul la partiÈ›ia criptată fără fraza de acces.\n" "Acest conÈ›inut ar trebui să fie întotdeauna stocat criptat într-un loc sigur." -#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 +#: src/cryptsetup.c:622 src/cryptsetup.c:703 src/cryptsetup.c:2550 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1949,103 +2154,110 @@ msgstr "" "care permite accesul la partiÈ›ia criptată fără fraza de acces.\n" "Acest conÈ›inut ar trebui să fie întotdeauna stocat criptat într-un loc sigur." -#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#: src/cryptsetup.c:758 src/cryptsetup.c:788 #, c-format msgid "Device %s is not a valid FVAULT2 device." msgstr "Dispozitivul %s nu este un dispozitiv FVAULT2 valid." -#: src/cryptsetup.c:747 +#: src/cryptsetup.c:796 msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." msgstr "Nu se poate determina dimensiunea cheii de volum pentru FVAULT2; utilizaÈ›i opÈ›iunea „--key-size†pentru a o furniza." -#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 +#: src/cryptsetup.c:850 src/veritysetup.c:323 src/integritysetup.c:409 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Dispozitivul %s este încă activ È™i programat pentru eliminare temporizată.\n" -#: src/cryptsetup.c:835 +#: src/cryptsetup.c:884 src/cryptsetup.c:1824 src/cryptsetup.c:2080 +#: src/cryptsetup.c:2234 src/cryptsetup.c:2681 src/cryptsetup.c:2763 +#: src/cryptsetup.c:3290 +#, c-format +msgid "Failed to set external tokens path %s." +msgstr "Nu s-a putut definii ruta jetoanelor(tokens) externe %s." + +#: src/cryptsetup.c:893 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Redimensionarea dispozitivului activ necesită cheia de volum în inelul de chei, dar opÈ›iunea „--disable-keyring†este furnizată." -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1053 msgid "Benchmark interrupted." msgstr "Testarea pentru evaluarea performanÈ›ei a fost întreruptă." -#: src/cryptsetup.c:1003 +#: src/cryptsetup.c:1074 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s (neaplicabil)\n" -#: src/cryptsetup.c:1005 +#: src/cryptsetup.c:1076 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u iteraÈ›ii pe secundă pentru cheia %zu-bit\n" -#: src/cryptsetup.c:1019 +#: src/cryptsetup.c:1090 #, c-format msgid "%-10s N/A\n" msgstr "%-10s (neaplicabil)\n" -#: src/cryptsetup.c:1021 +#: src/cryptsetup.c:1092 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u iteraÈ›ii, %5u memorie, %1u fire paralele (CPU-uri) pentru cheia %zu-bit (timpul necesitat %u ms)\n" -#: src/cryptsetup.c:1045 +#: src/cryptsetup.c:1116 msgid "Result of benchmark is not reliable." msgstr "Rezultatul testului de evaluare a performanÈ›ei nu este fiabil." -#: src/cryptsetup.c:1095 +#: src/cryptsetup.c:1166 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Testele sunt aproximative folosind doar memoria (fără In/IeÈ™ de stocare).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1115 +#: src/cryptsetup.c:1186 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Algoritm | Cheie | Criptare | Decriptare\n" -#: src/cryptsetup.c:1119 +#: src/cryptsetup.c:1190 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Cifrarea %s (cu cheie de %i biÈ›i) nu este disponibilă." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1138 +#: src/cryptsetup.c:1209 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Algoritm | Cheie | Criptare | Decriptare\n" -#: src/cryptsetup.c:1149 +#: src/cryptsetup.c:1220 msgid "N/A" msgstr "nedisponibil" -#: src/cryptsetup.c:1174 +#: src/cryptsetup.c:1245 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." msgstr "Au fost detectate metadate neprotejate de recriptare LUKS2. VerificaÈ›i că operaÈ›iunea de recriptare este de dorit (consultaÈ›i ieÈ™irea luksDump) È™i continuaÈ›i (să actualizaÈ›i metadatele) numai dacă recunoaÈ™teÈ›i operaÈ›ia ca fiind autentică." -#: src/cryptsetup.c:1180 +#: src/cryptsetup.c:1251 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "IntroduceÈ›i fraza de acces pentru a proteja È™i actualiza metadatele de recriptare: " -#: src/cryptsetup.c:1224 +#: src/cryptsetup.c:1295 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "ContinuaÈ›i cu adevărat cu recuperarea recriptării LUKS2?" -#: src/cryptsetup.c:1233 +#: src/cryptsetup.c:1304 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "IntroduceÈ›i fraza de acces pentru a verifica calcularea sumele de control a metadatelor de recriptare: " -#: src/cryptsetup.c:1235 +#: src/cryptsetup.c:1306 msgid "Enter passphrase for reencryption recovery: " msgstr "IntroduceÈ›i fraza de acces pentru recuperarea recriptării: " -#: src/cryptsetup.c:1290 +#: src/cryptsetup.c:1366 msgid "Really try to repair LUKS device header?" msgstr "ÃŽncercaÈ›i cu adevărat să reparaÈ›i antetul dispozitivului LUKS?" -#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1390 src/integritysetup.c:89 src/integritysetup.c:247 msgid "" "\n" "Wipe interrupted." @@ -2053,7 +2265,7 @@ msgstr "" "\n" "Ștergere întreruptă." -#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1395 src/integritysetup.c:94 src/integritysetup.c:284 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2061,128 +2273,144 @@ msgstr "" "Se È™terge dispozitivul pentru a iniÈ›ializa calcularea sumei de control a integrității.\n" "PuteÈ›i întrerupe acest lucru apăsând CTRL+c (restul dispozitivului care nu este È™ters va conÈ›ine o sumă de control nevalidă).\n" -#: src/cryptsetup.c:1341 src/integritysetup.c:116 +#: src/cryptsetup.c:1417 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Nu se poate dezactiva dispozitivul temporar %s." -#: src/cryptsetup.c:1392 +#: src/cryptsetup.c:1472 msgid "Integrity option can be used only for LUKS2 format." msgstr "OpÈ›iunea de integritate poate fi utilizată numai pentru formatul LUKS2." -#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 +#: src/cryptsetup.c:1477 src/cryptsetup.c:1542 msgid "Unsupported LUKS2 metadata size options." msgstr "OpÈ›iuni de dimensiune a metadatelor LUKS2 neacceptate." -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:1482 +msgid "OPAL is supported only for LUKS2 format." +msgstr "OPAL este acceptat numai pentru formatul LUKS2." + +#: src/cryptsetup.c:1491 msgid "Header file does not exist, do you want to create it?" msgstr "FiÈ™ierul antet nu există, doriÈ›i să îl creaÈ›i?" -#: src/cryptsetup.c:1414 +#: src/cryptsetup.c:1499 #, c-format msgid "Cannot create header file %s." msgstr "Nu se poate crea fiÈ™ierul antet %s." -#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 -#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 -#: src/integritysetup.c:333 +#: src/cryptsetup.c:1522 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:324 src/integritysetup.c:332 +#: src/integritysetup.c:342 msgid "No known integrity specification pattern detected." msgstr "Nu a fost detectat niciun model de specificaÈ›ie de integritate cunoscut." -#: src/cryptsetup.c:1450 +#: src/cryptsetup.c:1535 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Nu se poate folosi %s ca antet pe disc." -#: src/cryptsetup.c:1474 src/integritysetup.c:181 +#: src/cryptsetup.c:1564 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Acest lucru va suprascrie datele de pe %s în mod irevocabil." -#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 -#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1601 +msgid "OPAL Admin password cannot be empty." +msgstr "Parola de administrator OPAL nu poate fi goală." + +#: src/cryptsetup.c:1615 src/cryptsetup.c:2097 src/cryptsetup.c:2247 +#: src/cryptsetup.c:2407 src/cryptsetup.c:2473 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Nu s-au putut definii parametrii pbkdf." -#: src/cryptsetup.c:1593 +#: src/cryptsetup.c:1745 +msgid "Type specification in --link-vk-to-keyring keyring specification is ignored." +msgstr "SpecificaÈ›ia tipului din specificaÈ›ia pentru inelul de chei „--link-vk-to-keyring†este ignorată." + +#: src/cryptsetup.c:1765 +msgid "Invalid --link-vk-to-keyring value." +msgstr "Valoare nevalidă a opÈ›iunii „--link-vk-to-keyringâ€." + +#: src/cryptsetup.c:1805 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Decalajul redus de date este permis numai pentru antetul LUKS detaÈ™at." -#: src/cryptsetup.c:1600 +#: src/cryptsetup.c:1812 #, c-format msgid "LUKS file container %s is too small for activation, there is no remaining space for data." msgstr "Containerul de fiÈ™iere LUKS %s este prea mic pentru activare, nu mai rămâne spaÈ›iu pentru date." -#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 +#: src/cryptsetup.c:1839 src/cryptsetup.c:2253 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Nu se poate determina dimensiunea cheii de volum pentru LUKS fără sloturi de chei; folosiÈ›i opÈ›iunea „--key-size†pentru a furniza aceste date." -#: src/cryptsetup.c:1658 +#: src/cryptsetup.c:1890 msgid "Device activated but cannot make flags persistent." msgstr "Dispozitivul a fost activat, dar nu se poate face ca fanioanele să fie persistente." -#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 +#: src/cryptsetup.c:1972 src/cryptsetup.c:2040 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Slotul de cheie %d este selectat pentru È™tergere." -#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 +#: src/cryptsetup.c:1984 src/cryptsetup.c:2044 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Acesta este ultimul slot de cheie. Dispozitivul va deveni inutilizabil după eliminarea acestei chei." -#: src/cryptsetup.c:1750 +#: src/cryptsetup.c:1985 msgid "Enter any remaining passphrase: " msgstr "IntroduceÈ›i orice frază de acces rămasă: " -#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 +#: src/cryptsetup.c:1986 src/cryptsetup.c:2046 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "OperaÈ›ia a fost întreruptă, slotul de cheie NU a fost È™ters.\n" -#: src/cryptsetup.c:1787 +#: src/cryptsetup.c:2022 msgid "Enter passphrase to be deleted: " msgstr "IntroduceÈ›i fraza de acces pentru a fi È™tearsă: " -#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 -#: src/cryptsetup.c:2948 +#: src/cryptsetup.c:2072 src/cryptsetup.c:2456 src/cryptsetup.c:3114 +#: src/cryptsetup.c:3281 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "Dispozitivul %s nu este un dispozitiv LUKS2 valid." -#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 +#: src/cryptsetup.c:2111 src/cryptsetup.c:2330 msgid "Enter new passphrase for key slot: " msgstr "IntroduceÈ›i noua frază de acces pentru slotul de cheie: " -#: src/cryptsetup.c:1968 +#: src/cryptsetup.c:2213 msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" msgstr "AVERTISMENT: Parametrul „--key-slot†este utilizat pentru noul număr de slot de cheie.\n" -#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:2286 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "IntroduceÈ›i orice frază de acces existentă: " -#: src/cryptsetup.c:2152 +#: src/cryptsetup.c:2411 msgid "Enter passphrase to be changed: " msgstr "IntroduceÈ›i fraza de acces pentru a fi schimbată: " -#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2427 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "IntroduceÈ›i nouă frază de acces: " -#: src/cryptsetup.c:2218 +#: src/cryptsetup.c:2477 msgid "Enter passphrase for keyslot to be converted: " msgstr "IntroduceÈ›i fraza de acces pentru slotul de cheie care urmează să fie convertit: " -#: src/cryptsetup.c:2242 +#: src/cryptsetup.c:2501 msgid "Only one device argument for isLuks operation is supported." msgstr "Doar un singur dispozitiv este admis ca argument pentru operaÈ›ia isLuks." -#: src/cryptsetup.c:2350 +#: src/cryptsetup.c:2609 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Slotul de cheie %d nu conÈ›ine o cheie neasociată." -#: src/cryptsetup.c:2355 +#: src/cryptsetup.c:2614 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2190,40 +2418,52 @@ msgstr "" "ConÈ›inutul antetului cu cheia neasociată este o informaÈ›ie sensibilă.\n" "Acest conÈ›inut ar trebui să fie stocat criptat într-un loc sigur." -#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 +#: src/cryptsetup.c:2709 src/cryptsetup.c:2746 #, c-format msgid "%s is not active %s device name." msgstr "%s nu este numele dispozitivului activ %s." -#: src/cryptsetup.c:2465 +#: src/cryptsetup.c:2741 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s nu este numele unui dispozitiv LUKS activ sau antetul lipseÈ™te." -#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 +#: src/cryptsetup.c:2819 src/cryptsetup.c:2838 msgid "Option --header-backup-file is required." msgstr "Este necesară opÈ›iunea „--header-backup-fileâ€." -#: src/cryptsetup.c:2577 +#: src/cryptsetup.c:2869 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s nu este un dispozitiv gestionat de «cryptsetup»." -#: src/cryptsetup.c:2588 +#: src/cryptsetup.c:2880 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Reîmprospătarea nu este disponibilă pentru tipul de dispozitiv %s" -#: src/cryptsetup.c:2638 +#: src/cryptsetup.c:2930 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Tip de dispozitiv de metadate nerecunoscut %s." -#: src/cryptsetup.c:2640 +#: src/cryptsetup.c:2932 msgid "Command requires device and mapped name as arguments." msgstr "Comanda necesită un dispozitiv È™i numele asociat acestuia ca argumente." -#: src/cryptsetup.c:2661 +#: src/cryptsetup.c:2942 +msgid "Enter OPAL PSID: " +msgstr "IntroduceÈ›i PSID OPAL: " + +#: src/cryptsetup.c:2942 +msgid "Enter OPAL Admin password: " +msgstr "IntroduceÈ›i parola de administrator OPAL: " + +#: src/cryptsetup.c:2951 +msgid "WARNING: WHOLE disk will be factory reset and all data will be lost! Continue?" +msgstr "AVERTISMENT: ÃŽNTREGUL disc va fi reiniÈ›ializat la valorile din fabrică È™i toate datele se vor pierde! ContinuaÈ›i?" + +#: src/cryptsetup.c:2994 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2232,351 +2472,351 @@ msgstr "" "Această operaÈ›ie va È™terge toate sloturile de chei de pe dispozitivul %s.\n" "Dispozitivul va deveni inutilizabil după această operaÈ›ie." -#: src/cryptsetup.c:2668 +#: src/cryptsetup.c:3001 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "OperaÈ›ia a fost întreruptă, sloturile de chei NU au fost È™terse.\n" -#: src/cryptsetup.c:2707 +#: src/cryptsetup.c:3040 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Tip LUKS nevalid, numai luks1 È™i luks2 sunt acceptate." -#: src/cryptsetup.c:2723 +#: src/cryptsetup.c:3056 #, c-format msgid "Device is already %s type." msgstr "Dispozitivul este deja de tip %s." -#: src/cryptsetup.c:2730 +#: src/cryptsetup.c:3063 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Această operaÈ›ie va converti %s în formatul %s.\n" -#: src/cryptsetup.c:2733 +#: src/cryptsetup.c:3066 msgid "Operation aborted, device was NOT converted.\n" msgstr "OperaÈ›ia a fost întreruptă, dispozitivul NU a fost convertit.\n" -#: src/cryptsetup.c:2773 +#: src/cryptsetup.c:3106 msgid "Option --priority, --label or --subsystem is missing." msgstr "OpÈ›iunea „--priorityâ€, „--label†sau „--subsystem†lipseÈ™te." -#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 +#: src/cryptsetup.c:3140 src/cryptsetup.c:3180 src/cryptsetup.c:3200 #, c-format msgid "Token %d is invalid." msgstr "Jetonul(token) %d nu este valid." -#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 +#: src/cryptsetup.c:3143 src/cryptsetup.c:3203 #, c-format msgid "Token %d in use." msgstr "Jetonul(token) %d este în uz." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3155 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Nu s-a putut adăuga jetonul(token) %d la inelul de chei luks2." -#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3229 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Nu s-a putut atribui jetonul(token) %d slotului pentru cheie %d." -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3183 #, c-format msgid "Token %d is not in use." msgstr "Jetonul %d nu este în uz." -#: src/cryptsetup.c:2887 +#: src/cryptsetup.c:3220 msgid "Failed to import token from file." msgstr "Nu s-a putut importa jetonul din fiÈ™ier." -#: src/cryptsetup.c:2912 +#: src/cryptsetup.c:3245 #, c-format msgid "Failed to get token %d for export." msgstr "Nu s-a putut obÈ›ine jetonul %d pentru export." -#: src/cryptsetup.c:2925 +#: src/cryptsetup.c:3258 #, c-format msgid "Token %d is not assigned to keyslot %d." msgstr "Jetonul %d nu este alocat slotului de cheie %d." -#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#: src/cryptsetup.c:3260 src/cryptsetup.c:3267 #, c-format msgid "Failed to unassign token %d from keyslot %d." msgstr "Nu s-a putut anula atribuirea jetonului %d din slotul de cheie %d." -#: src/cryptsetup.c:2983 +#: src/cryptsetup.c:3326 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "OpÈ›iunea „--tcrypt-hiddenâ€, „--tcrypt-system†sau „--tcrypt-backup†este acceptată doar pentru dispozitivele TCRYPT." -#: src/cryptsetup.c:2986 +#: src/cryptsetup.c:3329 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "OpÈ›iunea „--veracrypt†sau „--disable-veracrypt†este acceptată numai pentru tipul de dispozitiv TCRYPT." -#: src/cryptsetup.c:2989 +#: src/cryptsetup.c:3332 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "OpÈ›iunea „--veracrypt-pim†este acceptată numai pentru dispozitivele compatibile cu VeraCrypt." -#: src/cryptsetup.c:2993 +#: src/cryptsetup.c:3336 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "OpÈ›iunea „--veracrypt-query-pim†este acceptată numai pentru dispozitivele compatibile cu VeraCrypt." -#: src/cryptsetup.c:2995 +#: src/cryptsetup.c:3338 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "OpÈ›iunile „--veracrypt-pim†și „--veracrypt-query-pim†se exclud reciproc." -#: src/cryptsetup.c:3004 +#: src/cryptsetup.c:3347 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "OpÈ›iunea „--persistent†nu este permisă cu opÈ›iunea „--test-passphraseâ€." -#: src/cryptsetup.c:3007 +#: src/cryptsetup.c:3350 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "OpÈ›iunile „--refresh†și „--test-passphrase†se exclud reciproc." -#: src/cryptsetup.c:3010 +#: src/cryptsetup.c:3353 msgid "Option --shared is allowed only for open of plain device." msgstr "OpÈ›iunea „--shared†este permisă numai pentru deschiderea unui dispozitiv simplu." -#: src/cryptsetup.c:3013 +#: src/cryptsetup.c:3356 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "OpÈ›iunea „--skip†este acceptată numai pentru deschiderea dispozitivelor simple È™i a dispozitivelor loopaes." -#: src/cryptsetup.c:3016 +#: src/cryptsetup.c:3359 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "OpÈ›iunea „--offset†cu acÈ›iune de deschidere este acceptată numai pentru dispozitivele simple È™i dispozitivele loopaes." -#: src/cryptsetup.c:3019 +#: src/cryptsetup.c:3362 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "OpÈ›iunea „--tcrypt-hidden†nu poate fi combinată cu opÈ›iunea „--allow-discardsâ€." -#: src/cryptsetup.c:3023 +#: src/cryptsetup.c:3366 msgid "Sector size option with open action is supported only for plain devices." msgstr "OpÈ›iunea de dimensiune a sectorului cu acÈ›iune de deschidere este acceptată numai pentru dispozitivele simple." -#: src/cryptsetup.c:3027 +#: src/cryptsetup.c:3370 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "OpÈ›iunea sectoare IV (vector de iniÈ›ializare) mari este acceptată numai pentru deschiderea dispozitivelor de tip simplu, cu dimensiunea sectorului mai mare de 512 de octeÈ›i." -#: src/cryptsetup.c:3032 +#: src/cryptsetup.c:3375 msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." msgstr "OpÈ›iunea „--test-passphrase†este permisă numai pentru deschiderea dispozitivelor LUKS, TCRYPT, BITLK È™i FVAULT2." -#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 +#: src/cryptsetup.c:3378 src/cryptsetup.c:3401 msgid "Options --device-size and --size cannot be combined." msgstr "OpÈ›iunile „--device-size†și „--size†nu pot fi combinate." -#: src/cryptsetup.c:3038 +#: src/cryptsetup.c:3381 msgid "Option --unbound is allowed only for open of luks device." msgstr "OpÈ›iunea „--unbound†este permisă numai pentru deschiderea dispozitivelor luks." -#: src/cryptsetup.c:3041 +#: src/cryptsetup.c:3384 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "OpÈ›iunea „--unbound†nu poate fi utilizată fără opÈ›iunea „--test-passphraseâ€." -#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 +#: src/cryptsetup.c:3393 src/veritysetup.c:671 src/integritysetup.c:767 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "OpÈ›iunile „--cancel-deferred†și „--deferred†nu pot fi utilizate în acelaÈ™i timp." -#: src/cryptsetup.c:3066 -msgid "Options --reduce-device-size and --data-size cannot be combined." -msgstr "OpÈ›iunile „--reduce-device-size†și „--data-size†nu pot fi combinate." +#: src/cryptsetup.c:3409 +msgid "Options --reduce-device-size and --device-size cannot be combined." +msgstr "OpÈ›iunile „--reduce-device-size†și „--device-size†nu pot fi combinate." -#: src/cryptsetup.c:3069 +#: src/cryptsetup.c:3412 msgid "Option --active-name can be set only for LUKS2 device." msgstr "OpÈ›iunea „--active-name†poate fi utilizată numai pentru dispozitivele LUKS2." -#: src/cryptsetup.c:3072 +#: src/cryptsetup.c:3415 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "OpÈ›iunile „--active-name†și „--force-offline-reencrypt†nu pot fi combinate." -#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 +#: src/cryptsetup.c:3423 src/cryptsetup.c:3453 msgid "Keyslot specification is required." msgstr "Este necesară specificarea slotului de cheie." -#: src/cryptsetup.c:3088 +#: src/cryptsetup.c:3431 msgid "Options --align-payload and --offset cannot be combined." msgstr "OpÈ›iunile „--align-payload†și „--offset†nu pot fi combinate." -#: src/cryptsetup.c:3091 +#: src/cryptsetup.c:3434 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "OpÈ›iunea „--integrity-no-wipe†poate fi utilizată numai pentru acÈ›iuni de formatare cu extensie de integritate." -#: src/cryptsetup.c:3094 +#: src/cryptsetup.c:3437 msgid "Only one of --use-[u]random options is allowed." msgstr "Numai una dintre opÈ›iunile „--use-[u]random†este permisă." -#: src/cryptsetup.c:3102 +#: src/cryptsetup.c:3445 msgid "Key size is required with --unbound option." msgstr "Dimensiunea cheii este necesară cu opÈ›iunea „--unboundâ€." -#: src/cryptsetup.c:3122 +#: src/cryptsetup.c:3465 msgid "Invalid token action." msgstr "OperaÈ›ie cu jeton(token) nevalidă." -#: src/cryptsetup.c:3125 +#: src/cryptsetup.c:3468 msgid "--key-description parameter is mandatory for token add action." msgstr "Parametrul „--key-description†este obligatoriu pentru acÈ›iunea de adăugare a jetonului." -#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 +#: src/cryptsetup.c:3472 src/cryptsetup.c:3485 msgid "Action requires specific token. Use --token-id parameter." msgstr "AcÈ›iunea necesită un jeton(token)l specific. UtilizaÈ›i parametrul „--token-idâ€." -#: src/cryptsetup.c:3133 +#: src/cryptsetup.c:3476 msgid "Option --unbound is valid only with token add action." msgstr "OpÈ›iunea „--unbound†este validă numai cu acÈ›iunea de adăugare a jetonului." -#: src/cryptsetup.c:3135 +#: src/cryptsetup.c:3478 msgid "Options --key-slot and --unbound cannot be combined." msgstr "OpÈ›iunile „--key-slot†și „--unbound†nu pot fi combinate." -#: src/cryptsetup.c:3140 +#: src/cryptsetup.c:3483 msgid "Action requires specific keyslot. Use --key-slot parameter." msgstr "AcÈ›iunea necesită un slot de cheie specific. UtilizaÈ›i parametrul „--key-slotâ€." -#: src/cryptsetup.c:3156 +#: src/cryptsetup.c:3499 msgid "<device> [--type <type>] [<name>]" msgstr "<dispozitiv> [--type <tip>] [<nume>]" -#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 +#: src/cryptsetup.c:3499 src/veritysetup.c:491 src/integritysetup.c:544 msgid "open device as <name>" msgstr "deschide dispozitivul ca <nume>" -#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 -#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 -#: src/integritysetup.c:537 src/integritysetup.c:539 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3501 src/cryptsetup.c:3502 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:545 +#: src/integritysetup.c:546 src/integritysetup.c:548 msgid "<name>" msgstr "<nume>" -#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 +#: src/cryptsetup.c:3500 src/veritysetup.c:492 src/integritysetup.c:545 msgid "close device (remove mapping)" msgstr "închide dispozitivul (elimină asocierea)" -#: src/cryptsetup.c:3158 src/integritysetup.c:539 +#: src/cryptsetup.c:3501 src/integritysetup.c:548 msgid "resize active device" msgstr "redimensionează dispozitivul activ" -#: src/cryptsetup.c:3159 +#: src/cryptsetup.c:3502 msgid "show device status" msgstr "afiÈ™ează starea dispozitivului" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "[--cipher <cipher>]" msgstr "[--cipher <cifrarea>]" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "benchmark cipher" msgstr "evaluează performanÈ›a cifrului" -#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 -#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 -#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 -#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 -#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 +#: src/cryptsetup.c:3504 src/cryptsetup.c:3505 src/cryptsetup.c:3506 +#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3515 +#: src/cryptsetup.c:3516 src/cryptsetup.c:3517 src/cryptsetup.c:3518 +#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521 +#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524 msgid "<device>" msgstr "<dispozitiv>" -#: src/cryptsetup.c:3161 +#: src/cryptsetup.c:3504 msgid "try to repair on-disk metadata" msgstr "încearcă să repare metadatele de pe disc" -#: src/cryptsetup.c:3162 +#: src/cryptsetup.c:3505 msgid "reencrypt LUKS2 device" msgstr "recriptează dispozitivul LUKS2" -#: src/cryptsetup.c:3163 +#: src/cryptsetup.c:3506 msgid "erase all keyslots (remove encryption key)" msgstr "È™terge toate sloturile de chei (elimină cheia de criptare)" -#: src/cryptsetup.c:3164 +#: src/cryptsetup.c:3507 msgid "convert LUKS from/to LUKS2 format" msgstr "converteÈ™te LUKS din/în formatul LUKS2" -#: src/cryptsetup.c:3165 +#: src/cryptsetup.c:3508 msgid "set permanent configuration options for LUKS2" msgstr "defineÈ™te opÈ›iunile permanente de configurare pentru LUKS2" -#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 +#: src/cryptsetup.c:3509 src/cryptsetup.c:3510 msgid "<device> [<new key file>]" msgstr "<dispozitiv> [<fiÈ™ier cheie nou>]" -#: src/cryptsetup.c:3166 +#: src/cryptsetup.c:3509 msgid "formats a LUKS device" msgstr "formatează un dispozitiv LUKS" -#: src/cryptsetup.c:3167 +#: src/cryptsetup.c:3510 msgid "add key to LUKS device" msgstr "adaugă o cheie la dispozitivul LUKS" -#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 +#: src/cryptsetup.c:3511 src/cryptsetup.c:3512 src/cryptsetup.c:3513 msgid "<device> [<key file>]" msgstr "<dispozitiv> [<fiÈ™ier cheie>]" -#: src/cryptsetup.c:3168 +#: src/cryptsetup.c:3511 msgid "removes supplied key or key file from LUKS device" msgstr "elimină cheia sau fiÈ™ierul cheie furnizat de pe dispozitivul LUKS" -#: src/cryptsetup.c:3169 +#: src/cryptsetup.c:3512 msgid "changes supplied key or key file of LUKS device" msgstr "modifică cheia furnizată sau fiÈ™ierul cheie al dispozitivului LUKS" -#: src/cryptsetup.c:3170 +#: src/cryptsetup.c:3513 msgid "converts a key to new pbkdf parameters" msgstr "converteÈ™te o cheie în noii parametri pbkdf" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "<device> <key slot>" msgstr "<dispozitiv> <slot cheie>" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "wipes key with number <key slot> from LUKS device" msgstr "È™terge cheia cu numărul <slot cheie> de pe dispozitivul LUKS" -#: src/cryptsetup.c:3172 +#: src/cryptsetup.c:3515 msgid "print UUID of LUKS device" msgstr "afiÈ™ează UUID-ul dispozitivului LUKS" -#: src/cryptsetup.c:3173 +#: src/cryptsetup.c:3516 msgid "tests <device> for LUKS partition header" msgstr "testează <dispozitivul> pentru antetul partiÈ›iei LUKS" -#: src/cryptsetup.c:3174 +#: src/cryptsetup.c:3517 msgid "dump LUKS partition information" msgstr "afiÈ™ează informaÈ›iile despre partiÈ›ia LUKS" -#: src/cryptsetup.c:3175 +#: src/cryptsetup.c:3518 msgid "dump TCRYPT device information" msgstr "afiÈ™ează informaÈ›iile despre dispozitivul TCRYPT" -#: src/cryptsetup.c:3176 +#: src/cryptsetup.c:3519 msgid "dump BITLK device information" msgstr "afiÈ™ează informaÈ›iile despre dispozitivul BITLK" -#: src/cryptsetup.c:3177 +#: src/cryptsetup.c:3520 msgid "dump FVAULT2 device information" msgstr "afiÈ™ează informaÈ›iile despre dispozitivul FVAULT2" -#: src/cryptsetup.c:3178 +#: src/cryptsetup.c:3521 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "Suspendă dispozitivul LUKS È™i È™terge cheia (toate In/IeÈ™irile sunt îngheÈ›ate)" -#: src/cryptsetup.c:3179 +#: src/cryptsetup.c:3522 msgid "Resume suspended LUKS device" msgstr "Repune în funcÈ›iune dispozitivul LUKS suspendat" -#: src/cryptsetup.c:3180 +#: src/cryptsetup.c:3523 msgid "Backup LUKS device header and keyslots" msgstr "Face copie de rezervă pentru antetul dispozitivului LUKS È™i pentru sloturile de chei" -#: src/cryptsetup.c:3181 +#: src/cryptsetup.c:3524 msgid "Restore LUKS device header and keyslots" msgstr "Restaurează antetul dispozitivului LUKS È™i sloturile de chei" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "<add|remove|import|export> <device>" msgstr "<add|remove|import|export> <dispozitiv>" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "Manipulate LUKS2 tokens" msgstr "Manipulează jetoanele LUKS2" -#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 +#: src/cryptsetup.c:3544 src/veritysetup.c:509 src/integritysetup.c:563 msgid "" "\n" "<action> is one of:\n" @@ -2591,7 +2831,7 @@ msgstr "" # nume, sau alias pentru primele. # A se vedea ieÈ™irea comenzii: # «cryptsetup -?|--help» -#: src/cryptsetup.c:3207 +#: src/cryptsetup.c:3550 msgid "" "\n" "You can also use old <action> syntax aliases:\n" @@ -2603,7 +2843,7 @@ msgstr "" "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:3211 +#: src/cryptsetup.c:3554 #, c-format msgid "" "\n" @@ -2618,7 +2858,7 @@ msgstr "" "<slot cheie> este numărul slotului de cheie LUKS de modificat\n" "<fiÈ™ier cheie> fiÈ™ier cheie opÈ›ional pentru noua cheie pentru acÈ›iunea luksAddKey\n" -#: src/cryptsetup.c:3218 +#: src/cryptsetup.c:3561 #, c-format msgid "" "\n" @@ -2627,29 +2867,28 @@ msgstr "" "\n" "Formatul implicit de metadate compilate este %s (pentru acÈ›iunea luksFormat).\n" -#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 -#, c-format +#: src/cryptsetup.c:3566 msgid "" "\n" -"LUKS2 external token plugin support is %s.\n" +"LUKS2 external token plugin support is enabled.\n" msgstr "" "\n" -"Suportul pentru modulul de jeton(token) extern LUKS2 este %s.\n" +"Suportul pentru modulul de jeton(token) extern LUKS2 este activat.\n" -#: src/cryptsetup.c:3223 -msgid "compiled-in" -msgstr "integrat în compilare" - -#: src/cryptsetup.c:3224 +#: src/cryptsetup.c:3567 #, c-format msgid "LUKS2 external token plugin path: %s.\n" -msgstr "Calea modulului pentru jetonul(token) extern LUKS2: %s.\n" +msgstr "Ruta modulului pentru jetonul(token) extern LUKS2: %s.\n" -#: src/cryptsetup.c:3226 -msgid "disabled" -msgstr "dezactivat" +#: src/cryptsetup.c:3569 +msgid "" +"\n" +"LUKS2 external token plugin support is disabled.\n" +msgstr "" +"\n" +"Suportul pentru modulul de jeton(token) extern LUKS2 este dezactivat.\n" -#: src/cryptsetup.c:3230 +#: src/cryptsetup.c:3573 #, c-format msgid "" "\n" @@ -2666,7 +2905,7 @@ msgstr "" "PBKDF implicit pentru LUKS2: %s\n" "\tTimp de iterare: %d, Memorie necesară: %dko, Fire de execuÈ›ie paralele: %d\n" -#: src/cryptsetup.c:3241 +#: src/cryptsetup.c:3584 #, c-format msgid "" "\n" @@ -2681,96 +2920,100 @@ msgstr "" "\tsimplu: %s, Cheie: %d biÈ›i, Suma de control a parolei: %s\n" "\tLUKS: %s, Cheie: %d biÈ›i, Suma de control a antetului LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:3250 +#: src/cryptsetup.c:3593 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: Dimensiunea implicită a cheii cu modul XTS (două chei interne) va fi dublată.\n" -#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 +#: src/cryptsetup.c:3611 src/veritysetup.c:651 src/integritysetup.c:723 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: necesită %s ca argumente" -#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 +#: src/cryptsetup.c:3651 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Slotul de cheie nu este valid." -#: src/cryptsetup.c:3335 +#: src/cryptsetup.c:3678 msgid "Device size must be multiple of 512 bytes sector." msgstr "Dimensiunea dispozitivului trebuie să fie multiplu al sectorului de 512 octeÈ›i." -#: src/cryptsetup.c:3340 +#: src/cryptsetup.c:3683 msgid "Invalid max reencryption hotzone size specification." msgstr "SpecificaÈ›ia pentru dimensiunea zonei fierbinÈ›i(active) pentru recriptare maximă nu este validă." -#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 +#: src/cryptsetup.c:3697 src/cryptsetup.c:3709 msgid "Key size must be a multiple of 8 bits" msgstr "Dimensiunea cheii trebuie să fie multiplu de 8 biÈ›i" -#: src/cryptsetup.c:3371 +#: src/cryptsetup.c:3714 msgid "Maximum device reduce size is 1 GiB." msgstr "Dimensiunea maximă de reducere a dispozitivului este de 1 GiB." -#: src/cryptsetup.c:3374 +#: src/cryptsetup.c:3717 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Dimensiunea redusă trebuie să fie multiplu al sectorului de 512 octeÈ›i." -#: src/cryptsetup.c:3391 +#: src/cryptsetup.c:3734 msgid "Option --priority can be only ignore/normal/prefer." msgstr "Argumentul opÈ›iuni „--priority†poate fi doar «ignore/normal/prefer»." -#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 +#: src/cryptsetup.c:3753 src/veritysetup.c:572 src/integritysetup.c:643 msgid "Show this help message" msgstr "AfiÈ™ează acest mesaj de ajutor" -#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 +#: src/cryptsetup.c:3754 src/veritysetup.c:573 src/integritysetup.c:644 msgid "Display brief usage" msgstr "AfiÈ™ează modul de utilizare pe scurt" -#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 +#: src/cryptsetup.c:3755 src/veritysetup.c:574 src/integritysetup.c:645 msgid "Print package version" msgstr "AfiÈ™ează versiunea pachetului" -#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 +#: src/cryptsetup.c:3766 src/veritysetup.c:585 src/integritysetup.c:656 msgid "Help options:" msgstr "OpÈ›iuni de ajutor:" -#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 +#: src/cryptsetup.c:3789 src/veritysetup.c:606 src/integritysetup.c:676 msgid "[OPTION...] <action> <action-specific>" msgstr "[OPÈšIUNE...] <acÈ›iune> <parametri_acÈ›iune>" -#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 +#: src/cryptsetup.c:3798 src/veritysetup.c:615 src/integritysetup.c:687 msgid "Argument <action> missing." msgstr "Argumentul <acÈ›iune> lipseÈ™te." -#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 +#: src/cryptsetup.c:3877 src/veritysetup.c:646 src/integritysetup.c:718 msgid "Unknown action." msgstr "AcÈ›iune necunoscută." -#: src/cryptsetup.c:3546 +#: src/cryptsetup.c:3895 msgid "Option --key-file takes precedence over specified key file argument." msgstr "OpÈ›iunea „--key-file†are prioritate față de argumentul specificat pentru fiÈ™ierul cheie." -#: src/cryptsetup.c:3552 +#: src/cryptsetup.c:3901 msgid "Only one --key-file argument is allowed." msgstr "Numai un argument „--key-file†este permis." -#: src/cryptsetup.c:3557 +#: src/cryptsetup.c:3906 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "FuncÈ›ia de derivare a unei chei bazată pe parolă (PBKDF=Password-Based Key Derivation Function) poate fi doar pbkdf2 sau argon2i/argon2id." -#: src/cryptsetup.c:3562 +#: src/cryptsetup.c:3911 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "IteraÈ›iile forÈ›ate PBKDF nu pot fi combinate cu opÈ›iunea de timp de iteraÈ›ie." -#: src/cryptsetup.c:3573 +#: src/cryptsetup.c:3916 +msgid "Cannot link volume key to a keyring when keyring is disabled." +msgstr "Nu se poate lega cheia de volum la un inel de chei când este dezactivat." + +#: src/cryptsetup.c:3927 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "OpÈ›iunile „--keyslot-cipher†și „--keyslot-key-size†trebuie să fie folosite împreună." -#: src/cryptsetup.c:3581 +#: src/cryptsetup.c:3935 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Nu s-a executat nicio acÈ›iune. Programul a fost invocat cu opÈ›iunea „--test-argsâ€.\n" -#: src/cryptsetup.c:3594 +#: src/cryptsetup.c:3948 msgid "Cannot disable metadata locking." msgstr "Nu se poate dezactiva blocarea metadatelor." @@ -2835,7 +3078,7 @@ msgstr "Comanda necesită ca argument opÈ›iunea <suma-de-control(hash)_rădăcin msgid "<data_device> <hash_device>" msgstr "<dispozitiv_date> <dispozitiv_sumă-de-control(hash)>" -#: src/veritysetup.c:489 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:543 msgid "format device" msgstr "formatează dispozitivul" @@ -2851,7 +3094,7 @@ msgstr "verifică dispozitivul" msgid "<data_device> <name> <hash_device> [<root_hash>]" msgstr "<dispozitiv_date> <nume> <dispozitiv_sumă-de-control(hash)> [<sumă-de-control(hash)_rădăcină>]" -#: src/veritysetup.c:493 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:546 msgid "show active device status" msgstr "afiÈ™ează starea dispozitivului activ" @@ -2859,7 +3102,7 @@ msgstr "afiÈ™ează starea dispozitivului activ" msgid "<hash_device>" msgstr "<dispozitiv_sumă-de-control(hash)>" -#: src/veritysetup.c:494 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:547 msgid "show on-disk information" msgstr "afiÈ™ează informaÈ›iile de pe disc" @@ -2890,11 +3133,11 @@ msgstr "" "\tAlgoritmul sumei de control(hash): %s, Bloc de date (octeÈ›i): %u, Bloc sumă de control(hash) (octeÈ›i): %u,\n" "\tDimensiune date «salt»: %u, Formatul sumei de control(hash): %u\n" -#: src/veritysetup.c:658 +#: src/veritysetup.c:661 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "OpÈ›iunile „--ignore-corruption†și „--restart-on-corruption†nu pot fi utilizate împreună." -#: src/veritysetup.c:663 +#: src/veritysetup.c:666 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "OpÈ›iunile „--panic-on-corruption†și „--restart-on-corruption†nu pot fi utilizate împreună." @@ -2907,29 +3150,29 @@ msgstr "" "Acest lucru va suprascrie datele de pe %s È™i %s în mod irevocabil.\n" "Pentru a păstra datele dispozitivului de date, utilizaÈ›i opÈ›iunea „--no-wipe†(È™i apoi activaÈ›i-l cu „--integrity-recalculateâ€)." -#: src/integritysetup.c:212 +#: src/integritysetup.c:217 #, c-format msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "Formatat cu dimensiunea etichetei %u, integritate internă %s.\n" -#: src/integritysetup.c:289 +#: src/integritysetup.c:298 msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." msgstr "Utilizarea fanionului pentru recalculare(...-recalculate) nu este acceptată, luaÈ›i în considerare utilizarea opÈ›iunii „--wipe†în schimb." -#: src/integritysetup.c:364 src/integritysetup.c:521 +#: src/integritysetup.c:373 src/integritysetup.c:530 #, c-format msgid "Device %s is not a valid INTEGRITY device." msgstr "Dispozitivul %s nu este un dispozitiv INTEGRITY valid." -#: src/integritysetup.c:534 src/integritysetup.c:538 +#: src/integritysetup.c:543 src/integritysetup.c:547 msgid "<integrity_device>" msgstr "<dispozitiv_integritate>" -#: src/integritysetup.c:535 +#: src/integritysetup.c:544 msgid "<integrity_device> <name>" msgstr "<dispozitiv_integritate> <nume>" -#: src/integritysetup.c:558 +#: src/integritysetup.c:567 #, c-format msgid "" "\n" @@ -2940,7 +3183,7 @@ msgstr "" "<nume> este dispozitivul de creat sub %s\n" "<dispozitiv_integritate> este dispozitivul care conÈ›ine date cu etichete de integritate\n" -#: src/integritysetup.c:563 +#: src/integritysetup.c:572 #, c-format msgid "" "\n" @@ -2953,40 +3196,40 @@ msgstr "" "\tAlgoritmul sumei de control: %s\n" "\tDimensiunea maximă a fiÈ™ierului cheie: %dko\n" -#: src/integritysetup.c:620 +#: src/integritysetup.c:629 #, c-format msgid "Invalid --%s size. Maximum is %u bytes." msgstr "Dimensiune nevalidă --%s. Maximul este de %u octeÈ›i." -#: src/integritysetup.c:720 +#: src/integritysetup.c:732 msgid "Both key file and key size options must be specified." msgstr "Trebuie specificată atât opÈ›iunea pentru fiÈ™ierul cheie, cât È™i opÈ›iunea pentru dimensiunea cheii." -#: src/integritysetup.c:724 +#: src/integritysetup.c:736 msgid "Both journal integrity key file and key size options must be specified." msgstr "Trebuie specificată atât opÈ›iunea pentru fiÈ™ierul cheii de integritate a jurnalului, cât È™i opÈ›iunea pentru dimensiunea cheii." -#: src/integritysetup.c:727 +#: src/integritysetup.c:739 msgid "Journal integrity algorithm must be specified if journal integrity key is used." msgstr "Algoritmul de integritate a jurnalului trebuie să fie specificat dacă este utilizată cheia de integritate a jurnalului." -#: src/integritysetup.c:731 +#: src/integritysetup.c:743 msgid "Both journal encryption key file and key size options must be specified." msgstr "Trebuie specificată atât opÈ›iunea pentru fiÈ™ierul cheii de criptare a jurnalului, cât È™i opÈ›iunea pentru dimensiunea cheii." -#: src/integritysetup.c:734 +#: src/integritysetup.c:746 msgid "Journal encryption algorithm must be specified if journal encryption key is used." msgstr "Algoritmul de criptare a jurnalului trebuie să fie specificat dacă este utilizată cheia de criptare a jurnalului." -#: src/integritysetup.c:738 +#: src/integritysetup.c:750 msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "OpÈ›iunile de recuperare È™i modul de hartă de biÈ›i(bitmap) se exclud reciproc." -#: src/integritysetup.c:745 +#: src/integritysetup.c:757 msgid "Journal options cannot be used in bitmap mode." msgstr "OpÈ›iunile jurnalului nu pot fi utilizate în modul de hartă de biÈ›i(bitmap)." -#: src/integritysetup.c:750 +#: src/integritysetup.c:762 msgid "Bitmap options can be used only in bitmap mode." msgstr "OpÈ›iunile de hartă de biÈ›i(bitmap) pot fi utilizate numai în modul de hartă de biÈ›i(bitmap)." @@ -3198,58 +3441,58 @@ msgstr "" msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Verificarea calității parolei a eÈ™uat: frază de acces greÈ™ită (%s)" -#: src/utils_password.c:230 src/utils_password.c:244 +#: src/utils_password.c:231 src/utils_password.c:245 msgid "Error reading passphrase from terminal." msgstr "Eroare la citirea frazei de acces de la terminal." -#: src/utils_password.c:242 +#: src/utils_password.c:243 msgid "Verify passphrase: " msgstr "Verifică fraza de acces: " -#: src/utils_password.c:249 +#: src/utils_password.c:250 msgid "Passphrases do not match." msgstr "Frazele de acces nu se potrivesc." -#: src/utils_password.c:287 +#: src/utils_password.c:288 msgid "Cannot use offset with terminal input." msgstr "Nu se poate utiliza decalajul cu intrarea terminalului." -#: src/utils_password.c:291 +#: src/utils_password.c:292 #, c-format msgid "Enter passphrase: " msgstr "IntroduceÈ›i fraza de acces: " -#: src/utils_password.c:294 +#: src/utils_password.c:295 #, c-format msgid "Enter passphrase for %s: " msgstr "IntroduceÈ›i fraza de acces pentru %s: " -#: src/utils_password.c:328 +#: src/utils_password.c:329 msgid "No key available with this passphrase." msgstr "Nu este disponibilă nicio cheie cu această frază de acces." -#: src/utils_password.c:330 +#: src/utils_password.c:331 msgid "No usable keyslot is available." msgstr "Nu este disponibil niciun slot de cheie utilizabil." -#: src/utils_luks.c:67 +#: src/utils_luks.c:68 msgid "Can't do passphrase verification on non-tty inputs." msgstr "Nu se poate face verificarea frazei de acces pe intrări non-tty." -#: src/utils_luks.c:182 +#: src/utils_luks.c:183 #, c-format msgid "Failed to open file %s in read-only mode." msgstr "Nu s-a putut deschide fiÈ™ierul %s în modul numai-pentru-citire." -#: src/utils_luks.c:195 +#: src/utils_luks.c:196 msgid "Provide valid LUKS2 token JSON:\n" msgstr "FurnizaÈ›i un jeton(token) JSON LUKS2 valid:\n" -#: src/utils_luks.c:202 +#: src/utils_luks.c:203 msgid "Failed to read JSON file." msgstr "Nu s-a putut citi fiÈ™ierul JSON." -#: src/utils_luks.c:207 +#: src/utils_luks.c:208 msgid "" "\n" "Read interrupted." @@ -3257,12 +3500,12 @@ msgstr "" "\n" "Citire întreruptă." -#: src/utils_luks.c:248 +#: src/utils_luks.c:249 #, c-format msgid "Failed to open file %s in write mode." msgstr "Nu s-a putut deschide fiÈ™ierul %s în modul de scriere." -#: src/utils_luks.c:257 +#: src/utils_luks.c:258 msgid "" "\n" "Write interrupted." @@ -3270,7 +3513,7 @@ msgstr "" "\n" "Scriere întreruptă." -#: src/utils_luks.c:261 +#: src/utils_luks.c:262 msgid "Failed to write JSON file." msgstr "Nu s-a putut scrie fiÈ™ierul JSON." @@ -3346,15 +3589,19 @@ msgstr "Dispozitivul necesită recuperarea recriptării. RulaÈ›i mai întâi ope msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "Dispozitivul %s este deja în recriptare LUKS2. DoriÈ›i să reluaÈ›i operaÈ›ia iniÈ›ializată anterior?" -#: src/utils_reencrypt.c:353 +#: src/utils_reencrypt.c:416 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Recriptarea veche LUKS2 nu mai este acceptată." -#: src/utils_reencrypt.c:418 +#: src/utils_reencrypt.c:421 +msgid "Can not reencrypt LUKS2 device configured to use OPAL." +msgstr "Nu se poate recripta dispozitivul LUKS2 configurat să utilizeze OPAL." + +#: src/utils_reencrypt.c:427 msgid "Reencryption of device with integrity profile is not supported." msgstr "Recriptarea dispozitivului cu profil de integritate nu este acceptată." -#: src/utils_reencrypt.c:449 +#: src/utils_reencrypt.c:464 #, c-format msgid "" "Requested --sector-size %<PRIu32> is incompatible with %s superblock\n" @@ -3363,103 +3610,103 @@ msgstr "" "Solicitarea făcută cu opÈ›iunea „--sector-size %<PRIu32>†este incompatibilă cu superblocul %s\n" "(dimensiunea blocului: %<PRIu32> octeÈ›i) detectat pe dispozitivul %s." -#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 +#: src/utils_reencrypt.c:533 src/utils_reencrypt.c:1412 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Criptarea fără antet detaÈ™at (--header) nu este posibilă fără reducerea dimensiunii dispozitivului de date (--reduce-device-size)." -#: src/utils_reencrypt.c:525 +#: src/utils_reencrypt.c:540 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Decalajul de date solicitat trebuie să fie mai mic sau egal cu jumătate din parametrul opÈ›iunii „--reduce-device-sizeâ€." -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:550 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n" msgstr "Ajustarea valorii „--reduce-device-size†la de două ori față de „--offset %<PRIu64> (sectoare)â€.\n" -#: src/utils_reencrypt.c:565 +#: src/utils_reencrypt.c:580 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "FiÈ™ierul antet temporar %s există deja. Se abandonează." -#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 +#: src/utils_reencrypt.c:582 src/utils_reencrypt.c:589 #, c-format msgid "Cannot create temporary header file %s." msgstr "Nu se poate crea fiÈ™ierul antet temporar %s." -#: src/utils_reencrypt.c:599 +#: src/utils_reencrypt.c:614 msgid "LUKS2 metadata size is larger than data shift value." msgstr "Dimensiunea metadatelor LUKS2 este mai mare decât valoarea decalajului de date." -#: src/utils_reencrypt.c:636 +#: src/utils_reencrypt.c:651 #, c-format msgid "Failed to place new header at head of device %s." msgstr "Nu s-a putut plasa antetul nou la începutul dispozitivului %s." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:661 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s este acum activ È™i pregătit pentru criptarea online.\n" -#: src/utils_reencrypt.c:682 +#: src/utils_reencrypt.c:697 #, c-format msgid "Active device %s is not LUKS2." msgstr "Dispozitivul activ %s nu este LUKS2." -#: src/utils_reencrypt.c:710 +#: src/utils_reencrypt.c:725 msgid "Restoring original LUKS2 header." msgstr "Se restabileÈ™te antetul LUKS2 original." -#: src/utils_reencrypt.c:718 +#: src/utils_reencrypt.c:733 msgid "Original LUKS2 header restore failed." msgstr "Restaurarea antetului LUKS2 original a eÈ™uat." -#: src/utils_reencrypt.c:744 +#: src/utils_reencrypt.c:759 #, c-format msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" msgstr "FiÈ™ierul antet %s nu există. DoriÈ›i să iniÈ›ializaÈ›i decriptarea LUKS2 a dispozitivului %s È™i să exportaÈ›i antetul LUKS2 în fiÈ™ierul %s?" -#: src/utils_reencrypt.c:792 +#: src/utils_reencrypt.c:807 msgid "Failed to add read/write permissions to exported header file." msgstr "Nu s-au putut adăuga permisiuni de citire/scriere la fiÈ™ierul antet exportat." -#: src/utils_reencrypt.c:845 +#: src/utils_reencrypt.c:860 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "IniÈ›ializarea recriptării a eÈ™uat. Copia de rezervă a antetului este disponibilă în %s." -#: src/utils_reencrypt.c:873 +#: src/utils_reencrypt.c:888 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "Decriptarea LUKS2 este acceptată numai cu dispozitivul antet detaÈ™at (cu decalajul de date fixat la 0)." -#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 +#: src/utils_reencrypt.c:1023 src/utils_reencrypt.c:1032 msgid "Not enough free keyslots for reencryption." msgstr "Nu sunt suficiente sloturi de chei liberee pentru recriptare." -#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1053 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "FiÈ™ierul de cheie poate fi utilizat numai cu opÈ›iunea „--key-slot†sau cu exact un slot de cheie activ." -#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1062 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "IntroduceÈ›i fraza de acces pentru slotul de cheie %d: " -#: src/utils_reencrypt.c:1059 +#: src/utils_reencrypt.c:1074 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "IntroduceÈ›i fraza de acces pentru slotul de cheie %u: " -#: src/utils_reencrypt.c:1111 +#: src/utils_reencrypt.c:1126 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "Se comută cifrul de criptare a datelor la %s.\n" -#: src/utils_reencrypt.c:1165 +#: src/utils_reencrypt.c:1180 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Nu s-au modificat parametrii de segment de date. Recriptarea a fost abandonată." -#: src/utils_reencrypt.c:1267 +#: src/utils_reencrypt.c:1282 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3467,7 +3714,7 @@ msgstr "" "CreÈ™terea dimensiunii sectorului de criptare pe dispozitivul offline nu este acceptată.\n" "ActivaÈ›i mai întâi dispozitivul sau utilizaÈ›i opÈ›iunea „--force-offline-reencrypt†(periculos!)." -#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1322 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3476,62 +3723,62 @@ msgstr "" "\n" "Recriptarea a fost întreruptă." -#: src/utils_reencrypt.c:1312 +#: src/utils_reencrypt.c:1327 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "Reluarea recriptării LUKS în modul offline forÈ›at.\n" -#: src/utils_reencrypt.c:1329 +#: src/utils_reencrypt.c:1350 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "Dispozitivul %s conÈ›ine metadate LUKS deteriorate. Se abandonează operaÈ›ia." -#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 +#: src/utils_reencrypt.c:1366 src/utils_reencrypt.c:1388 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "Dispozitivul %s este deja un dispozitiv LUKS. Se abandonează operaÈ›ia." -#: src/utils_reencrypt.c:1373 +#: src/utils_reencrypt.c:1394 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "Dispozitivul %s este deja în recriptare LUKS. Se abandonează operaÈ›ia." -#: src/utils_reencrypt.c:1453 +#: src/utils_reencrypt.c:1476 msgid "LUKS2 decryption requires --header option." msgstr "Decriptarea LUKS2 necesită opÈ›iunea „--headerâ€." -#: src/utils_reencrypt.c:1501 +#: src/utils_reencrypt.c:1524 msgid "Command requires device as argument." msgstr "Comanda necesită un dispozitiv ca argument." -#: src/utils_reencrypt.c:1514 +#: src/utils_reencrypt.c:1537 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Versiuni în conflict. Dispozitivul %s este LUKS1." -#: src/utils_reencrypt.c:1520 +#: src/utils_reencrypt.c:1543 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Versiuni în conflict. Dispozitivul %s este în recriptare LUKS1." -#: src/utils_reencrypt.c:1526 +#: src/utils_reencrypt.c:1549 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Versiuni în conflict. Dispozitivul %s este LUKS2." -#: src/utils_reencrypt.c:1532 +#: src/utils_reencrypt.c:1555 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Versiuni în conflict. Dispozitivul %s este în recriptare LUKS2." -#: src/utils_reencrypt.c:1538 +#: src/utils_reencrypt.c:1561 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "Recriptarea LUKS2 a fost deja iniÈ›ializată. Se abandonează operaÈ›ia." -#: src/utils_reencrypt.c:1545 +#: src/utils_reencrypt.c:1568 msgid "Device reencryption not in progress." msgstr "Recriptarea dispozitivului nu este în curs de desfășurare." -#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:295 #, c-format msgid "Cannot exclusively open %s, device in use." msgstr "Nu se poate deschide exclusiv %s, dispozitiv în uz." @@ -3667,35 +3914,35 @@ msgstr "AVERTISMENT: Dispozitivul %s conÈ›ine deja o semnătură de partiÈ›ie †msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" msgstr "AVERTISMENT: Dispozitivul %s conÈ›ine deja o semnătură superbloc „%sâ€.\n" -#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 +#: src/utils_blockdev.c:219 src/utils_blockdev.c:302 src/utils_blockdev.c:354 msgid "Failed to initialize device signature probes." msgstr "Nu s-au iniÈ›ializat probele de semnătură a dispozitivului." -#: src/utils_blockdev.c:274 +#: src/utils_blockdev.c:282 #, c-format msgid "Failed to stat device %s." msgstr "Nu s-a putut obÈ›ine starea dispozitivului %s." -#: src/utils_blockdev.c:289 +#: src/utils_blockdev.c:297 #, c-format msgid "Failed to open file %s in read/write mode." msgstr "Nu s-a putut deschide fiÈ™ierul %s în modul citire/scriere." -#: src/utils_blockdev.c:307 +#: src/utils_blockdev.c:317 #, c-format msgid "Existing '%s' partition signature on device %s will be wiped." msgstr "Semnătura partiÈ›iei „%s†existentă pe dispozitivul %s va fi È™tearsă." -#: src/utils_blockdev.c:310 +#: src/utils_blockdev.c:320 #, c-format msgid "Existing '%s' superblock signature on device %s will be wiped." msgstr "Semnătura superblocului „%s†existentă pe dispozitivul %s va fi È™tearsă." -#: src/utils_blockdev.c:313 +#: src/utils_blockdev.c:323 msgid "Failed to wipe device signature." msgstr "Nu s-a putut È™terge semnătura dispozitivului." -#: src/utils_blockdev.c:320 +#: src/utils_blockdev.c:330 #, c-format msgid "Failed to probe device %s for a signature." msgstr "Nu s-a putut verifica dispozitivul %s pentru o semnătură." @@ -3710,11 +3957,11 @@ msgstr "SpecificaÈ›ie de dimensiune nevalidă în parametrul „--%sâ€." msgid "Option --%s is not allowed with %s action." msgstr "OpÈ›iunea „--%s†nu este permisă cu acÈ›iunea %s." -#: tokens/ssh/cryptsetup-ssh.c:110 +#: tokens/ssh/cryptsetup-ssh.c:123 msgid "Failed to write ssh token json." msgstr "Nu s-a putut scrie jetonul ssh în format JSON." -#: tokens/ssh/cryptsetup-ssh.c:128 +#: tokens/ssh/cryptsetup-ssh.c:141 msgid "" "Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" "\n" @@ -3725,110 +3972,114 @@ msgid "" msgstr "" "Modul de criptare experimentală pentru deblocarea dispozitivelor LUKS2 cu jeton(token) conectat la un server SSH\v Acest modul permite în prezent doar adăugarea unui jeton(token) la un slot de cheie existent.\n" "\n" -"Serverul SSH specificat trebuie să conÈ›ină un fiÈ™ier cheie în calea specificată, cu o frază de acces pentru un slot de cheie existent pe dispozitiv.\n" +"Serverul SSH specificat trebuie să conÈ›ină un fiÈ™ier cheie în ruta specificată, cu o frază de acces pentru un slot de cheie existent pe dispozitiv.\n" "Acreditările furnizate vor fi folosite de «cryptsetup» pentru a obÈ›ine parola atunci când deschideÈ›i dispozitivul folosind jetonul(token).\n" "\n" -"Notă: InformaÈ›iile furnizate la adăugarea jetonului(token) (adresa serverului SSH, utilizatorul È™i căile) vor fi stocate în antetul LUKS2 în text clar." +"Notă: InformaÈ›iile furnizate la adăugarea jetonului(token) (adresa serverului SSH, utilizatorul È™i rutele) vor fi stocate în antetul LUKS2 în text clar." -#: tokens/ssh/cryptsetup-ssh.c:138 +#: tokens/ssh/cryptsetup-ssh.c:151 msgid "<action> <device>" msgstr "<acÈ›iune> <dispozitiv>" -#: tokens/ssh/cryptsetup-ssh.c:141 +#: tokens/ssh/cryptsetup-ssh.c:154 msgid "Options for the 'add' action:" msgstr "OpÈ›iuni pentru acÈ›iunea „addâ€:" -#: tokens/ssh/cryptsetup-ssh.c:142 +#: tokens/ssh/cryptsetup-ssh.c:155 msgid "IP address/URL of the remote server for this token" msgstr "Adresa IP/URL a serverului de la distanță pentru acest jeton(token)" -#: tokens/ssh/cryptsetup-ssh.c:143 +#: tokens/ssh/cryptsetup-ssh.c:156 msgid "Username used for the remote server" msgstr "Nume de utilizator folosit pentru serverul de la distanță" -#: tokens/ssh/cryptsetup-ssh.c:144 +#: tokens/ssh/cryptsetup-ssh.c:157 msgid "Path to the key file on the remote server" -msgstr "Calea către fiÈ™ierul de cheie din serverul de la distanță" +msgstr "Ruta către fiÈ™ierul de cheie din serverul de la distanță" -#: tokens/ssh/cryptsetup-ssh.c:145 +#: tokens/ssh/cryptsetup-ssh.c:158 msgid "Path to the SSH key for connecting to the remote server" -msgstr "Calea către cheia SSH pentru conectarea la serverul de la distanță" +msgstr "Ruta către cheia SSH pentru conectarea la serverul de la distanță" -#: tokens/ssh/cryptsetup-ssh.c:146 +#: tokens/ssh/cryptsetup-ssh.c:160 +msgid "Path to directory containinig libcryptsetup external tokens" +msgstr "Ruta către directorul care conÈ›ine jetoane(tokens) externe „libcryptsetupâ€" + +#: tokens/ssh/cryptsetup-ssh.c:161 msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." msgstr "Slotul de cheie căruia să îi atribuiÈ›i jetonul. Dacă nu este specificat, jetonul va fi atribuit primei fraze de acces furnizate care se potriveÈ™te cu slotul de cheie." -#: tokens/ssh/cryptsetup-ssh.c:148 +#: tokens/ssh/cryptsetup-ssh.c:163 msgid "Generic options:" msgstr "OpÈ›iuni generice:" -#: tokens/ssh/cryptsetup-ssh.c:149 +#: tokens/ssh/cryptsetup-ssh.c:164 msgid "Shows more detailed error messages" msgstr "AfiÈ™ează mesaje de eroare mult mai detaliate" -#: tokens/ssh/cryptsetup-ssh.c:150 +#: tokens/ssh/cryptsetup-ssh.c:165 msgid "Show debug messages" msgstr "AfiÈ™ează mesajele de depanare" -#: tokens/ssh/cryptsetup-ssh.c:151 +#: tokens/ssh/cryptsetup-ssh.c:166 msgid "Show debug messages including JSON metadata" msgstr "AfiÈ™ează mesajele de depanare, inclusiv metadate JSON" -#: tokens/ssh/cryptsetup-ssh.c:262 +#: tokens/ssh/cryptsetup-ssh.c:281 msgid "Failed to open and import private key:\n" msgstr "Nu s-a putut deschide È™i importa cheia privată:\n" -#: tokens/ssh/cryptsetup-ssh.c:266 +#: tokens/ssh/cryptsetup-ssh.c:285 msgid "Failed to import private key (password protected?).\n" msgstr "Nu s-a putut importa cheia privată (protejată prin parolă?).\n" #. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " -#: tokens/ssh/cryptsetup-ssh.c:268 +#: tokens/ssh/cryptsetup-ssh.c:287 #, c-format msgid "%s@%s's password: " msgstr "Parola pentru %s@%s: " -#: tokens/ssh/cryptsetup-ssh.c:357 +#: tokens/ssh/cryptsetup-ssh.c:376 #, c-format msgid "Failed to parse arguments.\n" msgstr "Argumentele nu au putut fi analizate.\n" -#: tokens/ssh/cryptsetup-ssh.c:368 +#: tokens/ssh/cryptsetup-ssh.c:387 #, c-format msgid "An action must be specified\n" msgstr "Trebuie specificată o acÈ›iune\n" -#: tokens/ssh/cryptsetup-ssh.c:374 +#: tokens/ssh/cryptsetup-ssh.c:393 #, c-format msgid "Device must be specified for '%s' action.\n" msgstr "Trebuie specificat dispozitivul pentru acÈ›iunea „%sâ€.\n" -#: tokens/ssh/cryptsetup-ssh.c:379 +#: tokens/ssh/cryptsetup-ssh.c:398 #, c-format msgid "SSH server must be specified for '%s' action.\n" msgstr "Serverul SSH trebuie să fie specificat pentru acÈ›iunea „%sâ€.\n" -#: tokens/ssh/cryptsetup-ssh.c:384 +#: tokens/ssh/cryptsetup-ssh.c:403 #, c-format msgid "SSH user must be specified for '%s' action.\n" msgstr "Trebuie specificat utilizatorul SSH pentru acÈ›iunea „%sâ€.\n" -#: tokens/ssh/cryptsetup-ssh.c:389 +#: tokens/ssh/cryptsetup-ssh.c:408 #, c-format msgid "SSH path must be specified for '%s' action.\n" -msgstr "Trebuie specificată calea SSH pentru acÈ›iunea „%sâ€.\n" +msgstr "Trebuie specificată ruta SSH pentru acÈ›iunea „%sâ€.\n" -#: tokens/ssh/cryptsetup-ssh.c:394 +#: tokens/ssh/cryptsetup-ssh.c:413 #, c-format msgid "SSH key path must be specified for '%s' action.\n" -msgstr "Trebuie specificată calea cheii SSH pentru acÈ›iunea „%sâ€.\n" +msgstr "Trebuie specificată ruta cheii SSH pentru acÈ›iunea „%sâ€.\n" -#: tokens/ssh/cryptsetup-ssh.c:401 +#: tokens/ssh/cryptsetup-ssh.c:420 #, c-format msgid "Failed open %s using provided credentials.\n" msgstr "Nu s-a putut deschide %s folosind acreditările furnizate.\n" -#: tokens/ssh/cryptsetup-ssh.c:417 +#: tokens/ssh/cryptsetup-ssh.c:437 #, c-format msgid "Only 'add' action is currently supported by this plugin.\n" msgstr "Doar acÈ›iunea „addi†este suportată în prezent de acest modul.\n" @@ -3872,3 +4123,9 @@ msgstr "Metoda de autentificare cu cheie publică nu este permisă pe gazdă.\n" #: tokens/ssh/ssh-utils.c:171 msgid "Public key authentication error: " msgstr "Eroare la autentificarea cu cheia publică: " + +#~ msgid "compiled-in" +#~ msgstr "integrat în compilare" + +#~ msgid "disabled" +#~ msgstr "dezactivat" @@ -10,7 +10,7 @@ msgstr "" "Project-Id-Version: cryptsetup 2.6.1-rc0\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" "POT-Creation-Date: 2023-02-01 15:58+0100\n" -"PO-Revision-Date: 2023-02-04 15:38+0300\n" +"PO-Revision-Date: 2023-11-02 21:04+0300\n" "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n" "Language-Team: Russian <gnu@d07.ru>\n" "Language: ru\n" @@ -19,7 +19,7 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "X-Launchpad-Export-Date: 2018-12-03 15:52+0000\n" -"X-Generator: Lokalize 20.12.0\n" +"X-Generator: Lokalize 22.12.3\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #: lib/libdevmapper.c:419 @@ -723,7 +723,7 @@ msgstr "Запрошенный тип PBKDF %s не поддерживаетÑÑ #: lib/utils_pbkdf.c:128 msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." -msgstr "МакÑимальный размер памÑти PBKDF и количеÑтво параллельных нитей Ð½ÐµÐ»ÑŒÐ·Ñ Ð·Ð°Ð´Ð°Ð²Ð°Ñ‚ÑŒ вмеÑте Ñ pbkdf2." +msgstr "МакÑимальный размер памÑти PBKDF или количеÑтво параллельных потоков Ð½ÐµÐ»ÑŒÐ·Ñ Ð·Ð°Ð´Ð°Ð²Ð°Ñ‚ÑŒ вмеÑте Ñ pbkdf2." #: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 #, c-format @@ -746,7 +746,7 @@ msgstr "Ð—Ð°Ð¿Ñ€Ð¾ÑˆÐµÐ½Ð½Ð°Ñ Ð¼Ð°ÐºÑÐ¸Ð¼Ð°Ð»ÑŒÐ½Ð°Ñ ÑтоимоÑÑ‚ÑŒ паР#: lib/utils_pbkdf.c:164 msgid "Requested PBKDF parallel threads cannot be zero." -msgstr "Запрошенное количеÑтво параллельных нитей PBKDF не может быть нулевым." +msgstr "Запрошенное количеÑтво параллельных потоков PBKDF не может быть нулевым." #: lib/utils_pbkdf.c:184 msgid "Only PBKDF2 is supported in FIPS mode." @@ -1986,7 +1986,7 @@ msgstr "%-10s Ð/Д\n" #: src/cryptsetup.c:1021 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" -msgstr "%-10s %4u итераций, %5u памÑти, %1u параллельных нитей (ЦП) Ð´Ð»Ñ %zu-битного ключа (запрашивалÑÑ %u мÑ)\n" +msgstr "%-10s %4u итераций, %5u памÑти, %1u параллельных потоков (ЦП) Ð´Ð»Ñ %zu-битного ключа (запрашивалÑÑ %u мÑ)\n" #: src/cryptsetup.c:1045 msgid "Result of benchmark is not reliable." @@ -2660,7 +2660,7 @@ msgstr "" "\tМакÑимальный размер файла ключа: %dКБ, МакÑÐ¸Ð¼Ð°Ð»ÑŒÐ½Ð°Ñ Ð´Ð»Ð¸Ð½Ð° парольной фразы при вводе вручную: %d (Ñимволов)\n" "PBKDF по умолчанию Ð´Ð»Ñ LUKS1: %s, Ð’Ñ€ÐµÐ¼Ñ Ð¸Ñ‚ÐµÑ€Ð°Ñ†Ð¸Ð¸: %d (мÑ)\n" "PBKDF по умолчанию Ð´Ð»Ñ LUKS2: %s\n" -"\tÐ’Ñ€ÐµÐ¼Ñ Ð¸Ñ‚ÐµÑ€Ð°Ñ†Ð¸Ð¸: %d, Ð¢Ñ€ÐµÐ±ÑƒÐµÐ¼Ð°Ñ Ð¿Ð°Ð¼ÑÑ‚ÑŒ: %dКБ, Кол-во параллельных нитей: %d\n" +"\tÐ’Ñ€ÐµÐ¼Ñ Ð¸Ñ‚ÐµÑ€Ð°Ñ†Ð¸Ð¸: %d, Ð¢Ñ€ÐµÐ±ÑƒÐµÐ¼Ð°Ñ Ð¿Ð°Ð¼ÑÑ‚ÑŒ: %dКБ, Кол-во параллельных потоков: %d\n" #: src/cryptsetup.c:3241 #, c-format @@ -1,14 +1,14 @@ # Serbian translation for cryptsetup. # Copyright © 2014 Free Software Foundation, Inc. # This file is distributed under the same license as the cryptsetup package. -# МироÑлав Ðиколић <miroslavnikolic@rocketmail.com>, 2014–2022. +# МироÑлав Ðиколић <miroslavnikolic@rocketmail.com>, 2014–2023. # msgid "" msgstr "" -"Project-Id-Version: cryptsetup-2.5.0-rc1\n" +"Project-Id-Version: cryptsetup-2.6.1-rc0\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2022-07-14 14:04+0200\n" -"PO-Revision-Date: 2022-09-08 05:02+0200\n" +"POT-Creation-Date: 2023-02-01 15:58+0100\n" +"PO-Revision-Date: 2023-02-19 11:50+0100\n" "Last-Translator: МироÑлав Ðиколић <miroslavnikolic@rocketmail.com>\n" "Language-Team: Serbian <(nothing)>\n" "Language: sr\n" @@ -18,67 +18,71 @@ msgstr "" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -#: lib/libdevmapper.c:417 +#: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "Ðе могу да покренем мапера уређаја, радим као обичан кориÑник." -#: lib/libdevmapper.c:420 +#: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Ðе могу да покренем мапера уређаја. Да ли је учитан модул кернела „dm_mod“?" -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1102 msgid "Requested deferred flag is not supported." msgstr "Затражена одложена заÑтавица није подржана." -#: lib/libdevmapper.c:1240 +#: lib/libdevmapper.c:1171 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "ДМ-УЈИБ за уређај „%s“ је Ñкраћен." -#: lib/libdevmapper.c:1570 +#: lib/libdevmapper.c:1501 msgid "Unknown dm target type." msgstr "Ðепозната врÑта „dm“ мете." -#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763 -#: lib/libdevmapper.c:1766 +#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 +#: lib/libdevmapper.c:1727 msgid "Requested dm-crypt performance options are not supported." msgstr "Затражене опције перформанÑи дм-шифровања ниÑу подржане." -#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710 +#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Затражене опције рада оштећених података дм-веритија ниÑу подржане." -#: lib/libdevmapper.c:1714 +#: lib/libdevmapper.c:1641 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "Затражене „dm-verity“ опција без задатка није подржана." + +#: lib/libdevmapper.c:1653 msgid "Requested dm-verity FEC options are not supported." msgstr "Затражене „dm-verity FEC“ опције ниÑу подржане." -#: lib/libdevmapper.c:1718 +#: lib/libdevmapper.c:1659 msgid "Requested data integrity options are not supported." msgstr "Затражене опције целовитоÑти података ниÑу подржане." -#: lib/libdevmapper.c:1720 +#: lib/libdevmapper.c:1663 msgid "Requested sector_size option is not supported." msgstr "Затражене опције величине одељка ниÑу подржане." -#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729 +#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Затражене опције ÑамоÑталног прерачунавања ознака целовитоÑти ниÑу подржане." -#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772 -#: lib/luks2/luks2_json_metadata.c:2552 +#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 +#: lib/luks2/luks2_json_metadata.c:2620 msgid "Discard/TRIM is not supported." msgstr "Одбацивање/ОДСЕЦÐЊЕ није подржано." -#: lib/libdevmapper.c:1737 +#: lib/libdevmapper.c:1688 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Затражени режим битмапе дм-целовитоÑти није подржан." -#: lib/libdevmapper.c:2763 +#: lib/libdevmapper.c:2724 #, c-format msgid "Failed to query dm-%s segment." msgstr "ÐиÑам уÑпео да пропитам „dm-%s“ подеок." -#: lib/random.c:74 +#: lib/random.c:73 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -86,16 +90,16 @@ msgstr "" "СиÑтем је ван ентропије приликом Ñтварања кључа волумена.\n" "Померите миша или откуцајте неки текÑÑ‚ у другом прозору да прикупите неке наÑумичне догађаје.\n" -#: lib/random.c:78 +#: lib/random.c:77 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Стварам кључ (%d %% је урађено).\n" -#: lib/random.c:164 +#: lib/random.c:163 msgid "Running in FIPS mode." msgstr "Ради у „FIPS“ режиму." -#: lib/random.c:170 +#: lib/random.c:169 msgid "Fatal error during RNG initialisation." msgstr "Кобна грешка за време покретања „RNG“-а." @@ -107,430 +111,440 @@ msgstr "Затражен је непознат квалитет „RNG“-а." msgid "Error reading from RNG." msgstr "Грешка читања из „RNG“-а." -#: lib/setup.c:226 +#: lib/setup.c:231 msgid "Cannot initialize crypto RNG backend." msgstr "Ðе могу да покренем „RNG“ позадинца криптографије." -#: lib/setup.c:232 +#: lib/setup.c:237 msgid "Cannot initialize crypto backend." msgstr "Ðе могу да покренем позадинца криптографије." -#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122 +#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Хеш алгоритам „%s“ није подржан." -#: lib/setup.c:266 lib/loopaes/loopaes.c:90 +#: lib/setup.c:271 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Грешка обраде кључа (кориÑтим хеш %s)." -#: lib/setup.c:332 lib/setup.c:359 +#: lib/setup.c:342 lib/setup.c:369 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Ðе могу да одредим врÑту уређаја. ÐеÑаглаÑно покретање уређаја?" -#: lib/setup.c:338 lib/setup.c:3221 +#: lib/setup.c:348 lib/setup.c:3320 msgid "This operation is supported only for LUKS device." msgstr "Ова радња је подржана Ñамо за ЛУКС уређај." -#: lib/setup.c:365 +#: lib/setup.c:375 msgid "This operation is supported only for LUKS2 device." msgstr "Ова радња је подржана Ñамо за ЛУКС2 уређај." -#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985 +#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 msgid "All key slots full." msgstr "Сви утори кључева Ñу пуни." -#: lib/setup.c:431 +#: lib/setup.c:438 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Утор кључа %d није иÑправан, изаберите између 0 и %d." -#: lib/setup.c:437 +#: lib/setup.c:444 #, c-format msgid "Key slot %d is full, please select another one." msgstr "Утор кључа %d је пун, изаберите неки други." -#: lib/setup.c:522 lib/setup.c:2946 +#: lib/setup.c:529 lib/setup.c:3042 msgid "Device size is not aligned to device logical block size." msgstr "Величина уређаја није поравната на величину логичког блока уређаја." -#: lib/setup.c:620 +#: lib/setup.c:627 #, c-format msgid "Header detected but device %s is too small." msgstr "Заглавље је откривено али уређај „%s“ је премали." -#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335 -#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159 +#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 +#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 msgid "This operation is not supported for this device type." msgstr "Ова радња није подржана за ову врÑту уређаја." -#: lib/setup.c:666 +#: lib/setup.c:673 msgid "Illegal operation with reencryption in-progress." msgstr "ÐеиÑправна радња Ñа поновним шифровањем је у току." -#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524 -#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449 -#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756 -#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380 -#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378 -#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:802 +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "ÐиÑам уÑпео да повратим ЛУКС2 метаподатке у меморију." + +#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 +#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 +#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 +#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "Уређај „%s“ није иÑправан ЛУКС уређај." -#: lib/setup.c:836 lib/luks1/keymanage.c:527 +#: lib/setup.c:892 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "Ðеподржано ЛУКС издање %d." -#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694 -#: lib/setup.c:2859 lib/setup.c:4807 +#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 +#: lib/setup.c:2952 lib/setup.c:4764 #, c-format msgid "Device %s is not active." msgstr "Уређај „%s“ није радан." -#: lib/setup.c:1448 +#: lib/setup.c:1508 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "ОÑновни уређај за криптографÑки уређај „%s“ је неÑтао." -#: lib/setup.c:1528 +#: lib/setup.c:1590 msgid "Invalid plain crypt parameters." msgstr "ÐеиÑправни параметри обичне криптографије." -#: lib/setup.c:1533 lib/setup.c:1983 +#: lib/setup.c:1595 lib/setup.c:2054 msgid "Invalid key size." msgstr "ÐеиÑправна величина кључа." -#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191 +#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 msgid "UUID is not supported for this crypt type." msgstr "УЈИБ није подржан за ову врÑту криптографије." -#: lib/setup.c:1543 lib/setup.c:1993 +#: lib/setup.c:1605 lib/setup.c:2064 msgid "Detached metadata device is not supported for this crypt type." msgstr "Откачени уређај метаподатака није подржан за ову врÑту криптографије." -#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941 -#: src/cryptsetup.c:1250 src/cryptsetup.c:3072 +#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 +#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 msgid "Unsupported encryption sector size." msgstr "Ðеподржана величина одељка шифровања." -#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940 +#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 msgid "Device size is not aligned to requested sector size." msgstr "Величина уређаја није поравната на затражену величину одељка." -#: lib/setup.c:1613 lib/setup.c:1733 +#: lib/setup.c:1675 lib/setup.c:1799 msgid "Can't format LUKS without device." msgstr "Ðе могу да обликујем ЛУКС без уређаја." -#: lib/setup.c:1619 lib/setup.c:1739 +#: lib/setup.c:1681 lib/setup.c:1805 msgid "Requested data alignment is not compatible with data offset." msgstr "Затражено поравнање података није ÑаглаÑно Ñа померајем података." -#: lib/setup.c:1687 lib/setup.c:1883 -msgid "WARNING: Data offset is outside of currently available data device.\n" -msgstr "УПОЗОРЕЊЕ: Померај података је ван тренутно доÑтупног уређаја података.\n" - -#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203 +#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 #, c-format msgid "Cannot wipe header on device %s." msgstr "Ðе могу да обришем заглавље на уређају „%s“." -#: lib/setup.c:1774 +#: lib/setup.c:1769 lib/setup.c:2036 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "Уређај „%s“ је премали за активирање, није преоÑтао проÑтор за податке.\n" + +#: lib/setup.c:1840 msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" msgstr "УПОЗОРЕЊЕ: Покретање уређаја неће уÑпети, „dm-crypt“-у недоÑтаје подршка за затражену величину одељка шифровања.\n" -#: lib/setup.c:1797 +#: lib/setup.c:1863 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Кључ волумена је премали за шифровање Ñа проширењима целовитоÑти." -#: lib/setup.c:1857 +#: lib/setup.c:1923 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Шифрер %s-%s (величина кључа %zd бита) није доÑтупан." -#: lib/setup.c:1886 +#: lib/setup.c:1949 #, c-format msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" msgstr "УПОЗОРЕЊЕ: Величина ЛУКС2 метаподатака је промењена на %<PRIu64> бајта.\n" -#: lib/setup.c:1890 +#: lib/setup.c:1953 #, c-format msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" msgstr "УПОЗОРЕЊЕ: Величина облаÑти ЛУКС2 утора кључева је промењена на %<PRIu64> бајта.\n" -#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254 +#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 #, c-format msgid "Device %s is too small." msgstr "Уређај „%s“ је премали." -#: lib/setup.c:1927 lib/setup.c:1953 +#: lib/setup.c:1990 lib/setup.c:2016 #, c-format msgid "Cannot format device %s in use." msgstr "Ðе могу да обликујем уређај „%s“ у употреби." -#: lib/setup.c:1930 lib/setup.c:1956 +#: lib/setup.c:1993 lib/setup.c:2019 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Ðе могу да обликујем уређај „%s“, овлашћење је одбијено." -#: lib/setup.c:1942 lib/setup.c:2263 +#: lib/setup.c:2005 lib/setup.c:2334 #, c-format msgid "Cannot format integrity for device %s." msgstr "Ðе могу да обликујем целовитоÑÑ‚ за уређај „%s“." -#: lib/setup.c:1960 +#: lib/setup.c:2023 #, c-format msgid "Cannot format device %s." msgstr "Ðе могу да обликујем уређај „%s“." -#: lib/setup.c:1978 +#: lib/setup.c:2049 msgid "Can't format LOOPAES without device." msgstr "Ðе могу да обликујем „LOOPAES“ без уређаја." -#: lib/setup.c:2023 +#: lib/setup.c:2094 msgid "Can't format VERITY without device." msgstr "Ðе могу да обликујем „VERITY“ без уређаја." -#: lib/setup.c:2034 lib/verity/verity.c:101 +#: lib/setup.c:2105 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Ðеподржана врÑта „VERITY“ хеша %d." -#: lib/setup.c:2040 lib/verity/verity.c:109 +#: lib/setup.c:2111 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Ðеподржана величина блока „VERITY“." -#: lib/setup.c:2045 lib/verity/verity.c:74 +#: lib/setup.c:2116 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Ðеподржан померај хеша „VERITY“." -#: lib/setup.c:2050 +#: lib/setup.c:2121 msgid "Unsupported VERITY FEC offset." msgstr "Ðеподржан „VERITY FEC“ померај." -#: lib/setup.c:2074 +#: lib/setup.c:2145 msgid "Data area overlaps with hash area." msgstr "ОблаÑÑ‚ података Ñе преклапа Ñа облашћу хеша." -#: lib/setup.c:2099 +#: lib/setup.c:2170 msgid "Hash area overlaps with FEC area." msgstr "ОблаÑÑ‚ хеша Ñе преклапа Ñа „FEC“ облашћу." -#: lib/setup.c:2106 +#: lib/setup.c:2177 msgid "Data area overlaps with FEC area." msgstr "ОблаÑÑ‚ података Ñе преклапа Ñа „FEC“ облашћу." -#: lib/setup.c:2242 +#: lib/setup.c:2313 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "УПОЗОРЕЊЕ: Затражена величина ознаке %d бајта Ñе разликује од излаза величине „%s“ (%d бајта).\n" -#: lib/setup.c:2321 +#: lib/setup.c:2392 #, c-format msgid "Unknown crypt device type %s requested." msgstr "Затражена је непозната врÑта „%s“ криптографÑког уређаја." -#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700 +#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 #, c-format msgid "Unsupported parameters on device %s." msgstr "Ðеподржани параметри на уређају „%s“." -#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837 -#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459 +#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 +#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 #, c-format msgid "Mismatching parameters on device %s." msgstr "Ðеодговарајући параметри на уређају „%s“." -#: lib/setup.c:2731 +#: lib/setup.c:2822 msgid "Crypt devices mismatch." msgstr "КриптографÑки уређаји Ñе не поклапају." -#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315 -#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007 +#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 #, c-format msgid "Failed to reload device %s." msgstr "ÐиÑам уÑпео поново да учитам уређај „%s“." -#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286 -#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867 +#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 +#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 #, c-format msgid "Failed to suspend device %s." msgstr "ÐиÑам уÑпео да обуÑтавим уређај „%s“." -#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300 -#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920 -#: lib/luks2/luks2_reencrypt.c:4011 +#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 +#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 +#: lib/luks2/luks2_reencrypt.c:4036 #, c-format msgid "Failed to resume device %s." msgstr "ÐиÑам уÑпео да наÑтавим Ñа уређајем „%s“." -#: lib/setup.c:2806 +#: lib/setup.c:2897 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Кобна грешка приликом поновног учитавања уређаја „%s“ (на врху уређаја „%s“)." -#: lib/setup.c:2809 lib/setup.c:2811 +#: lib/setup.c:2900 lib/setup.c:2902 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "ÐиÑам уÑпео да променим уређај „%s“ на дм-грешку." -#: lib/setup.c:2891 +#: lib/setup.c:2984 msgid "Cannot resize loop device." msgstr "Ðе могу да променим величину уређаја петље." -#: lib/setup.c:2931 +#: lib/setup.c:3027 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "" "УПОЗОРЕЊЕ: Ðајвећа величина је већ поÑтављена или кернел не подржава промену величине.\n" "\n" -#: lib/setup.c:2989 +#: lib/setup.c:3088 msgid "Resize failed, the kernel doesn't support it." msgstr "Промена величине није уÑпела, кернел је не подржава." -#: lib/setup.c:3021 +#: lib/setup.c:3120 msgid "Do you really want to change UUID of device?" msgstr "Да ли Ñтварно желите да измените УЈИБ уређаја?" -#: lib/setup.c:3113 +#: lib/setup.c:3212 msgid "Header backup file does not contain compatible LUKS header." msgstr "Датотека резерве заглавља не Ñадржи ÑаглаÑно ЛУКС заглавље." -#: lib/setup.c:3229 +#: lib/setup.c:3328 #, c-format msgid "Volume %s is not active." msgstr "Волумен „%s“ није радан." -#: lib/setup.c:3240 +#: lib/setup.c:3339 #, c-format msgid "Volume %s is already suspended." msgstr "Волумен „%s“ је већ обуÑтављен." -#: lib/setup.c:3253 +#: lib/setup.c:3352 #, c-format msgid "Suspend is not supported for device %s." msgstr "ОбуÑтављање није подржано за уређај „%s“." -#: lib/setup.c:3255 +#: lib/setup.c:3354 #, c-format msgid "Error during suspending device %s." msgstr "Грешка за време обуÑтављања уређаја „%s“." -#: lib/setup.c:3290 +#: lib/setup.c:3389 #, c-format msgid "Resume is not supported for device %s." msgstr "ÐаÑтављање није подржано за уређај „%s“." -#: lib/setup.c:3292 +#: lib/setup.c:3391 #, c-format msgid "Error during resuming device %s." msgstr "Грешка за време наÑтављања уређаја „%s“." -#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489 -#: src/cryptsetup.c:2207 +#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 +#: src/cryptsetup.c:2479 #, c-format msgid "Volume %s is not suspended." msgstr "Волумен „%s“ није обуÑтављен." -#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597 -#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790 +#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 +#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 +#: src/cryptsetup.c:2011 msgid "Volume key does not match the volume." msgstr "Кључ волумена не одговара волумену." -#: lib/setup.c:3540 lib/setup.c:3745 -msgid "Cannot add key slot, all slots disabled and no volume key provided." -msgstr "Ðе могу да додам утор кључа, Ñви утори Ñу иÑкључени а није обезбеђен ниједан кључ волумена." - -#: lib/setup.c:3697 +#: lib/setup.c:3737 msgid "Failed to swap new key slot." msgstr "ÐиÑам уÑпео да разменим нови утор кључа." -#: lib/setup.c:3883 +#: lib/setup.c:3835 #, c-format msgid "Key slot %d is invalid." msgstr "Утор кључа „%d“ није иÑправан." -#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936 -#: src/cryptsetup.c:2540 src/cryptsetup.c:2597 +#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 +#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 #, c-format msgid "Keyslot %d is not active." msgstr "Утор кључа „%d“ није радан." -#: lib/setup.c:3908 +#: lib/setup.c:3860 msgid "Device header overlaps with data area." msgstr "Заглавље уређаја Ñе преклапа Ñа облашћу података." -#: lib/setup.c:4213 +#: lib/setup.c:4165 msgid "Reencryption in-progress. Cannot activate device." msgstr "Поновно шифровање је у току. Ðе могу да активирам уређај." -#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635 -#: lib/luks2/luks2_reencrypt.c:3565 +#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 +#: lib/luks2/luks2_reencrypt.c:3590 msgid "Failed to get reencryption lock." msgstr "ÐиÑам уÑпео да добавим закључавање поновног шифровања." -#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584 +#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 msgid "LUKS2 reencryption recovery failed." msgstr "Опоравак ЛУКС2 поновног шифровања није уÑпело." -#: lib/setup.c:4396 lib/setup.c:4661 +#: lib/setup.c:4352 lib/setup.c:4618 msgid "Device type is not properly initialized." msgstr "Ð’Ñ€Ñта уређаја није иÑправно покренута." -#: lib/setup.c:4444 +#: lib/setup.c:4400 #, c-format msgid "Device %s already exists." msgstr "Већ поÑтоји уређај „%s“." -#: lib/setup.c:4451 +#: lib/setup.c:4407 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Ðе могу да кориÑтим уређај „%s“, назив није иÑправан или је још у употреби." -#: lib/setup.c:4571 +#: lib/setup.c:4527 msgid "Incorrect volume key specified for plain device." msgstr "Ðаведен је неиÑправан кључ волумена за обичан уређај." -#: lib/setup.c:4687 +#: lib/setup.c:4644 msgid "Incorrect root hash specified for verity device." msgstr "Ðаведен је неиÑправан хеш корена за уређај тачноÑти." -#: lib/setup.c:4697 +#: lib/setup.c:4654 msgid "Root hash signature required." msgstr "ÐŸÐ¾Ñ‚Ð¿Ð¸Ñ Ñ…ÐµÑˆÐ° корена је потребан." -#: lib/setup.c:4706 +#: lib/setup.c:4663 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Привезак кључева кернела недоÑтаје: потребан је за проÑлеђивање потпиÑа кернелу." -#: lib/setup.c:4723 lib/setup.c:6218 +#: lib/setup.c:4680 lib/setup.c:6423 msgid "Failed to load key in kernel keyring." msgstr "ÐиÑам уÑпео да учитам кључ у привеÑку кључева кернела." -#: lib/setup.c:4779 +#: lib/setup.c:4736 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Ðе могу да откажем различно уклањање из уређаја „%s“." -#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688 +#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "Уређај „%s“ је још увеку употреби." -#: lib/setup.c:4811 +#: lib/setup.c:4768 #, c-format msgid "Invalid device %s." msgstr "ÐеиÑправан уређај „%s“." -#: lib/setup.c:4927 +#: lib/setup.c:4908 msgid "Volume key buffer too small." msgstr "Међумеморија кључа волумена је премала." -#: lib/setup.c:4935 +#: lib/setup.c:4925 +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "Ðе могу да довучем кључ волумена за ЛУКС2 уређај." + +#: lib/setup.c:4934 +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "Ðе могу да довучем кључ волумена за ЛУКС1 уређај." + +#: lib/setup.c:4944 msgid "Cannot retrieve volume key for plain device." msgstr "Ðе могу да довучем кључ волумена за обичан уређај." @@ -538,147 +552,151 @@ msgstr "Ðе могу да довучем кључ волумена за Ð¾Ð±Ð¸Ñ msgid "Cannot retrieve root hash for verity device." msgstr "Ðе могу да довучем хеш корена за уређај тачноÑти." -#: lib/setup.c:4956 +#: lib/setup.c:4959 +msgid "Cannot retrieve volume key for BITLK device." +msgstr "Ðе могу да довучем кључ волумена за BITLK уређај." + +#: lib/setup.c:4964 +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "Ðе могу да довучем кључ волумена за FVAULT2 уређај." + +#: lib/setup.c:4966 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Ова радња није подржана за криптографÑки уређај „%s“." -#: lib/setup.c:5130 lib/setup.c:5141 +#: lib/setup.c:5147 lib/setup.c:5158 msgid "Dump operation is not supported for this device type." msgstr "Радња иÑпиÑа није подржана за ову врÑту уређаја." -#: lib/setup.c:5471 +#: lib/setup.c:5500 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "Померај података није умножак %u бајта." -#: lib/setup.c:5756 +#: lib/setup.c:5788 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Ðе могу да преобратим уређај „%s“ који је још увек у употреби." -#: lib/setup.c:6075 +#: lib/setup.c:6098 lib/setup.c:6237 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "ÐиÑам уÑпео да доделим утор кључа „%u“ као нови кључ волумена." -#: lib/setup.c:6148 +#: lib/setup.c:6122 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "ÐиÑам уÑпео да покренем оÑновне параметре ЛУКС2 утора кључа." -#: lib/setup.c:6154 +#: lib/setup.c:6128 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "ÐиÑам уÑпео да доделим утор кључа „%d“ за преглед." -#: lib/setup.c:6285 +#: lib/setup.c:6353 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Ðе могу да додам утор кључа, Ñви утори Ñу иÑкључени а није обезбеђен ниједан кључ волумена." + +#: lib/setup.c:6490 msgid "Kernel keyring is not supported by the kernel." msgstr "Привезак кључева кернела није подржан кернелом." -#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782 +#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 #, c-format msgid "Failed to read passphrase from keyring (error %d)." msgstr "ÐиÑам уÑпео да прочитам пропуÑну реч из привеÑка кључа (грешка %d)." -#: lib/setup.c:6319 +#: lib/setup.c:6523 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "ÐиÑам уÑпео да оÑтварим опште закључавање Ñеријализације приÑтупа чврÑтој меморији." -#: lib/utils.c:80 -msgid "Cannot get process priority." -msgstr "Ðе могу да добавим хитноÑÑ‚ процеÑа." - -#: lib/utils.c:94 -msgid "Cannot unlock memory." -msgstr "Ðе могу да откључам меморију." - -#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502 +#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 msgid "Failed to open key file." msgstr "ÐиÑам уÑпео да отворим датотеку кључа." -#: lib/utils.c:173 +#: lib/utils.c:163 msgid "Cannot read keyfile from a terminal." msgstr "Ðе могу да прочитам датотеку кључа из терминала." -#: lib/utils.c:189 +#: lib/utils.c:179 msgid "Failed to stat key file." msgstr "ÐиÑам уÑпео да добавим податке датотеке кључа." -#: lib/utils.c:197 lib/utils.c:218 +#: lib/utils.c:187 lib/utils.c:208 msgid "Cannot seek to requested keyfile offset." msgstr "Ðе могу да премотам на затражени померај датотеке кључа." -#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226 -#: src/utils_password.c:238 +#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 +#: src/utils_password.c:237 msgid "Out of memory while reading passphrase." msgstr "ÐеÑтало је меморије приликом читања пропуÑне речи." -#: lib/utils.c:247 +#: lib/utils.c:237 msgid "Error reading passphrase." msgstr "Грешка читања пропуÑне речи." -#: lib/utils.c:264 +#: lib/utils.c:254 msgid "Nothing to read on input." msgstr "Ðема ничега за читање на улазу." -#: lib/utils.c:271 +#: lib/utils.c:261 msgid "Maximum keyfile size exceeded." msgstr "Премашена је највећа величина датотеке кључа." -#: lib/utils.c:276 +#: lib/utils.c:266 msgid "Cannot read requested amount of data." msgstr "Ðе могу да прочитам затражену количину података." -#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353 +#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 #, c-format msgid "Device %s does not exist or access denied." msgstr "Уређај „%s“ не поÑтоји или је приÑтуп одбијен." -#: lib/utils_device.c:218 +#: lib/utils_device.c:217 #, c-format msgid "Device %s is not compatible." msgstr "Уређај „%s“ није ÑаглаÑан." -#: lib/utils_device.c:562 +#: lib/utils_device.c:561 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "Занемарујем лажну оптималну-уи величину за уређај података (%u бајта)." -#: lib/utils_device.c:720 +#: lib/utils_device.c:722 #, c-format msgid "Device %s is too small. Need at least %<PRIu64> bytes." msgstr "Уређај „%s“ је премали. Захтева барем %<PRIu64> бајта." -#: lib/utils_device.c:801 +#: lib/utils_device.c:803 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Ðе могу да кориÑтим уређај „%s“ који је у употреби (већ мапиран или прикачен)." -#: lib/utils_device.c:805 +#: lib/utils_device.c:807 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Ðе могу да кориÑтим уређај „%s“, овлашћење је одбијено." -#: lib/utils_device.c:808 +#: lib/utils_device.c:810 #, c-format msgid "Cannot get info about device %s." msgstr "Ðе могу да добавим податке о уређају „%s“." -#: lib/utils_device.c:831 +#: lib/utils_device.c:833 msgid "Cannot use a loopback device, running as non-root user." msgstr "Ðе могу да кориÑтим уређај повратне петље, радим као обичан кориÑник." -#: lib/utils_device.c:842 +#: lib/utils_device.c:844 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "Прикачињање уређаја повратне петље није уÑпело (потребан је уређај петље Ñа опцијом Ñамочишћења)." -#: lib/utils_device.c:890 +#: lib/utils_device.c:892 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Захтевани померај је изван Ñтварне величине уређаја „%s“." -#: lib/utils_device.c:898 +#: lib/utils_device.c:900 #, c-format msgid "Device %s has zero size." msgstr "Уређај „%s“ има нулту величину." @@ -732,30 +750,25 @@ msgstr "Затражене „PBKDF“ паралелне нити не могу msgid "Only PBKDF2 is supported in FIPS mode." msgstr "Само „PBKDF2“ је подржано у „FIPS“ режиму." -#: lib/utils_benchmark.c:172 +#: lib/utils_benchmark.c:175 msgid "PBKDF benchmark disabled but iterations not set." msgstr "„PBKDF“ оцењивање је иÑкључено али понављања ниÑу поÑтављена." -#: lib/utils_benchmark.c:191 +#: lib/utils_benchmark.c:194 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "ÐиÑу ÑаглаÑне „PBKDF2“ опције (кориÑтим хеш алгоритам %s)." -#: lib/utils_benchmark.c:211 +#: lib/utils_benchmark.c:214 msgid "Not compatible PBKDF options." msgstr "ÐеÑаглаÑне „PBKDF“ опције." -#: lib/utils_device_locking.c:102 +#: lib/utils_device_locking.c:101 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." msgstr "Закључавање је прекинуто. Путања закључавања „%s/%s“ је неиÑкориÑтива (није директоријум или недоÑтаје)." -#: lib/utils_device_locking.c:109 -#, c-format -msgid "Locking directory %s/%s will be created with default compiled-in permissions." -msgstr "Директоријум закључавања „%s/%s“ биће направљен Ñа оÑновним преведеним овлашћењима." - -#: lib/utils_device_locking.c:119 +#: lib/utils_device_locking.c:118 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Закључавање је прекинуто. Путања закључавања „%s/%s“ је неиÑкориÑтива („%s“ није директоријум)." @@ -787,9 +800,9 @@ msgstr "Величина кључа у „XTS“ режиму мора да бу msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." msgstr "Спецификација шифрера треба бити у запиÑу „[шифрер]-[режим]-[ив]“." -#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364 -#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125 -#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Ðе могу да пишем на уређај „%s“, овлашћење је одбијено." @@ -802,23 +815,24 @@ msgstr "ÐиÑам уÑпео да отворим привремени уређРmsgid "Failed to access temporary keystore device." msgstr "ÐиÑам уÑпео да приÑтупм привременом уређају Ñмештаја кључа." -#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 -#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 msgid "IO error while encrypting keyslot." msgstr "Грешка УИ приликом шифровања утора кључа." -#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367 -#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680 -#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320 -#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349 -#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272 -#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424 -#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133 +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." msgstr "Ðе могу да отворим уређај „%s“." -#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 msgid "IO error while decrypting keyslot." msgstr "Грешка УИ приликом дешифровања утора кључа." @@ -834,54 +848,54 @@ msgstr "Уређај „%s“ је премали. (ЛУКС1 захтева бРmsgid "LUKS keyslot %u is invalid." msgstr "ЛУКС утор кључа „%u“ није иÑправан." -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 #, c-format msgid "Requested header backup file %s already exists." msgstr "Затражена датотека резерве заглавља „%s“ већ поÑтоји." -#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 #, c-format msgid "Cannot create header backup file %s." msgstr "Ðе могу да направим резервну датотеку заглавља „%s“." -#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 #, c-format msgid "Cannot write header backup file %s." msgstr "Ðе могу да запишем резервну датотеку заглавља „%s“." -#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 msgid "Backup file does not contain valid LUKS header." msgstr "Датотека резерве не Ñадржи иÑправно ЛУКС заглавље." -#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590 -#: lib/luks2/luks2_json_metadata.c:1351 +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1420 #, c-format msgid "Cannot open header backup file %s." msgstr "Ðе могу да отворим резервну датотеку заглавља „%s“." -#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 #, c-format msgid "Cannot read header backup file %s." msgstr "Ðе могу да прочитам резервну датотеку заглавља „%s“." -#: lib/luks1/keymanage.c:337 +#: lib/luks1/keymanage.c:339 msgid "Data offset or key size differs on device and backup, restore failed." msgstr "Померај датума или величина кључа Ñе разликују на уређају и резерви, враћање није уÑпело." -#: lib/luks1/keymanage.c:345 +#: lib/luks1/keymanage.c:347 #, c-format msgid "Device %s %s%s" msgstr "Уређај %s %s%s" -#: lib/luks1/keymanage.c:346 +#: lib/luks1/keymanage.c:348 msgid "does not contain LUKS header. Replacing header can destroy data on that device." msgstr "не Ñадржи ЛУКС заглавље. Замена заглавља може да уништи податке на том уређају." -#: lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:349 msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "већ Ñадржи ЛУКС заглавље. Замена заглавља ће уништити поÑтојеће уторе кључева." -#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -889,126 +903,130 @@ msgstr "" "\n" "УПОЗОРЕЊЕ: право заглавље уређаја има другачији УЈИБ од резерве!" -#: lib/luks1/keymanage.c:395 +#: lib/luks1/keymanage.c:398 msgid "Non standard key size, manual repair required." msgstr "Ðеуобичајена величина кључа, потребна је ручна поправка." -#: lib/luks1/keymanage.c:405 +#: lib/luks1/keymanage.c:408 msgid "Non standard keyslots alignment, manual repair required." msgstr "Ðеуобичајено поравнање утора кључева, потребна је ручна поправка." -#: lib/luks1/keymanage.c:414 +#: lib/luks1/keymanage.c:417 #, c-format msgid "Cipher mode repaired (%s -> %s)." msgstr "Режим шифрера је оправљен (%s → %s)." -#: lib/luks1/keymanage.c:425 +#: lib/luks1/keymanage.c:428 #, c-format msgid "Cipher hash repaired to lowercase (%s)." msgstr "Хеш шифрера је преправљен на мала Ñлова (%s)." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533 -#: lib/luks1/keymanage.c:789 +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 #, c-format msgid "Requested LUKS hash %s is not supported." msgstr "Затражени ЛУКС хеш „%s“ није подржан." -#: lib/luks1/keymanage.c:441 +#: lib/luks1/keymanage.c:444 msgid "Repairing keyslots." msgstr "Поправљам уторе кључева." -#: lib/luks1/keymanage.c:460 +#: lib/luks1/keymanage.c:463 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "Утор кључа %i: померај је оправљен (%u —> %u)." -#: lib/luks1/keymanage.c:468 +#: lib/luks1/keymanage.c:471 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "Утор кључа %i: траке Ñу оправљене (%u —> %u)." -#: lib/luks1/keymanage.c:477 +#: lib/luks1/keymanage.c:480 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "Утор кључа %i: лажан Ð¿Ð¾Ñ‚Ð¿Ð¸Ñ Ð¿Ð°Ñ€Ñ‚Ð¸Ñ†Ð¸Ñ˜Ðµ." -#: lib/luks1/keymanage.c:482 +#: lib/luks1/keymanage.c:485 #, c-format msgid "Keyslot %i: salt wiped." msgstr "Утор кључа %i: приÑолак је обриÑан." -#: lib/luks1/keymanage.c:499 +#: lib/luks1/keymanage.c:502 msgid "Writing LUKS header to disk." msgstr "ЗапиÑујем ЛУКС заглавље на диÑк." -#: lib/luks1/keymanage.c:504 +#: lib/luks1/keymanage.c:507 msgid "Repair failed." msgstr "Поправка није уÑпела." -#: lib/luks1/keymanage.c:559 +#: lib/luks1/keymanage.c:562 #, c-format msgid "LUKS cipher mode %s is invalid." msgstr "Режим ЛУКС шифрера „%s“ није иÑправан." -#: lib/luks1/keymanage.c:564 +#: lib/luks1/keymanage.c:567 #, c-format msgid "LUKS hash %s is invalid." msgstr "ЛУКС хеш „%s“ није иÑправан." -#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 msgid "No known problems detected for LUKS header." msgstr "ÐиÑу откривени познати проблеми за ЛУКС заглавље." -#: lib/luks1/keymanage.c:699 +#: lib/luks1/keymanage.c:702 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "Грешка приликом оÑвежавања ЛУКС заглавља на уређају „%s“." -#: lib/luks1/keymanage.c:707 +#: lib/luks1/keymanage.c:710 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "Грешка поновног читања ЛУКС заглавља након оÑвежења на уређају „%s“." -#: lib/luks1/keymanage.c:783 +#: lib/luks1/keymanage.c:786 msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "Померај података за ЛУКС заглавље мора бити или 0 или већи од величине заглавља." -#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863 -#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175 -#: src/utils_reencrypt.c:475 +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 +#: src/utils_reencrypt.c:539 msgid "Wrong LUKS UUID format provided." msgstr "ДоÑтављен је погрешан Ð·Ð°Ð¿Ð¸Ñ Ð›Ð£ÐšÐ¡ УЈИБ-а." -#: lib/luks1/keymanage.c:816 +#: lib/luks1/keymanage.c:819 msgid "Cannot create LUKS header: reading random salt failed." msgstr "Ðе могу да направим ЛУКС заглавље: није уÑпело читање наÑумичног приÑолка." -#: lib/luks1/keymanage.c:842 +#: lib/luks1/keymanage.c:845 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "Ðе могу да направим ЛУКС заглавље: није уÑпео преглед заглавља (кориÑтим хеш „%s“)." -#: lib/luks1/keymanage.c:886 +#: lib/luks1/keymanage.c:889 #, c-format msgid "Key slot %d active, purge first." msgstr "Утор кључа „%d“ је радан, прво прочиÑтите." -#: lib/luks1/keymanage.c:892 +#: lib/luks1/keymanage.c:895 #, c-format msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "Материјал утора кључа „%d“ обухвата премало трака. Да управљам заглављем?" -#: lib/luks1/keymanage.c:1033 +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "Прекорачење вредноÑти ПБКДФ2 понављања." + +#: lib/luks1/keymanage.c:1040 #, c-format msgid "Cannot open keyslot (using hash %s)." msgstr "Ðе могу да отворим утор кључа (кориÑтим хеш %s)." -#: lib/luks1/keymanage.c:1111 +#: lib/luks1/keymanage.c:1118 #, c-format msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Утор кључа %d није иÑправан, изаберите га између 0 и %d." -#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 #, c-format msgid "Cannot wipe device %s." msgstr "Ðе могу да обришем уређај „%s“." @@ -1029,177 +1047,187 @@ msgstr "Откривена је неÑаглаÑна датотека кључа msgid "Kernel does not support loop-AES compatible mapping." msgstr "Језгро не подржава мапирање ÑаглаÑно Ñа „AES“ петљом." -#: lib/tcrypt/tcrypt.c:509 +#: lib/tcrypt/tcrypt.c:508 #, c-format msgid "Error reading keyfile %s." msgstr "Грешка читања датотеке кључа „%s“." -#: lib/tcrypt/tcrypt.c:559 +#: lib/tcrypt/tcrypt.c:558 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Премашена је највећа дужина „TCRYPT“ пропуÑне речи (%zu)." -#: lib/tcrypt/tcrypt.c:601 +#: lib/tcrypt/tcrypt.c:600 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "„PBKDF2“ алгоритам хеша „%s“ није доÑтупан, преÑкачем." -#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019 +#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 msgid "Required kernel crypto interface not available." msgstr "Ðије доÑтупно затражено Ñучеље криптографије језгра." -#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Уверите Ñе да је учитан модул кернела „algif_skcipher“." -#: lib/tcrypt/tcrypt.c:763 +#: lib/tcrypt/tcrypt.c:762 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Покретање није подржано за величину %d облаÑти." -#: lib/tcrypt/tcrypt.c:769 +#: lib/tcrypt/tcrypt.c:768 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Језгро не подржава покретање за овај Ñтари „TCRYPT“ режим." -#: lib/tcrypt/tcrypt.c:800 +#: lib/tcrypt/tcrypt.c:799 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Покрећем „TCRYPT“ ÑиÑтем шифровања за партицију „%s“." -#: lib/tcrypt/tcrypt.c:883 +#: lib/tcrypt/tcrypt.c:882 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Кернел не подржава мапирање ÑаглаÑно Ñа „TCRYPT“-ом." -#: lib/tcrypt/tcrypt.c:1096 +#: lib/tcrypt/tcrypt.c:1095 msgid "This function is not supported without TCRYPT header load." msgstr "Ова функција није подржана без учитавања „TCRYPT“ заглавља." -#: lib/bitlk/bitlk.c:275 +#: lib/bitlk/bitlk.c:278 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "Ðађох неочекивану врÑту уноÑа метаподатака „%u“ приликом обраде подржаног главног кључа волумена." -#: lib/bitlk/bitlk.c:328 +#: lib/bitlk/bitlk.c:337 msgid "Invalid string found when parsing Volume Master Key." msgstr "Ðађох неиÑправну ниÑку приликом обраде главног кључа волумена." -#: lib/bitlk/bitlk.c:332 +#: lib/bitlk/bitlk.c:341 #, c-format msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "Ðађох неочекивану ниÑку („%s“) приликом обраде подржаног главног кључа волумена." -#: lib/bitlk/bitlk.c:349 +#: lib/bitlk/bitlk.c:358 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "Ðађох неочекивану вредноÑÑ‚ уноÑа метаподатака „%u“ приликом обраде подржаног главног кључа волумена." -#: lib/bitlk/bitlk.c:451 +#: lib/bitlk/bitlk.c:460 msgid "BITLK version 1 is currently not supported." msgstr "„BITLK“ издање 1 тренутно није подржано." -#: lib/bitlk/bitlk.c:457 +#: lib/bitlk/bitlk.c:466 msgid "Invalid or unknown boot signature for BITLK device." msgstr "ÐеиÑправан или непознат Ð¿Ð¾Ñ‚Ð¿Ð¸Ñ ÑƒÑ‡Ð¸Ñ‚Ð°Ð²Ð°ÑšÐ° за „BITLK“ уређај." -#: lib/bitlk/bitlk.c:469 +#: lib/bitlk/bitlk.c:478 #, c-format msgid "Unsupported sector size %<PRIu16>." msgstr "Ðеподржана величина одељка „%<PRIu16>“." -#: lib/bitlk/bitlk.c:477 +#: lib/bitlk/bitlk.c:486 #, c-format msgid "Failed to read BITLK header from %s." msgstr "ÐиÑам уÑпео да прочитам „BITLK“ заглавље из „%s“." -#: lib/bitlk/bitlk.c:502 +#: lib/bitlk/bitlk.c:511 #, c-format msgid "Failed to read BITLK FVE metadata from %s." msgstr "ÐиÑам уÑпео да прочитам „BITLK FVE“ метаподатаке из „%s“." -#: lib/bitlk/bitlk.c:554 +#: lib/bitlk/bitlk.c:562 msgid "Unknown or unsupported encryption type." msgstr "Ðепозната или неподржана врÑта криптографије." -#: lib/bitlk/bitlk.c:587 +#: lib/bitlk/bitlk.c:602 #, c-format msgid "Failed to read BITLK metadata entries from %s." msgstr "ÐиÑам уÑпео да прочитам уноÑе „BITLK“ метаподатака из „%s“." -#: lib/bitlk/bitlk.c:681 +#: lib/bitlk/bitlk.c:719 msgid "Failed to convert BITLK volume description" msgstr "ÐиÑам уÑпео да претворим Ð¾Ð¿Ð¸Ñ â€žBITLK“ волумена" -#: lib/bitlk/bitlk.c:841 +#: lib/bitlk/bitlk.c:882 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Ðађох неочекивану врÑту уноÑа метаподатака „%u“ приликом обраде Ñпољног кључа." -#: lib/bitlk/bitlk.c:860 +#: lib/bitlk/bitlk.c:905 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "ГУИД „%s“ датотеке „BEK“ не одговара ГУИД-у волумена." -#: lib/bitlk/bitlk.c:864 +#: lib/bitlk/bitlk.c:909 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "Ðађох неочекивану вредноÑÑ‚ уноÑа метаподатака „%u“ приликом обраде Ñпољног кључа." -#: lib/bitlk/bitlk.c:903 +#: lib/bitlk/bitlk.c:948 #, c-format msgid "Unsupported BEK metadata version %<PRIu32>" msgstr "Ðеподржани „BEK“ метаподаци издање %<PRIu32>" -#: lib/bitlk/bitlk.c:908 +#: lib/bitlk/bitlk.c:953 #, c-format msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length" msgstr "Ðеочекивана величина „BEK“ метаподатака %<PRIu32> не одговара величини „BEK“ датотеке" -#: lib/bitlk/bitlk.c:933 +#: lib/bitlk/bitlk.c:979 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Ðађох неочекивану врÑту уноÑа метаподатака приликом обраде кључа почретања." -#: lib/bitlk/bitlk.c:1029 +#: lib/bitlk/bitlk.c:1075 msgid "This operation is not supported." msgstr "Радња није подржана." -#: lib/bitlk/bitlk.c:1037 +#: lib/bitlk/bitlk.c:1083 msgid "Unexpected key data size." msgstr "Ðеочекивана величина података кључа." -#: lib/bitlk/bitlk.c:1163 +#: lib/bitlk/bitlk.c:1209 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Овај „BITLK“ уређај је у неподржаном Ñтању и не може бити активиран." -#: lib/bitlk/bitlk.c:1168 +#: lib/bitlk/bitlk.c:1214 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "„BITLK“ уређај Ñа врÑтом „%s“ Ñе не може активирати." -#: lib/bitlk/bitlk.c:1175 +#: lib/bitlk/bitlk.c:1221 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Ðктивирање делимично дешифрованог „BITLK“ уређаја није подржано." -#: lib/bitlk/bitlk.c:1216 +#: lib/bitlk/bitlk.c:1262 #, c-format msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>" msgstr "УПОЗОРЕЊЕ: Величина волумена закључавача бита %<PRIu64> не одговара величини Ñадржаног уређаја %<PRIu64>" -#: lib/bitlk/bitlk.c:1343 +#: lib/bitlk/bitlk.c:1389 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Ðе могу да активирам уређај, „dm-crypt“-у кернела недоÑтаје подршка за „BITLK IV“." -#: lib/bitlk/bitlk.c:1347 +#: lib/bitlk/bitlk.c:1393 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Ðе могу да активирам уређај, „dm-crypt“-у кернела недоÑтаје подршка за „BITLK Elephant“ дифузера." -#: lib/bitlk/bitlk.c:1351 +#: lib/bitlk/bitlk.c:1397 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "Ðе могу да активирам уређај, „dm-crypt“-у кернела недоÑтаје подршка за велику величину Ñектора." -#: lib/bitlk/bitlk.c:1355 +#: lib/bitlk/bitlk.c:1401 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Ðе могу да активирам уређај, недоÑтаје „dm-zero“ модул кернела." +#: lib/fvault2/fvault2.c:542 +#, c-format +msgid "Could not read %u bytes of volume header." +msgstr "Ðе могу да прочитам %u бајта заглавља волумена." + +#: lib/fvault2/fvault2.c:554 +#, c-format +msgid "Unsupported FVAULT2 version %<PRIu16>." +msgstr "Ðеподржано FVAULT2 издање „%<PRIu16>“." + #: lib/verity/verity.c:68 lib/verity/verity.c:182 #, c-format msgid "Verity device %s does not use on-disk header." @@ -1351,17 +1379,17 @@ msgstr "Кернел не подржава поравнање фикÑних мРmsgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Кернел одбија да покрене небезбедну опцију поновног израчунавања (видите Ñтаре опције покретања да избегнете ово)." -#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133 -#: lib/luks2/luks2_json_metadata.c:1413 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 +#: lib/luks2/luks2_json_metadata.c:1482 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "ÐиÑам уÑпео да оÑтварим закључавање пиÑања на уређају „%s“." -#: lib/luks2/luks2_disk_metadata.c:402 +#: lib/luks2/luks2_disk_metadata.c:400 msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." msgstr "Открих покушај иÑтовременог ажурирања ЛУКС2 метаподатака. Прекидам." -#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722 +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 msgid "" "Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" "Please run \"cryptsetup repair\" for recovery." @@ -1369,49 +1397,49 @@ msgstr "" "Уређај Ñадржи нејаÑне потпиÑе, не могу Ñам да поправим ЛУКС2.\n" "Покрените „cryptsetup repair“ за опорављање." -#: lib/luks2/luks2_json_format.c:230 +#: lib/luks2/luks2_json_format.c:229 msgid "Requested data offset is too small." msgstr "Затражени померај података је премали." -#: lib/luks2/luks2_json_format.c:275 +#: lib/luks2/luks2_json_format.c:274 #, c-format msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "УПОЗОРЕЊЕ: облаÑÑ‚ утора кључа (%<PRIu64> бајта) је врло мала, доÑтупан број ЛУКС2 утора кључа врло ограничен.\n" -#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258 -#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92 -#: lib/luks2/luks2_keyslot_luks2.c:114 +#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 +#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "ÐиÑам уÑпео да оÑтварим закључавање читања на уређају „%s“." -#: lib/luks2/luks2_json_metadata.c:1336 +#: lib/luks2/luks2_json_metadata.c:1405 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "Забрањени ЛУКС2 захтеви Ñу откривени у резерви „%s“." -#: lib/luks2/luks2_json_metadata.c:1377 +#: lib/luks2/luks2_json_metadata.c:1446 msgid "Data offset differ on device and backup, restore failed." msgstr "Померај података Ñе разликује на уређају и резерви, враћање није уÑпело." -#: lib/luks2/luks2_json_metadata.c:1383 +#: lib/luks2/luks2_json_metadata.c:1452 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Бинарно заглавље Ñа облаÑтима утора кључа Ñе разликује на уређају и резерви, враћање није уÑпело." -#: lib/luks2/luks2_json_metadata.c:1390 +#: lib/luks2/luks2_json_metadata.c:1459 #, c-format msgid "Device %s %s%s%s%s" msgstr "Уређај %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1391 +#: lib/luks2/luks2_json_metadata.c:1460 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "не Ñадржи ЛУКС2 заглавље. Замена заглавља може да уништи податке на том уређају." -#: lib/luks2/luks2_json_metadata.c:1392 +#: lib/luks2/luks2_json_metadata.c:1461 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "већ Ñадржи „LUKS2“ заглавље. Замена заглавља ће уништити поÑтојеће уторе кључева." -#: lib/luks2/luks2_json_metadata.c:1394 +#: lib/luks2/luks2_json_metadata.c:1463 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1421,7 +1449,7 @@ msgstr "" "УПОЗОРЕЊЕ: непознати ЛУКС2 захтеви Ñу откривени у Ñтварном заглављу уређаја!\n" "Замена заглавља резервом може оштетити податке на том уређају!" -#: lib/luks2/luks2_json_metadata.c:1396 +#: lib/luks2/luks2_json_metadata.c:1465 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1431,50 +1459,50 @@ msgstr "" "УПОЗОРЕЊЕ: Ðедовршено ван мрежно поновно шифровање је откривено на уређају!\n" "Замена заглавља резервом може оштетити податке." -#: lib/luks2/luks2_json_metadata.c:1494 +#: lib/luks2/luks2_json_metadata.c:1562 #, c-format msgid "Ignored unknown flag %s." msgstr "Занемарена непозната заÑтавица „%s“." -#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015 +#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "ÐедоÑтаје кључ за „dm-crypt“ подеок %u" -#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029 +#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 msgid "Failed to set dm-crypt segment." msgstr "ÐиÑам уÑпео да подеÑим „dm-crypt“ подеок." -#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035 +#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 msgid "Failed to set dm-linear segment." msgstr "ÐиÑам уÑпео да подеÑим „dm-linear“ подеок." -#: lib/luks2/luks2_json_metadata.c:2547 +#: lib/luks2/luks2_json_metadata.c:2615 msgid "Unsupported device integrity configuration." msgstr "Ðеподржано подешавање целовитоÑти уређаја." -#: lib/luks2/luks2_json_metadata.c:2633 +#: lib/luks2/luks2_json_metadata.c:2701 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Поновно шифровање је у току. Ðе могу да деактивирам уређај." -#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057 +#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "ÐиÑам уÑпео да заменим обуÑтављени уређај „%s“ Ñа метом „dm-error“." -#: lib/luks2/luks2_json_metadata.c:2724 +#: lib/luks2/luks2_json_metadata.c:2792 msgid "Failed to read LUKS2 requirements." msgstr "ÐиÑам уÑпео да прочитам ЛУКС2 захтеве." -#: lib/luks2/luks2_json_metadata.c:2731 +#: lib/luks2/luks2_json_metadata.c:2799 msgid "Unmet LUKS2 requirements detected." msgstr "ÐеоÑтвариви ЛУКС2 захтеви Ñу откривени." -#: lib/luks2/luks2_json_metadata.c:2739 +#: lib/luks2/luks2_json_metadata.c:2807 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Радња је неÑаглаÑна Ñа уређајем означеним за Ñтаро поновно шифровање. Прекидам." -#: lib/luks2/luks2_json_metadata.c:2741 +#: lib/luks2/luks2_json_metadata.c:2809 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Радња је неÑаглаÑна Ñа уређајем означеним за ЛУКС2 поновно шифровање. Прекидам." @@ -1486,20 +1514,21 @@ msgstr "Ðема довољно доÑтупне меморије за Ð¾Ñ‚Ð²Ð°Ñ msgid "Keyslot open failed." msgstr "Отварање утора кључа није уÑпело." -#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 #, c-format msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Ðе могу кориÑтити шифрер „%s-%s“ за шифровање утора кључа." -#: lib/luks2/luks2_keyslot_luks2.c:496 -msgid "No space for new keyslot." -msgstr "Ðема проÑтора за нови утор кључа." - -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 +#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 #, c-format msgid "Hash algorithm %s is not available." msgstr "Ðлгоритам хеша „%s“ није доÑтупан." +#: lib/luks2/luks2_keyslot_luks2.c:510 +msgid "No space for new keyslot." +msgstr "Ðема проÑтора за нови утор кључа." + #: lib/luks2/luks2_keyslot_reenc.c:593 msgid "Invalid reencryption resilience mode change requested." msgstr "Затражена је неиÑправна промена режима гипкоÑти поновног шифровања." @@ -1522,7 +1551,7 @@ msgstr "Ðе могу да проверим Ñтање уређаја Ñа ујРmsgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Ðе могу да претворим заглавље Ñа „LUKSMETA“ додатним метаподацима." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715 +#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "Ðе могу да кориÑтим Ñпецификацију шифрера „%s-%s“ за ЛУКС2." @@ -1580,240 +1609,244 @@ msgstr "Ðе могу да претворим у ЛУКС1 Ð·Ð°Ð¿Ð¸Ñ â€“ уто msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "Ðе могу да претворим у ЛУКС1 Ð·Ð°Ð¿Ð¸Ñ â€“ утор кључа %u није ЛУКС1 ÑаглаÑан." -#: lib/luks2/luks2_reencrypt.c:1107 +#: lib/luks2/luks2_reencrypt.c:1152 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Величина вруће зоне мора бити умножак прорачунатог поравнања зоне (%zu бајта)." -#: lib/luks2/luks2_reencrypt.c:1112 +#: lib/luks2/luks2_reencrypt.c:1157 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Величина уређаја мора бити производ прорачунатог поравнања зоне (%zu бајта)." -#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505 -#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630 -#: lib/luks2/luks2_reencrypt.c:3852 +#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 +#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 +#: lib/luks2/luks2_reencrypt.c:3877 msgid "Failed to initialize old segment storage wrapper." msgstr "ÐиÑам уÑпео да покренем Ñтарог увијача Ñмештаја подеока." -#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483 +#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 msgid "Failed to initialize new segment storage wrapper." msgstr "ÐиÑам уÑпео да покренем новог увијача Ñмештаја подеока." -#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864 +#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 msgid "Failed to initialize hotzone protection." msgstr "ÐиÑам уÑпео да покренем заштиту вруће зоне." -#: lib/luks2/luks2_reencrypt.c:1532 +#: lib/luks2/luks2_reencrypt.c:1578 msgid "Failed to read checksums for current hotzone." msgstr "ÐиÑам уÑпео да прочитам Ñуму провере за текућу врућу зону." -#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878 +#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 #, c-format msgid "Failed to read hotzone area starting at %<PRIu64>." msgstr "ÐиÑам уÑпео да прочитам облаÑÑ‚ вруће зоне Ñа почетком на %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:1558 +#: lib/luks2/luks2_reencrypt.c:1604 #, c-format msgid "Failed to decrypt sector %zu." msgstr "ÐиÑам уÑпео да дешифрујем облаÑÑ‚ %zu." -#: lib/luks2/luks2_reencrypt.c:1564 +#: lib/luks2/luks2_reencrypt.c:1610 #, c-format msgid "Failed to recover sector %zu." msgstr "ÐиÑам уÑпео да опоравим облаÑÑ‚ %zu." -#: lib/luks2/luks2_reencrypt.c:2128 +#: lib/luks2/luks2_reencrypt.c:2174 #, c-format msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>." msgstr "Величине изворног и циљног уређаја не одговарају. Извор %<PRIu64>, мета: %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2226 +#: lib/luks2/luks2_reencrypt.c:2272 #, c-format msgid "Failed to activate hotzone device %s." msgstr "ÐиÑам уÑпео да активирам уређај вруће зоне „%s“." -#: lib/luks2/luks2_reencrypt.c:2243 +#: lib/luks2/luks2_reencrypt.c:2289 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "ÐиÑам уÑпео да активирам уређај преклапања „%s“ Ñа Ñтварном табелом порекла." -#: lib/luks2/luks2_reencrypt.c:2250 +#: lib/luks2/luks2_reencrypt.c:2296 #, c-format msgid "Failed to load new mapping for device %s." msgstr "ÐиÑам уÑпео да учитам ново мапирање за уређај „%s“." -#: lib/luks2/luks2_reencrypt.c:2321 +#: lib/luks2/luks2_reencrypt.c:2367 msgid "Failed to refresh reencryption devices stack." msgstr "ÐиÑам уÑпео да оÑвежим Ñпремник уређаја поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:2497 +#: lib/luks2/luks2_reencrypt.c:2550 msgid "Failed to set new keyslots area size." msgstr "ÐиÑам уÑпео да подеÑим нову величину облаÑти утора кључа." -#: lib/luks2/luks2_reencrypt.c:2633 +#: lib/luks2/luks2_reencrypt.c:2686 #, c-format msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "ВредноÑÑ‚ помака података није поравната на величину одељка шифровања (%<PRIu32> бајта)." -#: lib/luks2/luks2_reencrypt.c:2664 +#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Ðеподржан режим гипкоÑти „%s“" -#: lib/luks2/luks2_reencrypt.c:2741 +#: lib/luks2/luks2_reencrypt.c:2760 msgid "Moved segment size can not be greater than data shift value." msgstr "Величина премештеног подеока не може бити већа од вредноÑти помака података." -#: lib/luks2/luks2_reencrypt.c:2799 +#: lib/luks2/luks2_reencrypt.c:2802 +msgid "Invalid reencryption resilience parameters." +msgstr "ÐеиÑправни параметри гипкоÑти поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:2824 #, c-format msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>." msgstr "Премештени подеок је превелик. Захтевана величина је %<PRIu64>, доÑтупан проÑтор за: %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2886 +#: lib/luks2/luks2_reencrypt.c:2911 msgid "Failed to clear table." msgstr "ÐиÑам уÑпео да очиÑтим табелу." -#: lib/luks2/luks2_reencrypt.c:2972 +#: lib/luks2/luks2_reencrypt.c:2997 msgid "Reduced data size is larger than real device size." msgstr "Величина умањених података је већа од Ñтварне величине уређаја." -#: lib/luks2/luks2_reencrypt.c:2979 +#: lib/luks2/luks2_reencrypt.c:3004 #, c-format msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "Уређај података није поравнат на величину одељка шифровања (%<PRIu32> бајта)." -#: lib/luks2/luks2_reencrypt.c:3013 +#: lib/luks2/luks2_reencrypt.c:3038 #, c-format msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)." msgstr "Помак података (%<PRIu64> одељка) је мањи од будућег помераја података (%<PRIu64> одељка)." -#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508 -#: lib/luks2/luks2_reencrypt.c:3529 +#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 +#: lib/luks2/luks2_reencrypt.c:3554 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "ÐиÑам уÑпео да отворим „%s“ у иÑкључивом режиму (већ мапиран или прикачен)." -#: lib/luks2/luks2_reencrypt.c:3209 +#: lib/luks2/luks2_reencrypt.c:3234 msgid "Device not marked for LUKS2 reencryption." msgstr "Уређај није означен за ЛУКС2 поновно шифровање." -#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181 +#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 msgid "Failed to load LUKS2 reencryption context." msgstr "ÐиÑам уÑпео да учитам контекÑÑ‚ ЛУКС2 поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3306 +#: lib/luks2/luks2_reencrypt.c:3331 msgid "Failed to get reencryption state." msgstr "ÐиÑам уÑпео да добавим Ñтање поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624 +#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 msgid "Device is not in reencryption." msgstr "Уређај није у поновном шифровању." -#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631 +#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 msgid "Reencryption process is already running." msgstr "ÐŸÑ€Ð¾Ñ†ÐµÑ Ð¿Ð¾Ð½Ð¾Ð²Ð½Ð¾Ð³ шифровања је већ покренут." -#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633 +#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 msgid "Failed to acquire reencryption lock." msgstr "ÐиÑам уÑпео да оÑтварим закључавање поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3337 +#: lib/luks2/luks2_reencrypt.c:3362 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "Ðе могу да наÑтавим Ñа поновним шифровањем. Прво покрените опоравак поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3472 +#: lib/luks2/luks2_reencrypt.c:3497 msgid "Active device size and requested reencryption size don't match." msgstr "Ðктивна величина уређаја и величина затраженог поновног шифровања не одговарају." -#: lib/luks2/luks2_reencrypt.c:3486 +#: lib/luks2/luks2_reencrypt.c:3511 msgid "Illegal device size requested in reencryption parameters." msgstr "ÐеиÑправна величина уређаја је затражена у параметрима поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3563 +#: lib/luks2/luks2_reencrypt.c:3588 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "Поновно шифровање је у току. Ðе могу да обавим опоравак." -#: lib/luks2/luks2_reencrypt.c:3732 +#: lib/luks2/luks2_reencrypt.c:3757 msgid "LUKS2 reencryption already initialized in metadata." msgstr "ЛУКС2 поновно шифровање је већ покренуто у метаподацима." -#: lib/luks2/luks2_reencrypt.c:3739 +#: lib/luks2/luks2_reencrypt.c:3764 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "ÐиÑам уÑпео да покренем ЛУКС2 поновно шифровање у метаподацима." -#: lib/luks2/luks2_reencrypt.c:3834 +#: lib/luks2/luks2_reencrypt.c:3859 msgid "Failed to set device segments for next reencryption hotzone." msgstr "ÐиÑам уÑпео да поÑтавим подеоке уређаја за Ñледећу врућу зону поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3886 +#: lib/luks2/luks2_reencrypt.c:3911 msgid "Failed to write reencryption resilience metadata." msgstr "ÐиÑам уÑпео да запишем метаподатаке гипкоÑти поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:3893 +#: lib/luks2/luks2_reencrypt.c:3918 msgid "Decryption failed." msgstr "Дешифровање није уÑпело." -#: lib/luks2/luks2_reencrypt.c:3898 +#: lib/luks2/luks2_reencrypt.c:3923 #, c-format msgid "Failed to write hotzone area starting at %<PRIu64>." msgstr "ÐиÑам уÑпео да запишем облаÑÑ‚ вруће зоне Ñа почетком на %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:3928 msgid "Failed to sync data." msgstr "ÐиÑам уÑпео да уÑаглаÑим податке." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "ÐиÑам уÑпео да оÑвежим метаподатке након тренутно завршеног поновног шифровања вруће зоне." -#: lib/luks2/luks2_reencrypt.c:4000 +#: lib/luks2/luks2_reencrypt.c:4025 msgid "Failed to write LUKS2 metadata." msgstr "ÐиÑам уÑпео да запишем ЛУКС2 метаподатке." -#: lib/luks2/luks2_reencrypt.c:4023 +#: lib/luks2/luks2_reencrypt.c:4048 msgid "Failed to wipe unused data device area." msgstr "ÐиÑам уÑпео да обришем облаÑÑ‚ уређаја података." -#: lib/luks2/luks2_reencrypt.c:4029 +#: lib/luks2/luks2_reencrypt.c:4054 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "ÐиÑам уÑпео да уклоним некоришћени (неÑвезани) утор кључа %d." -#: lib/luks2/luks2_reencrypt.c:4039 +#: lib/luks2/luks2_reencrypt.c:4064 msgid "Failed to remove reencryption keyslot." msgstr "ÐиÑам уÑпео да уклоним утор кључа поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:4049 +#: lib/luks2/luks2_reencrypt.c:4074 #, c-format msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long." msgstr "Кобна грешка приликом поновног шифровања комада који почиње на %<PRIu64>, %<PRIu64> подеока дуг." -#: lib/luks2/luks2_reencrypt.c:4053 +#: lib/luks2/luks2_reencrypt.c:4078 msgid "Online reencryption failed." msgstr "Поновно шифровање на мрежи није уÑпело." -#: lib/luks2/luks2_reencrypt.c:4058 +#: lib/luks2/luks2_reencrypt.c:4083 msgid "Do not resume the device unless replaced with error target manually." msgstr "Ðе наÑтавља Ñа уређајем оÑим ако није ручно замењен метом грешке." -#: lib/luks2/luks2_reencrypt.c:4112 +#: lib/luks2/luks2_reencrypt.c:4137 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Ðе могу да наÑтавим Ñа поновним шифровањем. Ðеочекивано Ñтање поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:4118 +#: lib/luks2/luks2_reencrypt.c:4143 msgid "Missing or invalid reencrypt context." msgstr "ÐедоÑтаје или неиÑправан контекÑÑ‚ поновног шифровања." -#: lib/luks2/luks2_reencrypt.c:4125 +#: lib/luks2/luks2_reencrypt.c:4150 msgid "Failed to initialize reencryption device stack." msgstr "ÐиÑам уÑпео да покренем поновно шифровање Ñпремника уређаја." -#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194 +#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 msgid "Failed to update reencryption context." msgstr "ÐиÑам уÑпео да оÑвежим контекÑÑ‚ поновног шифровања." -#: lib/luks2/luks2_reencrypt_digest.c:406 +#: lib/luks2/luks2_reencrypt_digest.c:405 msgid "Reencryption metadata is invalid." msgstr "Метаподаци поновног шифровања ниÑу иÑправни." @@ -1821,18 +1854,18 @@ msgstr "Метаподаци поновног шифровања ниÑу иÑп msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Параметри шифровања утора кључа Ñе могу поÑтавити Ñамо за ЛУКС2 уређај." -#: src/cryptsetup.c:108 +#: src/cryptsetup.c:108 src/cryptsetup.c:1901 #, c-format -msgid "Enter token PIN:" -msgstr "УнеÑите ПИРÑкупине:" +msgid "Enter token PIN: " +msgstr "УнеÑите ПИРÑкупине: " -#: src/cryptsetup.c:110 +#: src/cryptsetup.c:110 src/cryptsetup.c:1903 #, c-format -msgid "Enter token %d PIN:" -msgstr "УнеÑите %d ПИРÑкупине:" +msgid "Enter token %d PIN: " +msgstr "УнеÑите %d ПИРÑкупине: " -#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293 -#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 +#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Ðије откривен познат образац одреднице шифрера." @@ -1850,10 +1883,10 @@ msgstr "УПОЗОРЕЊЕ: Опција „--keyfile-size“ је Ð·Ð°Ð½ÐµÐ¼Ð°Ñ msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Открих потпиÑ(е) уређаја на „%s“. Даље наÑтављање може оштетити поÑтојеће податке." -#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088 -#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343 -#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:275 +#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 +#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 +#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 +#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 msgid "Operation aborted.\n" msgstr "Радња је обуÑтављена.\n" @@ -1900,7 +1933,7 @@ msgstr "" "који омогућава приÑтуп шифрованој партицији без лозинке.\n" "Овај избачај треба увек бити Ñмештен шифрован на безбедном меÑту." -#: src/cryptsetup.c:573 src/cryptsetup.c:2019 +#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1910,68 +1943,77 @@ msgstr "" "који омогућава приÑтуп шифрованој партицији без лозинке.\n" "Овај избачај треба бити Ñмештен шифрован на безбедном меÑту." -#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400 +#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#, c-format +msgid "Device %s is not a valid FVAULT2 device." +msgstr "Уређај „%s“ није иÑправан FVAULT2 уређај." + +#: src/cryptsetup.c:747 +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "Ðе могу да одредим величину кључа волумена за FVAULT2, кориÑтите „--key-size“ опцију." + +#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "Уређај „%s“ је још увек активан и заказан за одложено уклањање.\n" -#: src/cryptsetup.c:698 +#: src/cryptsetup.c:835 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Сразмеравање активног уређаја захтева кључ волумена у привеÑку кључева али је поÑтављена „--disable-keyring“ опција." -#: src/cryptsetup.c:845 +#: src/cryptsetup.c:982 msgid "Benchmark interrupted." msgstr "Оцењивање је прекинуто." -#: src/cryptsetup.c:866 +#: src/cryptsetup.c:1003 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "„PBKDF2-%-9s“ Ð/Д\n" -#: src/cryptsetup.c:868 +#: src/cryptsetup.c:1005 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "„PBKDF2-%-9s“ %7u понављања у Ñекунди за %zu-битни кључ\n" -#: src/cryptsetup.c:882 +#: src/cryptsetup.c:1019 #, c-format msgid "%-10s N/A\n" msgstr "%-10s Ð/Д\n" -#: src/cryptsetup.c:884 +#: src/cryptsetup.c:1021 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u понављања, %5u меморије, %1u паралелних нити (процеÑора) за %zu-битни кључ (захтева Ñе %u ms време)\n" -#: src/cryptsetup.c:908 +#: src/cryptsetup.c:1045 msgid "Result of benchmark is not reliable." msgstr "Резултат оцењивања није поуздан." -#: src/cryptsetup.c:958 +#: src/cryptsetup.c:1095 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Пробе Ñу приближне кориÑтећи Ñамо меморију (без УИ Ñмештаја).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:978 +#: src/cryptsetup.c:1115 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "#%*s Ðлгоритам | Кључ | Шифровање | Дешифровање\n" -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1119 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Шифрер „%s“ (Ñа %i битним кључем) није доÑтупан." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1001 +#: src/cryptsetup.c:1138 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "# Ðлгоритам | Кључ | Шифровање | Дешифровање\n" -#: src/cryptsetup.c:1012 +#: src/cryptsetup.c:1149 msgid "N/A" msgstr "ÐедоÑтупно" -#: src/cryptsetup.c:1037 +#: src/cryptsetup.c:1174 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -1979,27 +2021,27 @@ msgstr "" "Откривени Ñу незаштићени ЛУКС2 метаподаци поновног шифровања. Проверите да ли је радња поновног шифровања пожељна (видите „luksDump“ излаз)\n" "и наÑтавите (Ñа надоградњом метаподатака Ñамо ако знате да је радња безопаÑна." -#: src/cryptsetup.c:1043 +#: src/cryptsetup.c:1180 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "УнеÑите пропуÑну реч да заштитите и надоградите метаподатке поновног шифровања: " -#: src/cryptsetup.c:1087 +#: src/cryptsetup.c:1224 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Да наÑтавим Ñа опоравком ЛУКС2 поновног шифровања?" -#: src/cryptsetup.c:1096 +#: src/cryptsetup.c:1233 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "УнеÑите пропуÑну реч да проверите упит метаподатака поновног шифровања: " -#: src/cryptsetup.c:1098 +#: src/cryptsetup.c:1235 msgid "Enter passphrase for reencryption recovery: " msgstr "УнеÑите пропуÑну реч за опоравак поновног шифровања: " -#: src/cryptsetup.c:1153 +#: src/cryptsetup.c:1290 msgid "Really try to repair LUKS device header?" msgstr "Стварно да покушам да поправим заглавље ЛУКС уређаја?" -#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 msgid "" "\n" "Wipe interrupted." @@ -2007,7 +2049,7 @@ msgstr "" "\n" "БриÑање је прекинуто." -#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2015,119 +2057,128 @@ msgstr "" "Бришем уређај да бих започео Ñуму провере целовитоÑти.\n" "Можете прекинути ово притиÑком на „CTRL+c“ (оÑтатак необриÑаног уређаја Ñадржаће неиÑправну Ñуму провере).\n" -#: src/cryptsetup.c:1204 src/integritysetup.c:116 +#: src/cryptsetup.c:1341 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Ðе могу да деактивирам привремени уређај „%s“." -#: src/cryptsetup.c:1255 +#: src/cryptsetup.c:1392 msgid "Integrity option can be used only for LUKS2 format." msgstr "Опција целовитоÑти Ñе може кориÑтити Ñамо за ЛУКС2 запиÑ." -#: src/cryptsetup.c:1260 src/cryptsetup.c:1320 +#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 msgid "Unsupported LUKS2 metadata size options." msgstr "Ðеподржана опција величине ЛУКС2 метаподатака." -#: src/cryptsetup.c:1269 +#: src/cryptsetup.c:1406 msgid "Header file does not exist, do you want to create it?" msgstr "Датотека заглавља не поÑтоји, да ли желите да је направите?" -#: src/cryptsetup.c:1277 +#: src/cryptsetup.c:1414 #, c-format msgid "Cannot create header file %s." msgstr "Ðе могу да направим датотеку заглавља „%s“." -#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 #: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 #: src/integritysetup.c:333 msgid "No known integrity specification pattern detected." msgstr "Ðије откривен познат образац одреднице целовитоÑти." -#: src/cryptsetup.c:1313 +#: src/cryptsetup.c:1450 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Ðе могу да кориÑтим „%s“ као заглавље на-диÑку." -#: src/cryptsetup.c:1337 src/integritysetup.c:181 +#: src/cryptsetup.c:1474 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Ово ће неповратно да препише податке на „%s“." -#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772 -#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 +#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "ÐиÑам уÑпео да подеÑим „pbkdf“ параметре." -#: src/cryptsetup.c:1455 +#: src/cryptsetup.c:1593 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Смањени померај података је допуштен Ñамо за откачена ЛУКС заглавља." -#: src/cryptsetup.c:1466 src/cryptsetup.c:1778 +#: src/cryptsetup.c:1600 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "Садржалац ЛУКС датотеке „%s“ је премали за активирање, није преоÑтао проÑтор за податке." + +#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Ðе могу да одредим величину кључа за ЛУКС без утора кључа, кориÑтите „--key-size“ опцију." -#: src/cryptsetup.c:1512 +#: src/cryptsetup.c:1658 msgid "Device activated but cannot make flags persistent." msgstr "Уређај је активиран али не могу да учиним заÑтавице трајним." -#: src/cryptsetup.c:1591 src/cryptsetup.c:1659 +#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Утор кључа „%d“ је изабран за бриÑање." -#: src/cryptsetup.c:1603 src/cryptsetup.c:1663 +#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Ово је поÑледњи утор кључа. Уређај ће поÑтати неупотребљив након чишћења овог кључа." -#: src/cryptsetup.c:1604 +#: src/cryptsetup.c:1750 msgid "Enter any remaining passphrase: " msgstr "УнеÑите неку преоÑталу пропуÑну реч: " -#: src/cryptsetup.c:1605 src/cryptsetup.c:1665 +#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Радња је прекинута, утор кључа ÐИЈЕ обриÑан.\n" -#: src/cryptsetup.c:1641 +#: src/cryptsetup.c:1787 msgid "Enter passphrase to be deleted: " msgstr "УнеÑите пропуÑну реч за бриÑање: " -#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505 -#: src/cryptsetup.c:2649 +#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 +#: src/cryptsetup.c:2948 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "Уређај „%s“ није иÑправан ЛУКС2 уређај." -#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829 +#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 msgid "Enter new passphrase for key slot: " msgstr "УнеÑите нову пропуÑну реч за утор кључа: " -#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:1968 +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "УПОЗОРЕЊЕ: Параметар „--key-slot“ Ñе кориÑти за нови број утора кључа.\n" + +#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "УнеÑите неку поÑтојећу пропуÑну реч: " -#: src/cryptsetup.c:1880 +#: src/cryptsetup.c:2152 msgid "Enter passphrase to be changed: " msgstr "УнеÑите пропуÑну реч за мењање: " -#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "УнеÑите нову пропуÑну реч: " -#: src/cryptsetup.c:1946 +#: src/cryptsetup.c:2218 msgid "Enter passphrase for keyslot to be converted: " msgstr "УнеÑите пропуÑну реч за утор кључа за претварање: " -#: src/cryptsetup.c:1970 +#: src/cryptsetup.c:2242 msgid "Only one device argument for isLuks operation is supported." msgstr "Подржан је Ñамо један аргумент уређаја за радњу „isLuks“." -#: src/cryptsetup.c:2078 +#: src/cryptsetup.c:2350 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Утор кључа %d не Ñадржи неÑвезани кључ." -#: src/cryptsetup.c:2083 +#: src/cryptsetup.c:2355 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2135,40 +2186,40 @@ msgstr "" "Избачај заглавља Ñа кључем волумена је оÑетљив податак\n" "Овај избачај треба увек бити Ñмештен шифрован на безбедном меÑту." -#: src/cryptsetup.c:2169 src/cryptsetup.c:2198 +#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 #, c-format msgid "%s is not active %s device name." msgstr "„%s“ није назив активног „%s“ уређаја." -#: src/cryptsetup.c:2193 +#: src/cryptsetup.c:2465 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "„%s“ није назив активног ЛУКС уређаја или недоÑтаје заглавље." -#: src/cryptsetup.c:2255 src/cryptsetup.c:2274 +#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 msgid "Option --header-backup-file is required." msgstr "Захтевана је опција „--header-backup-file“." -#: src/cryptsetup.c:2305 +#: src/cryptsetup.c:2577 #, c-format msgid "%s is not cryptsetup managed device." msgstr "„%s“ није уређај управљан криптоподешавањем." -#: src/cryptsetup.c:2316 +#: src/cryptsetup.c:2588 #, c-format msgid "Refresh is not supported for device type %s" msgstr "ОÑвежавање није подржано за врÑту уређаја „%s“" -#: src/cryptsetup.c:2362 +#: src/cryptsetup.c:2638 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Ðепозната врÑта уређаја метаподатака „%s“." -#: src/cryptsetup.c:2364 +#: src/cryptsetup.c:2640 msgid "Command requires device and mapped name as arguments." msgstr "Ðаредба захтева уређај и мапирани назив као аргумент." -#: src/cryptsetup.c:2385 +#: src/cryptsetup.c:2661 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2177,325 +2228,351 @@ msgstr "" "Ова радња ће обриÑати Ñве уторе кључева на уређају „%s“.\n" "Уређај ће поÑтати неупотребљив након ове радње." -#: src/cryptsetup.c:2392 +#: src/cryptsetup.c:2668 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Радња је прекинута, утори кључева ÐИСУ обриÑани.\n" -#: src/cryptsetup.c:2431 +#: src/cryptsetup.c:2707 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "ÐеиÑправна ЛУКС врÑта, Ñамо „luks1“ и „luks2“ Ñу подржане." -#: src/cryptsetup.c:2447 +#: src/cryptsetup.c:2723 #, c-format msgid "Device is already %s type." msgstr "Уређај је већ „%s“ врÑте." -#: src/cryptsetup.c:2454 +#: src/cryptsetup.c:2730 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Ова радња ће претворити „%s“ у „%s“ запиÑ.\n" -#: src/cryptsetup.c:2457 +#: src/cryptsetup.c:2733 msgid "Operation aborted, device was NOT converted.\n" msgstr "Радња је прекинута, уређај ÐИЈЕ претворен.\n" -#: src/cryptsetup.c:2497 +#: src/cryptsetup.c:2773 msgid "Option --priority, --label or --subsystem is missing." msgstr "ÐедоÑтаје опција „--priority“, „--label“ или „--subsystem“." -#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588 +#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 #, c-format msgid "Token %d is invalid." msgstr "Скупина „%d“ није иÑправна." -#: src/cryptsetup.c:2534 src/cryptsetup.c:2591 +#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 #, c-format msgid "Token %d in use." msgstr "Скупина „%d“ је у употреби." -#: src/cryptsetup.c:2546 +#: src/cryptsetup.c:2822 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "ÐиÑам уÑпео да додам „luks2-keyring“ Ñкупину „%d“." -#: src/cryptsetup.c:2554 src/cryptsetup.c:2617 +#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "ÐиÑам уÑпео да доделим Ñкупину „%d“ утору кључа %d." -#: src/cryptsetup.c:2571 +#: src/cryptsetup.c:2850 #, c-format msgid "Token %d is not in use." msgstr "Скупина „%d“ није у употреби." -#: src/cryptsetup.c:2608 +#: src/cryptsetup.c:2887 msgid "Failed to import token from file." msgstr "ÐиÑам уÑпео да увезем Ñкупину из датотеке." -#: src/cryptsetup.c:2633 +#: src/cryptsetup.c:2912 #, c-format msgid "Failed to get token %d for export." msgstr "ÐиÑам уÑпео да добавим Ñкупину „%d“ за извоз." -#: src/cryptsetup.c:2682 +#: src/cryptsetup.c:2925 +#, c-format +msgid "Token %d is not assigned to keyslot %d." +msgstr "Скупина „%d“ није додељена утору кључа %d." + +#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#, c-format +msgid "Failed to unassign token %d from keyslot %d." +msgstr "ÐиÑам уÑпео да поништим доделу Ñкупине „%d“ из утора кључа %d." + +#: src/cryptsetup.c:2983 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "Опција „--tcrypt-hidden“, „--tcrypt-system“ или „--tcrypt-backup“ је подржана Ñамо за ТКРИПТ уређај." -#: src/cryptsetup.c:2685 +#: src/cryptsetup.c:2986 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "Опција „--veracrypt“ или „--disable-veracrypt“ је подржана Ñамо за ТКРИПТ врÑту уређаја." -#: src/cryptsetup.c:2688 +#: src/cryptsetup.c:2989 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "Опција „--veracrypt-pim“ је подржана Ñамо за „VeraCrypt“ ÑаглаÑне уређаје." -#: src/cryptsetup.c:2692 +#: src/cryptsetup.c:2993 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "Опција „--veracrypt-query-pim“ је подржана Ñамо за „VeraCrypt“ ÑаглаÑне уређаје." -#: src/cryptsetup.c:2694 +#: src/cryptsetup.c:2995 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "Опције „--veracrypt-pim“ и „--veracrypt-query-pim“ Ñе узајамно иÑкључују." -#: src/cryptsetup.c:2703 +#: src/cryptsetup.c:3004 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "Опција „--persistent“ није допуштена Ñа опцијом „--test-passphrase“." -#: src/cryptsetup.c:2706 +#: src/cryptsetup.c:3007 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "Опције „--refresh“ и „--test-passphrase“ Ñе узајамно иÑкључују." -#: src/cryptsetup.c:2709 +#: src/cryptsetup.c:3010 msgid "Option --shared is allowed only for open of plain device." msgstr "Опција „--shared“ је допуштена Ñамо за отварање обичног уређаја." -#: src/cryptsetup.c:2712 +#: src/cryptsetup.c:3013 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "Опција „--skip“ је подржана Ñамо за отварање обичних и упетљаних уређаја." -#: src/cryptsetup.c:2715 +#: src/cryptsetup.c:3016 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "Опција „--offset“ Ñа отвореном радњом је подржана Ñамо за обичне и упетљане уређаје." -#: src/cryptsetup.c:2718 +#: src/cryptsetup.c:3019 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "Опција „--tcrypt-hidden“ не може бити обједињена Ñа „--allow-discards“." -#: src/cryptsetup.c:2722 +#: src/cryptsetup.c:3023 msgid "Sector size option with open action is supported only for plain devices." msgstr "Опција величине одељка Ñа отвореном радњом је подржана Ñамо за обичне уређаје." -#: src/cryptsetup.c:2726 +#: src/cryptsetup.c:3027 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "Опција великих IV одељака је подржана Ñамо за отварање обичних уређаја Ñа величином одељка већом од 512 бајта." -#: src/cryptsetup.c:2730 -msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." -msgstr "Опција „--test-passphrase“ је допуштена Ñамо за отварање ЛУКС, „TCRYPT“ и „BITLK“ уређаја." +#: src/cryptsetup.c:3032 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "Опција „--test-passphrase“ је допуштена Ñамо за отварање LUKS, TCRYPT, BITLK и FVAULT2 уређаја." -#: src/cryptsetup.c:2733 src/cryptsetup.c:2756 +#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 msgid "Options --device-size and --size cannot be combined." msgstr "Опције „--device-size“ и „--size“ Ñе не могу комбиновати." -#: src/cryptsetup.c:2736 +#: src/cryptsetup.c:3038 msgid "Option --unbound is allowed only for open of luks device." msgstr "Опција „--unbound“ је допуштена Ñамо за отварање Ð»ÑƒÐºÑ ÑƒÑ€ÐµÑ’Ð°Ñ˜Ð°." -#: src/cryptsetup.c:2739 +#: src/cryptsetup.c:3041 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "Опција „--unbound“ Ñе не може кориÑтити без „--test-passphrase“." -#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755 +#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "Опције „--cancel-deferred“ и „--deferred“ Ñе не могу кориÑтити у иÑто време." -#: src/cryptsetup.c:2764 +#: src/cryptsetup.c:3066 msgid "Options --reduce-device-size and --data-size cannot be combined." msgstr "Опције „--reduce-device-size“ и „--data-size“ Ñе не могу комбиновати." -#: src/cryptsetup.c:2767 +#: src/cryptsetup.c:3069 msgid "Option --active-name can be set only for LUKS2 device." msgstr "Опција „--active-name“ Ñе може поÑтавити Ñамо за ЛУКС2 уређај." -#: src/cryptsetup.c:2770 +#: src/cryptsetup.c:3072 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "Опције „--active-name“ и „--force-offline-reencrypt“ Ñе не могу комбиновати." -#: src/cryptsetup.c:2778 src/cryptsetup.c:2808 +#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 msgid "Keyslot specification is required." msgstr "Одредба утора кључа је потребна." -#: src/cryptsetup.c:2786 +#: src/cryptsetup.c:3088 msgid "Options --align-payload and --offset cannot be combined." msgstr "Опције „--align-payload“ и „--offset“ Ñе не могу комбиновати." -#: src/cryptsetup.c:2789 +#: src/cryptsetup.c:3091 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "Опција „--integrity-no-wipe“ Ñе може кориÑтити Ñамо за радњу форматирања Ñа проширењем целовитоÑти." -#: src/cryptsetup.c:2792 +#: src/cryptsetup.c:3094 msgid "Only one of --use-[u]random options is allowed." msgstr "Дозвољена је Ñамо једна опција „--use-[u]random“." -#: src/cryptsetup.c:2800 +#: src/cryptsetup.c:3102 msgid "Key size is required with --unbound option." msgstr "Величина кључа је потребна Ñа опцијом „--unbound“." -#: src/cryptsetup.c:2819 +#: src/cryptsetup.c:3122 msgid "Invalid token action." msgstr "ÐеиÑправна радња Ñкупине." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3125 msgid "--key-description parameter is mandatory for token add action." msgstr "„--key-description“ параметар је обавезан за радњу додавања Ñкупине." -#: src/cryptsetup.c:2826 +#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 msgid "Action requires specific token. Use --token-id parameter." msgstr "Радња захтева нарочиту Ñкупину. КориÑтите параметар „--token-id“." -#: src/cryptsetup.c:2840 +#: src/cryptsetup.c:3133 +msgid "Option --unbound is valid only with token add action." +msgstr "Опција „--unbound“ је иÑправна Ñамо Ñа радњом додавања Ñкупине." + +#: src/cryptsetup.c:3135 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "Опције „--key-slot“ и „--unbound“ Ñе не могу комбиновати." + +#: src/cryptsetup.c:3140 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "Радња захтева нарочити утор кључа. КориÑтите параметар „--key-slot“." + +#: src/cryptsetup.c:3156 msgid "<device> [--type <type>] [<name>]" msgstr "<уређај> [--type <врÑта>] [<назив>]" -#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535 +#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 msgid "open device as <name>" msgstr "отвара уређај као <назив>" -#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843 -#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 #: src/integritysetup.c:537 src/integritysetup.c:539 msgid "<name>" msgstr "<назив>" -#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536 +#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 msgid "close device (remove mapping)" msgstr "затвара уређај (уклања мапирање)" -#: src/cryptsetup.c:2842 src/integritysetup.c:539 +#: src/cryptsetup.c:3158 src/integritysetup.c:539 msgid "resize active device" msgstr "мења величину радног уређаја" -#: src/cryptsetup.c:2843 +#: src/cryptsetup.c:3159 msgid "show device status" msgstr "показује Ñтање уређаја" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "[--cipher <cipher>]" msgstr "[--cipher <шифрер>]" -#: src/cryptsetup.c:2844 +#: src/cryptsetup.c:3160 msgid "benchmark cipher" msgstr "шифрер оцењивања" -#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847 -#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856 -#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859 -#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862 -#: src/cryptsetup.c:2863 src/cryptsetup.c:2864 +#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 +#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 +#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 +#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 +#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 msgid "<device>" msgstr "<уређај>" -#: src/cryptsetup.c:2845 +#: src/cryptsetup.c:3161 msgid "try to repair on-disk metadata" msgstr "покушава да поправи метаподатке на-диÑку" -#: src/cryptsetup.c:2846 +#: src/cryptsetup.c:3162 msgid "reencrypt LUKS2 device" msgstr "ЛУКС2 уређај поновног шифровања" -#: src/cryptsetup.c:2847 +#: src/cryptsetup.c:3163 msgid "erase all keyslots (remove encryption key)" msgstr "брише Ñве уторе кључева (уклања кључ шифровања)" -#: src/cryptsetup.c:2848 +#: src/cryptsetup.c:3164 msgid "convert LUKS from/to LUKS2 format" msgstr "претвара ЛУКС из/у ЛУКС2 запиÑ" -#: src/cryptsetup.c:2849 +#: src/cryptsetup.c:3165 msgid "set permanent configuration options for LUKS2" msgstr "поÑтавља трајне опције подешавања за ЛУКС2" -#: src/cryptsetup.c:2850 src/cryptsetup.c:2851 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 msgid "<device> [<new key file>]" msgstr "<уређај> [<нова датотека кључа>]" -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3166 msgid "formats a LUKS device" msgstr "форматира ЛУКС уређај" -#: src/cryptsetup.c:2851 +#: src/cryptsetup.c:3167 msgid "add key to LUKS device" msgstr "додаје кључ у ЛУКС уређај" -#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854 +#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 msgid "<device> [<key file>]" msgstr "<уређај> [<датотека кључа>]" -#: src/cryptsetup.c:2852 +#: src/cryptsetup.c:3168 msgid "removes supplied key or key file from LUKS device" msgstr "уклања доÑтављени кључ или датотеку кључа из ЛУКС уређаја" -#: src/cryptsetup.c:2853 +#: src/cryptsetup.c:3169 msgid "changes supplied key or key file of LUKS device" msgstr "мења доÑтављени кључ или датотеку кључа ЛУКС уређаја" -#: src/cryptsetup.c:2854 +#: src/cryptsetup.c:3170 msgid "converts a key to new pbkdf parameters" msgstr "претвара кључ у нове „pbkdf“ параметре" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid "<device> <key slot>" msgstr "<уређај> <утор кључа>" -#: src/cryptsetup.c:2855 +#: src/cryptsetup.c:3171 msgid "wipes key with number <key slot> from LUKS device" msgstr "брише кључ Ñа бројем <утор кључа> Ñа ЛУКС уређаја" -#: src/cryptsetup.c:2856 +#: src/cryptsetup.c:3172 msgid "print UUID of LUKS device" msgstr "иÑпиÑује УЈИБ ЛУКС уређаја" -#: src/cryptsetup.c:2857 +#: src/cryptsetup.c:3173 msgid "tests <device> for LUKS partition header" msgstr "иÑпробава <уређај> за заглављем ЛУКС партиције" -#: src/cryptsetup.c:2858 +#: src/cryptsetup.c:3174 msgid "dump LUKS partition information" msgstr "иÑпиÑује податке ЛУКС партиције" -#: src/cryptsetup.c:2859 +#: src/cryptsetup.c:3175 msgid "dump TCRYPT device information" msgstr "иÑпиÑује податке ТКРИПТ уређаја" -#: src/cryptsetup.c:2860 +#: src/cryptsetup.c:3176 msgid "dump BITLK device information" msgstr "иÑпиÑује податке „BITLK“ уређаја" -#: src/cryptsetup.c:2861 +#: src/cryptsetup.c:3177 +msgid "dump FVAULT2 device information" +msgstr "иÑпиÑује податке „FVAULT2“ уређаја" + +#: src/cryptsetup.c:3178 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "ОбуÑтавља ЛУКС уређај и брише кључ (Ñви УИ Ñу замрзнути)" -#: src/cryptsetup.c:2862 +#: src/cryptsetup.c:3179 msgid "Resume suspended LUKS device" msgstr "ÐаÑтавља Ñа обуÑтављеним ЛУКС уређајем" -#: src/cryptsetup.c:2863 +#: src/cryptsetup.c:3180 msgid "Backup LUKS device header and keyslots" msgstr "Прави резерву заглавља „LUKS“ уређаја и утора кључева" -#: src/cryptsetup.c:2864 +#: src/cryptsetup.c:3181 msgid "Restore LUKS device header and keyslots" msgstr "Враћа заглавље „LUKS“ уређаја и уторе кључева" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid "<add|remove|import|export> <device>" msgstr "<додај|уклони|увези|извези> <уређај>" -#: src/cryptsetup.c:2865 +#: src/cryptsetup.c:3182 msgid "Manipulate LUKS2 tokens" msgstr "Управља ЛУКС2 Ñкупинама" -#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554 +#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 msgid "" "\n" "<action> is one of:\n" @@ -2503,19 +2580,19 @@ msgstr "" "\n" "<радња> је једна од Ñледећих:\n" -#: src/cryptsetup.c:2890 +#: src/cryptsetup.c:3207 msgid "" "\n" "You can also use old <action> syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" msgstr "" "\n" "Можете такође да кориÑтите Ñтаре надимке ÑинтакÑе <радње>:\n" -"\tотварање: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" -"\tзатвори: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +"\tотвори: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tзатвори: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:2894 +#: src/cryptsetup.c:3211 #, c-format msgid "" "\n" @@ -2530,7 +2607,7 @@ msgstr "" "<утор кључа> је број ЛУКС утора кључа за мењање\n" "<датотека кључа> изборна датотека кључа за нови кључ за радњу „luksAddKey“\n" -#: src/cryptsetup.c:2901 +#: src/cryptsetup.c:3218 #, c-format msgid "" "\n" @@ -2539,7 +2616,7 @@ msgstr "" "\n" "ОÑновни уграђени Ð·Ð°Ð¿Ð¸Ñ Ð¼ÐµÑ‚Ð°Ð¿Ð¾Ð´Ð°Ñ‚Ð°ÐºÐ° је „%s“ (за „luksFormat“ радњу).\n" -#: src/cryptsetup.c:2906 src/cryptsetup.c:2909 +#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 #, c-format msgid "" "\n" @@ -2548,20 +2625,20 @@ msgstr "" "\n" "Подршка прикључка Ñпољне Ñкупине за „LUKS2“ је „%s“.\n" -#: src/cryptsetup.c:2906 +#: src/cryptsetup.c:3223 msgid "compiled-in" msgstr "преведено" -#: src/cryptsetup.c:2907 +#: src/cryptsetup.c:3224 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "Путања прикључка Ñпољне Ñкупине за „LUKS2“: %s.\n" -#: src/cryptsetup.c:2909 +#: src/cryptsetup.c:3226 msgid "disabled" msgstr "иÑкључено" -#: src/cryptsetup.c:2913 +#: src/cryptsetup.c:3230 #, c-format msgid "" "\n" @@ -2578,7 +2655,7 @@ msgstr "" "ОÑновни „PBKDF“ за ЛУКС2: %s\n" "\tВреме понављања: %d, Захтевана меморија: %dkB, Паралелне нити: %d\n" -#: src/cryptsetup.c:2924 +#: src/cryptsetup.c:3241 #, c-format msgid "" "\n" @@ -2593,96 +2670,96 @@ msgstr "" "\tобично: %s, Кључ: %d бита, Хеширање лозинке: %s\n" "\tЛУКС: %s, Кључ: %d бита, Хеширање ЛУКС заглавља: %s, Ð ÐГ: %s\n" -#: src/cryptsetup.c:2933 +#: src/cryptsetup.c:3250 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tЛУКС: ОÑновна величина кључа Ñа „XTS“ режимом (два унутрашња кључа) биће удвоÑтручена.\n" -#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711 +#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: захтева „%s“ као аргумент" -#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194 +#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Утор кључа није иÑправан." -#: src/cryptsetup.c:3024 +#: src/cryptsetup.c:3335 msgid "Device size must be multiple of 512 bytes sector." msgstr "Величина уређаја мора бити умножак одељка од 512 бајта." -#: src/cryptsetup.c:3029 +#: src/cryptsetup.c:3340 msgid "Invalid max reencryption hotzone size specification." msgstr "ÐеиÑправна одредба највеће величине вруће зоне поновног шифровања." -#: src/cryptsetup.c:3043 src/cryptsetup.c:3055 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 msgid "Key size must be a multiple of 8 bits" msgstr "Величина кључа мора бити умножак од 8 бита" -#: src/cryptsetup.c:3060 +#: src/cryptsetup.c:3371 msgid "Maximum device reduce size is 1 GiB." msgstr "Ðајвећа величина Ñмањења уређаја је 1 GiB." -#: src/cryptsetup.c:3063 +#: src/cryptsetup.c:3374 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Величина Ñмањивања мора бити умножак одељка од 512 бајта." -#: src/cryptsetup.c:3080 +#: src/cryptsetup.c:3391 msgid "Option --priority can be only ignore/normal/prefer." msgstr "Опција „--priority“ може бити Ñамо „ignore/normal/prefer“." -#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634 +#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 msgid "Show this help message" msgstr "Приказује ову поруку помоћи" -#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635 +#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 msgid "Display brief usage" msgstr "Прикажите кратку поруку о коришћењу" -#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636 +#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 msgid "Print package version" msgstr "ИÑпиÑује издање пакета" -#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647 +#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 msgid "Help options:" msgstr "Опције помоћи:" -#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664 +#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 msgid "[OPTION...] <action> <action-specific>" msgstr "[ОПЦИЈÐ...] <радња> <поÑебноÑÑ‚-радње>" -#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675 +#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 msgid "Argument <action> missing." msgstr "ÐедоÑтаје аргумент <радња>." -#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706 +#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 msgid "Unknown action." msgstr "Ðепозната радња." -#: src/cryptsetup.c:3229 +#: src/cryptsetup.c:3546 msgid "Option --key-file takes precedence over specified key file argument." msgstr "Опција „--key-file“ има првенÑтво над наведеним аргументом датотеке кључа." -#: src/cryptsetup.c:3235 +#: src/cryptsetup.c:3552 msgid "Only one --key-file argument is allowed." msgstr "Дозвољен је Ñамо један аргумент „--key-file“." -#: src/cryptsetup.c:3240 +#: src/cryptsetup.c:3557 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "Функција произилажења кључа заÑнованог на пропуÑној речи (PBKDF) може бити Ñамо „pbkdf2“ или „argon2i/argon2id“." -#: src/cryptsetup.c:3245 +#: src/cryptsetup.c:3562 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "„PBKDF“ приÑиљена понављања Ñе не могу комбиновати Ñа опцијом времена понављања." -#: src/cryptsetup.c:3256 +#: src/cryptsetup.c:3573 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Опције „--keyslot-cipher“ и „--keyslot-key-size“ Ñе морају кориÑтити заједно." -#: src/cryptsetup.c:3264 +#: src/cryptsetup.c:3581 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Ðије предузета никаква радња. Призвана опцијом „--test-args“.\n" -#: src/cryptsetup.c:3277 +#: src/cryptsetup.c:3594 msgid "Cannot disable metadata locking." msgstr "Ðе могу да иÑкључим закључавање метаподатака." @@ -2710,72 +2787,72 @@ msgstr "Ðе могу да направим корену хеш датотеку msgid "Cannot write to root hash file %s." msgstr "Ðе могу да пишем у корену хеш датотеку „%s“." -#: src/veritysetup.c:196 src/veritysetup.c:472 +#: src/veritysetup.c:198 src/veritysetup.c:476 #, c-format msgid "Device %s is not a valid VERITY device." msgstr "Уређај „%s“ није иÑправан „VERITY“ уређај." -#: src/veritysetup.c:213 src/veritysetup.c:230 +#: src/veritysetup.c:215 src/veritysetup.c:232 #, c-format msgid "Cannot read root hash file %s." msgstr "Ðе могу да читам корену хеш датотеку „%s“." -#: src/veritysetup.c:218 +#: src/veritysetup.c:220 #, c-format msgid "Invalid root hash file %s." msgstr "ÐеиÑправна корена хеш датотека „%s“." -#: src/veritysetup.c:239 +#: src/veritysetup.c:241 msgid "Invalid root hash string specified." msgstr "Ðаведена је неиÑправна ниÑка хеша корена." -#: src/veritysetup.c:247 +#: src/veritysetup.c:249 #, c-format msgid "Invalid signature file %s." msgstr "ÐеиÑправна датотека потпиÑа „%s“." -#: src/veritysetup.c:254 +#: src/veritysetup.c:256 #, c-format msgid "Cannot read signature file %s." msgstr "Ðе могу да прочитам датотеку потпиÑа „%s“." -#: src/veritysetup.c:277 src/veritysetup.c:291 +#: src/veritysetup.c:279 src/veritysetup.c:293 msgid "Command requires <root_hash> or --root-hash-file option as argument." msgstr "Ðаредба захтева „<root_hash>“ или „--root-hash-file“ опцију као аргумент." -#: src/veritysetup.c:485 +#: src/veritysetup.c:489 msgid "<data_device> <hash_device>" msgstr "<уређај_података> <уређај_хеша>" -#: src/veritysetup.c:485 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:534 msgid "format device" msgstr "форматира уређај" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid "<data_device> <hash_device> [<root_hash>]" msgstr "<уређај_података> <уређај_хеша> [<хеш_корена>]" -#: src/veritysetup.c:486 +#: src/veritysetup.c:490 msgid "verify device" msgstr "проверава уређај" -#: src/veritysetup.c:487 +#: src/veritysetup.c:491 msgid "<data_device> <name> <hash_device> [<root_hash>]" msgstr "<уређај_података> <назив> <уређај_хеша> [<хеш_корена>]" -#: src/veritysetup.c:489 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:537 msgid "show active device status" msgstr "показује Ñтање радног уређаја" -#: src/veritysetup.c:490 +#: src/veritysetup.c:494 msgid "<hash_device>" msgstr "<уређај_хеша>" -#: src/veritysetup.c:490 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:538 msgid "show on-disk information" msgstr "приказује податке на-диÑку" -#: src/veritysetup.c:509 +#: src/veritysetup.c:513 #, c-format msgid "" "\n" @@ -2790,7 +2867,7 @@ msgstr "" "<уређај_хеша> јеÑте уређај који Ñадржи податке проверавања\n" "<хеш_корена> хеш кореног чвора на <уређају_хеша>\n" -#: src/veritysetup.c:516 +#: src/veritysetup.c:520 #, c-format msgid "" "\n" @@ -2801,11 +2878,11 @@ msgstr "" "ОÑновни преведени параметри дм-тачноÑти:\n" "\tХеш: %s, Блок података (бајта): %u, Блок хеша (бајта): %u, Величина приÑолка: %u, Ð—Ð°Ð¿Ð¸Ñ Ñ…ÐµÑˆÐ°: %u\n" -#: src/veritysetup.c:654 +#: src/veritysetup.c:658 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Опције „--ignore-corruption“ и „--restart-on-corruption“ Ñе не могу кориÑтити заједно." -#: src/veritysetup.c:659 +#: src/veritysetup.c:663 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Опције „--panic-on-corruption“ и „--restart-on-corruption“ Ñе не могу кориÑтити заједно." @@ -3090,7 +3167,7 @@ msgstr "Ðапредовање: %5.1f%%, ETA %s, %s, %s%s" msgid "Finished, time %s, %s, %s\n" msgstr "Завршено, време %s, %s, %s\n" -#: src/utils_password.c:41 src/utils_password.c:74 +#: src/utils_password.c:41 src/utils_password.c:72 #, c-format msgid "Cannot check password quality: %s" msgstr "Ðе могу да проверим квалитет лозинке: %s" @@ -3104,42 +3181,42 @@ msgstr "" "Провера квалитета лозинке није уÑпела:\n" " %s" -#: src/utils_password.c:81 +#: src/utils_password.c:79 #, c-format msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Провера квалитета лозинке није уÑпела: Лоша шифра (%s)" -#: src/utils_password.c:231 src/utils_password.c:245 +#: src/utils_password.c:230 src/utils_password.c:244 msgid "Error reading passphrase from terminal." msgstr "Грешка читања пропуÑне речи из терминала." -#: src/utils_password.c:243 +#: src/utils_password.c:242 msgid "Verify passphrase: " msgstr "Провери пропуÑну реч: " -#: src/utils_password.c:250 +#: src/utils_password.c:249 msgid "Passphrases do not match." msgstr "ПропуÑне речи Ñе не подударају." -#: src/utils_password.c:288 +#: src/utils_password.c:287 msgid "Cannot use offset with terminal input." msgstr "Ðе могу да кориÑтим померај Ñа улазом терминала." -#: src/utils_password.c:292 +#: src/utils_password.c:291 #, c-format msgid "Enter passphrase: " msgstr "УнеÑите пропуÑну реч: " -#: src/utils_password.c:295 +#: src/utils_password.c:294 #, c-format msgid "Enter passphrase for %s: " msgstr "УнеÑите пропуÑну реч за „%s“: " -#: src/utils_password.c:329 +#: src/utils_password.c:328 msgid "No key available with this passphrase." msgstr "Ðема доÑтупног кључа Ñа овом пропуÑном речју." -#: src/utils_password.c:331 +#: src/utils_password.c:330 msgid "No usable keyslot is available." msgstr "Ðема доÑтупног употребљивог утора кључа." @@ -3213,41 +3290,50 @@ msgstr "" "То може довеÑти до оштећења података ако је уређај заправо активиран.\n" "Да покренете поновно шифровање у режиму на мрежи, кориÑтите параметар „--active-name“.\n" -#: src/utils_reencrypt.c:175 +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." +msgstr "" +"Уређај „%s“ није блок уређај. Ðе могу да Ñамо-откријем да ли је активан или није.\n" +"КориÑтите „--force-offline-reencrypt“ да заобиђете проверу и да радите у режиму ван мреже (опаÑно!)." + +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "Захтевана опција „--resilience“ Ñе не може применити на текућој радњи поновног шифровања." + +#: src/utils_reencrypt.c:203 msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." msgstr "Уређај није у ЛУКС2 шифровању. Сукобљавајућа опција „--encrypt“." -#: src/utils_reencrypt.c:180 +#: src/utils_reencrypt.c:208 msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." msgstr "Уређај није у ЛУКС2 шифровању. Сукобљавајућа опција „--decrypt“." -#: src/utils_reencrypt.c:187 +#: src/utils_reencrypt.c:215 msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." msgstr "Уређај је у поновном шифровању кориÑтећи гипкоÑÑ‚ помака података. Захтевана опција „--resilience“ Ñе не може применити." -#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199 -#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681 -msgid "Requested --resilience option cannot be applied to current reencryption operation." -msgstr "Захтевана опција „--resilience“ Ñе не може применити на текућој радњи поновног шифровања." - -#: src/utils_reencrypt.c:258 +#: src/utils_reencrypt.c:293 msgid "Device requires reencryption recovery. Run repair first." msgstr "Уређај захтева опоравак поновног шифровања. Прво покрените поправку." -#: src/utils_reencrypt.c:268 +#: src/utils_reencrypt.c:307 #, c-format msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "Уређај „%s“ је већ у ЛУКС2 поновном шифровању. Да ли желите да наÑтавите Ñа претходно започетом радњом?" -#: src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:353 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Старо ЛУКС2 поновно шифровања више није подржано." -#: src/utils_reencrypt.c:379 +#: src/utils_reencrypt.c:418 msgid "Reencryption of device with integrity profile is not supported." msgstr "Поновно шифровање уређаја Ñа профилом целовитоÑти није подржано." -#: src/utils_reencrypt.c:410 +#: src/utils_reencrypt.c:449 #, c-format msgid "" "Requested --sector-size %<PRIu32> is incompatible with %s superblock\n" @@ -3256,98 +3342,103 @@ msgstr "" "Захтевано „--sector-size“ %<PRIu32> је неÑаглаÑно Ñа „%s“ Ñуперблоком\n" "(величина блока: %<PRIu32> бајта) је откривено на уређају „%s“." -#: src/utils_reencrypt.c:455 +#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Шифровање без откаченог заглавља (--header) није могуће без Ñмањења величине уређаја података (--reduce-device-size)." -#: src/utils_reencrypt.c:461 +#: src/utils_reencrypt.c:525 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Затражени померај података мора бити мањи или једнак половини параметра „--reduce-device-size“." -#: src/utils_reencrypt.c:471 +#: src/utils_reencrypt.c:535 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n" msgstr "Подешавам „--reduce-device-size“ вредноÑÑ‚ на двоÑтруко од „--offset“ %<PRIu64> (подеока).\n" -#: src/utils_reencrypt.c:501 +#: src/utils_reencrypt.c:565 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "Привремена датотека заглавља „%s“ већ поÑтоји. Прекидам." -#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510 +#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 #, c-format msgid "Cannot create temporary header file %s." msgstr "Ðе могу да направим привремену датотеку заглавља „%s“." -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:599 msgid "LUKS2 metadata size is larger than data shift value." msgstr "Величина ЛУКС2 метаподатака је већа од вредноÑти помака података." -#: src/utils_reencrypt.c:572 +#: src/utils_reencrypt.c:636 #, c-format msgid "Failed to place new header at head of device %s." msgstr "ÐиÑам уÑпео да Ñтавим ново заглавље на главу уређаја „%s“." -#: src/utils_reencrypt.c:582 +#: src/utils_reencrypt.c:646 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "„%s/%s“ је Ñада активно и Ñпремно за шифровање на мрежи.\n" -#: src/utils_reencrypt.c:618 +#: src/utils_reencrypt.c:682 #, c-format msgid "Active device %s is not LUKS2." msgstr "Радни уређај „%s“ није ЛУКС2." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:710 msgid "Restoring original LUKS2 header." msgstr "Враћам изворно ЛУКС2 заглавље." -#: src/utils_reencrypt.c:654 +#: src/utils_reencrypt.c:718 msgid "Original LUKS2 header restore failed." msgstr "Враћање изворног ЛУКС2 заглавља није уÑпело." -#: src/utils_reencrypt.c:722 +#: src/utils_reencrypt.c:744 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" +msgstr "Датотека заглавља „%s“ не поÑтоји. Да ли желите да покренете LUKS2 дешифровање уређаја „%s“ и да извезете LUKS2 заглавље у датотеку „%s“?" + +#: src/utils_reencrypt.c:792 msgid "Failed to add read/write permissions to exported header file." msgstr "ÐиÑам уÑпео да додам дозволе за читање/пиÑање у извезену датотеку заглавља." -#: src/utils_reencrypt.c:775 +#: src/utils_reencrypt.c:845 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "Покретање поновног шифровања није уÑпело. Резерва заглавља је доÑтупна у „%s“." -#: src/utils_reencrypt.c:803 +#: src/utils_reencrypt.c:873 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "ЛУКС2 дешифровање је подржано Ñамо Ñа откаченим уређајем заглавља (Ñа померајем података поÑтављеним на 0)." -#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943 +#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 msgid "Not enough free keyslots for reencryption." msgstr "Ðема довољно Ñлободних утора кључева за поновно шифровање." -#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Датотека кључа може бити коришћена Ñамо Ñа „--key-slot“ или Ñа тачно једним активним утором кључа." -#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "УнеÑите пропуÑну реч за утор кључа %d: " -#: src/utils_reencrypt.c:985 +#: src/utils_reencrypt.c:1059 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "УнеÑите пропуÑну реч за утор кључа %u: " -#: src/utils_reencrypt.c:1037 +#: src/utils_reencrypt.c:1111 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "Пребацујем шифрера података на „%s“.\n" -#: src/utils_reencrypt.c:1091 +#: src/utils_reencrypt.c:1165 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Ðикакви параметри подеока података ниÑу измењени. Поновно шифровање је прекинуто." -#: src/utils_reencrypt.c:1187 +#: src/utils_reencrypt.c:1267 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3355,7 +3446,7 @@ msgstr "" "Повећање величине одељка шифровања на не прикљученом уређају није подржано.\n" "Прво покрените уређај или кориÑтите опцију „--force-offline-reencrypt“ (опаÑно, вруће!!)." -#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3364,58 +3455,58 @@ msgstr "" "\n" "Поновно шифровање је прекинуто." -#: src/utils_reencrypt.c:1232 +#: src/utils_reencrypt.c:1312 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "ÐаÑтављам Ñа ЛУКС2 поновним шифровањем у наÑилном ванмрежном режиму.\n" -#: src/utils_reencrypt.c:1249 +#: src/utils_reencrypt.c:1329 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "Уређај „%s“ Ñадржи оштећене ЛУКС2 метаподатке. Прекидам радњу." -#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287 +#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "Уређај „%s“ већ јеÑте ЛУКС уређај. Прекидам радњу." -#: src/utils_reencrypt.c:1293 +#: src/utils_reencrypt.c:1373 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "Уређај „%s“ је већ у ЛУКС2 поновном шифровању. Прекидам радњу." -#: src/utils_reencrypt.c:1366 +#: src/utils_reencrypt.c:1453 msgid "LUKS2 decryption requires --header option." msgstr "ЛУКС2 дешифровање захтева опцију „--header“." -#: src/utils_reencrypt.c:1414 +#: src/utils_reencrypt.c:1501 msgid "Command requires device as argument." msgstr "Ðаредба захтева уређај као аргумент." -#: src/utils_reencrypt.c:1427 +#: src/utils_reencrypt.c:1514 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Сукобљавајућа издања. Уређај „%s“ је ЛУКС1." -#: src/utils_reencrypt.c:1433 +#: src/utils_reencrypt.c:1520 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Сукобљавајућа издања. Уређај „%s“ је у ЛУКС1 поновном шифровању." -#: src/utils_reencrypt.c:1439 +#: src/utils_reencrypt.c:1526 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Сукобљавајућа издања. Уређај „%s“ је ЛУКС2." -#: src/utils_reencrypt.c:1445 +#: src/utils_reencrypt.c:1532 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Сукобљавајућа издања. Уређај „%s“ је у ЛУКС2 поновном шифровању." -#: src/utils_reencrypt.c:1451 +#: src/utils_reencrypt.c:1538 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "ЛУКС2 поновно шифровање је већ покренуто. Прекидам радњу." -#: src/utils_reencrypt.c:1458 +#: src/utils_reencrypt.c:1545 msgid "Device reencryption not in progress." msgstr "Поновно шифровање уређаја није у току." @@ -3520,28 +3611,28 @@ msgstr "УИ грешка за време поновног шифровања." msgid "Provided UUID is invalid." msgstr "ДоÑтављени УУИД није иÑправан." -#: src/utils_reencrypt_luks1.c:1220 +#: src/utils_reencrypt_luks1.c:1224 msgid "Cannot open reencryption log file." msgstr "Ðе могу да отворим датотеку дневника поновног шифровања." -#: src/utils_reencrypt_luks1.c:1226 +#: src/utils_reencrypt_luks1.c:1230 msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." msgstr "Ðема опиÑа у напретку, доÑтављени УУИД Ñе може кориÑтити Ñамо за наÑтављање зауÑтављеног процеÑа дешифровања." -#: src/utils_reencrypt_luks1.c:1280 +#: src/utils_reencrypt_luks1.c:1286 #, c-format msgid "Reencryption will change: %s%s%s%s%s%s." msgstr "Поновно шифровање ће изменити: %s%s%s%s%s%s." -#: src/utils_reencrypt_luks1.c:1281 +#: src/utils_reencrypt_luks1.c:1287 msgid "volume key" msgstr "кључ волумена" -#: src/utils_reencrypt_luks1.c:1283 +#: src/utils_reencrypt_luks1.c:1289 msgid "set hash to " msgstr "поÑтавља хеш на " -#: src/utils_reencrypt_luks1.c:1284 +#: src/utils_reencrypt_luks1.c:1290 msgid ", set cipher to " msgstr ", поÑтавља шифрера на " @@ -3761,6 +3852,18 @@ msgstr "Метода потврђивања идентитета јавног к msgid "Public key authentication error: " msgstr "Грешка потврђивања идентитета јавног кључа: " +#~ msgid "WARNING: Data offset is outside of currently available data device.\n" +#~ msgstr "УПОЗОРЕЊЕ: Померај података је ван тренутно доÑтупног уређаја података.\n" + +#~ msgid "Cannot get process priority." +#~ msgstr "Ðе могу да добавим хитноÑÑ‚ процеÑа." + +#~ msgid "Cannot unlock memory." +#~ msgstr "Ðе могу да откључам меморију." + +#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions." +#~ msgstr "Директоријум закључавања „%s/%s“ биће направљен Ñа оÑновним преведеним овлашћењима." + #~ msgid "Failed to read BITLK signature from %s." #~ msgstr "ÐиÑам уÑпео да прочитам „BITLK“ Ð¿Ð¾Ñ‚Ð¿Ð¸Ñ Ð¸Ð· „%s“." @@ -4158,9 +4261,6 @@ msgstr "Грешка потврђивања идентитета јавног к #~ msgid "Sector size option is not supported for this command." #~ msgstr "Опција величине Ñектора није подржана за ову наредбу." -#~ msgid "Option --unbound may be used only with luksAddKey and luksDump actions." -#~ msgstr "Опција „--unbound“ Ñе може кориÑтити Ñамо Ñа радњама „luksAddKey“ и „luksDump“." - #~ msgid "Option --refresh may be used only with open action." #~ msgstr "Опција „--refresh“ Ñе може кориÑтити Ñамо Ñа радњом отварања." @@ -4341,9 +4441,6 @@ msgstr "Грешка потврђивања идентитета јавног к #~ msgid "Read new volume (master) key from file" #~ msgstr "Чита (главни) кључ волумена из датотеке" -#~ msgid "PBKDF2 iteration time for LUKS (in ms)" -#~ msgstr "Време ПБКДФ2 понављања за ЛУКС (у милиÑекундама)" - #~ msgid "Use direct-io when accessing devices" #~ msgstr "КориÑти непоÑредни-уи приликом приÑтупа уређајима" @@ -2,13 +2,13 @@ # Copyright (C) 2012 Free Software Foundation, Inc. # This file is put in the public domain. # -# Yuri Chornoivan <yurchor@ukr.net>, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023. +# Yuri Chornoivan <yurchor@ukr.net>, 2012-2023. msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.6.1-rc0\n" +"Project-Id-Version: cryptsetup 2.7.0-rc1\n" "Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" -"POT-Creation-Date: 2023-02-01 15:58+0100\n" -"PO-Revision-Date: 2023-02-02 10:48+0200\n" +"POT-Creation-Date: 2023-12-20 15:16+0100\n" +"PO-Revision-Date: 2023-12-21 12:16+0200\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n" "Language: uk\n" @@ -17,7 +17,7 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Lokalize 20.12.0\n" +"X-Generator: Lokalize 23.04.1\n" #: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." @@ -27,58 +27,62 @@ msgstr "Ðе можна ініціалізувати device-mapper, Ñкщо Ð¿Ñ msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ device-mapper. Чи завантажено модуль Ñдра dm_mod?" -#: lib/libdevmapper.c:1102 +#: lib/libdevmapper.c:1103 msgid "Requested deferred flag is not supported." msgstr "Підтримки бажаного Ð¿Ñ€Ð°Ð¿Ð¾Ñ€Ñ†Ñ Ð²Ñ–Ð´ÐºÐ»Ð°Ð´ÐµÐ½Ð½Ñ, %s, не передбачено." -#: lib/libdevmapper.c:1171 +#: lib/libdevmapper.c:1172 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "DM-UUID Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою %s було обрізано." -#: lib/libdevmapper.c:1501 +#: lib/libdevmapper.c:1510 msgid "Unknown dm target type." msgstr "Ðевідомий тип Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ dm." -#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724 -#: lib/libdevmapper.c:1727 +#: lib/libdevmapper.c:1629 lib/libdevmapper.c:1635 lib/libdevmapper.c:1738 +#: lib/libdevmapper.c:1741 msgid "Requested dm-crypt performance options are not supported." msgstr "Підтримки вказаних параметрів швидкодії dm-crypt не передбачено." -#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647 +#: lib/libdevmapper.c:1644 lib/libdevmapper.c:1656 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Підтримки вказаних параметрів обробки пошкоджених даних за допомогою dm-verity не передбачено." -#: lib/libdevmapper.c:1641 +#: lib/libdevmapper.c:1650 msgid "Requested dm-verity tasklets option is not supported." msgstr "Підтримки вказаного параметра завдань dm-verity не передбачено." -#: lib/libdevmapper.c:1653 +#: lib/libdevmapper.c:1662 msgid "Requested dm-verity FEC options are not supported." msgstr "Підтримки вказаних параметрів FEC за допомогою dm-verity не передбачено." -#: lib/libdevmapper.c:1659 +#: lib/libdevmapper.c:1668 msgid "Requested data integrity options are not supported." msgstr "Підтримки вказаних параметрів ціліÑноÑÑ‚Ñ– даних не передбачено." -#: lib/libdevmapper.c:1663 +#: lib/libdevmapper.c:1672 msgid "Requested sector_size option is not supported." msgstr "Підтримки вказаного параметра sector_size не передбачено." -#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676 +#: lib/libdevmapper.c:1677 +msgid "The device size is not multiple of the requested sector size." +msgstr "Розмір приÑтрою не Ñ” кратним до розміру Ñектора у запиті." + +#: lib/libdevmapper.c:1684 lib/libdevmapper.c:1690 msgid "Requested automatic recalculation of integrity tags is not supported." msgstr "Підтримки потрібного вам автоматичного повторного обчиÑÐ»ÐµÐ½Ð½Ñ Ð¼Ñ–Ñ‚Ð¾Ðº ціліÑноÑÑ‚Ñ– не передбачено." -#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733 -#: lib/luks2/luks2_json_metadata.c:2620 +#: lib/libdevmapper.c:1696 lib/libdevmapper.c:1744 lib/libdevmapper.c:1747 +#: lib/luks2/luks2_json_metadata.c:2754 msgid "Discard/TRIM is not supported." msgstr "Підтримки Ð²Ñ–Ð´ÐºÐ¸Ð´Ð°Ð½Ð½Ñ Ð°Ð±Ð¾ Ð¾Ð±Ñ€Ñ–Ð·Ð°Ð½Ð½Ñ Ð½Ðµ передбачено." -#: lib/libdevmapper.c:1688 +#: lib/libdevmapper.c:1702 msgid "Requested dm-integrity bitmap mode is not supported." msgstr "Підтримки вказаного режиму бітової карти ціліÑноÑÑ‚Ñ– dm не передбачено." -#: lib/libdevmapper.c:2724 +#: lib/libdevmapper.c:2738 #, c-format msgid "Failed to query dm-%s segment." msgstr "Ðе вдалоÑÑ Ð¾Ð¿Ð¸Ñ‚Ð°Ñ‚Ð¸ Ñегмент dm-%s." @@ -112,653 +116,743 @@ msgstr "Ðадійшов запит щодо невідомої ÑкоÑÑ‚Ñ– Ð¿Ñ msgid "Error reading from RNG." msgstr "Помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· генератора пÑевдовипадкових чиÑел." -#: lib/setup.c:231 +#: lib/setup.c:261 +msgid "OPAL support is disabled in libcryptsetup." +msgstr "Підтримку OPAL у libcryptsetup вимкнено." + +#: lib/setup.c:263 +#, c-format +msgid "Device %s or kernel does not support OPAL encryption." +msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð¸Ñтрою %s або Ñдра не передбачено підтримки ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ OPAL." + +#: lib/setup.c:279 msgid "Cannot initialize crypto RNG backend." msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ допоміжну програму ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð³ÐµÐ½ÐµÑ€Ð°Ñ‚Ð¾Ñ€Ð° пÑевдовипадкових чиÑел." -#: lib/setup.c:237 +#: lib/setup.c:285 msgid "Cannot initialize crypto backend." msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ допоміжну програму шифруваннÑ." -#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122 +#: lib/setup.c:317 lib/setup.c:2777 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "Підтримки алгоритму Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ %s не передбачено." -#: lib/setup.c:271 lib/loopaes/loopaes.c:90 +#: lib/setup.c:320 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "Помилка під Ñ‡Ð°Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸ ключа (на оÑнові хешу %s)." -#: lib/setup.c:342 lib/setup.c:369 +#: lib/setup.c:391 lib/setup.c:428 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "Ðе вдалоÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸ тип приÑтрою. ÐеÑуміÑна Ð´Ñ–Ñ Ð· активації приÑтрою?" -#: lib/setup.c:348 lib/setup.c:3320 +#: lib/setup.c:397 lib/setup.c:3971 msgid "This operation is supported only for LUKS device." msgstr "Підтримку цієї дії передбачено лише Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтроїв LUKS." -#: lib/setup.c:375 +#: lib/setup.c:434 msgid "This operation is supported only for LUKS2 device." msgstr "Підтримку цієї дії передбачено лише Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтроїв LUKS2." -#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010 +#: lib/setup.c:491 lib/luks2/luks2_reencrypt.c:3056 msgid "All key slots full." msgstr "Заповнено вÑÑ– Ñлоти ключів." -#: lib/setup.c:438 +#: lib/setup.c:502 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Слот ключа %d Ñ” некоректним, будь лаÑка, виберіть чиÑло від 0 до %d." -#: lib/setup.c:444 +#: lib/setup.c:508 #, c-format msgid "Key slot %d is full, please select another one." msgstr "Слот ключа %d заповнено, будь лаÑка, виберіть інший." -#: lib/setup.c:529 lib/setup.c:3042 +#: lib/setup.c:619 lib/setup.c:3672 msgid "Device size is not aligned to device logical block size." msgstr "Розмір приÑтрою не вирівнÑно за розміром логічного блоку приÑтрою." -#: lib/setup.c:627 +#: lib/setup.c:717 #, c-format msgid "Header detected but device %s is too small." msgstr "ВиÑвлено заголовок, але об’єм приÑтрою %s Ñ” надто малим." -#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287 -#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184 +#: lib/setup.c:758 lib/setup.c:3563 lib/setup.c:5163 +#: lib/luks2/luks2_reencrypt.c:3848 lib/luks2/luks2_reencrypt.c:4305 msgid "This operation is not supported for this device type." msgstr "Підтримки цієї дії Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ типу приÑтроїв не передбачено." -#: lib/setup.c:673 +#: lib/setup.c:763 msgid "Illegal operation with reencryption in-progress." msgstr "Виконуємо заборонену дію із повторного шифруваннÑ." -#: lib/setup.c:802 +#: lib/setup.c:895 msgid "Failed to rollback LUKS2 metadata in memory." msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÐ¾Ñ‚Ð¸Ñ‚Ð¸ метадані LUKS2 у пам'ÑÑ‚Ñ–." -#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 -#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587 -#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977 -#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656 -#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465 -#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77 +#: lib/setup.c:982 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1374 src/cryptsetup.c:1799 +#: src/cryptsetup.c:1962 src/cryptsetup.c:2017 src/cryptsetup.c:2222 +#: src/cryptsetup.c:2392 src/cryptsetup.c:2673 src/cryptsetup.c:2981 +#: src/cryptsetup.c:3049 src/utils_reencrypt.c:1488 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:85 #, c-format msgid "Device %s is not a valid LUKS device." msgstr "ПриÑтрій %s не Ñ” коректним приÑтроєм LUKS." -#: lib/setup.c:892 lib/luks1/keymanage.c:530 +#: lib/setup.c:985 lib/luks1/keymanage.c:530 #, c-format msgid "Unsupported LUKS version %d." msgstr "Ðепідтримувана верÑÑ–Ñ LUKS, %d." -#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785 -#: lib/setup.c:2952 lib/setup.c:4764 +#: lib/setup.c:1358 +#, c-format +msgid "No known cipher specification pattern detected for active device %s." +msgstr "Ðе виÑвлено жодного відомого зразка Ñпецифікації ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð°ÐºÑ‚Ð¸Ð²Ð½Ð¾Ð³Ð¾ приÑтрою %s." + +#: lib/setup.c:1604 lib/setup.c:3317 lib/setup.c:3399 lib/setup.c:3411 +#: lib/setup.c:3581 lib/setup.c:5755 #, c-format msgid "Device %s is not active." msgstr "ПриÑтрій %s Ñ” неактивним." -#: lib/setup.c:1508 +#: lib/setup.c:1621 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "Зник оÑновний приÑтрій Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ %s." -#: lib/setup.c:1590 +#: lib/setup.c:1703 msgid "Invalid plain crypt parameters." msgstr "Ðекоректні параметри звичайного шифруваннÑ." -#: lib/setup.c:1595 lib/setup.c:2054 +#: lib/setup.c:1708 lib/setup.c:2680 msgid "Invalid key size." msgstr "Ðекоректний розмір ключа." -#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262 +#: lib/setup.c:1713 lib/setup.c:2685 lib/setup.c:2888 msgid "UUID is not supported for this crypt type." msgstr "Підтримки UUID Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ типу ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ðµ передбачено." -#: lib/setup.c:1605 lib/setup.c:2064 +#: lib/setup.c:1718 lib/setup.c:2690 msgid "Detached metadata device is not supported for this crypt type." msgstr "Підтримки приÑтрою від'єднаних метаданих Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ типу ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ðµ передбачено." -#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966 -#: src/cryptsetup.c:1387 src/cryptsetup.c:3383 +#: lib/setup.c:1728 lib/setup.c:1963 lib/luks2/luks2_reencrypt.c:3012 +#: src/cryptsetup.c:1467 src/cryptsetup.c:3726 msgid "Unsupported encryption sector size." msgstr "Ðепідтримуваний розмір Ñектора шифруваннÑ." -#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036 +#: lib/setup.c:1736 lib/setup.c:1992 lib/setup.c:3666 msgid "Device size is not aligned to requested sector size." msgstr "Розмір приÑтрою не вирівнÑно за вказаним розміром Ñектора." -#: lib/setup.c:1675 lib/setup.c:1799 +#: lib/setup.c:1788 lib/setup.c:2025 lib/setup.c:2357 msgid "Can't format LUKS without device." msgstr "Ð¤Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ LUKS без приÑтрою неможливе." -#: lib/setup.c:1681 lib/setup.c:1805 +#: lib/setup.c:1794 lib/setup.c:2031 lib/setup.c:2363 msgid "Requested data alignment is not compatible with data offset." msgstr "Потрібне вам Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… Ñ” неÑуміÑним із відÑтупом у даних." -#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274 +#: lib/setup.c:1834 lib/setup.c:2049 +msgid "WARNING: DAX device can corrupt data as it does not guarantee atomic sector updates.\n" +msgstr "УВÐГÐ: приÑтрій DAX може пошкодити дані, оÑкільки Ð´Ð»Ñ Ð½ÑŒÐ¾Ð³Ð¾ не гарантовано атомарні Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñекторів.\n" + +#: lib/setup.c:1872 lib/setup.c:2144 lib/setup.c:2165 lib/setup.c:2541 +#: lib/setup.c:2587 lib/setup.c:2900 #, c-format msgid "Cannot wipe header on device %s." msgstr "Ðе можна витирати заголовок на приÑтрої %s." -#: lib/setup.c:1769 lib/setup.c:2036 +#: lib/setup.c:1885 lib/setup.c:2204 #, c-format msgid "Device %s is too small for activation, there is no remaining space for data.\n" msgstr "ПриÑтрій %s Ñ” надто малим Ð´Ð»Ñ Ð°ÐºÑ‚Ð¸Ð²Ð°Ñ†Ñ–Ñ—, на ньому не лишитьÑÑ Ð¼Ñ–ÑÑ†Ñ Ð´Ð»Ñ Ð´Ð°Ð½Ð¸Ñ….\n" -#: lib/setup.c:1840 -msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" -msgstr "Увага: Ñпроба активувати приÑтрій завершитьÑÑ Ð½ÐµÐ²Ð´Ð°Ð»Ð¾, у dm-crypt не передбачено підтримки Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ð³Ð¾ розміру Ñектора шифруваннÑ.\n" - -#: lib/setup.c:1863 +#: lib/setup.c:1925 msgid "Volume key is too small for encryption with integrity extensions." msgstr "Ключ тому Ñ” надто малим Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ–Ð· розширеннÑми ціліÑноÑÑ‚Ñ–." -#: lib/setup.c:1923 +#: lib/setup.c:1934 #, c-format msgid "Cipher %s-%s (key size %zd bits) is not available." msgstr "Ð¨Ð¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ %s-%s (розмір ключа — %zd бітів) Ñ” недоÑтупним." -#: lib/setup.c:1949 -#, c-format -msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" -msgstr "Увага: розмір метаданих LUKS2 змінено до %<PRIu64> байтів.\n" - -#: lib/setup.c:1953 -#, c-format -msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" -msgstr "Увага: розмір облаÑÑ‚Ñ– Ñлотів ключів LUKS2 змінено до %<PRIu64> байтів.\n" +#: lib/setup.c:1973 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "Увага: Ñпроба активувати приÑтрій завершитьÑÑ Ð½ÐµÐ²Ð´Ð°Ð»Ð¾, у dm-crypt не передбачено підтримки Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ð³Ð¾ розміру Ñектора шифруваннÑ.\n" -#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255 -#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279 +#: lib/setup.c:2147 lib/setup.c:2484 lib/setup.c:2544 lib/utils_device.c:917 +#: lib/luks1/keyencryption.c:255 lib/luks2/luks2_reencrypt.c:3080 +#: lib/luks2/luks2_reencrypt.c:4364 #, c-format msgid "Device %s is too small." msgstr "Об’єм приÑтрою %s Ñ” надто малим." -#: lib/setup.c:1990 lib/setup.c:2016 +#: lib/setup.c:2158 lib/setup.c:2184 lib/setup.c:2580 lib/setup.c:2626 #, c-format msgid "Cannot format device %s in use." msgstr "Ðе можна форматувати приÑтрій %s, Ñкий перебуває у кориÑтуванні." -#: lib/setup.c:1993 lib/setup.c:2019 +#: lib/setup.c:2161 lib/setup.c:2187 lib/setup.c:2583 lib/setup.c:2629 #, c-format msgid "Cannot format device %s, permission denied." msgstr "Ðе можна форматувати приÑтрій %s, недоÑтатні права доÑтупу." -#: lib/setup.c:2005 lib/setup.c:2334 +#: lib/setup.c:2173 lib/setup.c:2600 lib/setup.c:2960 #, c-format msgid "Cannot format integrity for device %s." msgstr "Ðе вдалоÑÑ Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ñ‚Ð¸ ціліÑніÑÑ‚ÑŒ Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою %s." -#: lib/setup.c:2023 +#: lib/setup.c:2191 lib/setup.c:2637 #, c-format msgid "Cannot format device %s." msgstr "Ðе вдалоÑÑ Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ñ‚Ð¸ приÑтрій %s." -#: lib/setup.c:2049 +#: lib/setup.c:2234 +msgid "Cannot get OPAL alignment parameters." +msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ параметри Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ OPAL." + +#: lib/setup.c:2243 +msgid "Bogus OPAL logical block size." +msgstr "Фіктивний розмір логічного блоку OPAL." + +#: lib/setup.c:2249 +msgid "Requested data offset is not compatible with OPAL block size." +msgstr "Потрібний вам відÑтуп даних Ñ” неÑуміÑним із розміром блоку OPAL." + +#: lib/setup.c:2256 +msgid "Requested data alignment is not compatible with OPAL alignment." +msgstr "Потрібне вам Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… Ñ” неÑуміÑним із вирівнюваннÑм OPAL." + +#: lib/setup.c:2276 +msgid "Data offset does not satisfy OPAL alignment requirements." +msgstr "ВідÑтуп даних не відповідає вимогам Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ OPAL." + +#: lib/setup.c:2289 +msgid "Requested data alignment does not satisfy locking range alignment requirements." +msgstr "Потрібне вам Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… не відповідає вимогам щодо Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð±Ð»Ð¾ÐºÐ¾Ð²Ð°Ð½Ð¾Ð³Ð¾ діапазону." + +#: lib/setup.c:2494 +#, c-format +msgid "Compensating device size by %<PRIu64> sectors to align it with OPAL alignment granularity." +msgstr "КомпенÑуємо розмір приÑтрою на %<PRIu64> Ñекторів Ð´Ð»Ñ Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ Ð¹Ð¾Ð³Ð¾ за рівнем Ñ€Ð¾Ð·Ð±Ð¸Ñ‚Ñ‚Ñ Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ OPAL." + +#: lib/setup.c:2552 lib/setup.c:4068 lib/setup.c:4223 lib/utils_wipe.c:368 +#: lib/luks2/luks2_json_metadata.c:2703 lib/luks2/luks2_json_metadata.c:2955 +#, c-format +msgid "Failed to acquire OPAL lock on device %s." +msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ OPAL на приÑтрої %s." + +#: lib/setup.c:2561 +msgid "Incorrect OPAL Admin key." +msgstr "Ðеправильний адмініÑтративний ключ OPAL." + +#: lib/setup.c:2563 +msgid "Cannot setup OPAL segment." +msgstr "Ðе вдалоÑÑ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ñ‚Ð¸ Ñегмент OPAL." + +#: lib/setup.c:2633 +#, c-format +msgid "Cannot format device %s, OPAL device seems to be fully write-protected now." +msgstr "Ðе вдалоÑÑ Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ñ‚Ð¸ приÑтрій %s, здаєтьÑÑ, приÑтрій OPAL тепер повніÑÑ‚ÑŽ захищено від запиÑу." + +#: lib/setup.c:2635 +msgid "This is perhaps a bug in firmware. Run OPAL PSID reset and reconnect for recovery." +msgstr "Можливо, це вада у мікропрограмі. Виконайте ÑÐºÐ¸Ð´Ð°Ð½Ð½Ñ PSID OPAL Ñ– повторно з'єднайте приÑтрій Ð´Ð»Ñ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ." + +#: lib/setup.c:2655 +#, c-format +msgid "Locking range %d reset on device %s failed." +msgstr "Помилка під Ñ‡Ð°Ñ Ñпроби ÑÐºÐ¸Ð´Ð°Ð½Ð½Ñ Ð´Ñ–Ð°Ð¿Ð°Ð·Ð¾Ð½Ñƒ Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ %d на приÑтрої %s." + +#: lib/setup.c:2675 msgid "Can't format LOOPAES without device." msgstr "Ðе можна форматувати LOOPAES без приÑтрою." -#: lib/setup.c:2094 +#: lib/setup.c:2720 msgid "Can't format VERITY without device." msgstr "Ð¤Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ VERITY без приÑтрою неможливе." -#: lib/setup.c:2105 lib/verity/verity.c:101 +#: lib/setup.c:2731 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "Ðепідтримуваний тип Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ VERITY, %d." -#: lib/setup.c:2111 lib/verity/verity.c:109 +#: lib/setup.c:2737 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "Ðепідтримуваний розмір блоку VERITY." -#: lib/setup.c:2116 lib/verity/verity.c:74 +#: lib/setup.c:2742 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "Ðепідтримуваний відÑтуп хешу VERITY." -#: lib/setup.c:2121 +#: lib/setup.c:2747 msgid "Unsupported VERITY FEC offset." msgstr "Ðепідтримуваний зÑув FEC VERITY." -#: lib/setup.c:2145 +#: lib/setup.c:2771 msgid "Data area overlaps with hash area." msgstr "ОблаÑÑ‚ÑŒ даних перекриваєтьÑÑ Ñ–Ð· облаÑÑ‚ÑŽ хешу." -#: lib/setup.c:2170 +#: lib/setup.c:2796 msgid "Hash area overlaps with FEC area." msgstr "ОблаÑÑ‚ÑŒ Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÐºÑ€Ð¸Ð²Ð°ÑŽÑ‚ÑŒÑÑ Ð· облаÑÑ‚ÑŽ FEC." -#: lib/setup.c:2177 +#: lib/setup.c:2803 msgid "Data area overlaps with FEC area." msgstr "ОблаÑÑ‚ÑŒ даних перекриваєтьÑÑ Ñ–Ð· облаÑÑ‚ÑŽ FEC." -#: lib/setup.c:2313 +#: lib/setup.c:2939 #, c-format msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" msgstr "Увага: бажаний розмір мітки у %d байтів відрізнÑєтьÑÑ Ð²Ñ–Ð´ розміру у результаті %s (%d байтів).\n" -#: lib/setup.c:2392 +#: lib/setup.c:3018 #, c-format msgid "Unknown crypt device type %s requested." msgstr "ÐадіÑлано запит щодо невідомого типу приÑтрою шифруваннÑ, %s." -#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791 +#: lib/setup.c:3325 lib/setup.c:3404 lib/setup.c:3417 #, c-format msgid "Unsupported parameters on device %s." msgstr "Ðепідтримувані параметри на приÑтрої %s." -#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862 -#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484 +#: lib/setup.c:3331 lib/setup.c:3424 lib/luks2/luks2_reencrypt.c:2908 +#: lib/luks2/luks2_reencrypt.c:3145 lib/luks2/luks2_reencrypt.c:3540 #, c-format msgid "Mismatching parameters on device %s." msgstr "ÐевідповідніÑÑ‚ÑŒ параметрів на приÑтрої %s." -#: lib/setup.c:2822 +#: lib/setup.c:3448 msgid "Crypt devices mismatch." msgstr "ÐевідповідніÑÑ‚ÑŒ приÑтроїв шифруваннÑ." -#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361 -#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032 +#: lib/setup.c:3485 lib/setup.c:3490 lib/luks2/luks2_reencrypt.c:2390 +#: lib/luks2/luks2_reencrypt.c:2924 lib/luks2/luks2_reencrypt.c:4109 #, c-format msgid "Failed to reload device %s." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ приÑтрій %s." -#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332 -#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892 +#: lib/setup.c:3496 lib/setup.c:3502 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2368 lib/luks2/luks2_reencrypt.c:2938 #, c-format msgid "Failed to suspend device %s." msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¸Ñпати приÑтрій %s." -#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346 -#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945 -#: lib/luks2/luks2_reencrypt.c:4036 +#: lib/setup.c:3508 lib/luks2/luks2_reencrypt.c:2375 +#: lib/luks2/luks2_reencrypt.c:2959 lib/luks2/luks2_reencrypt.c:4022 +#: lib/luks2/luks2_reencrypt.c:4113 #, c-format msgid "Failed to resume device %s." msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ роботу приÑтрою %s." -#: lib/setup.c:2897 +#: lib/setup.c:3523 #, c-format msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "Критична помилка під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¸Ñтрої %s (над приÑтроєм %s)." -#: lib/setup.c:2900 lib/setup.c:2902 +#: lib/setup.c:3526 lib/setup.c:3528 #, c-format msgid "Failed to switch device %s to dm-error." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÐ¼ÐºÐ½ÑƒÑ‚Ð¸ приÑтрій %s у режим dm-error." -#: lib/setup.c:2984 +#: lib/setup.c:3568 +msgid "Can not resize LUKS2 device with static size." +msgstr "Ðеможливо змінити розмір приÑтрою LUKS2 зі Ñтатичним розміром." + +#: lib/setup.c:3613 msgid "Cannot resize loop device." msgstr "Ðеможливо змінити розмір петльового приÑтрою." -#: lib/setup.c:3027 +#: lib/setup.c:3657 msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" msgstr "УВÐГÐ: уже вказано макÑимальний розмір або у Ñдрі не передбачено можливоÑÑ‚Ñ– зміни розміру.\n" -#: lib/setup.c:3088 +#: lib/setup.c:3723 msgid "Resize failed, the kernel doesn't support it." msgstr "Ðе вдалоÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ розмір, у Ñдрі не передбачено підтримки такої дії." -#: lib/setup.c:3120 +#: lib/setup.c:3755 msgid "Do you really want to change UUID of device?" msgstr "Ви Ñправді хочете змінити UUID приÑтрою?" -#: lib/setup.c:3212 +#: lib/setup.c:3847 msgid "Header backup file does not contain compatible LUKS header." msgstr "Файл резервної копії заголовка не міÑтить ÑуміÑного із LUKS заголовка." -#: lib/setup.c:3328 +#: lib/setup.c:3956 #, c-format msgid "Volume %s is not active." msgstr "Том %s не Ñ” активним." -#: lib/setup.c:3339 +#: lib/setup.c:4022 #, c-format msgid "Volume %s is already suspended." msgstr "Том %s вже приÑпано." -#: lib/setup.c:3352 +#: lib/setup.c:4050 #, c-format msgid "Suspend is not supported for device %s." msgstr "Підтримки приÑиплÑÐ½Ð½Ñ Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою %s не передбачено." -#: lib/setup.c:3354 +#: lib/setup.c:4052 lib/setup.c:4060 #, c-format msgid "Error during suspending device %s." msgstr "Помилка під Ñ‡Ð°Ñ Ñпроби приÑпати приÑтрій %s." -#: lib/setup.c:3389 +#: lib/setup.c:4074 +#, c-format +msgid "Device %s was suspended but hardware OPAL device cannot be locked." +msgstr "Роботу приÑтрою %s було призупинено, але апаратний приÑтрій OPAL не може бути заблоковано." + +#: lib/setup.c:4106 lib/setup.c:4250 #, c-format msgid "Resume is not supported for device %s." msgstr "Підтримки дії з Ð¿Ñ€Ð¾Ð±ÑƒÐ´Ð¶ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою %s не передбачено." -#: lib/setup.c:3391 +#: lib/setup.c:4108 lib/setup.c:4241 lib/setup.c:4252 #, c-format msgid "Error during resuming device %s." msgstr "Помилка під Ñ‡Ð°Ñ Ñпроби пробудити приÑтрій %s." -#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589 -#: src/cryptsetup.c:2479 +#: lib/setup.c:4131 +msgid "Failed to link key to the specified keyring." +msgstr "Ðе вдалоÑÑ Ð¿Ð¾Ð²'Ñзати ключ зі вказаним Ñховищем ключів." + +#: lib/setup.c:4150 +msgid "Failed to unlink volume key from user specified keyring." +msgstr "Ðе вдалоÑÑ ÑкаÑувати прив'Ñзку ключа тому до вказаного кориÑтувачем Ñховища ключів." + +#: lib/setup.c:4213 lib/setup.c:4934 lib/setup.c:5549 +msgid "Failed to link volume key in user defined keyring." +msgstr "Ðе вдалоÑÑ Ð¿Ð¾Ð²'Ñзати ключ тому із визначеним кориÑтувачем Ñховищем ключів." + +#: lib/setup.c:4313 src/cryptsetup.c:2755 #, c-format msgid "Volume %s is not suspended." msgstr "Том %s не приÑпано." -#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561 -#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228 -#: src/cryptsetup.c:2011 +#: lib/setup.c:4414 lib/setup.c:5310 lib/setup.c:5317 lib/setup.c:7176 +#: lib/setup.c:7198 lib/setup.c:7247 src/cryptsetup.c:2265 msgid "Volume key does not match the volume." msgstr "Ключ тому не відповідає тому." -#: lib/setup.c:3737 +#: lib/setup.c:4568 msgid "Failed to swap new key slot." msgstr "Ðе вдалоÑÑ Ð·Ð°Ñ€ÐµÐ·ÐµÑ€Ð²ÑƒÐ²Ð°Ñ‚Ð¸ новий Ñлот ключа." -#: lib/setup.c:3835 +#: lib/setup.c:4666 #, c-format msgid "Key slot %d is invalid." msgstr "Слот ключа %d Ñ” некоректним." -#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208 -#: src/cryptsetup.c:2816 src/cryptsetup.c:2876 +#: lib/setup.c:4672 src/cryptsetup.c:1975 src/cryptsetup.c:2467 +#: src/cryptsetup.c:3149 src/cryptsetup.c:3209 #, c-format msgid "Keyslot %d is not active." msgstr "Слот ключа %d не Ñ” активним." -#: lib/setup.c:3860 +#: lib/setup.c:4691 msgid "Device header overlaps with data area." msgstr "Заголовок приÑтрою перекриваєтьÑÑ Ñ–Ð· облаÑÑ‚ÑŽ даних." -#: lib/setup.c:4165 +#: lib/setup.c:5041 msgid "Reencryption in-progress. Cannot activate device." msgstr "Виконуємо повторне шифруваннÑ. Ðе можна активувати приÑтрій." -#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703 -#: lib/luks2/luks2_reencrypt.c:3590 +#: lib/setup.c:5043 lib/luks2/luks2_json_metadata.c:2861 +#: lib/luks2/luks2_reencrypt.c:3646 msgid "Failed to get reencryption lock." msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ Ñтан Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ шифруваннÑ." -#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609 +#: lib/setup.c:5056 lib/luks2/luks2_reencrypt.c:3665 msgid "LUKS2 reencryption recovery failed." msgstr "Ðе вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2." -#: lib/setup.c:4352 lib/setup.c:4618 +#: lib/setup.c:5228 lib/setup.c:5328 lib/setup.c:5386 msgid "Device type is not properly initialized." msgstr "Тип приÑтрою не ініціалізовано належним чином." -#: lib/setup.c:4400 +#: lib/setup.c:5283 #, c-format msgid "Device %s already exists." msgstr "ПриÑтрій %s вже Ñ–Ñнує." -#: lib/setup.c:4407 +#: lib/setup.c:5290 #, c-format msgid "Cannot use device %s, name is invalid or still in use." msgstr "Ðеможливо ÑкориÑтатиÑÑ Ð¿Ñ€Ð¸Ñтроєм %s, некоректна назва або приÑтрій уÑе ще викориÑтовуєтьÑÑ." -#: lib/setup.c:4527 +#: lib/setup.c:5306 msgid "Incorrect volume key specified for plain device." msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð¸Ñтрою зі звичайним шифруваннÑм вказано помилковий ключ тому." -#: lib/setup.c:4644 -msgid "Incorrect root hash specified for verity device." -msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð¸Ñтрою перевірки вказано помилковий кореневий хеш." - -#: lib/setup.c:4654 -msgid "Root hash signature required." -msgstr "Потрібен хеш-Ð¿Ñ–Ð´Ð¿Ð¸Ñ ÐºÐ¾Ñ€ÐµÐ½ÐµÐ²Ð¾Ñ— теки." +#: lib/setup.c:5424 +msgid "Kernel keyring is not supported by the kernel." +msgstr "У Ñдрі не передбачено підтримки Ñховища ключів Ñдра." -#: lib/setup.c:4663 +#: lib/setup.c:5428 msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "Ðемає Ñховища ключів Ñдра: це Ñховище потрібне Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ð²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñу Ñдру." -#: lib/setup.c:4680 lib/setup.c:6423 -msgid "Failed to load key in kernel keyring." -msgstr "Ðе вдалоÑÑ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ ключ до Ñховища ключів Ñдра." +#: lib/setup.c:5668 +msgid "Incorrect root hash specified for verity device." +msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð¸Ñтрою перевірки вказано помилковий кореневий хеш." -#: lib/setup.c:4736 +#: lib/setup.c:5711 +msgid "OPAL does not support deferred deactivation." +msgstr "Ð’ OPAL не передбачено підтримки відкладеної деактивації." + +#: lib/setup.c:5727 #, c-format msgid "Could not cancel deferred remove from device %s." msgstr "Ðе вдалоÑÑ ÑкаÑувати відкладене Ð²Ð¸Ð»ÑƒÑ‡ÐµÐ½Ð½Ñ Ð· приÑтрою %s." -#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756 +#: lib/setup.c:5734 lib/setup.c:5750 lib/luks2/luks2_json_metadata.c:2915 #: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "ПриÑтрій %s вÑе ще викориÑтовуєтьÑÑ." -#: lib/setup.c:4768 +#: lib/setup.c:5759 #, c-format msgid "Invalid device %s." msgstr "Ðекоректний приÑтрій %s." -#: lib/setup.c:4908 +#: lib/setup.c:5899 msgid "Volume key buffer too small." msgstr "Буфер ключів тому Ñ” занадто малим." -#: lib/setup.c:4925 +#: lib/setup.c:5916 msgid "Cannot retrieve volume key for LUKS2 device." msgstr "Ðеможливо отримати ключ тому Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою із шифруваннÑм LUKS2." -#: lib/setup.c:4934 +#: lib/setup.c:5925 msgid "Cannot retrieve volume key for LUKS1 device." msgstr "Ðеможливо отримати ключ тому Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою із шифруваннÑм LUKS1." -#: lib/setup.c:4944 +#: lib/setup.c:5935 msgid "Cannot retrieve volume key for plain device." msgstr "Ðеможливо отримати ключ тому Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою зі звичайним шифруваннÑм." -#: lib/setup.c:4952 +#: lib/setup.c:5943 msgid "Cannot retrieve root hash for verity device." msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ кореневий хеш Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою VERITY." -#: lib/setup.c:4959 +#: lib/setup.c:5950 msgid "Cannot retrieve volume key for BITLK device." msgstr "Ðеможливо отримати ключ тому Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою BITLK." -#: lib/setup.c:4964 +#: lib/setup.c:5955 msgid "Cannot retrieve volume key for FVAULT2 device." msgstr "Ðеможливо отримати ключ тому Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою FVAULT2." -#: lib/setup.c:4966 +#: lib/setup.c:5957 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "Підтримки цієї дії Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¾Ð³Ð¾ приÑтрою %s не передбачено." -#: lib/setup.c:5147 lib/setup.c:5158 +#: lib/setup.c:6141 lib/setup.c:6152 msgid "Dump operation is not supported for this device type." msgstr "Підтримки дії зі ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð´Ð°Ð¼Ð¿Ñƒ Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ типу приÑтроїв не передбачено." -#: lib/setup.c:5500 +#: lib/setup.c:6511 #, c-format msgid "Data offset is not multiple of %u bytes." msgstr "ЗÑув у даних не Ñ” кратним до %u байтів." -#: lib/setup.c:5788 +#: lib/setup.c:6819 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "Ðе можна перетворити приÑтрій %s, Ñкий перебуває у кориÑтуванні." -#: lib/setup.c:6098 lib/setup.c:6237 +#: lib/setup.c:7117 lib/setup.c:7256 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¸Ð²'Ñзати Ñлот ключа %u Ñк новий ключ тому." -#: lib/setup.c:6122 +#: lib/setup.c:7141 msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ типові параметри Ñлоту ключів LUKS2." -#: lib/setup.c:6128 +#: lib/setup.c:7147 #, c-format msgid "Failed to assign keyslot %d to digest." msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¸Ð²'Ñзати Ñлот ключа %d до контрольної Ñуми." -#: lib/setup.c:6353 +#: lib/setup.c:7372 msgid "Cannot add key slot, all slots disabled and no volume key provided." msgstr "Ðе вдалоÑÑ Ð´Ð¾Ð´Ð°Ñ‚Ð¸ Ñлот ключа, вÑÑ– Ñлоти вимкнено Ñ– не вказано ключа тому." -#: lib/setup.c:6490 -msgid "Kernel keyring is not supported by the kernel." -msgstr "У Ñдрі не передбачено підтримки Ñховища ключів Ñдра." +#: lib/setup.c:7441 lib/verity/verity.c:343 +msgid "Failed to load key in kernel keyring." +msgstr "Ðе вдалоÑÑ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ ключ до Ñховища ключів Ñдра." -#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807 +#: lib/setup.c:7559 +msgid "Failed to unlink volume key from thread keyring." +msgstr "Ðе вдалоÑÑ ÑкаÑувати прив'Ñзку ключа тому до Ñховища ключів потоку обробки." + +#: lib/setup.c:7586 #, c-format -msgid "Failed to read passphrase from keyring (error %d)." -msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ пароль із ключа зі Ñховища ключів (помилка %d)." +msgid "Could not find keyring described by \"%s\"." +msgstr "Ðе вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ Ñховище ключів, Ñке опиÑано «%s»." -#: lib/setup.c:6523 +#: lib/setup.c:7645 msgid "Failed to acquire global memory-hard access serialization lock." msgstr "Ðе вдалоÑÑ Ñтворити загальне Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ñеріалізації доÑтупу до пам'ÑÑ‚Ñ–." -#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501 +#: lib/utils.c:205 lib/tcrypt/tcrypt.c:503 msgid "Failed to open key file." msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ файл ключа." -#: lib/utils.c:163 +#: lib/utils.c:210 msgid "Cannot read keyfile from a terminal." msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ файл ключа з термінала." -#: lib/utils.c:179 +#: lib/utils.c:226 msgid "Failed to stat key file." msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ ÑтатиÑтичні дані щодо файла ключа." -#: lib/utils.c:187 lib/utils.c:208 +#: lib/utils.c:234 lib/utils.c:255 msgid "Cannot seek to requested keyfile offset." msgstr "Ðе вдалоÑÑ Ð²Ñтановити потрібну позицію у файлі ключа." -#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225 -#: src/utils_password.c:237 +#: lib/utils.c:249 lib/utils.c:264 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "Під Ñ‡Ð°Ñ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð²Ð¸Ñ‡ÐµÑ€Ð¿Ð°Ð½Ð¾ пам’ÑÑ‚ÑŒ." -#: lib/utils.c:237 +#: lib/utils.c:284 msgid "Error reading passphrase." msgstr "Помилка під Ñ‡Ð°Ñ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ." -#: lib/utils.c:254 +#: lib/utils.c:301 msgid "Nothing to read on input." msgstr "Ðічого читати з вхідних даних." -#: lib/utils.c:261 +#: lib/utils.c:308 msgid "Maximum keyfile size exceeded." msgstr "Перевищено макÑимальний розмір файла ключа." -#: lib/utils.c:266 +#: lib/utils.c:313 msgid "Cannot read requested amount of data." msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ бажаний об’єм даних." -#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110 -#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440 +#: lib/utils_device.c:213 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1461 #, c-format msgid "Device %s does not exist or access denied." msgstr "ПриÑтрою %s не Ñ–Ñнує або доÑтуп до цього приÑтрою заборонено." -#: lib/utils_device.c:217 +#: lib/utils_device.c:223 #, c-format msgid "Device %s is not compatible." msgstr "ПриÑтрій %s Ñ” ÑуміÑним." -#: lib/utils_device.c:561 +#: lib/utils_device.c:567 #, c-format msgid "Ignoring bogus optimal-io size for data device (%u bytes)." msgstr "Ігноруємо фіктивний розмір optimal-io Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою даних (%u байтів)." -#: lib/utils_device.c:722 +#: lib/utils_device.c:728 #, c-format msgid "Device %s is too small. Need at least %<PRIu64> bytes." msgstr "ОбÑÑг приÑтрою %s Ñ” надто малим. Потрібно принаймні %<PRIu64> байтів." -#: lib/utils_device.c:803 +#: lib/utils_device.c:809 #, c-format msgid "Cannot use device %s which is in use (already mapped or mounted)." msgstr "Ðе можна викориÑтовувати приÑтрій %s, оÑкільки його вже викориÑтано (призначено або змонтовано)." -#: lib/utils_device.c:807 +#: lib/utils_device.c:813 #, c-format msgid "Cannot use device %s, permission denied." msgstr "Ðе можна ÑкориÑтатиÑÑ Ð¿Ñ€Ð¸Ñтроєм %s, недоÑтатні права доÑтупу." -#: lib/utils_device.c:810 +#: lib/utils_device.c:816 #, c-format msgid "Cannot get info about device %s." msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ дані щодо приÑтрою %s." -#: lib/utils_device.c:833 +#: lib/utils_device.c:839 msgid "Cannot use a loopback device, running as non-root user." msgstr "Ðе можна викориÑтовувати петльовий приÑтрій, програму запущено не від імені адмініÑтративного кориÑтувача (root)." -#: lib/utils_device.c:844 +#: lib/utils_device.c:850 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "Спроба Ð´Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð½Ñ Ð¿ÐµÑ‚Ð»ÑŒÐ¾Ð²Ð¾Ð³Ð¾ приÑтрою зазнала невдачі (потрібен петльовий приÑтрій з вÑтановленим прапорцем автоматичного ÑпорожненнÑ)." -#: lib/utils_device.c:892 +#: lib/utils_device.c:898 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "Бажана точка відÑтупу перебуває за межами об’єму приÑтрою %s." -#: lib/utils_device.c:900 +#: lib/utils_device.c:906 #, c-format msgid "Device %s has zero size." msgstr "Об’єм приÑтрою %s Ñ” нульовим." -#: lib/utils_pbkdf.c:100 +#: lib/utils_pbkdf.c:116 msgid "Requested PBKDF target time cannot be zero." msgstr "Вказаний Ñ‡Ð°Ñ PBKDF не може бути нульовим." -#: lib/utils_pbkdf.c:106 +#: lib/utils_pbkdf.c:122 #, c-format msgid "Unknown PBKDF type %s." msgstr "Ðевідомий тип PBKDF, %s." -#: lib/utils_pbkdf.c:111 +#: lib/utils_pbkdf.c:127 #, c-format msgid "Requested hash %s is not supported." msgstr "Підтримки бажаного хешуваннÑ, %s, не передбачено." -#: lib/utils_pbkdf.c:122 +#: lib/utils_pbkdf.c:138 msgid "Requested PBKDF type is not supported for LUKS1." msgstr "Підтримки бажаного типу PBKDF Ð´Ð»Ñ LUKS1 не передбачено." -#: lib/utils_pbkdf.c:128 +#: lib/utils_pbkdf.c:144 msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "МакÑимальний об'єм пам'ÑÑ‚Ñ– PBKDF або кількіÑÑ‚ÑŒ паралельних потоків обробки не можна вÑтановлювати разом із pbkdf2." -#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#: lib/utils_pbkdf.c:149 lib/utils_pbkdf.c:159 #, c-format msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "Задане Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÑ–Ð»ÑŒÐºÐ¾ÑÑ‚Ñ– ітерацій Ð´Ð»Ñ %s Ñ” надто низьким (мінімальним Ñ” %u)." -#: lib/utils_pbkdf.c:148 +#: lib/utils_pbkdf.c:164 #, c-format msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." msgstr "Задане Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¾Ð±'єму пам'ÑÑ‚Ñ– Ð´Ð»Ñ %s Ñ” надто низьким (мінімальним Ñ” %u кілобайтів)." -#: lib/utils_pbkdf.c:155 +#: lib/utils_pbkdf.c:171 #, c-format msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." msgstr "Бажана макÑимальна вартіÑÑ‚ÑŒ пам'ÑÑ‚Ñ– PBKDF Ñ” надто виÑокою (макÑимальною Ñ” %d кілобайтів)." -#: lib/utils_pbkdf.c:160 +#: lib/utils_pbkdf.c:176 msgid "Requested maximum PBKDF memory cannot be zero." msgstr "Бажаний макÑимальний обÑÑг пам'ÑÑ‚Ñ– PBKDF не може бути нульовим." -#: lib/utils_pbkdf.c:164 +#: lib/utils_pbkdf.c:180 msgid "Requested PBKDF parallel threads cannot be zero." msgstr "Вказана кількіÑÑ‚ÑŒ паралельних потоків обробки PBKDF не може бути нульовою." -#: lib/utils_pbkdf.c:184 +#: lib/utils_pbkdf.c:200 msgid "Only PBKDF2 is supported in FIPS mode." msgstr "У режимі FIPS передбачено підтримку лише PBKDF2." -#: lib/utils_benchmark.c:175 +#: lib/utils_benchmark.c:184 msgid "PBKDF benchmark disabled but iterations not set." msgstr "ТеÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ PBKDF вимкнено, але кількіÑÑ‚ÑŒ ітерацій не вÑтановлено." -#: lib/utils_benchmark.c:194 +#: lib/utils_benchmark.c:203 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "ÐеÑуміÑні параметри PBKDF2 (з викориÑтаннÑм алгоритму Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ %s)." -#: lib/utils_benchmark.c:214 +#: lib/utils_benchmark.c:223 msgid "Not compatible PBKDF options." msgstr "ÐеÑуміÑні параметри PBKDF." @@ -772,16 +866,24 @@ msgstr "Ð‘Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÑ€Ð²Ð°Ð½Ð¾. ШлÑÑ… Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ % msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "Ð‘Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÑ€Ð²Ð°Ð½Ð¾ ШлÑÑ… Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ %s/%s Ñ” непридатним Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸ÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ (%s не Ñ” каталогом)." -#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734 +#: lib/utils_wipe.c:156 lib/utils_wipe.c:227 src/utils_reencrypt_luks1.c:734 #: src/utils_reencrypt_luks1.c:832 msgid "Cannot seek to device offset." msgstr "Ðе вдалоÑÑ Ð²Ñтановити вказану позицію на приÑтрої." -#: lib/utils_wipe.c:247 +#: lib/utils_wipe.c:249 #, c-format msgid "Device wipe error, offset %<PRIu64>." msgstr "Помилка Ð²Ð¸Ñ‚Ð¸Ñ€Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¸Ñтрою, зÑув %<PRIu64>." +#: lib/utils_wipe.c:344 +msgid "Incorrect OPAL PSID." +msgstr "Помилковий PSID OPAL." + +#: lib/utils_wipe.c:346 +msgid "Cannot erase OPAL device." +msgstr "Ðе вдалоÑÑ Ð²Ð¸Ñ‚ÐµÑ€Ñ‚Ð¸ приÑтрій OPAL." + #: lib/luks1/keyencryption.c:39 #, c-format msgid "" @@ -801,7 +903,7 @@ msgstr "Специфікацію ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñлід вказуватР#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 #: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 -#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714 +#: lib/luks2/luks2_json_metadata.c:1528 lib/luks2/luks2_keyslot.c:712 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "Ðе вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ Ð·Ð°Ð¿Ð¸Ñ Ð½Ð° приÑтрій %s, недоÑтатні права доÑтупу." @@ -815,17 +917,17 @@ msgid "Failed to access temporary keystore device." msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ доÑтуп до приÑтрою тимчаÑового Ñховища ключів." #: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 -#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:197 msgid "IO error while encrypting keyslot." msgstr "Помилка введеннÑ-Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´ Ñ‡Ð°Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñлоту ключів." #: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 -#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:681 #: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 #: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 #: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 #: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 -#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121 +#: lib/luks2/luks2_json_metadata.c:1531 src/utils_reencrypt_luks1.c:121 #: src/utils_reencrypt_luks1.c:133 #, c-format msgid "Cannot open device %s." @@ -847,32 +949,32 @@ msgstr "ОбÑÑг приÑтрою %s Ñ” надто малим. (LUKS1 потр msgid "LUKS keyslot %u is invalid." msgstr "Слот ключа LUKS %u Ñ” некоректним." -#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1391 #, c-format msgid "Requested header backup file %s already exists." msgstr "Потрібний вам файл резервної копії заголовка, %s, вже Ñ–Ñнує." -#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1393 #, c-format msgid "Cannot create header backup file %s." msgstr "Ðе вдалоÑÑ Ñтворити файл резервної копії заголовка, %s." -#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1400 #, c-format msgid "Cannot write header backup file %s." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð¿Ð¸Ñати файл резервної копії заголовка, %s." -#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399 +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1437 msgid "Backup file does not contain valid LUKS header." msgstr "Файл резервної копії не міÑтить коректного заголовка LUKS." #: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 -#: lib/luks2/luks2_json_metadata.c:1420 +#: lib/luks2/luks2_json_metadata.c:1458 #, c-format msgid "Cannot open header backup file %s." msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ файл резервної копії заголовка, %s." -#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1466 #, c-format msgid "Cannot read header backup file %s." msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ дані з файла резервної копії заголовка, %s." @@ -894,7 +996,7 @@ msgstr "не міÑтить заголовка LUKS. Заміна заголов msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "вже міÑтить заголовок LUKS. Заміна заголовка призведе до Ñ€ÑƒÐ¹Ð½ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ð¶Ðµ Ñтворених Ñлотів ключів." -#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1500 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -968,7 +1070,7 @@ msgstr "Режим ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS %s Ñ” некоректним." msgid "LUKS hash %s is invalid." msgstr "Хеш-Ñума LUKS %s Ñ” некоректною." -#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1352 msgid "No known problems detected for LUKS header." msgstr "У заголовку LUKS не виÑвлено жодних проблем." @@ -987,8 +1089,8 @@ msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "ВідÑтуп даних Ð´Ð»Ñ Ð·Ð°Ð³Ð¾Ð»Ð¾Ð²ÐºÐ° LUKS має бути або рівним нулеві, або перевищувати розмір заголовка." #: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 -#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236 -#: src/utils_reencrypt.c:539 +#: lib/luks2/luks2_json_format.c:243 lib/luks2/luks2_json_metadata.c:1274 +#: src/utils_reencrypt.c:554 msgid "Wrong LUKS UUID format provided." msgstr "Вказано UUID LUKS у помилковому форматі." @@ -1025,7 +1127,7 @@ msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ Ñлот ключа (за допоРmsgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Слот ключа %d Ñ” некоректним, будь лаÑка, виберіть Ñлот ключа з номером від 0 до %d." -#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:716 #, c-format msgid "Cannot wipe device %s." msgstr "Ðе вдалоÑÑ Ð²Ð¸Ñ‚ÐµÑ€Ñ‚Ð¸ приÑтрій %s." @@ -1046,48 +1148,48 @@ msgstr "ВиÑвлено неÑуміÑний з loop-AES файл ключа." msgid "Kernel does not support loop-AES compatible mapping." msgstr "У Ñдрі не передбачено підтримки призначеннÑ, ÑуміÑного з loop-AES." -#: lib/tcrypt/tcrypt.c:508 +#: lib/tcrypt/tcrypt.c:510 #, c-format msgid "Error reading keyfile %s." msgstr "Помилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ñ„Ð°Ð¹Ð»Ð° ключа %s." -#: lib/tcrypt/tcrypt.c:558 +#: lib/tcrypt/tcrypt.c:560 #, c-format msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Перевищено макÑимальну можливу довжину Ð¿Ð°Ñ€Ð¾Ð»Ñ TCRYPT (%zu)." -#: lib/tcrypt/tcrypt.c:600 +#: lib/tcrypt/tcrypt.c:602 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "ЗаÑіб ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ…ÐµÑˆÑ–Ð² PBKDF2 за алгоритмом %s недоÑтупний, пропуÑкаємо." -#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1227 msgid "Required kernel crypto interface not available." msgstr "Потрібний Ð´Ð»Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ñдра Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð½ÐµÐ´Ð¾Ñтупний." -#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158 +#: lib/tcrypt/tcrypt.c:623 src/cryptsetup.c:1229 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "ПереконайтеÑÑ, що завантажено модуль Ñдра algif_skcipher." -#: lib/tcrypt/tcrypt.c:762 +#: lib/tcrypt/tcrypt.c:764 #, c-format msgid "Activation is not supported for %d sector size." msgstr "Підтримки активації Ð´Ð»Ñ Ñ€Ð¾Ð·Ð¼Ñ–Ñ€Ñƒ Ñектора %d не передбачено." -#: lib/tcrypt/tcrypt.c:768 +#: lib/tcrypt/tcrypt.c:770 msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "У Ñдрі не передбачено підтримки Ð²Ð¼Ð¸ÐºÐ°Ð½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ заÑтарілого режиму TCRYPT." -#: lib/tcrypt/tcrypt.c:799 +#: lib/tcrypt/tcrypt.c:801 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "Ðктивуємо ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ ÑиÑтеми за допомогою TCRYPT Ð´Ð»Ñ Ñ€Ð¾Ð·Ð´Ñ–Ð»Ñƒ %s." -#: lib/tcrypt/tcrypt.c:882 +#: lib/tcrypt/tcrypt.c:884 msgid "Kernel does not support TCRYPT compatible mapping." msgstr "У Ñдрі не передбачено підтримки призначеннÑ, ÑуміÑного з TCRYPT." -#: lib/tcrypt/tcrypt.c:1095 +#: lib/tcrypt/tcrypt.c:1097 msgid "This function is not supported without TCRYPT header load." msgstr "Підтримки цієї дії без Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð·Ð°Ð³Ð¾Ð»Ð¾Ð²ÐºÐ° TCRYPT." @@ -1146,74 +1248,74 @@ msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ запиÑи метаданих B msgid "Failed to convert BITLK volume description" msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ Ð¾Ð¿Ð¸Ñ Ñ‚Ð¾Ð¼Ñƒ BITLK" -#: lib/bitlk/bitlk.c:882 +#: lib/bitlk/bitlk.c:884 #, c-format msgid "Unexpected metadata entry type '%u' found when parsing external key." msgstr "Під Ñ‡Ð°Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸ зовнішнього ключа виÑвлено неочікуваний тип запиÑу метаданих «%u»." -#: lib/bitlk/bitlk.c:905 +#: lib/bitlk/bitlk.c:907 #, c-format msgid "BEK file GUID '%s' does not match GUID of the volume." msgstr "Файл GUID BEK «%s» не відповідає GUID тому." -#: lib/bitlk/bitlk.c:909 +#: lib/bitlk/bitlk.c:911 #, c-format msgid "Unexpected metadata entry value '%u' found when parsing external key." msgstr "Під Ñ‡Ð°Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸ зовнішнього ключа виÑвлено неочікуване Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñу метаданих «%u»." -#: lib/bitlk/bitlk.c:948 +#: lib/bitlk/bitlk.c:950 #, c-format msgid "Unsupported BEK metadata version %<PRIu32>" msgstr "Ðепідтримувана верÑÑ–Ñ Ð¼ÐµÑ‚Ð°Ð´Ð°Ð½Ð¸Ñ… BEK, %<PRIu32>" -#: lib/bitlk/bitlk.c:953 +#: lib/bitlk/bitlk.c:955 #, c-format msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length" msgstr "Ðеочікуваний розмір метаданих BEK, %<PRIu32>, не відповідає довжині файла BEK" -#: lib/bitlk/bitlk.c:979 +#: lib/bitlk/bitlk.c:981 msgid "Unexpected metadata entry found when parsing startup key." msgstr "Під Ñ‡Ð°Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸ ключа запуÑку виÑвлено неочікуваний Ð·Ð°Ð¿Ð¸Ñ Ð¼ÐµÑ‚Ð°Ð´Ð°Ð½Ð¸Ñ…." -#: lib/bitlk/bitlk.c:1075 +#: lib/bitlk/bitlk.c:1076 msgid "This operation is not supported." msgstr "Підтримки цієї дії не передбачено." -#: lib/bitlk/bitlk.c:1083 +#: lib/bitlk/bitlk.c:1084 msgid "Unexpected key data size." msgstr "Ðеочікуваний розмір даних ключа." -#: lib/bitlk/bitlk.c:1209 +#: lib/bitlk/bitlk.c:1210 msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "Цей приÑтрій BITLK перебуває у непідтримуваному Ñтані — його неможливо активувати." -#: lib/bitlk/bitlk.c:1214 +#: lib/bitlk/bitlk.c:1215 #, c-format msgid "BITLK devices with type '%s' cannot be activated." msgstr "ПриÑтрої BITLK типу «%s» неможливо активувати." -#: lib/bitlk/bitlk.c:1221 +#: lib/bitlk/bitlk.c:1222 msgid "Activation of partially decrypted BITLK device is not supported." msgstr "Ðктивації чаÑтково розшифрованого приÑтрою BITLK не передбачено." -#: lib/bitlk/bitlk.c:1262 +#: lib/bitlk/bitlk.c:1263 #, c-format msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>" msgstr "УВÐГÐ: розмір тому BitLocker %<PRIu64> не відповідає розміру базового приÑтрою %<PRIu64>" -#: lib/bitlk/bitlk.c:1389 +#: lib/bitlk/bitlk.c:1390 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "Ðе вдалоÑÑ Ð°ÐºÑ‚Ð¸Ð²ÑƒÐ²Ð°Ñ‚Ð¸ приÑтрій — у dm-crypt Ñдра немає підтримки BITLK IV." -#: lib/bitlk/bitlk.c:1393 +#: lib/bitlk/bitlk.c:1394 msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "Ðе вдалоÑÑ Ð°ÐºÑ‚Ð¸Ð²ÑƒÐ²Ð°Ñ‚Ð¸ приÑтрій — у dm-crypt Ñдра немає підтримки дифузера Elephant BITLK." -#: lib/bitlk/bitlk.c:1397 +#: lib/bitlk/bitlk.c:1398 msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." msgstr "Ðе вдалоÑÑ Ð°ÐºÑ‚Ð¸Ð²ÑƒÐ²Ð°Ñ‚Ð¸ приÑтрій — у dm-crypt Ñдра немає підтримки великого розміру Ñекторів." -#: lib/bitlk/bitlk.c:1401 +#: lib/bitlk/bitlk.c:1402 msgid "Cannot activate device, kernel dm-zero module is missing." msgstr "Ðе вдалоÑÑ Ð°ÐºÑ‚Ð¸Ð²ÑƒÐ²Ð°Ñ‚Ð¸ приÑтрій — немає Ð¼Ð¾Ð´ÑƒÐ»Ñ Ñдра dm-zero." @@ -1251,28 +1353,32 @@ msgstr "Ðа приÑтрої %s вказано UUID VERITY у помилковРmsgid "Error during update of verity header on device %s." msgstr "Помилка під Ñ‡Ð°Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð·Ð°Ð³Ð¾Ð»Ð¾Ð²ÐºÐ° verity на приÑтрої %s." -#: lib/verity/verity.c:278 +#: lib/verity/verity.c:274 msgid "Root hash signature verification is not supported." msgstr "Підтримки перевірки підпиÑу кореневого хешу не передбачено." -#: lib/verity/verity.c:290 +#: lib/verity/verity.c:279 +msgid "Root hash signature required." +msgstr "Потрібен хеш-Ð¿Ñ–Ð´Ð¿Ð¸Ñ ÐºÐ¾Ñ€ÐµÐ½ÐµÐ²Ð¾Ñ— теки." + +#: lib/verity/verity.c:294 msgid "Errors cannot be repaired with FEC device." msgstr "Помилки не може бути виправлено за допомогою приÑтрою FEC." -#: lib/verity/verity.c:292 +#: lib/verity/verity.c:296 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "За допомогою приÑтрою FEC виÑвлено %u придатних до Ð²Ð¸Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð¾Ð¼Ð¸Ð»Ð¾Ðº." -#: lib/verity/verity.c:335 +#: lib/verity/verity.c:377 msgid "Kernel does not support dm-verity mapping." msgstr "У Ñдрі не передбачено підтримки прив'Ñзки dm-verity." -#: lib/verity/verity.c:339 +#: lib/verity/verity.c:381 msgid "Kernel does not support dm-verity signature option." msgstr "У Ñдрі не передбачено підтримки параметра підпиÑу dm-verity." -#: lib/verity/verity.c:350 +#: lib/verity/verity.c:392 msgid "Verity device detected corruption after activation." msgstr "ВиÑвлено Ð¿Ð¾ÑˆÐºÐ¾Ð´Ð¶ÐµÐ½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… на приÑтрої перевірки піÑÐ»Ñ Ð°ÐºÑ‚Ð¸Ð²Ð°Ñ†Ñ–Ñ—." @@ -1366,7 +1472,7 @@ msgstr "Ðе вдалоÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸ розмір Ð´Ð»Ñ Ð¿Ñ€Ð¸ÑтрРmsgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." msgstr "ВиÑвлено неÑуміÑні метадані dm-integrity Ñдра (верÑÑ–Ñ %u) у %s." -#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379 +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:454 msgid "Kernel does not support dm-integrity mapping." msgstr "У Ñдрі не передбачено підтримки прив'Ñзки dm-integrity." @@ -1378,8 +1484,8 @@ msgstr "У Ñдрі не передбачено підтримки Ð²Ð¸Ñ€Ñ–Ð²Ð½Ñ msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." msgstr "Ядром відмовлено у активації небезпечного параметра повторного обчиÑÐ»ÐµÐ½Ð½Ñ (див. заÑтарілі параметри активації, щоб ÑкориÑтатиÑÑ Ð¾Ð±Ñ‡Ð¸ÑленнÑм попри це)." -#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159 -#: lib/luks2/luks2_json_metadata.c:1482 +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1197 +#: lib/luks2/luks2_json_metadata.c:1520 #, c-format msgid "Failed to acquire write lock on device %s." msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñу на приÑтрої %s." @@ -1396,49 +1502,59 @@ msgstr "" "ПриÑтрій міÑтить неоднозначні підпиÑи. Ðвтоматичне Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ LUKS2 неможливе.\n" "Будь лаÑка, запуÑÑ‚Ñ–Ñ‚ÑŒ «cryptsetup repair» Ð´Ð»Ñ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ." -#: lib/luks2/luks2_json_format.c:229 +#: lib/luks2/luks2_json_format.c:231 +#, c-format +msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "Увага: облаÑÑ‚ÑŒ Ñлоту ключів Ñ” надто малою (%<PRIu64> байтів), доÑтупна кількіÑÑ‚ÑŒ Ñлотів ключів LUKS2 буде дуже обмеженою.\n" + +#: lib/luks2/luks2_json_format.c:427 msgid "Requested data offset is too small." msgstr "Вказаний відÑтуп у даних Ñ” надто малим." -#: lib/luks2/luks2_json_format.c:274 +#: lib/luks2/luks2_json_format.c:468 #, c-format -msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" -msgstr "Увага: облаÑÑ‚ÑŒ Ñлоту ключів Ñ” надто малою (%<PRIu64> байтів), доÑтупна кількіÑÑ‚ÑŒ Ñлотів ключів LUKS2 буде дуже обмеженою.\n" +msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" +msgstr "Увага: розмір метаданих LUKS2 змінено до %<PRIu64> байтів.\n" -#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328 -#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_json_format.c:472 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" +msgstr "Увага: розмір облаÑÑ‚Ñ– Ñлотів ключів LUKS2 змінено до %<PRIu64> байтів.\n" + +#: lib/luks2/luks2_json_metadata.c:1184 lib/luks2/luks2_json_metadata.c:1366 +#: lib/luks2/luks2_json_metadata.c:1426 lib/luks2/luks2_keyslot_luks2.c:94 #: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð½Ð° приÑтрої %s." -#: lib/luks2/luks2_json_metadata.c:1405 +#: lib/luks2/luks2_json_metadata.c:1443 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "У резервній копії %s виÑвлено заборонені вимоги щодо LUKS2." -#: lib/luks2/luks2_json_metadata.c:1446 +#: lib/luks2/luks2_json_metadata.c:1484 msgid "Data offset differ on device and backup, restore failed." msgstr "ЗÑуви даних на приÑтрої Ñ– на резервній копії різнÑÑ‚ÑŒÑÑ, не вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸." -#: lib/luks2/luks2_json_metadata.c:1452 +#: lib/luks2/luks2_json_metadata.c:1490 msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "Двійкові заголовки із розмірами облаÑтей Ñлотів ключів на приÑтрої Ñ– у резервній копії різнÑÑ‚ÑŒÑÑ, не вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ копію." -#: lib/luks2/luks2_json_metadata.c:1459 +#: lib/luks2/luks2_json_metadata.c:1497 #, c-format msgid "Device %s %s%s%s%s" msgstr "ПриÑтрій %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1460 +#: lib/luks2/luks2_json_metadata.c:1498 msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "не міÑтить заголовка LUKS2. Заміна заголовка може зруйнувати дані, що зберігаютьÑÑ Ð½Ð° приÑтрої." -#: lib/luks2/luks2_json_metadata.c:1461 +#: lib/luks2/luks2_json_metadata.c:1499 msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "вже міÑтить заголовок LUKS2. Заміна заголовка призведе до Ñ€ÑƒÐ¹Ð½ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ð¶Ðµ Ñтворених Ñлотів ключів." -#: lib/luks2/luks2_json_metadata.c:1463 +#: lib/luks2/luks2_json_metadata.c:1501 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" @@ -1448,7 +1564,7 @@ msgstr "" "ПОПЕРЕДЖЕÐÐЯ: виÑвлено невідомі вимоги LUKS2 у Ñправжньому заголовку приÑтрою!\n" "Заміна заголовка резервною копією може пошкодити дані на приÑтрої!" -#: lib/luks2/luks2_json_metadata.c:1465 +#: lib/luks2/luks2_json_metadata.c:1503 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" @@ -1458,58 +1574,92 @@ msgstr "" "ПОПЕРЕДЖЕÐÐЯ: на приÑтрої виÑвлено дані незавершеного повторного шифруваннÑ!\n" "Заміна заголовка заголовком із резервної копії може пошкодити дані." -#: lib/luks2/luks2_json_metadata.c:1562 +#: lib/luks2/luks2_json_metadata.c:1600 #, c-format msgid "Ignored unknown flag %s." msgstr "Проігноровано невідомий прапорець %s." -#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061 +#: lib/luks2/luks2_json_metadata.c:2525 lib/luks2/luks2_reencrypt.c:2090 #, c-format msgid "Missing key for dm-crypt segment %u" msgstr "Ðе виÑтачає ключа Ð´Ð»Ñ Ñегмента dm-crypt %u" -#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075 +#: lib/luks2/luks2_json_metadata.c:2537 lib/luks2/luks2_reencrypt.c:2104 msgid "Failed to set dm-crypt segment." msgstr "Ðе вдалоÑÑ Ð²Ñтановити Ñегмент dm-crypt." -#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081 +#: lib/luks2/luks2_json_metadata.c:2543 lib/luks2/luks2_reencrypt.c:2110 msgid "Failed to set dm-linear segment." msgstr "Ðе вдалоÑÑ Ð²Ñтановити Ñегмент dm-linear." -#: lib/luks2/luks2_json_metadata.c:2615 +#: lib/luks2/luks2_json_metadata.c:2662 src/utils_reencrypt.c:433 +msgid "No known cipher specification pattern detected in LUKS2 header." +msgstr "Ðе виÑвлено жодного відомого зразка Ñпецифікації ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñƒ заголовку LUKS." + +#: lib/luks2/luks2_json_metadata.c:2670 +msgid "OPAL device must have static device size." +msgstr "ПриÑтій OPAL повинен мати Ñтатичний розмір приÑтрою." + +#: lib/luks2/luks2_json_metadata.c:2690 +msgid "Encrypted OPAL device with integrity must be smaller than locking range." +msgstr "Зашифрований приÑтрій OPAL із механізмами ціліÑноÑÑ‚Ñ– має бути меншим за діапазон блокуваннÑ." + +#: lib/luks2/luks2_json_metadata.c:2695 +msgid "OPAL device must have same size as locking range." +msgstr "ПриÑтрій OPAL повинен мати той Ñамий розмір, що Ñ– діапазон блокуваннÑ." + +#: lib/luks2/luks2_json_metadata.c:2715 +#, c-format +msgid "OPAL device is %s already unlocked.\n" +msgstr "ПриÑтрій OPAL %s вже розблоковано.\n" + +#: lib/luks2/luks2_json_metadata.c:2748 msgid "Unsupported device integrity configuration." msgstr "Ðепідтримувані Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ†Ñ–Ð»Ñ–ÑноÑÑ‚Ñ– даних на приÑтрої." -#: lib/luks2/luks2_json_metadata.c:2701 +#: lib/luks2/luks2_json_metadata.c:2764 +msgid "Underlying dm-integrity device with unexpected provided data sectors." +msgstr "Базовий приÑтрій dm-integrity із неочікуваними наданими Ñекторами даних." + +#: lib/luks2/luks2_json_metadata.c:2859 msgid "Reencryption in-progress. Cannot deactivate device." msgstr "Виконуємо повторне шифруваннÑ. Ðе можна деактивувати приÑтрій." -#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082 +#: lib/luks2/luks2_json_metadata.c:2870 lib/luks2/luks2_reencrypt.c:4159 #, c-format msgid "Failed to replace suspended device %s with dm-error target." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ приÑтрій %s, роботу Ñкого призупинено, ціллю dm-error." -#: lib/luks2/luks2_json_metadata.c:2792 +#: lib/luks2/luks2_json_metadata.c:2939 lib/luks2/luks2_json_metadata.c:2961 +#, c-format +msgid "Device %s was deactivated but hardware OPAL device cannot be locked." +msgstr "ПриÑтрій %s було деактивовано, але апаратний приÑтрій OPAL не може бути заблоковано." + +#: lib/luks2/luks2_json_metadata.c:2980 msgid "Failed to read LUKS2 requirements." msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ вимоги LUKS2." -#: lib/luks2/luks2_json_metadata.c:2799 +#: lib/luks2/luks2_json_metadata.c:2987 msgid "Unmet LUKS2 requirements detected." msgstr "ВиÑвлено невідповідніÑÑ‚ÑŒ вимог LUKS2." -#: lib/luks2/luks2_json_metadata.c:2807 +#: lib/luks2/luks2_json_metadata.c:2995 msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "Ð”Ñ–Ñ Ñ” неÑуміÑною із приÑтроєм, Ñкий позначено Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ñтарілого варіанта. Перериваємо дію." -#: lib/luks2/luks2_json_metadata.c:2809 +#: lib/luks2/luks2_json_metadata.c:2997 msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "Ð”Ñ–Ñ Ñ” неÑуміÑною із приÑтроєм, Ñкий позначено Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2. Перериваємо дію." -#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600 +#: lib/luks2/luks2_json_metadata.c:2999 +msgid "Operation incompatible with device using OPAL. Aborting." +msgstr "Ð”Ñ–Ñ Ñ” неÑуміÑною із приÑтроєм з викориÑтаннÑм OPAL. Перериваємо дію." + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:602 msgid "Not enough available memory to open a keyslot." msgstr "ÐедоÑтатньо пам'ÑÑ‚Ñ– Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ñ‚Ñ Ñлоту ключів." -#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602 +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:604 msgid "Keyslot open failed." msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ Ñлот ключів." @@ -1518,330 +1668,342 @@ msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ Ñлот ключів." msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "Ðе можна викориÑтовувати ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ %s-%s Ð´Ð»Ñ Ñлотів ключів." -#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394 -#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668 +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:404 +#: lib/luks2/luks2_keyslot_reenc.c:447 lib/luks2/luks2_reencrypt.c:2714 #, c-format msgid "Hash algorithm %s is not available." msgstr "Ðлгоритм Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ %s Ñ” недоÑтупним." -#: lib/luks2/luks2_keyslot_luks2.c:510 +#: lib/luks2/luks2_keyslot_luks2.c:371 +msgid "Warning: keyslot operation could fail as it requires more than available memory.\n" +msgstr "ПопередженнÑ: Ð´Ñ–Ñ Ð·Ñ– Ñлотом ключа може завершитиÑÑ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ¾ÑŽ, оÑкільки потребує більшого за доÑтупний розміру пам'ÑÑ‚Ñ–.\n" + +#: lib/luks2/luks2_keyslot_luks2.c:520 msgid "No space for new keyslot." msgstr "Ðемає проÑтору Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ Ñлоту ключа." -#: lib/luks2/luks2_keyslot_reenc.c:593 +#: lib/luks2/luks2_keyslot_reenc.c:596 msgid "Invalid reencryption resilience mode change requested." msgstr "Отримано запит щодо некоректної зміни режиму ÑтійкоÑÑ‚Ñ– Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ шифруваннÑ." -#: lib/luks2/luks2_keyslot_reenc.c:714 +#: lib/luks2/luks2_keyslot_reenc.c:717 #, c-format msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes." msgstr "Ðе вдалоÑÑ Ð¾Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ тип ÑтійкоÑÑ‚Ñ–. Ðовим типом передбачено %<PRIu64> байтів, потрібне міÑце: %<PRIu64> байтів." -#: lib/luks2/luks2_keyslot_reenc.c:724 +#: lib/luks2/luks2_keyslot_reenc.c:727 msgid "Failed to refresh reencryption verification digest." msgstr "Ðе вдалоÑÑ Ð¾Ñвіжити контрольні Ñуми Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ шифруваннÑ." -#: lib/luks2/luks2_luks1_convert.c:512 +#: lib/luks2/luks2_luks1_convert.c:545 #, c-format msgid "Cannot check status of device with uuid: %s." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€Ð¸Ñ‚Ð¸ Ñтан приÑтрою з uuid %s." -#: lib/luks2/luks2_luks1_convert.c:538 +#: lib/luks2/luks2_luks1_convert.c:571 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ заголовок з додатковими метаданими LUKSMETA." -#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740 +#: lib/luks2/luks2_luks1_convert.c:602 lib/luks2/luks2_reencrypt.c:3795 #, c-format msgid "Unable to use cipher specification %s-%s for LUKS2." msgstr "Ðе вдалоÑÑ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтати Ñпецифікацію ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ %s-%s Ð´Ð»Ñ LUKS2." -#: lib/luks2/luks2_luks1_convert.c:584 +#: lib/luks2/luks2_luks1_convert.c:617 msgid "Unable to move keyslot area. Not enough space." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑунути облаÑÑ‚ÑŒ Ñлотів ключів. ÐедоÑтатньо міÑцÑ." -#: lib/luks2/luks2_luks1_convert.c:619 +#: lib/luks2/luks2_luks1_convert.c:652 msgid "Cannot convert to LUKS2 format - invalid metadata." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ до формату LUKS2 - некоректні метадані." -#: lib/luks2/luks2_luks1_convert.c:636 +#: lib/luks2/luks2_luks1_convert.c:669 msgid "Unable to move keyslot area. LUKS2 keyslots area too small." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑунути облаÑÑ‚ÑŒ Ñлотів ключів. ОблаÑÑ‚ÑŒ Ñлотів ключів LUKS2 Ñ” надто малою." -#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936 +#: lib/luks2/luks2_luks1_convert.c:675 lib/luks2/luks2_luks1_convert.c:969 msgid "Unable to move keyslot area." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑунути облаÑÑ‚ÑŒ Ñлотів ключів." -#: lib/luks2/luks2_luks1_convert.c:732 +#: lib/luks2/luks2_luks1_convert.c:765 msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ на формат LUKS1 — типовий розмір Ñектору ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñегмента не дорівнює 512 байтам." -#: lib/luks2/luks2_luks1_convert.c:740 +#: lib/luks2/luks2_luks1_convert.c:773 msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ до формату LUKS1 — контрольні Ñуми Ñлотів ключів не ÑуміÑні з LUKS1." -#: lib/luks2/luks2_luks1_convert.c:752 +#: lib/luks2/luks2_luks1_convert.c:785 #, c-format msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ до формату LUKS1 — на приÑтрої викориÑтовуєтьÑÑ Ð·Ð°Ð³Ð¾Ñ€Ð½ÑƒÑ‚Ðµ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ñ–Ð² %s." -#: lib/luks2/luks2_luks1_convert.c:757 +#: lib/luks2/luks2_luks1_convert.c:790 msgid "Cannot convert to LUKS1 format - device uses more segments." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ до формату LUKS1 — на приÑтрої викориÑтовуєтьÑÑ Ð±Ñ–Ð»ÑŒÑˆÐµ Ñегментів." -#: lib/luks2/luks2_luks1_convert.c:765 +#: lib/luks2/luks2_luks1_convert.c:798 #, c-format msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ до формату LUKS1 - заголовок LUKS2 міÑтить %u жетонів." -#: lib/luks2/luks2_luks1_convert.c:779 +#: lib/luks2/luks2_luks1_convert.c:812 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ до формату LUKS1 - Ñлот ключа %u перебуває у некоректному Ñтані." -#: lib/luks2/luks2_luks1_convert.c:784 +#: lib/luks2/luks2_luks1_convert.c:817 #, c-format msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ до формату LUKS1 — Ñлот %u (перевищує макÑимальну кількіÑÑ‚ÑŒ Ñлотів) уÑе ще Ñ” активним." -#: lib/luks2/luks2_luks1_convert.c:789 +#: lib/luks2/luks2_luks1_convert.c:822 #, c-format msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "не вдалоÑÑ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚Ð¸ до формату LUKS1 — Ñлот ключів %u Ñ” неÑуміÑним з LUKS1." -#: lib/luks2/luks2_reencrypt.c:1152 +#: lib/luks2/luks2_reencrypt.c:1181 #, c-format msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Розмір «гарÑчої» ділÑнки має бути кратним до обчиÑленого Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ Ð´Ñ–Ð»Ñнки (%zu байтів)." -#: lib/luks2/luks2_reencrypt.c:1157 +#: lib/luks2/luks2_reencrypt.c:1186 #, c-format msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." msgstr "Розмір приÑтрою має бути кратним до обчиÑленого Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ Ð´Ñ–Ð»Ñнки (%zu байтів)." -#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551 -#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676 -#: lib/luks2/luks2_reencrypt.c:3877 +#: lib/luks2/luks2_reencrypt.c:1393 lib/luks2/luks2_reencrypt.c:1580 +#: lib/luks2/luks2_reencrypt.c:1663 lib/luks2/luks2_reencrypt.c:1705 +#: lib/luks2/luks2_reencrypt.c:3954 msgid "Failed to initialize old segment storage wrapper." msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ обгортку Ñтарого Ñховища Ñегментів." -#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529 +#: lib/luks2/luks2_reencrypt.c:1407 lib/luks2/luks2_reencrypt.c:1558 msgid "Failed to initialize new segment storage wrapper." msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ обгортку нового Ñховища Ñегментів." -#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889 +#: lib/luks2/luks2_reencrypt.c:1534 lib/luks2/luks2_reencrypt.c:3966 msgid "Failed to initialize hotzone protection." msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ захиÑÑ‚ «гарÑчої» зони" -#: lib/luks2/luks2_reencrypt.c:1578 +#: lib/luks2/luks2_reencrypt.c:1607 msgid "Failed to read checksums for current hotzone." msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ контрольні Ñуми Ð´Ð»Ñ Ð¿Ð¾Ñ‚Ð¾Ñ‡Ð½Ð¾Ñ— «гарÑчої» ділÑнки." -#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903 +#: lib/luks2/luks2_reencrypt.c:1614 lib/luks2/luks2_reencrypt.c:3980 #, c-format msgid "Failed to read hotzone area starting at %<PRIu64>." msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ «гарÑчу» ділÑнку, починаючи з %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:1604 +#: lib/luks2/luks2_reencrypt.c:1633 #, c-format msgid "Failed to decrypt sector %zu." msgstr "Ðе вдалоÑÑ Ñ€Ð¾Ð·ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ñ‚Ð¸ Ñектор %zu." -#: lib/luks2/luks2_reencrypt.c:1610 +#: lib/luks2/luks2_reencrypt.c:1639 #, c-format msgid "Failed to recover sector %zu." msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ Ñектор %zu." -#: lib/luks2/luks2_reencrypt.c:2174 +#: lib/luks2/luks2_reencrypt.c:2203 #, c-format msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>." msgstr "Розміри приÑтроїв джерела та Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð½Ðµ збігаютьÑÑ. Розмір джерела — %<PRIu64>, розмір Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ â€” %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2272 +#: lib/luks2/luks2_reencrypt.c:2301 #, c-format msgid "Failed to activate hotzone device %s." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð´Ñ–Ñти приÑтрій «гарÑчої» ділÑнки %s." -#: lib/luks2/luks2_reencrypt.c:2289 +#: lib/luks2/luks2_reencrypt.c:2318 #, c-format msgid "Failed to activate overlay device %s with actual origin table." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð´Ñ–Ñти приÑтрій-накладку %s зі Ñправжньою таблицею походженнÑ." -#: lib/luks2/luks2_reencrypt.c:2296 +#: lib/luks2/luks2_reencrypt.c:2325 #, c-format msgid "Failed to load new mapping for device %s." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ нову прив'Ñзку Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою %s." -#: lib/luks2/luks2_reencrypt.c:2367 +#: lib/luks2/luks2_reencrypt.c:2396 msgid "Failed to refresh reencryption devices stack." msgstr "Ðе вдалоÑÑ Ð¾Ñвіжити тек приÑтрої Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:2550 +#: lib/luks2/luks2_reencrypt.c:2596 msgid "Failed to set new keyslots area size." msgstr "Ðе вдалоÑÑ Ð²Ñтановити розмір облаÑÑ‚Ñ– нових Ñлотів ключів." -#: lib/luks2/luks2_reencrypt.c:2686 +#: lib/luks2/luks2_reencrypt.c:2732 #, c-format msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð¼Ñ–Ñ‰ÐµÐ½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… не вирівнÑно до розміру Ñектора Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ (%<PRIu32> байтів)." -#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189 +#: lib/luks2/luks2_reencrypt.c:2769 src/utils_reencrypt.c:189 #, c-format msgid "Unsupported resilience mode %s" msgstr "Ðепідтримуваний режим ÑтійкоÑÑ‚Ñ– %s" -#: lib/luks2/luks2_reencrypt.c:2760 +#: lib/luks2/luks2_reencrypt.c:2806 msgid "Moved segment size can not be greater than data shift value." msgstr "Розмір переÑунутого Ñегмента не може перевищувати Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ñуву даних." -#: lib/luks2/luks2_reencrypt.c:2802 +#: lib/luks2/luks2_reencrypt.c:2848 msgid "Invalid reencryption resilience parameters." msgstr "Ðекоректні параметри ÑтійкоÑÑ‚Ñ– Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:2824 +#: lib/luks2/luks2_reencrypt.c:2870 #, c-format msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>." msgstr "ПереÑунутий Ñегмент Ñ” надто великим. Потрібний розмір %<PRIu64>, доÑтупне міÑце: %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:2911 +#: lib/luks2/luks2_reencrypt.c:2957 msgid "Failed to clear table." msgstr "Ðе вдалоÑÑ Ð¾Ñ‡Ð¸Ñтити таблицю." -#: lib/luks2/luks2_reencrypt.c:2997 +#: lib/luks2/luks2_reencrypt.c:3043 msgid "Reduced data size is larger than real device size." msgstr "Зменшений розмір даних перевищує Ñправжній розмір приÑтрою." -#: lib/luks2/luks2_reencrypt.c:3004 +#: lib/luks2/luks2_reencrypt.c:3050 #, c-format msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)." msgstr "ПриÑтрій Ð·Ð±ÐµÑ€Ñ–Ð³Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… не вирівнÑно до розміру Ñектора Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ (%<PRIu32> байтів)." -#: lib/luks2/luks2_reencrypt.c:3038 +#: lib/luks2/luks2_reencrypt.c:3084 #, c-format msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)." msgstr "Ð—Ð¼Ñ–Ñ‰ÐµÐ½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… (%<PRIu64> Ñекторів) Ñ” меншим за майбутній зÑув даних (%<PRIu64> Ñекторів)." -#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533 -#: lib/luks2/luks2_reencrypt.c:3554 +#: lib/luks2/luks2_reencrypt.c:3091 lib/luks2/luks2_reencrypt.c:3589 +#: lib/luks2/luks2_reencrypt.c:3610 #, c-format msgid "Failed to open %s in exclusive mode (already mapped or mounted)." msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ %s в екÑклюзивному режимі (вже пов'Ñзано або змонтовано)." -#: lib/luks2/luks2_reencrypt.c:3234 +#: lib/luks2/luks2_reencrypt.c:3280 msgid "Device not marked for LUKS2 reencryption." msgstr "ПриÑтрій не позначено Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2." -#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206 +#: lib/luks2/luks2_reencrypt.c:3297 lib/luks2/luks2_reencrypt.c:4271 msgid "Failed to load LUKS2 reencryption context." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ контекÑÑ‚ повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2." -#: lib/luks2/luks2_reencrypt.c:3331 +#: lib/luks2/luks2_reencrypt.c:3387 msgid "Failed to get reencryption state." msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ Ñтан повторного шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649 +#: lib/luks2/luks2_reencrypt.c:3391 lib/luks2/luks2_reencrypt.c:3705 msgid "Device is not in reencryption." msgstr "ПриÑтрій не перебуває у повторному шифруванні." -#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656 +#: lib/luks2/luks2_reencrypt.c:3398 lib/luks2/luks2_reencrypt.c:3712 msgid "Reencryption process is already running." msgstr "ÐŸÑ€Ð¾Ñ†ÐµÑ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ð¶Ðµ виконуєтьÑÑ." -#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658 +#: lib/luks2/luks2_reencrypt.c:3400 lib/luks2/luks2_reencrypt.c:3714 msgid "Failed to acquire reencryption lock." msgstr "Ðе вдалоÑÑ Ñтворити Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:3362 +#: lib/luks2/luks2_reencrypt.c:3418 msgid "Cannot proceed with reencryption. Run reencryption recovery first." msgstr "ÐŸÑ€Ð¾Ð´Ð¾Ð²Ð¶ÐµÐ½Ð½Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð½ÐµÐ¼Ð¾Ð¶Ð»Ð¸Ð²Ðµ. Спочатку Ñлід виконати Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:3497 +#: lib/luks2/luks2_reencrypt.c:3553 msgid "Active device size and requested reencryption size don't match." msgstr "Ðе збігаютьÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñ€ активного приÑтрою Ñ– запитаний розмір повторного шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:3511 +#: lib/luks2/luks2_reencrypt.c:3567 msgid "Illegal device size requested in reencryption parameters." msgstr "У параметрах повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾ некоректний розмір приÑтрою." -#: lib/luks2/luks2_reencrypt.c:3588 +#: lib/luks2/luks2_reencrypt.c:3644 msgid "Reencryption in-progress. Cannot perform recovery." msgstr "ВиконуєтьÑÑ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ðµ шифруваннÑ. Ðеможливо виконати відновленнÑ." -#: lib/luks2/luks2_reencrypt.c:3757 +#: lib/luks2/luks2_reencrypt.c:3812 msgid "LUKS2 reencryption already initialized in metadata." msgstr "Повторне ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2 вже ініційовано у метаданих." -#: lib/luks2/luks2_reencrypt.c:3764 +#: lib/luks2/luks2_reencrypt.c:3819 msgid "Failed to initialize LUKS2 reencryption in metadata." msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ повторне ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2 лише у метаданих." -#: lib/luks2/luks2_reencrypt.c:3859 +#: lib/luks2/luks2_reencrypt.c:3872 lib/luks2/luks2_reencrypt.c:3907 +msgid "Reencryption is not supported for DAX (persistent memory) devices." +msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð¸Ñтроїв DAX (Ñталої пам'ÑÑ‚Ñ–) не передбачено підтримки повторного шифруваннÑ." + +#: lib/luks2/luks2_reencrypt.c:3879 +msgid "Failed to read passphrase from keyring." +msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ пароль із ключа зі Ñховища ключів." + +#: lib/luks2/luks2_reencrypt.c:3936 msgid "Failed to set device segments for next reencryption hotzone." msgstr "Ðе вдалоÑÑ Ð²Ñтановити Ñегменти приÑтрою Ð´Ð»Ñ Ð½Ð°Ñтупної «гарÑчої» ділÑнки повторного шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:3911 +#: lib/luks2/luks2_reencrypt.c:3988 msgid "Failed to write reencryption resilience metadata." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð¿Ð¸Ñати метадані ÑтійкоÑÑ‚Ñ– Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:3918 +#: lib/luks2/luks2_reencrypt.c:3995 msgid "Decryption failed." msgstr "Помилка розшифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:3923 +#: lib/luks2/luks2_reencrypt.c:4000 #, c-format msgid "Failed to write hotzone area starting at %<PRIu64>." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð¿Ð¸Ñати «гарÑчу» ділÑнку, починаючи з %<PRIu64>." -#: lib/luks2/luks2_reencrypt.c:3928 +#: lib/luks2/luks2_reencrypt.c:4005 msgid "Failed to sync data." msgstr "Ðе вдалоÑÑ Ñинхронізувати дані." -#: lib/luks2/luks2_reencrypt.c:3936 +#: lib/luks2/luks2_reencrypt.c:4013 msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "Ðе вдалоÑÑ Ð¾Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ метадані піÑÐ»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸ поточної «гарÑчої» зони повторного шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:4025 +#: lib/luks2/luks2_reencrypt.c:4102 msgid "Failed to write LUKS2 metadata." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð¿Ð¸Ñати метадані LUKS2." -#: lib/luks2/luks2_reencrypt.c:4048 +#: lib/luks2/luks2_reencrypt.c:4125 msgid "Failed to wipe unused data device area." msgstr "Ðе вдалоÑÑ Ð²Ð¸Ñ‚ÐµÑ€Ñ‚Ð¸ облаÑÑ‚ÑŒ невикориÑтаних даних приÑтрою." -#: lib/luks2/luks2_reencrypt.c:4054 +#: lib/luks2/luks2_reencrypt.c:4131 #, c-format msgid "Failed to remove unused (unbound) keyslot %d." msgstr "Ðе вдалоÑÑ Ð²Ð¸Ð»ÑƒÑ‡Ð¸Ñ‚Ð¸ невикориÑтаний (непов'Ñзаний) Ñлот ключа %d." -#: lib/luks2/luks2_reencrypt.c:4064 +#: lib/luks2/luks2_reencrypt.c:4141 msgid "Failed to remove reencryption keyslot." msgstr "Ðе вдалоÑÑ Ð²Ð¸Ð»ÑƒÑ‡Ð¸Ñ‚Ð¸ Ñлот ключа Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:4074 +#: lib/luks2/luks2_reencrypt.c:4151 #, c-format msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long." msgstr "Критична помилка під Ñ‡Ð°Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ñ€Ð°Ð³Ð¼ÐµÐ½Ñ‚Ð°, починаючи з %<PRIu64>, довжиною у %<PRIu64> Ñекторів." -#: lib/luks2/luks2_reencrypt.c:4078 +#: lib/luks2/luks2_reencrypt.c:4155 msgid "Online reencryption failed." msgstr "Ðе вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ інтерактивне повторне шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:4083 +#: lib/luks2/luks2_reencrypt.c:4160 msgid "Do not resume the device unless replaced with error target manually." msgstr "Ðе відновлюйте приÑтрій, Ñкщо не заміните вручну приÑтрій Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð¿Ð¾Ð¼Ð¸Ð»Ð¾Ðº." -#: lib/luks2/luks2_reencrypt.c:4137 +#: lib/luks2/luks2_reencrypt.c:4212 msgid "Cannot proceed with reencryption. Unexpected reencryption status." msgstr "Ðе вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ повторне шифруваннÑ. Ðеочікуваний Ñтан заÑобу повторного шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:4143 +#: lib/luks2/luks2_reencrypt.c:4218 msgid "Missing or invalid reencrypt context." msgstr "Ðе вказано контекÑÑ‚ повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ð±Ð¾ вказано некоректний контекÑÑ‚." -#: lib/luks2/luks2_reencrypt.c:4150 +#: lib/luks2/luks2_reencrypt.c:4225 msgid "Failed to initialize reencryption device stack." msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ ÑÑ‚Ð¾Ñ Ð¿Ñ€Ð¸Ñтроїв повторного шифруваннÑ." -#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219 +#: lib/luks2/luks2_reencrypt.c:4247 lib/luks2/luks2_reencrypt.c:4284 msgid "Failed to update reencryption context." msgstr "Ðе вдалоÑÑ Ð¾Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ контекÑÑ‚ повторного шифруваннÑ." @@ -1849,80 +2011,121 @@ msgstr "Ðе вдалоÑÑ Ð¾Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ контекÑÑ‚ повторного msgid "Reencryption metadata is invalid." msgstr "Метадані повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ” некоректними." +#: lib/luks2/hw_opal/hw_opal.c:335 +#, c-format +msgid "OPAL range %d offset %<PRIu64> does not match expected values %<PRIu64>." +msgstr "ВідÑтуп діапазону OPAL %d %<PRIu64> не відповідає очікуваним значеннÑм %<PRIu64>." + +#: lib/luks2/hw_opal/hw_opal.c:344 +#, c-format +msgid "OPAL range %d length %<PRIu64> does not match device length %<PRIu64>." +msgstr "Довжина діапазону OPAL %d %<PRIu64> не відповідає розміру приÑтрою %<PRIu64>." + +#: lib/luks2/hw_opal/hw_opal.c:351 +#, c-format +msgid "OPAL range %d locking is disabled." +msgstr "Вимкнено діапазон Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ %d OPAL." + +#: lib/luks2/hw_opal/hw_opal.c:361 lib/luks2/hw_opal/hw_opal.c:368 +#, c-format +msgid "Unexpected OPAL range %d lock state." +msgstr "Ðеочікуваний Ñтан Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ñ–Ð°Ð¿Ð°Ð·Ð¾Ð½Ñƒ OPAL %d." + #: src/cryptsetup.c:85 msgid "Keyslot encryption parameters can be set only for LUKS2 device." msgstr "Параметри ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñлоту ключів можна вÑтановлювати лише Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтроїв LUKS2." -#: src/cryptsetup.c:108 src/cryptsetup.c:1901 +#: src/cryptsetup.c:128 src/cryptsetup.c:2145 #, c-format msgid "Enter token PIN: " msgstr "Введіть пінкод жетона: " -#: src/cryptsetup.c:110 src/cryptsetup.c:1903 +#: src/cryptsetup.c:130 src/cryptsetup.c:2147 #, c-format msgid "Enter token %d PIN: " msgstr "Введіть пінкод жетона %d: " -#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430 -#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517 +#: src/cryptsetup.c:188 src/cryptsetup.c:1174 src/cryptsetup.c:1515 +#: src/utils_reencrypt.c:1137 src/utils_reencrypt_luks1.c:517 #: src/utils_reencrypt_luks1.c:580 msgid "No known cipher specification pattern detected." msgstr "Ðе виÑвлено жодного відомого зразка Ñпецифікації шифруваннÑ." -#: src/cryptsetup.c:167 +#: src/cryptsetup.c:198 +#, c-format +msgid "WARNING: Using default options for cipher (%s-%s, key size %u bits) that could be incompatible with older versions." +msgstr "УВÐГÐ: викориÑтовуємо типові параметри ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ (%s-%s, розмір ключа — %u бітів), що може бути неÑуміÑним із заÑтарілими верÑÑ–Ñми." + +#: src/cryptsetup.c:203 +#, c-format +msgid "WARNING: Using default options for hash (%s) that could be incompatible with older versions." +msgstr "УВÐГÐ: викориÑтовуємо типові параметри Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ (%s), що може бути неÑуміÑним із заÑтарілими верÑÑ–Ñми." + +#: src/cryptsetup.c:207 +msgid "For plain mode, always use options --cipher, --key-size and if no keyfile is used, then also --hash." +msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð¾Ñтого режиму завжди викориÑтовувати параметри --cipher, --key-size Ñ–, Ñкщо не викориÑтано файл ключа, також --hash." + +#: src/cryptsetup.c:213 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" msgstr "ПопередженнÑ: параметр --hash у проÑтому режимі із вказаним файлом ключа ігноруєтьÑÑ.\n" -#: src/cryptsetup.c:175 +#: src/cryptsetup.c:221 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" msgstr "ПопередженнÑ: параметр --keyfile-size проігноровано, розмір прочитаних даних збігаєтьÑÑ Ñ–Ð· розміром ключа шифруваннÑ.\n" -#: src/cryptsetup.c:215 +#: src/cryptsetup.c:258 src/cryptsetup.c:1360 src/cryptsetup.c:1558 +#: src/integritysetup.c:197 src/utils_reencrypt.c:1346 +#, c-format +msgid "Blkid scan failed for %s." +msgstr "Помилка ÑÐºÐ°Ð½ÑƒÐ²Ð°Ð½Ð½Ñ Blkid Ð´Ð»Ñ %s." + +#: src/cryptsetup.c:264 #, c-format msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." msgstr "Ðа %s виÑвлено підпиÑи приÑтроїв. Подальша обробка може пошкодити наÑвні дані." -#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225 -#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480 -#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138 -#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749 +#: src/cryptsetup.c:270 src/cryptsetup.c:1248 src/cryptsetup.c:1296 +#: src/cryptsetup.c:1367 src/cryptsetup.c:1492 src/cryptsetup.c:1570 +#: src/cryptsetup.c:2525 src/cryptsetup.c:2952 src/integritysetup.c:187 +#: src/utils_reencrypt.c:138 src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:764 msgid "Operation aborted.\n" msgstr "Дію перервано.\n" -#: src/cryptsetup.c:294 +#: src/cryptsetup.c:343 msgid "Option --key-file is required." msgstr "Слід вказати параметр --key-file." -#: src/cryptsetup.c:345 +#: src/cryptsetup.c:394 msgid "Enter VeraCrypt PIM: " msgstr "Введіть PIM VeraCrypt: " -#: src/cryptsetup.c:354 +#: src/cryptsetup.c:403 msgid "Invalid PIM value: parse error." msgstr "Ðекоректне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ PIM: помилка обробки." -#: src/cryptsetup.c:357 +#: src/cryptsetup.c:406 msgid "Invalid PIM value: 0." msgstr "Ðекоректне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ PIM: 0." -#: src/cryptsetup.c:360 +#: src/cryptsetup.c:409 msgid "Invalid PIM value: outside of range." msgstr "Ðекоректне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ PIM: поза межами діапазону." -#: src/cryptsetup.c:383 +#: src/cryptsetup.c:432 msgid "No device header detected with this passphrase." msgstr "Ð”Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð½Ðµ виÑвлено заголовка приÑтрою." -#: src/cryptsetup.c:456 src/cryptsetup.c:632 +#: src/cryptsetup.c:505 src/cryptsetup.c:681 #, c-format msgid "Device %s is not a valid BITLK device." msgstr "ПриÑтрій %s не Ñ” коректним приÑтроєм BITLK." -#: src/cryptsetup.c:464 +#: src/cryptsetup.c:513 msgid "Cannot determine volume key size for BITLK, please use --key-size option." msgstr "Ðеможливо визначити розмір ключа тому Ð´Ð»Ñ BITLK. Будь лаÑка, ÑкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ --key-size." -#: src/cryptsetup.c:506 +#: src/cryptsetup.c:555 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" @@ -1933,7 +2136,7 @@ msgstr "" "без паролÑ. Цей дамп Ñлід зберігати у зашифрованому форматі\n" "у безпечному міÑці." -#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291 +#: src/cryptsetup.c:622 src/cryptsetup.c:703 src/cryptsetup.c:2550 msgid "" "The header dump with volume key is sensitive information\n" "that allows access to encrypted partition without a passphrase.\n" @@ -1944,77 +2147,84 @@ msgstr "" "без паролÑ. Цей дамп Ñлід зберігати у зашифрованому форматі\n" "у безпечному міÑці." -#: src/cryptsetup.c:709 src/cryptsetup.c:739 +#: src/cryptsetup.c:758 src/cryptsetup.c:788 #, c-format msgid "Device %s is not a valid FVAULT2 device." msgstr "ПриÑтрій %s не Ñ” коректним приÑтроєм FVAULT2." -#: src/cryptsetup.c:747 +#: src/cryptsetup.c:796 msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." msgstr "Ðеможливо визначити розмір ключа тому Ð´Ð»Ñ FVAULT2. Будь лаÑка, ÑкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ --key-size." -#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400 +#: src/cryptsetup.c:850 src/veritysetup.c:323 src/integritysetup.c:409 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "ПриÑтрій %s уÑе ще Ñ” активним, його заплановано Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÐ»Ð°Ð´ÐµÐ½Ð¾Ð³Ð¾ вилученнÑ.\n" -#: src/cryptsetup.c:835 +#: src/cryptsetup.c:884 src/cryptsetup.c:1824 src/cryptsetup.c:2080 +#: src/cryptsetup.c:2234 src/cryptsetup.c:2681 src/cryptsetup.c:2763 +#: src/cryptsetup.c:3290 +#, c-format +msgid "Failed to set external tokens path %s." +msgstr "Ðе вдалоÑÑ Ð²Ñтановити шлÑÑ… до зовнішніх жетонів %s." + +#: src/cryptsetup.c:893 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "Зміна розмірів активного приÑтрою потребує наÑвноÑÑ‚Ñ– ключа тому у Ñховищі ключів, але вказано параметр --disable-keyring." -#: src/cryptsetup.c:982 +#: src/cryptsetup.c:1053 msgid "Benchmark interrupted." msgstr "ТеÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÑ€Ð²Ð°Ð½Ð¾." -#: src/cryptsetup.c:1003 +#: src/cryptsetup.c:1074 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "PBKDF2-%-9s н/д\n" -#: src/cryptsetup.c:1005 +#: src/cryptsetup.c:1076 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "PBKDF2-%-9s %7u ітерацій за Ñекунду Ð´Ð»Ñ %zu-бітового ключа\n" -#: src/cryptsetup.c:1019 +#: src/cryptsetup.c:1090 #, c-format msgid "%-10s N/A\n" msgstr "%-10s н/д\n" -#: src/cryptsetup.c:1021 +#: src/cryptsetup.c:1092 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "%-10s %4u ітерацій, пам'ÑÑ‚ÑŒ: %5u, %1u паралельних потоків (процеÑорів) Ð´Ð»Ñ %zu-бітового ключа (запит на %u Ð¼Ñ Ñ‡Ð°Ñу)\n" -#: src/cryptsetup.c:1045 +#: src/cryptsetup.c:1116 msgid "Result of benchmark is not reliable." msgstr "Результат теÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ” ненадійним." -#: src/cryptsetup.c:1095 +#: src/cryptsetup.c:1166 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# Ðаближені Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´ Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ визначаютьÑÑ Ð»Ð¸ÑˆÐµ за допомогою оперативної пам’ÑÑ‚Ñ– (без запиÑу на диÑк).\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1115 +#: src/cryptsetup.c:1186 #, c-format msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "â„–%*s Ðлгоритм | Ключ | Ð¨Ð¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ | РозшифруваннÑ\n" -#: src/cryptsetup.c:1119 +#: src/cryptsetup.c:1190 #, c-format msgid "Cipher %s (with %i bits key) is not available." msgstr "Ð¨Ð¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ %s (розмір ключа — %i бітів) Ñ” недоÑтупним." #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:1138 +#: src/cryptsetup.c:1209 msgid "# Algorithm | Key | Encryption | Decryption\n" msgstr "â„– Ðлгоритм | Ключ | Ð¨Ð¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ | РозшифруваннÑ\n" -#: src/cryptsetup.c:1149 +#: src/cryptsetup.c:1220 msgid "N/A" msgstr "н/д" -#: src/cryptsetup.c:1174 +#: src/cryptsetup.c:1245 msgid "" "Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" "and continue (upgrade metadata) only if you acknowledge the operation as genuine." @@ -2022,27 +2232,27 @@ msgstr "" "ВиÑвлено незахищені метадані повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2. Будь лаÑка, перевірте, чи бажаною Ñ” Ð´Ñ–Ñ Ð· повторного шифруваннÑ\n" "(див. Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ luksDump), Ñ– продовжуйте (Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¼ÐµÑ‚Ð°Ð´Ð°Ð½Ð¸Ñ…), лише Ñкщо впевнені, що Ð´Ñ–Ñ Ñ” бажаною." -#: src/cryptsetup.c:1180 +#: src/cryptsetup.c:1251 msgid "Enter passphrase to protect and upgrade reencryption metadata: " msgstr "Вкажіть пароль Ð´Ð»Ñ Ð·Ð°Ñ…Ð¸Ñту Ñ– Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¼ÐµÑ‚Ð°Ð´Ð°Ð½Ð¸Ñ… повторного шифруваннÑ: " -#: src/cryptsetup.c:1224 +#: src/cryptsetup.c:1295 msgid "Really proceed with LUKS2 reencryption recovery?" msgstr "Ви Ñправді хочете продовжити процедуру Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2?" -#: src/cryptsetup.c:1233 +#: src/cryptsetup.c:1304 msgid "Enter passphrase to verify reencryption metadata digest: " msgstr "Вкажіть пароль Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ контрольної Ñуми метаданих повторного шифруваннÑ: " -#: src/cryptsetup.c:1235 +#: src/cryptsetup.c:1306 msgid "Enter passphrase for reencryption recovery: " msgstr "Вкажіть пароль Ð´Ð»Ñ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ шифруваннÑ: " -#: src/cryptsetup.c:1290 +#: src/cryptsetup.c:1366 msgid "Really try to repair LUKS device header?" msgstr "Спробувати відновити заголовок приÑтрою LUKS?" -#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238 +#: src/cryptsetup.c:1390 src/integritysetup.c:89 src/integritysetup.c:247 msgid "" "\n" "Wipe interrupted." @@ -2050,7 +2260,7 @@ msgstr "" "\n" "Ð’Ð¸Ñ‚Ð¸Ñ€Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÑ€Ð²Ð°Ð½Ð¾." -#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275 +#: src/cryptsetup.c:1395 src/integritysetup.c:94 src/integritysetup.c:284 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" @@ -2058,128 +2268,144 @@ msgstr "" "Витираємо приÑтрій Ð´Ð»Ñ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·Ð°Ñ†Ñ–Ñ— контрольних Ñум Ð´Ð»Ñ Ñ†Ñ–Ð»Ñ–ÑноÑÑ‚Ñ–.\n" "Ви можете перервати цей Ð¿Ñ€Ð¾Ñ†ÐµÑ Ð½Ð°Ñ‚Ð¸ÑканнÑм комбінації клавіш CTRL+C (решта невитертого приÑтрою міÑтитиме некоректну контрольну Ñуму).\n" -#: src/cryptsetup.c:1341 src/integritysetup.c:116 +#: src/cryptsetup.c:1417 src/integritysetup.c:116 #, c-format msgid "Cannot deactivate temporary device %s." msgstr "Ðе можна ÑкаÑувати активацію тимчаÑового приÑтрою %s." -#: src/cryptsetup.c:1392 +#: src/cryptsetup.c:1472 msgid "Integrity option can be used only for LUKS2 format." msgstr "Параметр ціліÑноÑÑ‚Ñ– може бути викориÑтано лише Ð´Ð»Ñ Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚Ñƒ LUKS2." -#: src/cryptsetup.c:1397 src/cryptsetup.c:1457 +#: src/cryptsetup.c:1477 src/cryptsetup.c:1542 msgid "Unsupported LUKS2 metadata size options." msgstr "Ðепідтримувані параметри розміру метаданих LUKS2." -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:1482 +msgid "OPAL is supported only for LUKS2 format." +msgstr "Підтримку OPAL передбачено лише Ð´Ð»Ñ Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚Ñƒ LUKS2." + +#: src/cryptsetup.c:1491 msgid "Header file does not exist, do you want to create it?" msgstr "Файла заголовка не Ñ–Ñнує. Хочете його Ñтворити?" -#: src/cryptsetup.c:1414 +#: src/cryptsetup.c:1499 #, c-format msgid "Cannot create header file %s." msgstr "Ðе вдалоÑÑ Ñтворити файл заголовка %s." -#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152 -#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323 -#: src/integritysetup.c:333 +#: src/cryptsetup.c:1522 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:324 src/integritysetup.c:332 +#: src/integritysetup.c:342 msgid "No known integrity specification pattern detected." msgstr "Ðе виÑвлено жодного відомого зразка Ñпецифікації ціліÑноÑÑ‚Ñ–." -#: src/cryptsetup.c:1450 +#: src/cryptsetup.c:1535 #, c-format msgid "Cannot use %s as on-disk header." msgstr "Ðе можна викориÑтовувати %s Ñк заголовок на диÑку." -#: src/cryptsetup.c:1474 src/integritysetup.c:181 +#: src/cryptsetup.c:1564 src/integritysetup.c:181 #, c-format msgid "This will overwrite data on %s irrevocably." msgstr "Дані на %s буде перезапиÑано без можливоÑÑ‚Ñ– відновленнÑ." -#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993 -#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443 +#: src/cryptsetup.c:1601 +msgid "OPAL Admin password cannot be empty." +msgstr "Пароль адмініÑтратора OPAL не може бути порожнім." + +#: src/cryptsetup.c:1615 src/cryptsetup.c:2097 src/cryptsetup.c:2247 +#: src/cryptsetup.c:2407 src/cryptsetup.c:2473 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "Ðе вдалоÑÑ Ð²Ñтановити параметри pbkdf." -#: src/cryptsetup.c:1593 +#: src/cryptsetup.c:1745 +msgid "Type specification in --link-vk-to-keyring keyring specification is ignored." +msgstr "Специфікацію типу у Ñпецифікації Ñховища ключів --link-vk-to-keyring проігноровано." + +#: src/cryptsetup.c:1765 +msgid "Invalid --link-vk-to-keyring value." +msgstr "Ðекоректне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ --link-vk-to-keyring." + +#: src/cryptsetup.c:1805 msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "Зменшений відÑтуп даних можна викориÑтовувати лише Ð´Ð»Ñ Ð²Ñ–Ð´â€™Ñ”Ð´Ð½Ð°Ð½Ð¸Ñ… заголовків LUKS." -#: src/cryptsetup.c:1600 +#: src/cryptsetup.c:1812 #, c-format msgid "LUKS file container %s is too small for activation, there is no remaining space for data." msgstr "Контейнер файлів LUKS %s Ñ” надто малим Ð´Ð»Ñ Ð°ÐºÑ‚Ð¸Ð²Ð°Ñ†Ñ–Ñ—, на ньому не лишитьÑÑ Ð¼Ñ–ÑÑ†Ñ Ð´Ð»Ñ Ð´Ð°Ð½Ð¸Ñ…." -#: src/cryptsetup.c:1612 src/cryptsetup.c:1999 +#: src/cryptsetup.c:1839 src/cryptsetup.c:2253 msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." msgstr "Ðеможливо визначити розмір ключа тому Ð´Ð»Ñ LUKS без Ñлотів ключів. Будь лаÑка, ÑкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ --key-size." -#: src/cryptsetup.c:1658 +#: src/cryptsetup.c:1890 msgid "Device activated but cannot make flags persistent." msgstr "ПриÑтрій задіÑно, але не вдалоÑÑ Ð·Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ прапорці Ñталими." -#: src/cryptsetup.c:1737 src/cryptsetup.c:1805 +#: src/cryptsetup.c:1972 src/cryptsetup.c:2040 #, c-format msgid "Keyslot %d is selected for deletion." msgstr "Слот ключа %d позначено Ð´Ð»Ñ Ð²Ð¸Ð»ÑƒÑ‡ÐµÐ½Ð½Ñ." -#: src/cryptsetup.c:1749 src/cryptsetup.c:1809 +#: src/cryptsetup.c:1984 src/cryptsetup.c:2044 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "Це оÑтанній Ñлот ключа. ПриÑтрій Ñтане непридатним Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ð¿Ñ–ÑÐ»Ñ ÑÐ¿Ð¾Ñ€Ð¾Ð¶Ð½ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ ключа." -#: src/cryptsetup.c:1750 +#: src/cryptsetup.c:1985 msgid "Enter any remaining passphrase: " msgstr "Введіть будь-Ñкий інший пароль: " -#: src/cryptsetup.c:1751 src/cryptsetup.c:1811 +#: src/cryptsetup.c:1986 src/cryptsetup.c:2046 msgid "Operation aborted, the keyslot was NOT wiped.\n" msgstr "Дію перервано, Ñлот ключів ÐЕ витерто.\n" -#: src/cryptsetup.c:1787 +#: src/cryptsetup.c:2022 msgid "Enter passphrase to be deleted: " msgstr "Введіть пароль, Ñкий Ñлід вилучити: " -#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781 -#: src/cryptsetup.c:2948 +#: src/cryptsetup.c:2072 src/cryptsetup.c:2456 src/cryptsetup.c:3114 +#: src/cryptsetup.c:3281 #, c-format msgid "Device %s is not a valid LUKS2 device." msgstr "ПриÑтрій %s не Ñ” коректним приÑтроєм LUKS2." -#: src/cryptsetup.c:1867 src/cryptsetup.c:2072 +#: src/cryptsetup.c:2111 src/cryptsetup.c:2330 msgid "Enter new passphrase for key slot: " msgstr "Введіть новий пароль Ð´Ð»Ñ Ñлота ключа: " -#: src/cryptsetup.c:1968 +#: src/cryptsetup.c:2213 msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" msgstr "ПопередженнÑ: параметр --key-slot викориÑтано Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ чиÑла Ñлоту ключа.\n" -#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149 +#: src/cryptsetup.c:2286 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "Введіть будь-Ñкий пароль: " -#: src/cryptsetup.c:2152 +#: src/cryptsetup.c:2411 msgid "Enter passphrase to be changed: " msgstr "Введіть пароль, Ñкий Ñлід змінити: " -#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135 +#: src/cryptsetup.c:2427 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "Введіть новий пароль: " -#: src/cryptsetup.c:2218 +#: src/cryptsetup.c:2477 msgid "Enter passphrase for keyslot to be converted: " msgstr "Вкажіть пароль Ð´Ð»Ñ Ñлоту ключа, Ñкий буде перетворено: " -#: src/cryptsetup.c:2242 +#: src/cryptsetup.c:2501 msgid "Only one device argument for isLuks operation is supported." msgstr "У команді isLuks можна викориÑтовувати лише один аргумент назви приÑтрою." -#: src/cryptsetup.c:2350 +#: src/cryptsetup.c:2609 #, c-format msgid "Keyslot %d does not contain unbound key." msgstr "Слот ключа %d не міÑтить непов'Ñзаного ключа." -#: src/cryptsetup.c:2355 +#: src/cryptsetup.c:2614 msgid "" "The header dump with unbound key is sensitive information.\n" "This dump should be stored encrypted in a safe place." @@ -2187,40 +2413,52 @@ msgstr "" "Дамп заголовка з непов'Ñзаним ключем Ñ” конфіденційними даними.\n" "Цей дамп Ñлід зберігати у зашифрованому форматі у безпечному міÑці." -#: src/cryptsetup.c:2441 src/cryptsetup.c:2470 +#: src/cryptsetup.c:2709 src/cryptsetup.c:2746 #, c-format msgid "%s is not active %s device name." msgstr "%s не Ñ” назвою активного приÑтрою %s." -#: src/cryptsetup.c:2465 +#: src/cryptsetup.c:2741 #, c-format msgid "%s is not active LUKS device name or header is missing." msgstr "%s не Ñ” назвою активного приÑтрою LUKS або пропущено заголовок." -#: src/cryptsetup.c:2527 src/cryptsetup.c:2546 +#: src/cryptsetup.c:2819 src/cryptsetup.c:2838 msgid "Option --header-backup-file is required." msgstr "Слід вказати параметр --header-backup-file." -#: src/cryptsetup.c:2577 +#: src/cryptsetup.c:2869 #, c-format msgid "%s is not cryptsetup managed device." msgstr "%s не Ñ” керованим cryptsetup приÑтроєм." -#: src/cryptsetup.c:2588 +#: src/cryptsetup.c:2880 #, c-format msgid "Refresh is not supported for device type %s" msgstr "Підтримки дії з Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтрою типу %s не передбачено." -#: src/cryptsetup.c:2638 +#: src/cryptsetup.c:2930 #, c-format msgid "Unrecognized metadata device type %s." msgstr "Ðерозпізнаний тип приÑтрою метаданих, %s." -#: src/cryptsetup.c:2640 +#: src/cryptsetup.c:2932 msgid "Command requires device and mapped name as arguments." msgstr "Ðргументами команди мають бути назва приÑтрою та призначена до нього назва." -#: src/cryptsetup.c:2661 +#: src/cryptsetup.c:2942 +msgid "Enter OPAL PSID: " +msgstr "Введіть PSID OPAL: " + +#: src/cryptsetup.c:2942 +msgid "Enter OPAL Admin password: " +msgstr "Введіть пароль адмініÑтратора OPAL: " + +#: src/cryptsetup.c:2951 +msgid "WARNING: WHOLE disk will be factory reset and all data will be lost! Continue?" +msgstr "УВÐГÐ: УВЕСЬ диÑк буде повернуто до початкових параметрів, а уÑÑ– дані на ньому буде втрачено! Виконати дію?" + +#: src/cryptsetup.c:2994 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -2229,351 +2467,351 @@ msgstr "" "У результаті Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ñ†Ñ–Ñ”Ñ— операції буде витерто уÑÑ– Ñлоти ключів на приÑтрої %s.\n" "ПіÑÐ»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ñ†Ñ–Ñ”Ñ— дії приÑтроєм не можна буде ÑкориÑтатиÑÑ." -#: src/cryptsetup.c:2668 +#: src/cryptsetup.c:3001 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "Дію перервано, Ñлоти ключів ÐЕ витерто.\n" -#: src/cryptsetup.c:2707 +#: src/cryptsetup.c:3040 msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "Ðекоректний тип LUKS. Передбачено підтримку лише luks1 Ñ– luks2." -#: src/cryptsetup.c:2723 +#: src/cryptsetup.c:3056 #, c-format msgid "Device is already %s type." msgstr "ПриÑтрій вже належить до типу %s." -#: src/cryptsetup.c:2730 +#: src/cryptsetup.c:3063 #, c-format msgid "This operation will convert %s to %s format.\n" msgstr "Ð¦Ñ Ð´Ñ–Ñ Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€Ð¸Ñ‚ÑŒ %s до формату %s.\n" -#: src/cryptsetup.c:2733 +#: src/cryptsetup.c:3066 msgid "Operation aborted, device was NOT converted.\n" msgstr "Дію перервано, дані приÑтрою ÐЕ перетворено.\n" -#: src/cryptsetup.c:2773 +#: src/cryptsetup.c:3106 msgid "Option --priority, --label or --subsystem is missing." msgstr "Пропущено параметр --priority, --label або --subsystem." -#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867 +#: src/cryptsetup.c:3140 src/cryptsetup.c:3180 src/cryptsetup.c:3200 #, c-format msgid "Token %d is invalid." msgstr "Жетон %d Ñ” некоректним." -#: src/cryptsetup.c:2810 src/cryptsetup.c:2870 +#: src/cryptsetup.c:3143 src/cryptsetup.c:3203 #, c-format msgid "Token %d in use." msgstr "Жетон %d викориÑтовуєтьÑÑ." -#: src/cryptsetup.c:2822 +#: src/cryptsetup.c:3155 #, c-format msgid "Failed to add luks2-keyring token %d." msgstr "Ðе вдалоÑÑ Ð´Ð¾Ð´Ð°Ñ‚Ð¸ жетон %d зі Ñховища ключів luks2." -#: src/cryptsetup.c:2833 src/cryptsetup.c:2896 +#: src/cryptsetup.c:3166 src/cryptsetup.c:3229 #, c-format msgid "Failed to assign token %d to keyslot %d." msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¸Ð²'Ñзати жетон %d до Ñлоту ключа %d." -#: src/cryptsetup.c:2850 +#: src/cryptsetup.c:3183 #, c-format msgid "Token %d is not in use." msgstr "Жетон %d не викориÑтовуєтьÑÑ." -#: src/cryptsetup.c:2887 +#: src/cryptsetup.c:3220 msgid "Failed to import token from file." msgstr "Ðе вдалоÑÑ Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ñ‚Ð¸ жетон з файла." -#: src/cryptsetup.c:2912 +#: src/cryptsetup.c:3245 #, c-format msgid "Failed to get token %d for export." msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ жетон %d Ð´Ð»Ñ ÐµÐºÑпортуваннÑ." -#: src/cryptsetup.c:2925 +#: src/cryptsetup.c:3258 #, c-format msgid "Token %d is not assigned to keyslot %d." msgstr "Жетон %d не пов'Ñзано зі Ñлотом ключа %d." -#: src/cryptsetup.c:2927 src/cryptsetup.c:2934 +#: src/cryptsetup.c:3260 src/cryptsetup.c:3267 #, c-format msgid "Failed to unassign token %d from keyslot %d." msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´Ð²'Ñзати жетон %d від Ñлоту ключа %d." -#: src/cryptsetup.c:2983 +#: src/cryptsetup.c:3326 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." msgstr "Підтримку параметрів --tcrypt-hidden, --tcrypt-system Ñ– --tcrypt-backup передбачено лише Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтроїв TCRYPT." -#: src/cryptsetup.c:2986 +#: src/cryptsetup.c:3329 msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." msgstr "Підтримку параметра --veracrypt або --disable-veracrypt передбачено лише Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтроїв TCRYPT." -#: src/cryptsetup.c:2989 +#: src/cryptsetup.c:3332 msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "Параметр --veracrypt-pim можна викориÑтовувати лише Ð´Ð»Ñ ÑуміÑних із VeraCrypt приÑтроїв." -#: src/cryptsetup.c:2993 +#: src/cryptsetup.c:3336 msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "Параметр --veracrypt-query-pim можна викориÑтовувати лише Ð´Ð»Ñ ÑуміÑних із VeraCrypt приÑтроїв." -#: src/cryptsetup.c:2995 +#: src/cryptsetup.c:3338 msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "Ðе можна поєднувати параметри --veracrypt-pim Ñ– --veracrypt-query-pim." -#: src/cryptsetup.c:3004 +#: src/cryptsetup.c:3347 msgid "Option --persistent is not allowed with --test-passphrase." msgstr "Параметр --persistent не можна викориÑтовувати разом із --test-passphrase." -#: src/cryptsetup.c:3007 +#: src/cryptsetup.c:3350 msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "Ðе можна поєднувати параметри --refresh Ñ– --test-passphrase." -#: src/cryptsetup.c:3010 +#: src/cryptsetup.c:3353 msgid "Option --shared is allowed only for open of plain device." msgstr "Параметр --shared можна викориÑтовувати лише Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ñ‚Ñ Ð½ÐµÐ·Ð°ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¾Ð³Ð¾ приÑтрою." -#: src/cryptsetup.c:3013 +#: src/cryptsetup.c:3356 msgid "Option --skip is supported only for open of plain and loopaes devices." msgstr "Підтримку параметра --skip передбачено лише Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ñ‚Ñ Ð½ÐµÐ·Ð°ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ… приÑтроїв та приÑтроїв loopaes." -#: src/cryptsetup.c:3016 +#: src/cryptsetup.c:3359 msgid "Option --offset with open action is only supported for plain and loopaes devices." msgstr "Підтримку параметра --offset разом із дією з Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ñ‚Ñ Ð¿ÐµÑ€ÐµÐ´Ð±Ð°Ñ‡ÐµÐ½Ð¾ лише Ð´Ð»Ñ Ð½ÐµÐ·Ð°ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ… приÑтроїв та приÑтроїв loopaes." -#: src/cryptsetup.c:3019 +#: src/cryptsetup.c:3362 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." msgstr "Параметр --tcrypt-hidden не можна поєднувати з --allow-discards." -#: src/cryptsetup.c:3023 +#: src/cryptsetup.c:3366 msgid "Sector size option with open action is supported only for plain devices." msgstr "Підтримку параметра розміру Ñектора разом із дією з Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ñ‚Ñ Ð¿ÐµÑ€ÐµÐ´Ð±Ð°Ñ‡ÐµÐ½Ð¾ лише Ð´Ð»Ñ Ð½ÐµÐ·Ð°ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ… приÑтроїв." -#: src/cryptsetup.c:3027 +#: src/cryptsetup.c:3370 msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "Підтримку можливоÑÑ‚Ñ– викориÑÑ‚Ð°Ð½Ð½Ñ Ð²ÐµÐ»Ð¸ÐºÐ¸Ñ… Ñекторів IV передбачено лише Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ñ‚Ñ Ð¿Ñ€Ð¸Ñтроїв проÑтого типу з розміром Ñектора, Ñкий перевищує 512 байтів." -#: src/cryptsetup.c:3032 +#: src/cryptsetup.c:3375 msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." msgstr "Параметр --test-passphrase можна викориÑтовувати лише Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ñ‚Ñ Ð¿Ñ€Ð¸Ñтроїв LUKS, TCRYPT, BITLK та FVAULT2." -#: src/cryptsetup.c:3035 src/cryptsetup.c:3058 +#: src/cryptsetup.c:3378 src/cryptsetup.c:3401 msgid "Options --device-size and --size cannot be combined." msgstr "Ðе можна одночаÑно викориÑтовувати параметри --device-size Ñ– --size." -#: src/cryptsetup.c:3038 +#: src/cryptsetup.c:3381 msgid "Option --unbound is allowed only for open of luks device." msgstr "Параметр --sunbound можна викориÑтовувати лише Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ñ‚Ñ Ð¿Ñ€Ð¸Ñтрою LUKS." -#: src/cryptsetup.c:3041 +#: src/cryptsetup.c:3384 msgid "Option --unbound cannot be used without --test-passphrase." msgstr "Параметр --unbound не можна викориÑтовувати без --test-passphrase." -#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755 +#: src/cryptsetup.c:3393 src/veritysetup.c:671 src/integritysetup.c:767 msgid "Options --cancel-deferred and --deferred cannot be used at the same time." msgstr "Ðе можна одночаÑно викориÑтовувати параметр --cancel-deferred Ñ– --deferred." -#: src/cryptsetup.c:3066 -msgid "Options --reduce-device-size and --data-size cannot be combined." -msgstr "Ðе можна одночаÑно викориÑтовувати параметри --reduce-device-size Ñ– --data-size." +#: src/cryptsetup.c:3409 +msgid "Options --reduce-device-size and --device-size cannot be combined." +msgstr "Ðе можна одночаÑно викориÑтовувати параметри --reduce-device-size Ñ– --device-size." -#: src/cryptsetup.c:3069 +#: src/cryptsetup.c:3412 msgid "Option --active-name can be set only for LUKS2 device." msgstr "Параметр --active-name можна вÑтановлювати лише Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтроїв LUKS2." -#: src/cryptsetup.c:3072 +#: src/cryptsetup.c:3415 msgid "Options --active-name and --force-offline-reencrypt cannot be combined." msgstr "Ðе можна одночаÑно викориÑтовувати параметри ---active-name Ñ– --force-offline-reencrypt." -#: src/cryptsetup.c:3080 src/cryptsetup.c:3110 +#: src/cryptsetup.c:3423 src/cryptsetup.c:3453 msgid "Keyslot specification is required." msgstr "Слід вказати ÑÐ¿ÐµÑ†Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ñлотів ключів." -#: src/cryptsetup.c:3088 +#: src/cryptsetup.c:3431 msgid "Options --align-payload and --offset cannot be combined." msgstr "Ðе можна одночаÑно викориÑтовувати параметри --align-payload Ñ– --offset." -#: src/cryptsetup.c:3091 +#: src/cryptsetup.c:3434 msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "Параметром --integrity-no-wipe можна кориÑтуватиÑÑ Ð»Ð¸ÑˆÐµ Ð´Ð»Ñ Ð´Ñ–Ñ— з Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ–Ð· розширеннÑм Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ñ†Ñ–Ð»Ñ–ÑноÑÑ‚Ñ–." -#: src/cryptsetup.c:3094 +#: src/cryptsetup.c:3437 msgid "Only one of --use-[u]random options is allowed." msgstr "Можна викориÑтовувати лише один з параметрів --use-[u]random." -#: src/cryptsetup.c:3102 +#: src/cryptsetup.c:3445 msgid "Key size is required with --unbound option." msgstr "Разом із параметром --unbound Ñлід вказувати розмір ключа." -#: src/cryptsetup.c:3122 +#: src/cryptsetup.c:3465 msgid "Invalid token action." msgstr "Ðекоректна Ð´Ñ–Ñ Ð· жетоном." -#: src/cryptsetup.c:3125 +#: src/cryptsetup.c:3468 msgid "--key-description parameter is mandatory for token add action." msgstr "Параметр --key-description Ñ” обов'Ñзковим Ð´Ð»Ñ Ð´Ñ–Ð¹ із Ð´Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ Ð¶ÐµÑ‚Ð¾Ð½Ñ–Ð²." -#: src/cryptsetup.c:3129 src/cryptsetup.c:3142 +#: src/cryptsetup.c:3472 src/cryptsetup.c:3485 msgid "Action requires specific token. Use --token-id parameter." msgstr "Ð”Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð´Ñ–Ñ— потрібен Ñпецифічний жетон. СкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ --token-id." -#: src/cryptsetup.c:3133 +#: src/cryptsetup.c:3476 msgid "Option --unbound is valid only with token add action." msgstr "Параметр --unbound можна викориÑтовувати лише разом із дією з Ð´Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ Ð¶ÐµÑ‚Ð¾Ð½Ð°." -#: src/cryptsetup.c:3135 +#: src/cryptsetup.c:3478 msgid "Options --key-slot and --unbound cannot be combined." msgstr "Ðе можна поєднувати параметри --key-slot Ñ– --unbound." -#: src/cryptsetup.c:3140 +#: src/cryptsetup.c:3483 msgid "Action requires specific keyslot. Use --key-slot parameter." msgstr "Ð”Ñ–Ñ Ð¿Ð¾Ñ‚Ñ€ÐµÐ±ÑƒÑ” Ð·Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñлоту ключа. СкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ --key-slot." -#: src/cryptsetup.c:3156 +#: src/cryptsetup.c:3499 msgid "<device> [--type <type>] [<name>]" msgstr "<приÑтрій> [--type <тип>] [<назва>]" -#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535 +#: src/cryptsetup.c:3499 src/veritysetup.c:491 src/integritysetup.c:544 msgid "open device as <name>" msgstr "відкрити приÑтрій Ñк <назва>" -#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159 -#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536 -#: src/integritysetup.c:537 src/integritysetup.c:539 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3501 src/cryptsetup.c:3502 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:545 +#: src/integritysetup.c:546 src/integritysetup.c:548 msgid "<name>" msgstr "<назва>" -#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536 +#: src/cryptsetup.c:3500 src/veritysetup.c:492 src/integritysetup.c:545 msgid "close device (remove mapping)" msgstr "закрити приÑтрій (вилучити призначеннÑ)" -#: src/cryptsetup.c:3158 src/integritysetup.c:539 +#: src/cryptsetup.c:3501 src/integritysetup.c:548 msgid "resize active device" msgstr "змінити розмір активного приÑтрою" -#: src/cryptsetup.c:3159 +#: src/cryptsetup.c:3502 msgid "show device status" msgstr "показати Ñтан приÑтрою" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "[--cipher <cipher>]" msgstr "[--cipher <шифр>]" -#: src/cryptsetup.c:3160 +#: src/cryptsetup.c:3503 msgid "benchmark cipher" msgstr "перевірити швидкодію шифруваннÑ" -#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163 -#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172 -#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175 -#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178 -#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181 +#: src/cryptsetup.c:3504 src/cryptsetup.c:3505 src/cryptsetup.c:3506 +#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3515 +#: src/cryptsetup.c:3516 src/cryptsetup.c:3517 src/cryptsetup.c:3518 +#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521 +#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524 msgid "<device>" msgstr "<приÑтрій>" -#: src/cryptsetup.c:3161 +#: src/cryptsetup.c:3504 msgid "try to repair on-disk metadata" msgstr "Ñпробувати виправити метадані на диÑку" -#: src/cryptsetup.c:3162 +#: src/cryptsetup.c:3505 msgid "reencrypt LUKS2 device" msgstr "повторно зашифрувати приÑтрій LUKS2" -#: src/cryptsetup.c:3163 +#: src/cryptsetup.c:3506 msgid "erase all keyslots (remove encryption key)" msgstr "витерти уÑÑ– Ñлоти ключів (вилучити ключ шифруваннÑ)" -#: src/cryptsetup.c:3164 +#: src/cryptsetup.c:3507 msgid "convert LUKS from/to LUKS2 format" msgstr "перетворити LUKS із формату LUKS2 або навпаки" -#: src/cryptsetup.c:3165 +#: src/cryptsetup.c:3508 msgid "set permanent configuration options for LUKS2" msgstr "вÑтановити Ñталі параметри Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ LUKS2" -#: src/cryptsetup.c:3166 src/cryptsetup.c:3167 +#: src/cryptsetup.c:3509 src/cryptsetup.c:3510 msgid "<device> [<new key file>]" msgstr "<приÑтрій> [<новий файл ключа>]" -#: src/cryptsetup.c:3166 +#: src/cryptsetup.c:3509 msgid "formats a LUKS device" msgstr "форматує приÑтрій LUKS" -#: src/cryptsetup.c:3167 +#: src/cryptsetup.c:3510 msgid "add key to LUKS device" msgstr "додати ключ до приÑтрою LUKS" -#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170 +#: src/cryptsetup.c:3511 src/cryptsetup.c:3512 src/cryptsetup.c:3513 msgid "<device> [<key file>]" msgstr "<приÑтрій> [<файл ключа>]" -#: src/cryptsetup.c:3168 +#: src/cryptsetup.c:3511 msgid "removes supplied key or key file from LUKS device" msgstr "вилучає наданий ключ або файл ключа з приÑтрою LUKS" -#: src/cryptsetup.c:3169 +#: src/cryptsetup.c:3512 msgid "changes supplied key or key file of LUKS device" msgstr "змінює наданий ключ або файл ключа приÑтрою LUKS" -#: src/cryptsetup.c:3170 +#: src/cryptsetup.c:3513 msgid "converts a key to new pbkdf parameters" msgstr "перетворює ключ до нових параметрів pbkdf" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "<device> <key slot>" msgstr "<приÑтрій> <Ñлот ключа>" -#: src/cryptsetup.c:3171 +#: src/cryptsetup.c:3514 msgid "wipes key with number <key slot> from LUKS device" msgstr "вилучає ключ з номером <Ñлот ключа> з приÑтрою LUKS" -#: src/cryptsetup.c:3172 +#: src/cryptsetup.c:3515 msgid "print UUID of LUKS device" msgstr "вивеÑти UUID приÑтрою LUKS" -#: src/cryptsetup.c:3173 +#: src/cryptsetup.c:3516 msgid "tests <device> for LUKS partition header" msgstr "виконати Ñпробу виÑÐ²Ð»ÐµÐ½Ð½Ñ Ð·Ð°Ð³Ð¾Ð»Ð¾Ð²ÐºÐ° розділу LUKS на приÑтрої <приÑтрій>" -#: src/cryptsetup.c:3174 +#: src/cryptsetup.c:3517 msgid "dump LUKS partition information" msgstr "Ñтворити дамп даних щодо розділу LUKS" -#: src/cryptsetup.c:3175 +#: src/cryptsetup.c:3518 msgid "dump TCRYPT device information" msgstr "Ñтворити дамп даних приÑтрою TCRYPT" -#: src/cryptsetup.c:3176 +#: src/cryptsetup.c:3519 msgid "dump BITLK device information" msgstr "Ñтворити дамп даних приÑтрою BITLK" -#: src/cryptsetup.c:3177 +#: src/cryptsetup.c:3520 msgid "dump FVAULT2 device information" msgstr "Ñтворити дамп даних приÑтрою FVAULT2" -#: src/cryptsetup.c:3178 +#: src/cryptsetup.c:3521 msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "ПриÑпати приÑтрій LUKS Ñ– витерти ключ (роботу вÑÑ–Ñ… каналів введеннÑ-Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð±ÑƒÐ´Ðµ заморожено)" -#: src/cryptsetup.c:3179 +#: src/cryptsetup.c:3522 msgid "Resume suspended LUKS device" msgstr "Відновити роботу приÑпаного приÑтрою LUKS" -#: src/cryptsetup.c:3180 +#: src/cryptsetup.c:3523 msgid "Backup LUKS device header and keyslots" msgstr "Створити резервну копію заголовка приÑтрою LUKS Ñ– Ñлотів ключів" -#: src/cryptsetup.c:3181 +#: src/cryptsetup.c:3524 msgid "Restore LUKS device header and keyslots" msgstr "Відновити заголовок приÑтрою LUKS Ñ– Ñлоти ключів" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "<add|remove|import|export> <device>" msgstr "<add|remove|import|export> <приÑтрій>" -#: src/cryptsetup.c:3182 +#: src/cryptsetup.c:3525 msgid "Manipulate LUKS2 tokens" msgstr "ÐšÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¶ÐµÑ‚Ð¾Ð½Ð°Ð¼Ð¸ LUKS2" -#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554 +#: src/cryptsetup.c:3544 src/veritysetup.c:509 src/integritysetup.c:563 msgid "" "\n" "<action> is one of:\n" @@ -2581,7 +2819,7 @@ msgstr "" "\n" "<діÑ> Ñ” однією з таких:\n" -#: src/cryptsetup.c:3207 +#: src/cryptsetup.c:3550 msgid "" "\n" "You can also use old <action> syntax aliases:\n" @@ -2594,7 +2832,7 @@ msgstr "" "\tвідкрити: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" "\tзакрити: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" -#: src/cryptsetup.c:3211 +#: src/cryptsetup.c:3554 #, c-format msgid "" "\n" @@ -2609,7 +2847,7 @@ msgstr "" "<Ñлот ключа> — номер Ñлота ключа LUKS, Ñкий Ñлід змінити\n" "<файл ключа> — необов’Ñзковий файл ключа Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ ключа Ð´Ð»Ñ Ð´Ñ–Ñ— luksAddKey\n" -#: src/cryptsetup.c:3218 +#: src/cryptsetup.c:3561 #, c-format msgid "" "\n" @@ -2618,29 +2856,28 @@ msgstr "" "\n" "Типовий укомпільований формат метаданих — %s (Ð´Ð»Ñ Ð´Ñ–Ñ— luksFormat).\n" -#: src/cryptsetup.c:3223 src/cryptsetup.c:3226 -#, c-format +#: src/cryptsetup.c:3566 msgid "" "\n" -"LUKS2 external token plugin support is %s.\n" +"LUKS2 external token plugin support is enabled.\n" msgstr "" "\n" -"Підтримка додатків зовнішніх жетонів LUKS2 — %s.\n" - -#: src/cryptsetup.c:3223 -msgid "compiled-in" -msgstr "вбудована" +"Підтримку додатків зовнішніх жетонів LUKS2 увімкнено.\n" -#: src/cryptsetup.c:3224 +#: src/cryptsetup.c:3567 #, c-format msgid "LUKS2 external token plugin path: %s.\n" msgstr "ШлÑÑ… до теки додатків зовнішніх жетонів LUKS2: %s.\n" -#: src/cryptsetup.c:3226 -msgid "disabled" -msgstr "вимкнено" +#: src/cryptsetup.c:3569 +msgid "" +"\n" +"LUKS2 external token plugin support is disabled.\n" +msgstr "" +"\n" +"Підтримку додатків зовнішніх жетонів LUKS2 вимкнено.\n" -#: src/cryptsetup.c:3230 +#: src/cryptsetup.c:3573 #, c-format msgid "" "\n" @@ -2657,7 +2894,7 @@ msgstr "" "Типовий PBKDF Ð´Ð»Ñ LUKS2: %s\n" "\tÐ§Ð°Ñ Ñ–Ñ‚ÐµÑ€Ð°Ñ†Ñ–Ñ—: %d, потрібний обÑÑг пам'ÑÑ‚Ñ–: %d кБ, паралельних потоків: %d\n" -#: src/cryptsetup.c:3241 +#: src/cryptsetup.c:3584 #, c-format msgid "" "\n" @@ -2672,96 +2909,100 @@ msgstr "" "\tзвичайне: %s, ключ: %d-бітовий, Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ: %s\n" "\tLUKS: %s, ключ: %d-бітовий, Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð³Ð¾Ð»Ð¾Ð²ÐºÐ° LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:3250 +#: src/cryptsetup.c:3593 msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" msgstr "\tLUKS: типовий розмір ключа у режимі XTS (два вбудованих ключа) буде подвоєно.\n" -#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711 +#: src/cryptsetup.c:3611 src/veritysetup.c:651 src/integritysetup.c:723 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: Ñлід вказати у параметрах %s" -#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198 +#: src/cryptsetup.c:3651 src/utils_reencrypt_luks1.c:1198 msgid "Key slot is invalid." msgstr "Ðекоректний Ñлот ключа." -#: src/cryptsetup.c:3335 +#: src/cryptsetup.c:3678 msgid "Device size must be multiple of 512 bytes sector." msgstr "Розмір приÑтрою має бути кратним до 512-байтового Ñектора." -#: src/cryptsetup.c:3340 +#: src/cryptsetup.c:3683 msgid "Invalid max reencryption hotzone size specification." msgstr "Ðекоректна ÑÐ¿ÐµÑ†Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ñ€Ð¾Ð·Ð¼Ñ–Ñ€Ñƒ «гарÑчої» ділÑнки повторного шифруваннÑ." -#: src/cryptsetup.c:3354 src/cryptsetup.c:3366 +#: src/cryptsetup.c:3697 src/cryptsetup.c:3709 msgid "Key size must be a multiple of 8 bits" msgstr "Розмір ключа має бути кратним 8 бітам" -#: src/cryptsetup.c:3371 +#: src/cryptsetup.c:3714 msgid "Maximum device reduce size is 1 GiB." msgstr "МакÑимальний розмір Ð·Ð¼ÐµÐ½ÑˆÐµÐ½Ð½Ñ Ñ€Ð¾Ð·Ð¼Ñ–Ñ€Ñƒ приÑтрою дорівнює 1 ГіБ." -#: src/cryptsetup.c:3374 +#: src/cryptsetup.c:3717 msgid "Reduce size must be multiple of 512 bytes sector." msgstr "Розмір Ð·Ð¼ÐµÐ½ÑˆÐµÐ½Ð½Ñ Ð¼Ð°Ñ” бути кратним до 512-байтового Ñектора." -#: src/cryptsetup.c:3391 +#: src/cryptsetup.c:3734 msgid "Option --priority can be only ignore/normal/prefer." msgstr "ЗначеннÑм Ð´Ð»Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° --priority може бути лише один з таких Ñ€Ñдків: ignore, normal або prefer." -#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634 +#: src/cryptsetup.c:3753 src/veritysetup.c:572 src/integritysetup.c:643 msgid "Show this help message" msgstr "Показати цю довідку" -#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635 +#: src/cryptsetup.c:3754 src/veritysetup.c:573 src/integritysetup.c:644 msgid "Display brief usage" msgstr "Показати короткі наÑтанови щодо кориÑтуваннÑ" -#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636 +#: src/cryptsetup.c:3755 src/veritysetup.c:574 src/integritysetup.c:645 msgid "Print package version" msgstr "ВивеÑти дані щодо верÑÑ–Ñ— пакунка" -#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647 +#: src/cryptsetup.c:3766 src/veritysetup.c:585 src/integritysetup.c:656 msgid "Help options:" msgstr "Пункти довідки:" -#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664 +#: src/cryptsetup.c:3789 src/veritysetup.c:606 src/integritysetup.c:676 msgid "[OPTION...] <action> <action-specific>" msgstr "[ПÐÐ ÐМЕТР...] <діÑ> <параметри_дії>" -#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675 +#: src/cryptsetup.c:3798 src/veritysetup.c:615 src/integritysetup.c:687 msgid "Argument <action> missing." msgstr "Ðе вказано аргумент <діÑ>." -#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706 +#: src/cryptsetup.c:3877 src/veritysetup.c:646 src/integritysetup.c:718 msgid "Unknown action." msgstr "Ðевідома діÑ." -#: src/cryptsetup.c:3546 +#: src/cryptsetup.c:3895 msgid "Option --key-file takes precedence over specified key file argument." msgstr "Параметр --key-file має пріоритет над вказаним параметром файла ключа." -#: src/cryptsetup.c:3552 +#: src/cryptsetup.c:3901 msgid "Only one --key-file argument is allowed." msgstr "Можна викориÑтовувати лише один аргумент --key-file." -#: src/cryptsetup.c:3557 +#: src/cryptsetup.c:3906 msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." msgstr "Функцією Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° на оÑнові Ð¿Ð°Ñ€Ð¾Ð»Ñ (PBKDF) може бути лише pbkdf2 або argon2i/argon2id." -#: src/cryptsetup.c:3562 +#: src/cryptsetup.c:3911 msgid "PBKDF forced iterations cannot be combined with iteration time option." msgstr "ПримуÑові ітерації PBKDF не можна поєднувати із параметром тривалоÑÑ‚Ñ– ітерацій." -#: src/cryptsetup.c:3573 +#: src/cryptsetup.c:3916 +msgid "Cannot link volume key to a keyring when keyring is disabled." +msgstr "Ðеможливо пов'Ñзати ключ тому зі Ñховищем ключів, Ñкщо Ñховище ключів вимкнено." + +#: src/cryptsetup.c:3927 msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "Параметри --keyslot-cipher Ñ– --keyslot-key-size має бути викориÑтано разом." -#: src/cryptsetup.c:3581 +#: src/cryptsetup.c:3935 msgid "No action taken. Invoked with --test-args option.\n" msgstr "Дій не виконано. Викликано із параметром --test-args.\n" -#: src/cryptsetup.c:3594 +#: src/cryptsetup.c:3948 msgid "Cannot disable metadata locking." msgstr "Ðе вдалоÑÑ Ð²Ð¸Ð¼ÐºÐ½ÑƒÑ‚Ð¸ Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¼ÐµÑ‚Ð°Ð´Ð°Ð½Ð¸Ñ…." @@ -2826,7 +3067,7 @@ msgstr "Ð”Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ потрібен <коренеРmsgid "<data_device> <hash_device>" msgstr "<приÑтрій_даних> <приÑтрій_хешу>" -#: src/veritysetup.c:489 src/integritysetup.c:534 +#: src/veritysetup.c:489 src/integritysetup.c:543 msgid "format device" msgstr "форматувати приÑтрій" @@ -2842,7 +3083,7 @@ msgstr "перевірити приÑтрій" msgid "<data_device> <name> <hash_device> [<root_hash>]" msgstr "<приÑтрій_даних> <назва> <приÑтрій_хешу> [<кореневий_хеш>]" -#: src/veritysetup.c:493 src/integritysetup.c:537 +#: src/veritysetup.c:493 src/integritysetup.c:546 msgid "show active device status" msgstr "показати Ñтан активного приÑтрою" @@ -2850,7 +3091,7 @@ msgstr "показати Ñтан активного приÑтрою" msgid "<hash_device>" msgstr "<приÑтрій_хешу>" -#: src/veritysetup.c:494 src/integritysetup.c:538 +#: src/veritysetup.c:494 src/integritysetup.c:547 msgid "show on-disk information" msgstr "показати вбудовані дані" @@ -2880,11 +3121,11 @@ msgstr "" "Типові вбудовані параметри dm-verity:\n" "\tхеш: %s, блок даних (у байтах): %u, блок хешу (у байтах): %u, розмір Ñолі: %u, формат хешуваннÑ: %u\n" -#: src/veritysetup.c:658 +#: src/veritysetup.c:661 msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "Параметри --ignore-corruption Ñ– --restart-on-corruption не можна викориÑтовувати одночаÑно." -#: src/veritysetup.c:663 +#: src/veritysetup.c:666 msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." msgstr "Параметри --panic-on-corruption Ñ– --restart-on-corruption не можна викориÑтовувати одночаÑно." @@ -2897,29 +3138,29 @@ msgstr "" "Дані на %s Ñ– %s буде перезапиÑано без можливоÑÑ‚Ñ– відновленнÑ.\n" "Щоб зберегти приÑтрій даних, ÑкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ --no-wipe (а потім активуйте за допомогою --integrity-recalculate)." -#: src/integritysetup.c:212 +#: src/integritysetup.c:217 #, c-format msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "Форматовано із розміром мітки %u, Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ñ†Ñ–Ð»Ñ–ÑніÑÑ‚ÑŒ %s.\n" -#: src/integritysetup.c:289 +#: src/integritysetup.c:298 msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." msgstr "Підтримки вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð¿Ð¾Ñ€Ñ†Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ обчиÑÐ»ÐµÐ½Ð½Ñ Ð½Ðµ передбачено. Вам варто розглÑнути можливіÑÑ‚ÑŒ викориÑÑ‚Ð°Ð½Ð½Ñ --wipe." -#: src/integritysetup.c:364 src/integritysetup.c:521 +#: src/integritysetup.c:373 src/integritysetup.c:530 #, c-format msgid "Device %s is not a valid INTEGRITY device." msgstr "ПриÑтрій %s не Ñ” коректним приÑтроєм INTEGRITY." -#: src/integritysetup.c:534 src/integritysetup.c:538 +#: src/integritysetup.c:543 src/integritysetup.c:547 msgid "<integrity_device>" msgstr "<приÑтрій_ціліÑноÑÑ‚Ñ–>" -#: src/integritysetup.c:535 +#: src/integritysetup.c:544 msgid "<integrity_device> <name>" msgstr "<приÑтрій_ціліÑноÑÑ‚Ñ–> <назва>" -#: src/integritysetup.c:558 +#: src/integritysetup.c:567 #, c-format msgid "" "\n" @@ -2930,7 +3171,7 @@ msgstr "" "<назва> Ñ” приÑтроєм, Ñкий Ñлід Ñтворити у %s\n" "<приÑтрій_ціліÑноÑÑ‚Ñ–> Ñ” приÑтроєм, на Ñкому зберігаютьÑÑ Ð´Ð°Ð½Ñ– із мітками ціліÑноÑÑ‚Ñ–\n" -#: src/integritysetup.c:563 +#: src/integritysetup.c:572 #, c-format msgid "" "\n" @@ -2943,40 +3184,40 @@ msgstr "" "\tÐлгоритм обчиÑÐ»ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»ÑŒÐ½Ð¾Ñ— Ñуми: %s\n" "\tМакÑимальний розмір файла ключа: %d кБ\n" -#: src/integritysetup.c:620 +#: src/integritysetup.c:629 #, c-format msgid "Invalid --%s size. Maximum is %u bytes." msgstr "Ðекоректний розмір --%s. МакÑимальний розмір дорівнює %u байтів." -#: src/integritysetup.c:720 +#: src/integritysetup.c:732 msgid "Both key file and key size options must be specified." msgstr "Ðе можна одночаÑно вказувати параметри файла ключа Ñ– розміру ключа." -#: src/integritysetup.c:724 +#: src/integritysetup.c:736 msgid "Both journal integrity key file and key size options must be specified." msgstr "Ðе можна одночаÑно вказувати параметри файла ключа ціліÑноÑÑ‚Ñ– журналу Ñ– розміру ключа." -#: src/integritysetup.c:727 +#: src/integritysetup.c:739 msgid "Journal integrity algorithm must be specified if journal integrity key is used." msgstr "Якщо викориÑтано ключ ціліÑноÑÑ‚Ñ– журналу, має бути вказано алгоритм Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ñ†Ñ–Ð»Ñ–ÑноÑÑ‚Ñ– журналу." -#: src/integritysetup.c:731 +#: src/integritysetup.c:743 msgid "Both journal encryption key file and key size options must be specified." msgstr "Ðе можна одночаÑно вказувати параметри файла ключа ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñƒ Ñ– розміру ключа." -#: src/integritysetup.c:734 +#: src/integritysetup.c:746 msgid "Journal encryption algorithm must be specified if journal encryption key is used." msgstr "Якщо викориÑтано ключ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñƒ, має бути вказано алгоритм Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñƒ." -#: src/integritysetup.c:738 +#: src/integritysetup.c:750 msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "Ðе можна поєднувати параметри Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ– бітової карти." -#: src/integritysetup.c:745 +#: src/integritysetup.c:757 msgid "Journal options cannot be used in bitmap mode." msgstr "Параметри журналу у режимі бітової карти викориÑтовувати не можна." -#: src/integritysetup.c:750 +#: src/integritysetup.c:762 msgid "Bitmap options can be used only in bitmap mode." msgstr "Параметри бітової карти можна викориÑтовувати лише у режимі бітового карти." @@ -3188,58 +3429,58 @@ msgstr "" msgid "Password quality check failed: Bad passphrase (%s)" msgstr "Помилка під Ñ‡Ð°Ñ Ñпроби оцінити ÑкіÑÑ‚ÑŒ паролÑ: некоректний пароль (%s)" -#: src/utils_password.c:230 src/utils_password.c:244 +#: src/utils_password.c:231 src/utils_password.c:245 msgid "Error reading passphrase from terminal." msgstr "Помилка під Ñ‡Ð°Ñ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð· термінала." -#: src/utils_password.c:242 +#: src/utils_password.c:243 msgid "Verify passphrase: " msgstr "Перевірка паролÑ: " -#: src/utils_password.c:249 +#: src/utils_password.c:250 msgid "Passphrases do not match." msgstr "Паролі не збігаютьÑÑ." -#: src/utils_password.c:287 +#: src/utils_password.c:288 msgid "Cannot use offset with terminal input." msgstr "Ðе можна викориÑтовувати відÑтуп у даних, що надходÑÑ‚ÑŒ з термінала." -#: src/utils_password.c:291 +#: src/utils_password.c:292 #, c-format msgid "Enter passphrase: " msgstr "Введіть пароль: " -#: src/utils_password.c:294 +#: src/utils_password.c:295 #, c-format msgid "Enter passphrase for %s: " msgstr "Введіть пароль до %s: " -#: src/utils_password.c:328 +#: src/utils_password.c:329 msgid "No key available with this passphrase." msgstr "Ð”Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð½ÐµÐ¼Ð°Ñ” відповідного ключа." -#: src/utils_password.c:330 +#: src/utils_password.c:331 msgid "No usable keyslot is available." msgstr "Ðемає доÑтупних придатних до кориÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñлотів ключів." -#: src/utils_luks.c:67 +#: src/utils_luks.c:68 msgid "Can't do passphrase verification on non-tty inputs." msgstr "Перевірку паролів не можна виконувати на оÑнові вхідних даних, Ñкі надходÑÑ‚ÑŒ не з tty." -#: src/utils_luks.c:182 +#: src/utils_luks.c:183 #, c-format msgid "Failed to open file %s in read-only mode." msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ файл %s у режимі лише читаннÑ." -#: src/utils_luks.c:195 +#: src/utils_luks.c:196 msgid "Provide valid LUKS2 token JSON:\n" msgstr "Ðадайте коректний жетон JSON LUKS2:\n" -#: src/utils_luks.c:202 +#: src/utils_luks.c:203 msgid "Failed to read JSON file." msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ файл JSON." -#: src/utils_luks.c:207 +#: src/utils_luks.c:208 msgid "" "\n" "Read interrupted." @@ -3247,12 +3488,12 @@ msgstr "" "\n" "Ð§Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÑ€Ð²Ð°Ð½Ð¾." -#: src/utils_luks.c:248 +#: src/utils_luks.c:249 #, c-format msgid "Failed to open file %s in write mode." msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ файл %s у режимі запиÑу." -#: src/utils_luks.c:257 +#: src/utils_luks.c:258 msgid "" "\n" "Write interrupted." @@ -3260,7 +3501,7 @@ msgstr "" "\n" "Ð—Ð°Ð¿Ð¸Ñ Ð¿ÐµÑ€ÐµÑ€Ð²Ð°Ð½Ð¾." -#: src/utils_luks.c:261 +#: src/utils_luks.c:262 msgid "Failed to write JSON file." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð¿Ð¸Ñати файл JSON." @@ -3327,15 +3568,19 @@ msgstr "ПриÑтрій потребує Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" msgstr "ПриÑтрій %s вже перебуває у Ñтані повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2. Хочете відновити раніше ініціалізовану дію?" -#: src/utils_reencrypt.c:353 +#: src/utils_reencrypt.c:416 msgid "Legacy LUKS2 reencryption is no longer supported." msgstr "Підтримки заÑтарілого повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2 більше не передбачено." -#: src/utils_reencrypt.c:418 +#: src/utils_reencrypt.c:421 +msgid "Can not reencrypt LUKS2 device configured to use OPAL." +msgstr "Ðеможливо повторно зашифрувати приÑтрій LUKS2, Ñкий налаштовано на викориÑÑ‚Ð°Ð½Ð½Ñ OPAL." + +#: src/utils_reencrypt.c:427 msgid "Reencryption of device with integrity profile is not supported." msgstr "Підтримки повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¸Ñтрою із профілем ціліÑноÑÑ‚Ñ– не передбачено." -#: src/utils_reencrypt.c:449 +#: src/utils_reencrypt.c:464 #, c-format msgid "" "Requested --sector-size %<PRIu32> is incompatible with %s superblock\n" @@ -3344,103 +3589,103 @@ msgstr "" "Вказаний --sector-size %<PRIu32> Ñ” неÑуміÑним із Ñуперблоком %s\n" "(розмір блоку: %<PRIu32> байтів), Ñкий виÑвлено на приÑтрої %s." -#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391 +#: src/utils_reencrypt.c:533 src/utils_reencrypt.c:1412 msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "Ð¨Ð¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð±ÐµÐ· від'єднаного заголовка (--header) Ñ” неможливим без Ð·Ð¼ÐµÐ½ÑˆÐµÐ½Ð½Ñ Ñ€Ð¾Ð·Ð¼Ñ–Ñ€Ñƒ приÑтрою Ð·Ð±ÐµÑ€Ñ–Ð³Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… (--reduce-device-size)." -#: src/utils_reencrypt.c:525 +#: src/utils_reencrypt.c:540 msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." msgstr "Вказаний зÑув даних має бути меншим або рівним половині Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° --reduce-device-size." -#: src/utils_reencrypt.c:535 +#: src/utils_reencrypt.c:550 #, c-format msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n" msgstr "Коригуємо Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ --reduce-device-size до подвійного Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ --offset %<PRIu64> (у Ñекторах).\n" -#: src/utils_reencrypt.c:565 +#: src/utils_reencrypt.c:580 #, c-format msgid "Temporary header file %s already exists. Aborting." msgstr "Файл тимчаÑового заголовка %s вже Ñ–Ñнує. Перериваємо обробку." -#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574 +#: src/utils_reencrypt.c:582 src/utils_reencrypt.c:589 #, c-format msgid "Cannot create temporary header file %s." msgstr "Ðе вдалоÑÑ Ñтворити файл тимчаÑового заголовка %s." -#: src/utils_reencrypt.c:599 +#: src/utils_reencrypt.c:614 msgid "LUKS2 metadata size is larger than data shift value." msgstr "Розмір метаданих LUKS2 перевищує Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ñуву даних." -#: src/utils_reencrypt.c:636 +#: src/utils_reencrypt.c:651 #, c-format msgid "Failed to place new header at head of device %s." msgstr "Ðе вдалоÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñтити новий заголовок на початку приÑтрою %s." -#: src/utils_reencrypt.c:646 +#: src/utils_reencrypt.c:661 #, c-format msgid "%s/%s is now active and ready for online encryption.\n" msgstr "%s/%s задіÑно, ÑиÑтема готова до інтерактивного шифруваннÑ.\n" -#: src/utils_reencrypt.c:682 +#: src/utils_reencrypt.c:697 #, c-format msgid "Active device %s is not LUKS2." msgstr "Ðктивний приÑтрій %s не Ñ” приÑтроєм LUKS2." -#: src/utils_reencrypt.c:710 +#: src/utils_reencrypt.c:725 msgid "Restoring original LUKS2 header." msgstr "Відновлюємо початковий заголовок LUKS2." -#: src/utils_reencrypt.c:718 +#: src/utils_reencrypt.c:733 msgid "Original LUKS2 header restore failed." msgstr "Спроба Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð¾Ñ‡Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ð³Ð¾ заголовка LUKS2 зазнала невдачі." -#: src/utils_reencrypt.c:744 +#: src/utils_reencrypt.c:759 #, c-format msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" msgstr "Файла заголовка %s не Ñ–Ñнує. Хочете ініціалізувати Ñ€Ð¾Ð·ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2 приÑтрою %s Ñ– екÑпортувати заголовок LUKS2 до файла %s?" -#: src/utils_reencrypt.c:792 +#: src/utils_reencrypt.c:807 msgid "Failed to add read/write permissions to exported header file." msgstr "Ðе вдалоÑÑ Ð´Ð¾Ð´Ð°Ñ‚Ð¸ права доÑтупу Ð´Ð»Ñ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ-запиÑу до екÑпортованого файла заголовка." -#: src/utils_reencrypt.c:845 +#: src/utils_reencrypt.c:860 #, c-format msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ повторне шифруваннÑ. Резервна ÐºÐ¾Ð¿Ñ–Ñ Ð·Ð°Ð³Ð¾Ð»Ð¾Ð²ÐºÐ° перебуває у %s." -#: src/utils_reencrypt.c:873 +#: src/utils_reencrypt.c:888 msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "Підтримку Ñ€Ð¾Ð·ÑˆÐ¸Ñ„Ñ€Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2 передбачено лише Ð´Ð»Ñ Ð¿Ñ€Ð¸Ñтроїв із від'єднаним заголовком (із вÑтановленим нульовим відÑтупом даних)." -#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017 +#: src/utils_reencrypt.c:1023 src/utils_reencrypt.c:1032 msgid "Not enough free keyslots for reencryption." msgstr "ÐедоÑтатньо вільних Ñлотів ключів Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ шифруваннÑ." -#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100 +#: src/utils_reencrypt.c:1053 src/utils_reencrypt_luks1.c:1100 msgid "Key file can be used only with --key-slot or with exactly one key slot active." msgstr "Файлом ключа можна кориÑтуватиÑÑ Ð»Ð¸ÑˆÐµ з --key-slot, або Ñкщо активним Ñ” лише один Ñлот ключа." -#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt.c:1062 src/utils_reencrypt_luks1.c:1147 #: src/utils_reencrypt_luks1.c:1158 #, c-format msgid "Enter passphrase for key slot %d: " msgstr "Вкажіть пароль Ð´Ð»Ñ Ñлоту ключа %d: " -#: src/utils_reencrypt.c:1059 +#: src/utils_reencrypt.c:1074 #, c-format msgid "Enter passphrase for key slot %u: " msgstr "Вкажіть пароль Ð´Ð»Ñ Ñлоту ключа %u: " -#: src/utils_reencrypt.c:1111 +#: src/utils_reencrypt.c:1126 #, c-format msgid "Switching data encryption cipher to %s.\n" msgstr "ПеремикаємоÑÑ Ð½Ð° ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… %s.\n" -#: src/utils_reencrypt.c:1165 +#: src/utils_reencrypt.c:1180 msgid "No data segment parameters changed. Reencryption aborted." msgstr "Ðе змінено параметри Ñегмента даних. Повторне ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÑ€Ð²Ð°Ð½Ð¾." -#: src/utils_reencrypt.c:1267 +#: src/utils_reencrypt.c:1282 msgid "" "Encryption sector size increase on offline device is not supported.\n" "Activate the device first or use --force-offline-reencrypt option (dangerous!)." @@ -3448,7 +3693,7 @@ msgstr "" "Підтримки Ð·Ð±Ñ–Ð»ÑŒÑˆÐµÐ½Ð½Ñ Ñ€Ð¾Ð·Ð¼Ñ–Ñ€Ñƒ Ñектора ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° вимкненому приÑтрої не передбачено.\n" "Спочатку активуйте приÑтрій або ÑкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ --force-offline-reencrypt (небезпечно!)." -#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt.c:1322 src/utils_reencrypt_luks1.c:726 #: src/utils_reencrypt_luks1.c:798 msgid "" "\n" @@ -3457,62 +3702,62 @@ msgstr "" "\n" "Повторне ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÑ€Ð²Ð°Ð½Ð¾." -#: src/utils_reencrypt.c:1312 +#: src/utils_reencrypt.c:1327 msgid "Resuming LUKS reencryption in forced offline mode.\n" msgstr "Відновлюємо повторне ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS у примуÑовому вимкненому режимі.\n" -#: src/utils_reencrypt.c:1329 +#: src/utils_reencrypt.c:1350 #, c-format msgid "Device %s contains broken LUKS metadata. Aborting operation." msgstr "Ðа приÑтрої %s міÑÑ‚ÑÑ‚ÑŒÑÑ Ð¿Ð¾ÑˆÐºÐ¾Ð´Ð¶ÐµÐ½Ñ– метадані LUKS. Перериваємо дію." -#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367 +#: src/utils_reencrypt.c:1366 src/utils_reencrypt.c:1388 #, c-format msgid "Device %s is already LUKS device. Aborting operation." msgstr "ПриÑтрій %s вже Ñ” приÑтроєм LUKS. Перериваємо дію." -#: src/utils_reencrypt.c:1373 +#: src/utils_reencrypt.c:1394 #, c-format msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "ПриÑтрій %s вже перебуває у Ñтані повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS. Перериваємо дію." -#: src/utils_reencrypt.c:1453 +#: src/utils_reencrypt.c:1476 msgid "LUKS2 decryption requires --header option." msgstr "Ð”Ð»Ñ Ñ€Ð¾Ð·ÑˆÐ¸Ñ„Ñ€Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2 потрібен параметр --header." -#: src/utils_reencrypt.c:1501 +#: src/utils_reencrypt.c:1524 msgid "Command requires device as argument." msgstr "Комарні Ñлід передати аргумент приÑтрою." -#: src/utils_reencrypt.c:1514 +#: src/utils_reencrypt.c:1537 #, c-format msgid "Conflicting versions. Device %s is LUKS1." msgstr "Конфлікт верÑій. ПриÑтрій %s Ñ” приÑтроєм LUKS1." -#: src/utils_reencrypt.c:1520 +#: src/utils_reencrypt.c:1543 #, c-format msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "Конфлікт верÑій. ПриÑтрій %s перебуває у Ñтані повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS1." -#: src/utils_reencrypt.c:1526 +#: src/utils_reencrypt.c:1549 #, c-format msgid "Conflicting versions. Device %s is LUKS2." msgstr "Конфлікт верÑій. ПриÑтрій %s Ñ” приÑтроєм LUKS2." -#: src/utils_reencrypt.c:1532 +#: src/utils_reencrypt.c:1555 #, c-format msgid "Conflicting versions. Device %s is in LUKS2 reencryption." msgstr "Конфлікт верÑій. ПриÑтрій %s перебуває у Ñтані повторного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2." -#: src/utils_reencrypt.c:1538 +#: src/utils_reencrypt.c:1561 msgid "LUKS2 reencryption already initialized. Aborting operation." msgstr "Вже ініційовано повторне ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ LUKS2. Перериваємо Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð´Ñ–Ñ—." -#: src/utils_reencrypt.c:1545 +#: src/utils_reencrypt.c:1568 msgid "Device reencryption not in progress." msgstr "Повторне ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¸Ñтрою не виконуєтьÑÑ." -#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287 +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:295 #, c-format msgid "Cannot exclusively open %s, device in use." msgstr "Ðе можна відкрити %s у виключному режимі, приÑтрій вже викориÑтовуєтьÑÑ." @@ -3648,35 +3893,35 @@ msgstr "ПопередженнÑ: приÑтрій %s вже міÑтить пі msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" msgstr "ПопередженнÑ: приÑтрій %s вже міÑтить Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ñуперблоку «%s».\n" -#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344 +#: src/utils_blockdev.c:219 src/utils_blockdev.c:302 src/utils_blockdev.c:354 msgid "Failed to initialize device signature probes." msgstr "Ðе вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ Ð·Ð¾Ð½Ð´ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñів приÑтроїв." -#: src/utils_blockdev.c:274 +#: src/utils_blockdev.c:282 #, c-format msgid "Failed to stat device %s." msgstr "Ðе вдалоÑÑ Ð·Ñ–Ð±Ñ€Ð°Ñ‚Ð¸ ÑтатиÑтичні дані щодо приÑтрою %s." -#: src/utils_blockdev.c:289 +#: src/utils_blockdev.c:297 #, c-format msgid "Failed to open file %s in read/write mode." msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ файл %s у режимі читаннÑ-запиÑу." -#: src/utils_blockdev.c:307 +#: src/utils_blockdev.c:317 #, c-format msgid "Existing '%s' partition signature on device %s will be wiped." msgstr "ÐаÑвний Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ñ€Ð¾Ð·Ð´Ñ–Ð»Ñƒ «%s» на приÑтрої %s буде витерто." -#: src/utils_blockdev.c:310 +#: src/utils_blockdev.c:320 #, c-format msgid "Existing '%s' superblock signature on device %s will be wiped." msgstr "ÐаÑвний Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ñуперблоку «%s» на приÑтрої %s буде витерто." -#: src/utils_blockdev.c:313 +#: src/utils_blockdev.c:323 msgid "Failed to wipe device signature." msgstr "Ðе вдалоÑÑ Ð²Ð¸Ñ‚ÐµÑ€Ñ‚Ð¸ Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð¿Ñ€Ð¸Ñтрою." -#: src/utils_blockdev.c:320 +#: src/utils_blockdev.c:330 #, c-format msgid "Failed to probe device %s for a signature." msgstr "Ðе вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ Ð·Ð¾Ð½Ð´ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¸Ñтрою %s з метою виÑÐ²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñу." @@ -3691,11 +3936,11 @@ msgstr "Ðекоректна ÑÐ¿ÐµÑ†Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ñ€Ð¾Ð·Ð¼Ñ–Ñ€Ñƒ у пара msgid "Option --%s is not allowed with %s action." msgstr "Параметр --%s не можна викориÑтовувати разом із дією %s." -#: tokens/ssh/cryptsetup-ssh.c:110 +#: tokens/ssh/cryptsetup-ssh.c:123 msgid "Failed to write ssh token json." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð¿Ð¸Ñати JSON жетона ssh." -#: tokens/ssh/cryptsetup-ssh.c:128 +#: tokens/ssh/cryptsetup-ssh.c:141 msgid "" "Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" "\n" @@ -3711,105 +3956,109 @@ msgstr "" "\n" "ЗауваженнÑ: дані, Ñкі надано при додаванні жетона (адреÑа Ñервера SSH, кориÑтувач та шлÑхи) буде збережено у заголовку LUKS2 у форматі звичайного текÑту." -#: tokens/ssh/cryptsetup-ssh.c:138 +#: tokens/ssh/cryptsetup-ssh.c:151 msgid "<action> <device>" msgstr "<діÑ> <приÑтрій>" -#: tokens/ssh/cryptsetup-ssh.c:141 +#: tokens/ssh/cryptsetup-ssh.c:154 msgid "Options for the 'add' action:" msgstr "Параметри дії «add» (додати):" -#: tokens/ssh/cryptsetup-ssh.c:142 +#: tokens/ssh/cryptsetup-ssh.c:155 msgid "IP address/URL of the remote server for this token" msgstr "IP-адреÑа/Ðазва віддаленого Ñервера Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ жетона" -#: tokens/ssh/cryptsetup-ssh.c:143 +#: tokens/ssh/cryptsetup-ssh.c:156 msgid "Username used for the remote server" msgstr "Ім'Ñ ÐºÐ¾Ñ€Ð¸Ñтувача Ð´Ð»Ñ Ð´Ð¾Ñтупу до віддаленого Ñервера" -#: tokens/ssh/cryptsetup-ssh.c:144 +#: tokens/ssh/cryptsetup-ssh.c:157 msgid "Path to the key file on the remote server" msgstr "ШлÑÑ… до файла ключа на віддаленому Ñервері" -#: tokens/ssh/cryptsetup-ssh.c:145 +#: tokens/ssh/cryptsetup-ssh.c:158 msgid "Path to the SSH key for connecting to the remote server" msgstr "ШлÑÑ… до ключа SSH Ð´Ð»Ñ Ð·'Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ñ–Ð· віддаленим Ñервером" -#: tokens/ssh/cryptsetup-ssh.c:146 +#: tokens/ssh/cryptsetup-ssh.c:160 +msgid "Path to directory containinig libcryptsetup external tokens" +msgstr "ШлÑÑ… до каталогу, що міÑтить зовнішні жетони libcryptsetup" + +#: tokens/ssh/cryptsetup-ssh.c:161 msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." msgstr "Слот ключа Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð²'ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ð¶ÐµÑ‚Ð¾Ð½Ð°. Якщо не вказано, жетон буде пов'Ñзано із першим Ñлотом ключа, Ñкий відповідає наданому паролю." -#: tokens/ssh/cryptsetup-ssh.c:148 +#: tokens/ssh/cryptsetup-ssh.c:163 msgid "Generic options:" msgstr "Загальні параметри:" -#: tokens/ssh/cryptsetup-ssh.c:149 +#: tokens/ssh/cryptsetup-ssh.c:164 msgid "Shows more detailed error messages" msgstr "Показувати докладні Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ помилки" -#: tokens/ssh/cryptsetup-ssh.c:150 +#: tokens/ssh/cryptsetup-ssh.c:165 msgid "Show debug messages" msgstr "Показувати діагноÑтичні повідомленнÑ" -#: tokens/ssh/cryptsetup-ssh.c:151 +#: tokens/ssh/cryptsetup-ssh.c:166 msgid "Show debug messages including JSON metadata" msgstr "Показувати діагноÑтичні повідомленнÑ, зокрема метадані JSON" -#: tokens/ssh/cryptsetup-ssh.c:262 +#: tokens/ssh/cryptsetup-ssh.c:281 msgid "Failed to open and import private key:\n" msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ Ñ– імпортувати закритий ключ:\n" -#: tokens/ssh/cryptsetup-ssh.c:266 +#: tokens/ssh/cryptsetup-ssh.c:285 msgid "Failed to import private key (password protected?).\n" msgstr "Ðе вдалоÑÑ Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ñ‚Ð¸ закритий ключ (захищено паролем?).\n" #. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " -#: tokens/ssh/cryptsetup-ssh.c:268 +#: tokens/ssh/cryptsetup-ssh.c:287 #, c-format msgid "%s@%s's password: " msgstr "Пароль до %s@%s: " -#: tokens/ssh/cryptsetup-ssh.c:357 +#: tokens/ssh/cryptsetup-ssh.c:376 #, c-format msgid "Failed to parse arguments.\n" msgstr "Ðе вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ аргументи.\n" -#: tokens/ssh/cryptsetup-ssh.c:368 +#: tokens/ssh/cryptsetup-ssh.c:387 #, c-format msgid "An action must be specified\n" msgstr "Має бути вказано дію\n" -#: tokens/ssh/cryptsetup-ssh.c:374 +#: tokens/ssh/cryptsetup-ssh.c:393 #, c-format msgid "Device must be specified for '%s' action.\n" msgstr "Ð”Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð´Ñ–Ñ— «%s» має бути вказано приÑтрій.\n" -#: tokens/ssh/cryptsetup-ssh.c:379 +#: tokens/ssh/cryptsetup-ssh.c:398 #, c-format msgid "SSH server must be specified for '%s' action.\n" msgstr "Ð”Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð´Ñ–Ñ— «%s» має бути вказано Ñервер SSH.\n" -#: tokens/ssh/cryptsetup-ssh.c:384 +#: tokens/ssh/cryptsetup-ssh.c:403 #, c-format msgid "SSH user must be specified for '%s' action.\n" msgstr "Ð”Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð´Ñ–Ñ— «%s» має бути вказано кориÑтувача SSH.\n" -#: tokens/ssh/cryptsetup-ssh.c:389 +#: tokens/ssh/cryptsetup-ssh.c:408 #, c-format msgid "SSH path must be specified for '%s' action.\n" msgstr "Ð”Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð´Ñ–Ñ— «%s» має бути вказано шлÑÑ… до SSH.\n" -#: tokens/ssh/cryptsetup-ssh.c:394 +#: tokens/ssh/cryptsetup-ssh.c:413 #, c-format msgid "SSH key path must be specified for '%s' action.\n" msgstr "Ð”Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð´Ñ–Ñ— «%s» має бути вказано шлÑÑ… до ключа SSH.\n" -#: tokens/ssh/cryptsetup-ssh.c:401 +#: tokens/ssh/cryptsetup-ssh.c:420 #, c-format msgid "Failed open %s using provided credentials.\n" msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ %s за допомогою наданих реєÑтраційних даних.\n" -#: tokens/ssh/cryptsetup-ssh.c:417 +#: tokens/ssh/cryptsetup-ssh.c:437 #, c-format msgid "Only 'add' action is currently supported by this plugin.\n" msgstr "У поточній верÑÑ–Ñ— цього додатка передбачено підтримку лише дії «add» (додати0.\n" @@ -3854,6 +4103,12 @@ msgstr "Ðа вузлі заборонено ÑпоÑіб розпізнаван msgid "Public key authentication error: " msgstr "Помилка Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ Ð·Ð° відкритим ключем: " +#~ msgid "compiled-in" +#~ msgstr "вбудована" + +#~ msgid "disabled" +#~ msgstr "вимкнено" + #~ msgid "WARNING: Data offset is outside of currently available data device.\n" #~ msgstr "Увага: відÑтуп у даних виходить за межі поточного доÑтупного приÑтрою Ð´Ð»Ñ Ð·Ð±ÐµÑ€Ñ–Ð³Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ….\n" @@ -3878,9 +4133,6 @@ msgstr "Помилка Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ Ð·Ð° відкритим клю #~ msgid "Failed to disable reencryption requirement flag." #~ msgstr "Ðе вдалоÑÑ Ð²Ð¸Ð¼ÐºÐ½ÑƒÑ‚Ð¸ прапорець вимоги повторного шифруваннÑ." -#~ msgid "Encryption is supported only for LUKS2 format." -#~ msgstr "Підтримку ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÐ´Ð±Ð°Ñ‡ÐµÐ½Ð¾ лише Ð´Ð»Ñ Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚Ñƒ LUKS2." - #~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" #~ msgstr "ВиÑвлено приÑтрій LUKS на %s. Хочете зашифрувати цей приÑтрій LUKS знову?" diff --git a/po/zh_CN.po b/po/zh_CN.po index 5ab96fb..c6c5d98 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -3,14 +3,14 @@ # This file is distributed under the same license as the cryptsetup package. # Mingcong Bai <jeffbai@aosc.xyz>, 2015. # Mingye Wang <arthur200126@gmail.com>, 2015. -# Boyuan Yang <073plan@gmail.com>, 2018. +# Boyuan Yang <073plan@gmail.com>, 2018, 2023. # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 2.0.3.1\n" -"Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2018-04-26 22:11+0200\n" -"PO-Revision-Date: 2018-04-27 22:41+0800\n" +"Project-Id-Version: cryptsetup 2.7.0-rc0\n" +"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n" +"POT-Creation-Date: 2023-11-29 09:21+0100\n" +"PO-Revision-Date: 2023-12-01 10:37-0500\n" "Last-Translator: Boyuan Yang <073plan@gmail.com>\n" "Language-Team: Chinese (simplified) <i18n-zh@googlegroups.com>\n" "Language: zh_CN\n" @@ -18,47 +18,86 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Bugs: Report translation errors to the Language-Team address.\n" -"X-Generator: Poedit 2.0.6\n" +"X-Generator: Poedit 2.4.3\n" "Plural-Forms: nplurals=1; plural=0;\n" -#: lib/libdevmapper.c:331 +#: lib/libdevmapper.c:419 msgid "Cannot initialize device-mapper, running as non-root user." msgstr "æ— æ³•åˆå§‹åŒ–è®¾å¤‡æ˜ å°„å™¨ï¼Œæ£ä½œä¸ºéž root 用户è¿è¡Œã€‚" -#: lib/libdevmapper.c:334 +#: lib/libdevmapper.c:422 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "æ— æ³•åˆå§‹åŒ–è®¾å¤‡æ˜ å°„å™¨ã€‚dm_mod å†…æ ¸æ¨¡å—装载了å—?" -#: lib/libdevmapper.c:938 +#: lib/libdevmapper.c:1103 msgid "Requested deferred flag is not supported." msgstr "ä¸æ”¯æŒè¯·æ±‚的推迟(deferredï¼‰æ ‡è®°ã€‚" -#: lib/libdevmapper.c:1003 +#: lib/libdevmapper.c:1172 #, c-format msgid "DM-UUID for device %s was truncated." msgstr "设备 %s çš„ DM-UUID 被截æ–。" -#: lib/libdevmapper.c:1223 +#: lib/libdevmapper.c:1510 +msgid "Unknown dm target type." +msgstr "未知的 dm ç›®æ ‡ç±»åž‹ã€‚" + +#: lib/libdevmapper.c:1629 lib/libdevmapper.c:1635 lib/libdevmapper.c:1738 +#: lib/libdevmapper.c:1741 msgid "Requested dm-crypt performance options are not supported." msgstr "ä¸æ”¯æŒè¯·æ±‚çš„ dm-crypt 性能选项。" -#: lib/libdevmapper.c:1230 +#: lib/libdevmapper.c:1644 lib/libdevmapper.c:1656 msgid "Requested dm-verity data corruption handling options are not supported." msgstr "ä¸æ”¯æŒè¯·æ±‚çš„ dm-verity æ•°æ®æŸå处ç†é€‰é¡¹ã€‚" -#: lib/libdevmapper.c:1234 +#: lib/libdevmapper.c:1650 +msgid "Requested dm-verity tasklets option is not supported." +msgstr "ä¸æ”¯æŒè¯·æ±‚çš„ dm-verity FEC 选项。" + +#: lib/libdevmapper.c:1662 msgid "Requested dm-verity FEC options are not supported." msgstr "ä¸æ”¯æŒè¯·æ±‚çš„ dm-verity FEC 选项。" -#: lib/libdevmapper.c:1238 +#: lib/libdevmapper.c:1668 msgid "Requested data integrity options are not supported." msgstr "ä¸æ”¯æŒè¯·æ±‚çš„æ•°æ®å®Œæ•´æ€§é€‰é¡¹ã€‚" -#: lib/libdevmapper.c:1240 +#: lib/libdevmapper.c:1672 msgid "Requested sector_size option is not supported." msgstr "ä¸æ”¯æŒè¯·æ±‚çš„ sector_size 选项。" -#: lib/random.c:80 +#: lib/libdevmapper.c:1677 +#, fuzzy +#| msgid "Device %s size is not aligned to requested sector size (%u bytes)." +msgid "The device size is not multiple of the requested sector size." +msgstr "设备 %s 的大å°æ²¡æœ‰å’Œè¯·æ±‚的扇区大å°å¯¹é½ï¼ˆ%u å—节)。" + +#: lib/libdevmapper.c:1684 lib/libdevmapper.c:1690 +#, fuzzy +#| msgid "Requested data integrity options are not supported." +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "ä¸æ”¯æŒè¯·æ±‚çš„æ•°æ®å®Œæ•´æ€§é€‰é¡¹ã€‚" + +#: lib/libdevmapper.c:1696 lib/libdevmapper.c:1744 lib/libdevmapper.c:1747 +#: lib/luks2/luks2_json_metadata.c:2742 +#, fuzzy +#| msgid "Hash algorithm %s not supported." +msgid "Discard/TRIM is not supported." +msgstr "ä¸æ”¯æŒå“ˆå¸Œç®—法 %s。" + +#: lib/libdevmapper.c:1702 +#, fuzzy +#| msgid "Requested data integrity options are not supported." +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "ä¸æ”¯æŒè¯·æ±‚çš„æ•°æ®å®Œæ•´æ€§é€‰é¡¹ã€‚" + +#: lib/libdevmapper.c:2738 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "" + +#: lib/random.c:73 msgid "" "System is out of entropy while generating volume key.\n" "Please move mouse or type some text in another window to gather some random events.\n" @@ -66,518 +105,848 @@ msgstr "" "系统在生æˆå·å¯†é’¥æ—¶ç†µä¸è¶³ã€‚\n" "请éšæ„ç§»åŠ¨é¼ æ ‡æˆ–æ˜¯åœ¨åˆ«çš„çª—å£æ‰“å—,以便生æˆéšæœºäº‹ä»¶è®©ç³»ç»Ÿä½¿ç”¨ã€‚\n" -#: lib/random.c:84 +#: lib/random.c:77 #, c-format msgid "Generating key (%d%% done).\n" msgstr "æ£ç”Ÿæˆå¯†é’¥ï¼ˆ%d%% 已完æˆï¼‰\n" -#: lib/random.c:170 +#: lib/random.c:163 msgid "Running in FIPS mode." msgstr "在 FIPS 模å¼ä¸‹è¿è¡Œã€‚" -#: lib/random.c:176 +#: lib/random.c:169 msgid "Fatal error during RNG initialisation." msgstr "éšæœºæ•°ç”Ÿæˆå™¨åˆå§‹åŒ–æ—¶å‘生致命错误。" -#: lib/random.c:213 +#: lib/random.c:207 msgid "Unknown RNG quality requested." msgstr "未知的éšæœºæ•°ç”Ÿæˆå™¨è´¨é‡è¯·æ±‚。" -#: lib/random.c:218 +#: lib/random.c:212 msgid "Error reading from RNG." msgstr "从éšæœºæ•°ç”Ÿæˆå™¨ï¼ˆRNG)读å–时出错。" -#: lib/setup.c:203 +#: lib/setup.c:261 +msgid "OPAL support is disabled in libcryptsetup." +msgstr "OPAL 支æŒåœ¨ libcryptsetup ä¸è¢«ç¦ç”¨ã€‚" + +#: lib/setup.c:263 +#, c-format +msgid "Device %s or kernel does not support OPAL encryption." +msgstr "设备 %s æˆ–å†…æ ¸ä¸æ”¯æŒ OPAL åŠ å¯†ã€‚" + +#: lib/setup.c:279 msgid "Cannot initialize crypto RNG backend." msgstr "æ— æ³•åˆå§‹åŒ–åŠ å¯†éšæœºæ•°ç”Ÿæˆå™¨åŽç«¯ã€‚" -#: lib/setup.c:209 +#: lib/setup.c:285 msgid "Cannot initialize crypto backend." msgstr "æ— æ³•åˆå§‹åŒ–åŠ å¯†åŽç«¯ã€‚" -#: lib/setup.c:240 lib/setup.c:1766 lib/verity/verity.c:123 +#: lib/setup.c:316 lib/setup.c:2766 lib/verity/verity.c:122 #, c-format msgid "Hash algorithm %s not supported." msgstr "ä¸æ”¯æŒå“ˆå¸Œç®—法 %s。" -#: lib/setup.c:243 lib/loopaes/loopaes.c:90 +#: lib/setup.c:319 lib/loopaes/loopaes.c:90 #, c-format msgid "Key processing error (using hash %s)." msgstr "密钥处ç†é”™è¯¯ï¼ˆä½¿ç”¨æ•£åˆ— %s)。" -#: lib/setup.c:304 lib/setup.c:331 +#: lib/setup.c:390 lib/setup.c:427 msgid "Cannot determine device type. Incompatible activation of device?" msgstr "æ— æ³•ç¡®å®šè®¾å¤‡ç±»åž‹ã€‚ä¸å…¼å®¹çš„设备激活?" -#: lib/setup.c:310 lib/setup.c:2326 +#: lib/setup.c:396 lib/setup.c:3959 msgid "This operation is supported only for LUKS device." msgstr "æ¤æ“作åªé€‚用 LUKS 设备。" -#: lib/setup.c:337 +#: lib/setup.c:433 msgid "This operation is supported only for LUKS2 device." msgstr "æ¤æ“作åªé€‚用 LUKS2 设备。" -#: lib/setup.c:382 +#: lib/setup.c:490 lib/luks2/luks2_reencrypt.c:3056 msgid "All key slots full." msgstr "密钥槽全都满了。" -#: lib/setup.c:393 +#: lib/setup.c:501 #, c-format msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "密钥槽 %d æ— æ•ˆï¼Œè¯·é€‰æ‹© 0 到 %d é—´çš„æ•°å—。" -#: lib/setup.c:399 +#: lib/setup.c:507 #, c-format msgid "Key slot %d is full, please select another one." msgstr "密钥槽 %d 满了,请选择å¦ä¸€ä¸ªã€‚" -#: lib/setup.c:597 +#: lib/setup.c:618 lib/setup.c:3661 +msgid "Device size is not aligned to device logical block size." +msgstr "设备的大å°æ²¡æœ‰å’Œè®¾å¤‡é€»è¾‘å—大å°å¯¹é½ã€‚" + +#: lib/setup.c:716 #, c-format msgid "Header detected but device %s is too small." msgstr "æ£€æµ‹åˆ°æ ‡å¤´ä½†è®¾å¤‡ %s 太å°ã€‚" -#: lib/setup.c:616 +#: lib/setup.c:757 lib/setup.c:3552 lib/setup.c:5134 +#: lib/luks2/luks2_reencrypt.c:3848 lib/luks2/luks2_reencrypt.c:4305 msgid "This operation is not supported for this device type." msgstr "ä¸æ”¯æŒåœ¨è¿™ç±»è®¾å¤‡ä¸Šæ‰§è¡Œæ¤æ“作。" -#: lib/setup.c:1239 lib/setup.c:2066 lib/setup.c:3300 +#: lib/setup.c:762 +msgid "Illegal operation with reencryption in-progress." +msgstr "æ£åœ¨è¿›è¡Œé‡åŠ 密ä¸çš„éžæ³•æ“作。" + +#: lib/setup.c:894 +#, fuzzy +#| msgid "Failed to read LUKS2 requirements." +msgid "Failed to rollback LUKS2 metadata in memory." +msgstr "è¯»å– LUKS2 需求时失败。" + +#: lib/setup.c:981 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527 +#: lib/luks2/luks2_json_metadata.c:1374 src/cryptsetup.c:1799 +#: src/cryptsetup.c:1962 src/cryptsetup.c:2017 src/cryptsetup.c:2222 +#: src/cryptsetup.c:2392 src/cryptsetup.c:2673 src/cryptsetup.c:2981 +#: src/cryptsetup.c:3049 src/utils_reencrypt.c:1488 +#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:85 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "%s ä¸æ˜¯æœ‰æ•ˆçš„ LUKS 设备。" + +#: lib/setup.c:984 lib/luks1/keymanage.c:530 +#, c-format +msgid "Unsupported LUKS version %d." +msgstr "ä¸æ”¯æŒçš„ LUKS 版本 %d。" + +#: lib/setup.c:1357 +#, fuzzy, c-format +#| msgid "No known cipher specification pattern detected.\n" +msgid "No known cipher specification pattern detected for active device %s." +msgstr "未探测到已知的密文特å¾ã€‚\n" + +#: lib/setup.c:1603 lib/setup.c:3306 lib/setup.c:3388 lib/setup.c:3400 +#: lib/setup.c:3570 lib/setup.c:5721 #, c-format msgid "Device %s is not active." msgstr "设备 %s 未激活。" -#: lib/setup.c:1256 +#: lib/setup.c:1620 #, c-format msgid "Underlying device for crypt device %s disappeared." msgstr "åŠ å¯†è®¾å¤‡ %s 下层的设备消失了。" -#: lib/setup.c:1336 +#: lib/setup.c:1702 msgid "Invalid plain crypt parameters." msgstr "æ— æ•ˆçš„çº¯åŠ å¯†é€‰é¡¹ã€‚" -#: lib/setup.c:1341 lib/setup.c:1680 src/integritysetup.c:68 +#: lib/setup.c:1707 lib/setup.c:2669 msgid "Invalid key size." msgstr "æ— æ•ˆçš„å¯†é’¥å¤§å°ã€‚" -#: lib/setup.c:1346 lib/setup.c:1685 lib/setup.c:1876 +#: lib/setup.c:1712 lib/setup.c:2674 lib/setup.c:2877 msgid "UUID is not supported for this crypt type." msgstr "æ¤åŠ 密类型ä¸æ”¯æŒ UUID。" -#: lib/setup.c:1356 lib/setup.c:1500 src/cryptsetup.c:950 +#: lib/setup.c:1717 lib/setup.c:2679 +#, fuzzy +#| msgid "UUID is not supported for this crypt type." +msgid "Detached metadata device is not supported for this crypt type." +msgstr "æ¤åŠ 密类型ä¸æ”¯æŒ UUID。" + +#: lib/setup.c:1727 lib/setup.c:1962 lib/luks2/luks2_reencrypt.c:3012 +#: src/cryptsetup.c:1467 src/cryptsetup.c:3726 msgid "Unsupported encryption sector size." msgstr "ä¸æ”¯æŒçš„åŠ å¯†æ‰‡åŒºå¤§å°ã€‚" -#: lib/setup.c:1402 lib/setup.c:1494 +#: lib/setup.c:1735 lib/setup.c:1991 lib/setup.c:3655 +#, fuzzy +#| msgid "Device %s size is not aligned to requested sector size (%u bytes)." +msgid "Device size is not aligned to requested sector size." +msgstr "设备 %s 的大å°æ²¡æœ‰å’Œè¯·æ±‚的扇区大å°å¯¹é½ï¼ˆ%u å—节)。" + +#: lib/setup.c:1787 lib/setup.c:2024 lib/setup.c:2355 msgid "Can't format LUKS without device." msgstr "æ— æ³•åœ¨æ²¡æœ‰è®¾å¤‡çš„æƒ…å†µä¸‹æ ¼å¼åŒ– LUKS。" -#: lib/setup.c:1464 lib/setup.c:1617 lib/setup.c:1888 +#: lib/setup.c:1793 lib/setup.c:2030 lib/setup.c:2361 +msgid "Requested data alignment is not compatible with data offset." +msgstr "" + +#: lib/setup.c:1833 lib/setup.c:2048 +msgid "WARNING: DAX device can corrupt data as it does not guarantee atomic sector updates.\n" +msgstr "" + +#: lib/setup.c:1871 lib/setup.c:2143 lib/setup.c:2164 lib/setup.c:2539 +#: lib/setup.c:2579 lib/setup.c:2889 #, c-format msgid "Cannot wipe header on device %s." msgstr "æ— æ³•å°†è®¾å¤‡ %s ä¸Šçš„æ ‡å¤´æ“¦é™¤ã€‚" -#: lib/setup.c:1523 +#: lib/setup.c:1884 lib/setup.c:2203 +#, c-format +msgid "Device %s is too small for activation, there is no remaining space for data.\n" +msgstr "" + +#: lib/setup.c:1924 msgid "Volume key is too small for encryption with integrity extensions." msgstr "å·å¯†é’¥å¯¹äºŽå¸¦å®Œæ•´æ€§æ ¡éªŒæ‰©å±•çš„åŠ å¯†è€Œè¨€è¿‡å°ã€‚" -#: lib/setup.c:1530 lib/utils_device.c:599 +#: lib/setup.c:1933 +#, fuzzy, c-format +#| msgid "Cipher %s is not available.\n" +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "密文 %s ä¸å¯ç”¨ã€‚\n" + +#: lib/setup.c:1972 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "" + +#: lib/setup.c:2146 lib/setup.c:2482 lib/setup.c:2542 lib/utils_device.c:917 +#: lib/luks1/keyencryption.c:255 lib/luks2/luks2_reencrypt.c:3080 +#: lib/luks2/luks2_reencrypt.c:4364 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted)." -msgstr "æ— æ³•ä½¿ç”¨æ£è¢«ä½¿ç”¨çš„设备 %sï¼ˆå·²è¢«æ˜ å°„æˆ–æŒ‚è½½ï¼‰ã€‚" +msgid "Device %s is too small." +msgstr "设备 %s 太å°ã€‚" -#: lib/setup.c:1610 +#: lib/setup.c:2157 lib/setup.c:2183 lib/setup.c:2572 lib/setup.c:2618 #, c-format -msgid "Cannot format device %s which is still in use." +msgid "Cannot format device %s in use." msgstr "æ— æ³•æ ¼å¼åŒ–æ£åœ¨ä½¿ç”¨çš„设备 %s。" -#: lib/setup.c:1613 lib/setup.c:1648 +#: lib/setup.c:2160 lib/setup.c:2186 lib/setup.c:2575 lib/setup.c:2621 #, c-format msgid "Cannot format device %s, permission denied." msgstr "æ— æ³•æ ¼å¼åŒ–设备 %s,æƒé™è¢«æ‹’ç»ã€‚" -#: lib/setup.c:1625 lib/luks2/luks2_json_metadata.c:863 -#: lib/luks2/luks2_json_metadata.c:1141 lib/luks2/luks2_keyslot.c:429 -#: lib/luks2/luks2_keyslot_luks2.c:40 lib/luks2/luks2_keyslot_luks2.c:69 -#, c-format -msgid "Failed to acquire write lock on device %s." -msgstr "æ— æ³•èŽ·å–设备 %s 上的写入é”。" - -#: lib/setup.c:1633 lib/setup.c:1940 +#: lib/setup.c:2172 lib/setup.c:2592 lib/setup.c:2949 #, fuzzy, c-format #| msgid "Cannot write device %s.\n" msgid "Cannot format integrity for device %s." msgstr "æ— æ³•å†™å…¥è®¾å¤‡ %s。\n" -#: lib/setup.c:1645 -#, c-format -msgid "Cannot format device %s in use." -msgstr "æ— æ³•æ ¼å¼åŒ–æ£åœ¨ä½¿ç”¨çš„设备 %s。" - -#: lib/setup.c:1652 +#: lib/setup.c:2190 lib/setup.c:2629 #, c-format msgid "Cannot format device %s." msgstr "æ— æ³•æ ¼å¼åŒ–设备 %s。" -#: lib/setup.c:1675 +#: lib/setup.c:2233 +msgid "Cannot get OPAL alignment parameters." +msgstr "" + +#: lib/setup.c:2242 +msgid "Bogus OPAL logical block size." +msgstr "" + +#: lib/setup.c:2248 +msgid "Requested data offset is not compatible with OPAL block size." +msgstr "" + +#: lib/setup.c:2255 +msgid "Requested data alignment is not compatible with OPAL alignment." +msgstr "" + +#: lib/setup.c:2275 +msgid "Data offset does not satisfy OPAL alignment requirements." +msgstr "" + +#: lib/setup.c:2288 +msgid "Requested data alignment does not satisfy locking range alignment requirements." +msgstr "" + +#: lib/setup.c:2492 +#, c-format +msgid "Compensating device size by %<PRIu64> sectors to align it with OPAL alignment granularity." +msgstr "" + +#: lib/setup.c:2553 +msgid "Incorrect OPAL Admin key." +msgstr "OPAL 管ç†å¯†é’¥ä¸æ£ç¡®ã€‚" + +#: lib/setup.c:2555 +msgid "Cannot setup OPAL segment." +msgstr "" + +#: lib/setup.c:2625 +#, fuzzy, c-format +#| msgid "Cannot format device %s, permission denied." +msgid "Cannot format device %s, OPAL device seems to be fully write-protected now." +msgstr "æ— æ³•æ ¼å¼åŒ–设备 %s,æƒé™è¢«æ‹’ç»ã€‚" + +#: lib/setup.c:2627 +msgid "This is perhaps a bug in firmware. Run OPAL PSID reset and reconnect for recovery." +msgstr "" + +#: lib/setup.c:2645 +#, c-format +msgid "Locking range %d reset on device %s failed." +msgstr "" + +#: lib/setup.c:2664 msgid "Can't format LOOPAES without device." msgstr "æ— æ³•åœ¨æ²¡æœ‰è®¾å¤‡çš„æƒ…å†µä¸‹æ ¼å¼åŒ– LOOPAES。" -#: lib/setup.c:1715 +#: lib/setup.c:2709 msgid "Can't format VERITY without device." msgstr "æ— æ³•åœ¨æ²¡æœ‰è®¾å¤‡çš„æƒ…å†µä¸‹æ ¼å¼åŒ– VERIFY。" -#: lib/setup.c:1723 lib/verity/verity.c:106 +#: lib/setup.c:2720 lib/verity/verity.c:101 #, c-format msgid "Unsupported VERITY hash type %d." msgstr "ä¸æ”¯æŒçš„ VERITY 哈希类型 %d。" -#: lib/setup.c:1729 lib/verity/verity.c:114 +#: lib/setup.c:2726 lib/verity/verity.c:109 msgid "Unsupported VERITY block size." msgstr "ä¸æ”¯æŒçš„ VERITY å—大å°ã€‚" -#: lib/setup.c:1734 lib/verity/verity.c:75 +#: lib/setup.c:2731 lib/verity/verity.c:74 msgid "Unsupported VERITY hash offset." msgstr "ä¸æ”¯æŒçš„ VERITY 哈希å移é‡ã€‚" -#: lib/setup.c:1739 +#: lib/setup.c:2736 msgid "Unsupported VERITY FEC offset." msgstr "ä¸æ”¯æŒçš„ VERITY 哈希å移é‡ã€‚" -#: lib/setup.c:1760 +#: lib/setup.c:2760 msgid "Data area overlaps with hash area." msgstr "æ•°æ®åŒºåŸŸé‡å 覆盖了哈希区域。" -#: lib/setup.c:1785 +#: lib/setup.c:2785 msgid "Hash area overlaps with FEC area." msgstr "哈希区域é‡å 覆盖了 FEC 区域。" -#: lib/setup.c:1792 +#: lib/setup.c:2792 msgid "Data area overlaps with FEC area." msgstr "æ•°æ®åŒºåŸŸé‡å 覆盖了 FEC 区域。" -#: lib/setup.c:1997 +#: lib/setup.c:2928 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "" + +#: lib/setup.c:3007 #, c-format msgid "Unknown crypt device type %s requested." msgstr "è¯·æ±‚äº†æœªçŸ¥çš„åŠ å¯†è®¾å¤‡ç±»åž‹ %s。" -#: lib/setup.c:2098 +#: lib/setup.c:3314 lib/setup.c:3393 lib/setup.c:3406 +#, fuzzy, c-format +#| msgid "Cannot wipe header on device %s." +msgid "Unsupported parameters on device %s." +msgstr "æ— æ³•å°†è®¾å¤‡ %s ä¸Šçš„æ ‡å¤´æ“¦é™¤ã€‚" + +#: lib/setup.c:3320 lib/setup.c:3413 lib/luks2/luks2_reencrypt.c:2908 +#: lib/luks2/luks2_reencrypt.c:3145 lib/luks2/luks2_reencrypt.c:3540 +#, fuzzy, c-format +#| msgid "Cannot wipe header on device %s." +msgid "Mismatching parameters on device %s." +msgstr "æ— æ³•å°†è®¾å¤‡ %s ä¸Šçš„æ ‡å¤´æ“¦é™¤ã€‚" + +#: lib/setup.c:3437 +msgid "Crypt devices mismatch." +msgstr "" + +#: lib/setup.c:3474 lib/setup.c:3479 lib/luks2/luks2_reencrypt.c:2390 +#: lib/luks2/luks2_reencrypt.c:2924 lib/luks2/luks2_reencrypt.c:4109 +#, c-format +msgid "Failed to reload device %s." +msgstr "é‡æ–°åŠ 载设备 %s 失败。" + +#: lib/setup.c:3485 lib/setup.c:3491 lib/luks2/luks2_reencrypt.c:2361 +#: lib/luks2/luks2_reencrypt.c:2368 lib/luks2/luks2_reencrypt.c:2938 +#, fuzzy, c-format +#| msgid "Failed to acquire read lock on device %s." +msgid "Failed to suspend device %s." +msgstr "æ— æ³•èŽ·å–设备 %s 的读å–é”。" + +#: lib/setup.c:3497 lib/luks2/luks2_reencrypt.c:2375 +#: lib/luks2/luks2_reencrypt.c:2959 lib/luks2/luks2_reencrypt.c:4022 +#: lib/luks2/luks2_reencrypt.c:4113 +#, fuzzy, c-format +#| msgid "Failed to open temporary keystore device.\n" +msgid "Failed to resume device %s." +msgstr "打开临时密钥å˜å‚¨è®¾å¤‡å¤±è´¥ã€‚\n" + +#: lib/setup.c:3512 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "" + +#: lib/setup.c:3515 lib/setup.c:3517 +#, fuzzy, c-format +#| msgid "Failed to acquire write lock on device %s." +msgid "Failed to switch device %s to dm-error." +msgstr "æ— æ³•èŽ·å–设备 %s 上的写入é”。" + +#: lib/setup.c:3557 +#, fuzzy +#| msgid "Cannot check password quality: %s\n" +msgid "Can not resize LUKS2 device with static size." +msgstr "æ— æ³•æ£€æŸ¥å¯†ç è´¨é‡ï¼š%s\n" + +#: lib/setup.c:3602 msgid "Cannot resize loop device." msgstr "æ— æ³•æ”¹å˜å›žçŽ¯è®¾å¤‡å¤§å°ã€‚" -#: lib/setup.c:2107 -#, c-format -msgid "Device %s size is not aligned to requested sector size (%u bytes)." -msgstr "设备 %s 的大å°æ²¡æœ‰å’Œè¯·æ±‚的扇区大å°å¯¹é½ï¼ˆ%u å—节)。" +#: lib/setup.c:3646 +msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n" +msgstr "" -#: lib/setup.c:2161 +#: lib/setup.c:3712 +msgid "Resize failed, the kernel doesn't support it." +msgstr "" + +#: lib/setup.c:3744 msgid "Do you really want to change UUID of device?" msgstr "ä½ çœŸçš„æƒ³æ”¹å˜è®¾å¤‡çš„ UUID å—?" -#: lib/setup.c:2237 +#: lib/setup.c:3836 msgid "Header backup file does not contain compatible LUKS header." msgstr "æ ‡å¤´å¤‡ä»½æ–‡ä»¶ä¸åŒ…å«å…¼å®¹çš„ LUKS æ ‡å¤´ã€‚" -#: lib/setup.c:2334 +#: lib/setup.c:3944 #, c-format msgid "Volume %s is not active." msgstr "å· %s 未激活。" -#: lib/setup.c:2345 +#: lib/setup.c:4010 #, c-format msgid "Volume %s is already suspended." msgstr "å· %s 已挂起。" -#: lib/setup.c:2359 +#: lib/setup.c:4038 #, c-format msgid "Suspend is not supported for device %s." msgstr "设备 %s ä¸æ”¯æŒæŒ‚起。" -#: lib/setup.c:2361 +#: lib/setup.c:4040 lib/setup.c:4048 #, c-format msgid "Error during suspending device %s." msgstr "挂起设备 %s 时出错。" -#: lib/setup.c:2394 lib/setup.c:2461 +#: lib/setup.c:4054 #, c-format -msgid "Volume %s is not suspended." -msgstr "å· %s 未挂起。" +msgid "Device %s was suspended but hardware OPAL device cannot be locked." +msgstr "" -#: lib/setup.c:2423 +#: lib/setup.c:4085 lib/setup.c:4222 #, c-format msgid "Resume is not supported for device %s." msgstr "设备 %s ä¸æ”¯æŒæ¢å¤ã€‚" -#: lib/setup.c:2425 lib/setup.c:2493 +#: lib/setup.c:4087 lib/setup.c:4213 lib/setup.c:4224 #, c-format msgid "Error during resuming device %s." msgstr "æ¢å¤è®¾å¤‡ %s 时出错。" -#: lib/setup.c:2561 lib/setup.c:2754 -msgid "Cannot add key slot, all slots disabled and no volume key provided." -msgstr "æ— æ³•æ·»åŠ å¯†é’¥æ§½ï¼Œæ‰€æœ‰å¯†é’¥æ§½å·²ç¦ç”¨ä¸”未æä¾›å·å¯†é’¥ã€‚" +#: lib/setup.c:4110 +#, fuzzy +#| msgid "Failed to load key in kernel keyring." +msgid "Failed to link key to the specified keyring." +msgstr "åœ¨å†…æ ¸å¯†é’¥çŽ¯ä¸åŠ 载密钥失败。" -#: lib/setup.c:2698 -#, c-format -msgid "Key slot %d changed." -msgstr "密钥槽 %d 已改å˜ã€‚" +#: lib/setup.c:4129 +#, fuzzy +#| msgid "Failed to load key in kernel keyring." +msgid "Failed to unlink volume key from user specified keyring." +msgstr "åœ¨å†…æ ¸å¯†é’¥çŽ¯ä¸åŠ 载密钥失败。" -#: lib/setup.c:2701 -#, c-format -msgid "Replaced with key slot %d." -msgstr "替æ¢ä¸ºå¯†é’¥æ§½ %d。" +#: lib/setup.c:4191 lib/setup.c:4905 lib/setup.c:5515 +#, fuzzy +#| msgid "Failed to load key in kernel keyring." +msgid "Failed to link volume key in user defined keyring." +msgstr "åœ¨å†…æ ¸å¯†é’¥çŽ¯ä¸åŠ 载密钥失败。" -#: lib/setup.c:2706 -msgid "Failed to swap new key slot." -msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚" +#: lib/setup.c:4284 src/cryptsetup.c:2755 +#, c-format +msgid "Volume %s is not suspended." +msgstr "å· %s 未挂起。" -#: lib/setup.c:2871 lib/setup.c:3145 lib/setup.c:3158 lib/setup.c:3166 -#: lib/setup.c:3179 lib/setup.c:3453 lib/setup.c:4370 +#: lib/setup.c:4385 lib/setup.c:5281 lib/setup.c:5288 lib/setup.c:7142 +#: lib/setup.c:7164 lib/setup.c:7213 src/cryptsetup.c:2265 msgid "Volume key does not match the volume." msgstr "å·å¯†é’¥ä¸Žå·ä¸åŒ¹é…。" -#: lib/setup.c:2892 +#: lib/setup.c:4539 +msgid "Failed to swap new key slot." +msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚" + +#: lib/setup.c:4637 #, c-format msgid "Key slot %d is invalid." msgstr "密钥槽 %d æ— æ•ˆã€‚" -#: lib/setup.c:2898 -#, c-format -msgid "Key slot %d is not used." -msgstr "密钥槽 %d 未使用。" +#: lib/setup.c:4643 src/cryptsetup.c:1975 src/cryptsetup.c:2467 +#: src/cryptsetup.c:3149 src/cryptsetup.c:3209 +#, fuzzy, c-format +#| msgid "Key slot %d is not used.\n" +msgid "Keyslot %d is not active." +msgstr "密钥槽 %d 未使用。\n" -#: lib/setup.c:2968 lib/setup.c:3232 -msgid "Device type is not properly initialised." -msgstr "设备类型未æ£ç¡®åˆå§‹åŒ–。" +#: lib/setup.c:4662 +#, fuzzy +#| msgid "Data area overlaps with hash area." +msgid "Device header overlaps with data area." +msgstr "æ•°æ®åŒºåŸŸé‡å 覆盖了哈希区域。" -#: lib/setup.c:3010 -#, c-format -msgid "Cannot use device %s, name is invalid or still in use." -msgstr "æ— æ³•ä½¿ç”¨è®¾å¤‡ %s,åç§°æ— æ•ˆæˆ–å®ƒæ£è¢«ä½¿ç”¨ã€‚" +#: lib/setup.c:5012 +#, fuzzy +#| msgid "Reencryption already in-progress." +msgid "Reencryption in-progress. Cannot activate device." +msgstr "é‡åŠ 密已在进行ä¸ã€‚" + +#: lib/setup.c:5014 lib/luks2/luks2_json_metadata.c:2847 +#: lib/luks2/luks2_reencrypt.c:3646 +msgid "Failed to get reencryption lock." +msgstr "获å–é‡åŠ 密é”失败。" + +#: lib/setup.c:5027 lib/luks2/luks2_reencrypt.c:3665 +msgid "LUKS2 reencryption recovery failed." +msgstr "LUKS2 é‡åŠ 密æ¢å¤å¤±è´¥ã€‚" + +#: lib/setup.c:5199 lib/setup.c:5299 lib/setup.c:5357 +msgid "Device type is not properly initialized." +msgstr "设备类型未æ£ç¡®åˆå§‹åŒ–。" -#: lib/setup.c:3013 +#: lib/setup.c:5254 #, c-format msgid "Device %s already exists." msgstr "设备 %s å·²å˜åœ¨ã€‚" -#: lib/setup.c:3132 +#: lib/setup.c:5261 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "æ— æ³•ä½¿ç”¨è®¾å¤‡ %s,åç§°æ— æ•ˆæˆ–å®ƒæ£è¢«ä½¿ç”¨ã€‚" + +#: lib/setup.c:5277 msgid "Incorrect volume key specified for plain device." msgstr "为普通设备指定的å·å¯†é’¥æœ‰è¯¯ã€‚" -#: lib/setup.c:3198 +#: lib/setup.c:5390 +msgid "Kernel keyring is not supported by the kernel." +msgstr "è¯¥å†…æ ¸ä¸æ”¯æŒå†…æ ¸å¯†é’¥çŽ¯ã€‚" + +#: lib/setup.c:5394 +#, fuzzy +#| msgid "Kernel keyring is not supported by the kernel." +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "è¯¥å†…æ ¸ä¸æ”¯æŒå†…æ ¸å¯†é’¥çŽ¯ã€‚" + +#: lib/setup.c:5634 msgid "Incorrect root hash specified for verity device." msgstr "为 verity è®¾å¤‡æŒ‡å®šçš„æ ¹ hash ä¸æ£ç¡®ã€‚" -#: lib/setup.c:3274 lib/setup.c:3289 +#: lib/setup.c:5677 +msgid "OPAL does not support deferred deactivation." +msgstr "" + +#: lib/setup.c:5693 +#, fuzzy, c-format +#| msgid "Failed to acquire read lock on device %s." +msgid "Could not cancel deferred remove from device %s." +msgstr "æ— æ³•èŽ·å–设备 %s 的读å–é”。" + +#: lib/setup.c:5700 lib/setup.c:5716 lib/luks2/luks2_json_metadata.c:2901 +#: src/utils_reencrypt.c:116 #, c-format msgid "Device %s is still in use." msgstr "设备 %s ä»åœ¨ä½¿ç”¨ã€‚" -#: lib/setup.c:3304 +#: lib/setup.c:5725 #, c-format msgid "Invalid device %s." msgstr "设备 %s æ— æ•ˆã€‚" -#: lib/setup.c:3389 -msgid "Function not available in FIPS mode." -msgstr "功能在 FIPS 模å¼æ— 效。" - -#: lib/setup.c:3403 +#: lib/setup.c:5865 msgid "Volume key buffer too small." msgstr "å·å¯†é’¥ç¼“冲区太å°ã€‚" -#: lib/setup.c:3411 +#: lib/setup.c:5882 +#, fuzzy +#| msgid "Cannot retrieve volume key for plain device." +msgid "Cannot retrieve volume key for LUKS2 device." +msgstr "æ— æ³•èŽ·å–普通设备的å·å¯†é’¥ã€‚" + +#: lib/setup.c:5891 +#, fuzzy +#| msgid "Cannot retrieve volume key for plain device." +msgid "Cannot retrieve volume key for LUKS1 device." +msgstr "æ— æ³•èŽ·å–普通设备的å·å¯†é’¥ã€‚" + +#: lib/setup.c:5901 msgid "Cannot retrieve volume key for plain device." msgstr "æ— æ³•èŽ·å–普通设备的å·å¯†é’¥ã€‚" -#: lib/setup.c:3422 +#: lib/setup.c:5909 +#, fuzzy +#| msgid "Incorrect root hash specified for verity device." +msgid "Cannot retrieve root hash for verity device." +msgstr "为 verity è®¾å¤‡æŒ‡å®šçš„æ ¹ hash ä¸æ£ç¡®ã€‚" + +#: lib/setup.c:5916 +#, fuzzy +#| msgid "Cannot retrieve volume key for plain device." +msgid "Cannot retrieve volume key for BITLK device." +msgstr "æ— æ³•èŽ·å–普通设备的å·å¯†é’¥ã€‚" + +#: lib/setup.c:5921 +#, fuzzy +#| msgid "Cannot retrieve volume key for plain device." +msgid "Cannot retrieve volume key for FVAULT2 device." +msgstr "æ— æ³•èŽ·å–普通设备的å·å¯†é’¥ã€‚" + +#: lib/setup.c:5923 #, c-format msgid "This operation is not supported for %s crypt device." msgstr "ä¸æ”¯æŒåœ¨ %s åŠ å¯†è®¾å¤‡ä¸Šæ‰§è¡Œæ¤æ“作。" -#: lib/setup.c:3609 +#: lib/setup.c:6107 lib/setup.c:6118 msgid "Dump operation is not supported for this device type." msgstr "ä¸æ”¯æŒåœ¨æ¤ç±»è®¾å¤‡ä¸Šæ‰§è¡Œå¯¼å‡ºæ“作。" -#: lib/setup.c:4018 +#: lib/setup.c:6477 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "" + +#: lib/setup.c:6785 #, c-format msgid "Cannot convert device %s which is still in use." msgstr "æ— æ³•è½¬æ¢æ£åœ¨ä½¿ç”¨çš„设备 %s。" -#: lib/setup.c:4301 +#: lib/setup.c:7083 lib/setup.c:7222 #, c-format msgid "Failed to assign keyslot %u as the new volume key." msgstr "将密钥槽 %u 指定为新å·å¯†é’¥çš„æ“作失败。" -#: lib/setup.c:4364 -msgid "Failed to initialise default LUKS2 keyslot parameters." +#: lib/setup.c:7107 +#, fuzzy +#| msgid "Failed to initialise default LUKS2 keyslot parameters." +msgid "Failed to initialize default LUKS2 keyslot parameters." msgstr "åˆå§‹åŒ–默认 LUKS2 密钥槽å‚数失败。" -#: lib/setup.c:4376 +#: lib/setup.c:7113 #, fuzzy, c-format #| msgid "Failed to swap new key slot.\n" msgid "Failed to assign keyslot %d to digest." msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚\n" -#: lib/setup.c:4460 +#: lib/setup.c:7338 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "æ— æ³•æ·»åŠ å¯†é’¥æ§½ï¼Œæ‰€æœ‰å¯†é’¥æ§½å·²ç¦ç”¨ä¸”未æä¾›å·å¯†é’¥ã€‚" + +#: lib/setup.c:7407 lib/verity/verity.c:343 msgid "Failed to load key in kernel keyring." msgstr "åœ¨å†…æ ¸å¯†é’¥çŽ¯ä¸åŠ 载密钥失败。" -#: lib/setup.c:4515 -msgid "Kernel keyring is not supported by the kernel." -msgstr "è¯¥å†…æ ¸ä¸æ”¯æŒå†…æ ¸å¯†é’¥çŽ¯ã€‚" +#: lib/setup.c:7525 +#, fuzzy +#| msgid "Failed to load key in kernel keyring." +msgid "Failed to unlink volume key from thread keyring." +msgstr "åœ¨å†…æ ¸å¯†é’¥çŽ¯ä¸åŠ 载密钥失败。" -#: lib/setup.c:4525 +#: lib/setup.c:7549 #, c-format -msgid "Failed to read passphrase from keyring (error %d)." -msgstr "从密钥环读å–å£ä»¤å¤±è´¥ï¼ˆé”™è¯¯ %d)。" - -#: lib/utils.c:81 -msgid "Cannot get process priority." -msgstr "æ— æ³•èŽ·å–进程优先级。" +msgid "Could not find keyring described by \"%s\"." +msgstr "" -#: lib/utils.c:95 -msgid "Cannot unlock memory." -msgstr "æ— æ³•è§£é”内å˜ã€‚" +#: lib/setup.c:7608 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "" -#: lib/utils.c:169 lib/tcrypt/tcrypt.c:475 +#: lib/utils.c:205 lib/tcrypt/tcrypt.c:503 msgid "Failed to open key file." msgstr "打开 (open) 密钥文件失败。" -#: lib/utils.c:174 +#: lib/utils.c:210 msgid "Cannot read keyfile from a terminal." msgstr "æ— æ³•ä»Žç»ˆç«¯è¯»å–密钥文件。" # stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ -#: lib/utils.c:191 +#: lib/utils.c:226 msgid "Failed to stat key file." msgstr "èŽ·å– (stat) 密钥文件信æ¯å¤±è´¥ã€‚" -#: lib/utils.c:199 lib/utils.c:220 +#: lib/utils.c:234 lib/utils.c:255 msgid "Cannot seek to requested keyfile offset." msgstr "æ— æ³•å¯»æ‰¾ (seek) 到请求的密钥文件å移é‡ã€‚" -#: lib/utils.c:214 lib/utils.c:229 src/utils_password.c:207 -#: src/utils_password.c:220 +#: lib/utils.c:249 lib/utils.c:264 src/utils_password.c:226 +#: src/utils_password.c:238 msgid "Out of memory while reading passphrase." msgstr "读å–密ç 时内å˜è€—尽。" -#: lib/utils.c:249 +#: lib/utils.c:284 msgid "Error reading passphrase." msgstr "读å–å£ä»¤å‡ºé”™ã€‚" -#: lib/utils.c:273 +#: lib/utils.c:301 +msgid "Nothing to read on input." +msgstr "" + +#: lib/utils.c:308 msgid "Maximum keyfile size exceeded." msgstr "超出最大密钥文件大å°ã€‚" -#: lib/utils.c:278 +#: lib/utils.c:313 msgid "Cannot read requested amount of data." msgstr "æ— æ³•è¯»å–请求é‡çš„æ•°æ®ã€‚" -#: lib/utils_device.c:184 lib/luks1/keyencryption.c:101 -#, c-format -msgid "Device %s doesn't exist or access denied." +#: lib/utils_device.c:213 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1461 +#, fuzzy, c-format +#| msgid "Device %s doesn't exist or access denied." +msgid "Device %s does not exist or access denied." msgstr "设备 %s ä¸å˜åœ¨æˆ–访问被拒ç»ã€‚" -#: lib/utils_device.c:603 +#: lib/utils_device.c:223 +#, fuzzy, c-format +#| msgid "Device %s is not active." +msgid "Device %s is not compatible." +msgstr "设备 %s 未激活。" + +#: lib/utils_device.c:567 +#, c-format +msgid "Ignoring bogus optimal-io size for data device (%u bytes)." +msgstr "" + +#: lib/utils_device.c:728 +#, fuzzy, c-format +#| msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)" +msgid "Device %s is too small. Need at least %<PRIu64> bytes." +msgstr "设备 %s 过å°ã€‚(LUKS1 需è¦è‡³å°‘ %<PRIu64> å—节。)" + +#: lib/utils_device.c:809 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "æ— æ³•ä½¿ç”¨æ£è¢«ä½¿ç”¨çš„设备 %sï¼ˆå·²è¢«æ˜ å°„æˆ–æŒ‚è½½ï¼‰ã€‚" + +#: lib/utils_device.c:813 #, c-format msgid "Cannot use device %s, permission denied." msgstr "æ— æ³•ä½¿ç”¨è®¾å¤‡ %s,æƒé™è¢«æ‹’ç»ã€‚" -#: lib/utils_device.c:606 +#: lib/utils_device.c:816 #, c-format msgid "Cannot get info about device %s." msgstr "æ— æ³•èŽ·å–有关设备 %s çš„ä¿¡æ¯ã€‚" -#: lib/utils_device.c:628 +#: lib/utils_device.c:839 msgid "Cannot use a loopback device, running as non-root user." msgstr "æ— æ³•ä½¿ç”¨å›žçŽ¯è®¾å¤‡ï¼Œæ£ä½œä¸ºéž root 用户è¿è¡Œã€‚" -#: lib/utils_device.c:638 +#: lib/utils_device.c:850 msgid "Attaching loopback device failed (loop device with autoclear flag is required)." msgstr "连接回环设备失败(需è¦æœ‰ autoclear æ——æ ‡çš„å›žçŽ¯è®¾å¤‡ï¼‰ã€‚" -#: lib/utils_device.c:684 +#: lib/utils_device.c:898 #, c-format msgid "Requested offset is beyond real size of device %s." msgstr "请求的å移é‡è¶…出设备 %s 的真实大å°ã€‚" -#: lib/utils_device.c:692 +#: lib/utils_device.c:906 #, c-format msgid "Device %s has zero size." msgstr "设备 %s 大å°ä¸ºé›¶ã€‚" -#: lib/utils_device.c:703 -#, c-format -msgid "Device %s is too small." -msgstr "设备 %s 太å°ã€‚" +#: lib/utils_pbkdf.c:116 +#, fuzzy +#| msgid "Requested PBKDF target time can not be zero." +msgid "Requested PBKDF target time cannot be zero." +msgstr "请求的 PBKDF ç›®æ ‡æ—¶é—´ä¸èƒ½ä¸ºé›¶ã€‚" -#: lib/utils_pbkdf.c:74 +#: lib/utils_pbkdf.c:122 #, c-format msgid "Unknown PBKDF type %s." msgstr "未知的 PBKDF 类型 %s。" -#: lib/utils_pbkdf.c:85 +#: lib/utils_pbkdf.c:127 +#, fuzzy, c-format +#| msgid "Requested LUKS hash %s is not supported." +msgid "Requested hash %s is not supported." +msgstr "ä¸æ”¯æŒè¯·æ±‚çš„ LUKS 哈希 %s。" + +#: lib/utils_pbkdf.c:138 msgid "Requested PBKDF type is not supported for LUKS1." msgstr "请求的 PBKDF 类型ä¸è¢« LUKS1 支æŒã€‚" -#: lib/utils_pbkdf.c:91 +#: lib/utils_pbkdf.c:144 msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "" -#: lib/utils_pbkdf.c:96 lib/utils_pbkdf.c:106 +#: lib/utils_pbkdf.c:149 lib/utils_pbkdf.c:159 #, c-format msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "" -#: lib/utils_pbkdf.c:111 +#: lib/utils_pbkdf.c:164 #, c-format msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." msgstr "" -#: lib/utils_pbkdf.c:118 +#: lib/utils_pbkdf.c:171 #, c-format msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." msgstr "请求的最大 PBKDF 内å˜å¼€é”€è¿‡å¤§ï¼ˆæœ€å¤§ä¸º %d åƒå—节)。" -#: lib/utils_pbkdf.c:123 -msgid "Requested maximum PBKDF memory can not be zero." +#: lib/utils_pbkdf.c:176 +#, fuzzy +#| msgid "Requested maximum PBKDF memory can not be zero." +msgid "Requested maximum PBKDF memory cannot be zero." msgstr "请求的最大 PBKDF 内å˜ä½¿ç”¨é‡ä¸èƒ½ä¸ºé›¶ã€‚" -#: lib/utils_pbkdf.c:127 -msgid "Requested PBKDF parallel threads can not be zero." +#: lib/utils_pbkdf.c:180 +#, fuzzy +#| msgid "Requested PBKDF parallel threads can not be zero." +msgid "Requested PBKDF parallel threads cannot be zero." msgstr "请求的 PBKDF 并行线程数ä¸èƒ½ä¸ºé›¶ã€‚" -#: lib/utils_pbkdf.c:131 -msgid "Requested PBKDF target time can not be zero." -msgstr "请求的 PBKDF ç›®æ ‡æ—¶é—´ä¸èƒ½ä¸ºé›¶ã€‚" +#: lib/utils_pbkdf.c:200 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "" -#: lib/utils_benchmark.c:304 +#: lib/utils_benchmark.c:184 msgid "PBKDF benchmark disabled but iterations not set." msgstr "" -#: lib/utils_benchmark.c:326 +#: lib/utils_benchmark.c:203 #, c-format msgid "Not compatible PBKDF2 options (using hash algorithm %s)." msgstr "PBKDF2 选项ä¸å…¼å®¹ï¼ˆæ£åœ¨ä½¿ç”¨å“ˆå¸Œç®—法 %s)。" -#: lib/utils_benchmark.c:340 +#: lib/utils_benchmark.c:223 msgid "Not compatible PBKDF options." msgstr "PBKDF2 选项ä¸å…¼å®¹ã€‚" -#: lib/utils_device_locking.c:80 +#: lib/utils_device_locking.c:101 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." msgstr "é”定ä¸æ¢ã€‚é”定路径 %s/%s ä¸å¯ç”¨ï¼ˆä¸æ˜¯ä¸€ä¸ªç›®å½•æˆ–缺失)。" -#: lib/utils_device_locking.c:87 -#, c-format -msgid "WARNING: Locking directory %s/%s is missing!\n" -msgstr "è¦å‘Šï¼šé”定目录 %s/%s 缺失ï¼\n" - -#: lib/utils_device_locking.c:97 +#: lib/utils_device_locking.c:118 #, c-format msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "é”定ä¸æ¢ã€‚é”定路径 %s/%s ä¸å¯ç”¨ï¼ˆ%s ä¸æ˜¯ç›®å½•ï¼‰ã€‚" +#: lib/utils_wipe.c:156 lib/utils_wipe.c:227 src/utils_reencrypt_luks1.c:734 +#: src/utils_reencrypt_luks1.c:832 +msgid "Cannot seek to device offset." +msgstr "æ— æ³•å¯»æ‰¾åˆ°è®¾å¤‡å移ä½ç½®ã€‚" + +#: lib/utils_wipe.c:249 +#, c-format +msgid "Device wipe error, offset %<PRIu64>." +msgstr "" + +#: lib/utils_wipe.c:343 +msgid "Incorrect OPAL PSID." +msgstr "ä¸æ£ç¡®çš„ OPAL PSID。" + +#: lib/utils_wipe.c:345 +#, fuzzy +#| msgid "Cannot resize loop device." +msgid "Cannot erase OPAL device." +msgstr "æ— æ³•æ”¹å˜å›žçŽ¯è®¾å¤‡å¤§å°ã€‚" + #: lib/luks1/keyencryption.c:39 #, c-format msgid "" @@ -595,97 +964,106 @@ msgstr "XTS 模å¼çš„密钥大å°å¿…须是 256 或 512 ä½ã€‚" msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." msgstr "" -#: lib/luks1/keyencryption.c:107 lib/luks1/keymanage.c:362 -#: lib/luks1/keymanage.c:658 lib/luks1/keymanage.c:1094 -#: lib/luks2/luks2_json_metadata.c:1149 lib/luks2/luks2_keyslot.c:446 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366 +#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132 +#: lib/luks2/luks2_json_metadata.c:1528 lib/luks2/luks2_keyslot.c:712 #, c-format msgid "Cannot write to device %s, permission denied." msgstr "æ— æ³•å†™å…¥åˆ°è®¾å¤‡ %s,访问被拒ç»ã€‚" -#: lib/luks1/keyencryption.c:122 +#: lib/luks1/keyencryption.c:120 msgid "Failed to open temporary keystore device." msgstr "打开临时密钥å˜å‚¨è®¾å¤‡å¤±è´¥ã€‚" -#: lib/luks1/keyencryption.c:129 +#: lib/luks1/keyencryption.c:127 msgid "Failed to access temporary keystore device." msgstr "访问临时密钥å˜å‚¨è®¾å¤‡å¤±è´¥ã€‚" -#: lib/luks1/keyencryption.c:199 lib/luks2/luks2_keyslot_luks2.c:89 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62 +#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:197 msgid "IO error while encrypting keyslot." msgstr "åŠ å¯†å¯†é’¥æ§½æ—¶å‘生输入输出错误。" -#: lib/luks1/keyencryption.c:261 lib/luks2/luks2_keyslot_luks2.c:150 +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369 +#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:681 +#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196 +#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329 +#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260 +#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277 +#: lib/luks2/luks2_json_metadata.c:1531 src/utils_reencrypt_luks1.c:121 +#: src/utils_reencrypt_luks1.c:133 +#, c-format +msgid "Cannot open device %s." +msgstr "æ— æ³•æ‰“å¼€è®¾å¤‡ %s。" + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139 msgid "IO error while decrypting keyslot." msgstr "解密密钥槽时å‘生输入输出错误。" -#: lib/luks1/keymanage.c:128 +#: lib/luks1/keymanage.c:130 #, c-format msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)" msgstr "设备 %s 过å°ã€‚(LUKS1 需è¦è‡³å°‘ %<PRIu64> å—节。)" -#: lib/luks1/keymanage.c:149 lib/luks1/keymanage.c:157 -#: lib/luks1/keymanage.c:169 lib/luks1/keymanage.c:180 -#: lib/luks1/keymanage.c:192 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159 +#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182 +#: lib/luks1/keymanage.c:194 #, c-format msgid "LUKS keyslot %u is invalid." msgstr "LUKS 密钥槽 %u æ— æ•ˆã€‚" -#: lib/luks1/keymanage.c:245 lib/luks1/keymanage.c:494 -#: lib/luks2/luks2_json_metadata.c:983 src/cryptsetup_reencrypt.c:1396 -#, c-format -msgid "Device %s is not a valid LUKS device." -msgstr "%s ä¸æ˜¯æœ‰æ•ˆçš„ LUKS 设备。" - -#: lib/luks1/keymanage.c:264 lib/luks2/luks2_json_metadata.c:1002 +#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1391 #, c-format msgid "Requested header backup file %s already exists." msgstr "è¯·æ±‚çš„æ ‡å¤´å¤‡ä»½æ–‡ä»¶ %s å·²å˜åœ¨ã€‚" -#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1004 +#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1393 #, c-format msgid "Cannot create header backup file %s." msgstr "æ— æ³•åˆ›å»ºæ ‡å¤´å¤‡ä»½æ–‡ä»¶ %s。" -#: lib/luks1/keymanage.c:271 lib/luks2/luks2_json_metadata.c:1009 +#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1400 #, c-format msgid "Cannot write header backup file %s." msgstr "æ— æ³•å†™å…¥æ ‡å¤´å¤‡ä»½æ–‡ä»¶ %s。" -#: lib/luks1/keymanage.c:304 lib/luks2/luks2_json_metadata.c:1058 -msgid "Backup file doesn't contain valid LUKS header." +#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1437 +#, fuzzy +#| msgid "Backup file doesn't contain valid LUKS header." +msgid "Backup file does not contain valid LUKS header." msgstr "备份文件ä¸åŒ…å«æœ‰æ•ˆ LUKS æ ‡å¤´ã€‚" -#: lib/luks1/keymanage.c:317 lib/luks1/keymanage.c:571 -#: lib/luks2/luks2_json_metadata.c:1079 +#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593 +#: lib/luks2/luks2_json_metadata.c:1458 #, c-format msgid "Cannot open header backup file %s." msgstr "æ— æ³•æ‰“å¼€å¤‡ä»½æ ‡å¤´æ–‡ä»¶ %s。" -#: lib/luks1/keymanage.c:323 lib/luks2/luks2_json_metadata.c:1085 +#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1466 #, c-format msgid "Cannot read header backup file %s." msgstr "æ— æ³•è¯»å–æ ‡å¤´å¤‡ä»½æ–‡ä»¶ %s。" -#: lib/luks1/keymanage.c:335 +#: lib/luks1/keymanage.c:339 #, fuzzy #| msgid "Data offset or key size differs on device and backup, restore failed.\n" msgid "Data offset or key size differs on device and backup, restore failed." msgstr "æºè®¾å¤‡å’Œå¤‡ä»½ä¸Šçš„æ•°æ®å移或密钥大å°ä¸ç¬¦ï¼Œæ¢å¤å¤±è´¥ã€‚\n" -#: lib/luks1/keymanage.c:343 +#: lib/luks1/keymanage.c:347 #, c-format msgid "Device %s %s%s" msgstr "设备 %s %s%s" -#: lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:348 msgid "does not contain LUKS header. Replacing header can destroy data on that device." msgstr "ä¸åŒ…å« LUKS æ ‡å¤´ã€‚æ›¿æ¢æ ‡å¤´å¯èƒ½æŸæ¯è®¾å¤‡ä¸Šçš„æ•°æ®ã€‚" -#: lib/luks1/keymanage.c:345 +#: lib/luks1/keymanage.c:349 msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgstr "å·²åŒ…å« LUKS æ ‡å¤´ã€‚æ›¿æ¢æ ‡å¤´å°†æŸæ¯å·²å˜åœ¨çš„密钥槽。" -#: lib/luks1/keymanage.c:346 lib/luks2/luks2_json_metadata.c:1121 +#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1500 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -693,129 +1071,145 @@ msgstr "" "\n" "è¦å‘Š: çœŸå®žè®¾å¤‡æ ‡å¤´ UUID 和备份ä¸ç¬¦ï¼" -#: lib/luks1/keymanage.c:365 lib/luks1/keymanage.c:610 -#: lib/luks1/keymanage.c:661 lib/tcrypt/tcrypt.c:640 lib/verity/verity.c:81 -#: lib/verity/verity.c:182 lib/verity/verity_hash.c:308 -#: lib/verity/verity_hash.c:319 lib/verity/verity_hash.c:339 -#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 -#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1152 -#: src/cryptsetup_reencrypt.c:207 -#, c-format -msgid "Cannot open device %s." -msgstr "æ— æ³•æ‰“å¼€è®¾å¤‡ %s。" - -#: lib/luks1/keymanage.c:396 +#: lib/luks1/keymanage.c:398 msgid "Non standard key size, manual repair required." msgstr "ä¸æ ‡å‡†çš„密钥大å°ï¼Œéœ€è¦æ‰‹åŠ¨ä¿®å¤ã€‚" -#: lib/luks1/keymanage.c:401 +#: lib/luks1/keymanage.c:408 msgid "Non standard keyslots alignment, manual repair required." msgstr "ä¸æ ‡å‡†çš„密钥槽对é½ï¼Œéœ€è¦æ‰‹åŠ¨ä¿®å¤ã€‚" -#: lib/luks1/keymanage.c:411 +#: lib/luks1/keymanage.c:417 +#, fuzzy, c-format +#| msgid "Keyslot %i: offset repaired (%u -> %u)." +msgid "Cipher mode repaired (%s -> %s)." +msgstr "密钥槽 %i: åç§»å·²ä¿®å¤ (%u -> %u)。" + +#: lib/luks1/keymanage.c:428 +#, c-format +msgid "Cipher hash repaired to lowercase (%s)." +msgstr "" + +#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536 +#: lib/luks1/keymanage.c:792 +#, c-format +msgid "Requested LUKS hash %s is not supported." +msgstr "ä¸æ”¯æŒè¯·æ±‚çš„ LUKS 哈希 %s。" + +#: lib/luks1/keymanage.c:444 msgid "Repairing keyslots." msgstr "æ£åœ¨ä¿®å¤å¯†é’¥æ§½ã€‚" -#: lib/luks1/keymanage.c:431 +#: lib/luks1/keymanage.c:463 #, c-format msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "密钥槽 %i: åç§»å·²ä¿®å¤ (%u -> %u)。" -#: lib/luks1/keymanage.c:439 +#: lib/luks1/keymanage.c:471 #, c-format msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "密钥槽 %i:已修å¤æ¡å¸¦ï¼ˆ%u -> %u)。" -#: lib/luks1/keymanage.c:448 +#: lib/luks1/keymanage.c:480 #, c-format msgid "Keyslot %i: bogus partition signature." msgstr "密钥槽 %i:虚å‡çš„分区ç¾å。" -#: lib/luks1/keymanage.c:453 +#: lib/luks1/keymanage.c:485 #, c-format msgid "Keyslot %i: salt wiped." msgstr "密钥槽 %i: 已清除ç›ã€‚" -#: lib/luks1/keymanage.c:470 +#: lib/luks1/keymanage.c:502 msgid "Writing LUKS header to disk." msgstr "æ£åœ¨å°† LUKS æ ‡å¤´å†™å…¥ç£ç›˜ã€‚" -#: lib/luks1/keymanage.c:475 +#: lib/luks1/keymanage.c:507 msgid "Repair failed." msgstr "ä¿®å¤å¤±è´¥ã€‚" -#: lib/luks1/keymanage.c:497 -#, c-format -msgid "Unsupported LUKS version %d." -msgstr "ä¸æ”¯æŒçš„ LUKS 版本 %d。" +#: lib/luks1/keymanage.c:562 +#, fuzzy, c-format +#| msgid "LUKS keyslot %u is invalid." +msgid "LUKS cipher mode %s is invalid." +msgstr "LUKS 密钥槽 %u æ— æ•ˆã€‚" -#: lib/luks1/keymanage.c:503 lib/luks1/keymanage.c:749 +#: lib/luks1/keymanage.c:567 #, c-format -msgid "Requested LUKS hash %s is not supported." -msgstr "ä¸æ”¯æŒè¯·æ±‚çš„ LUKS 哈希 %s。" +msgid "LUKS hash %s is invalid." +msgstr "LUKS 哈希值 %s æ— æ•ˆã€‚" -#: lib/luks1/keymanage.c:531 src/cryptsetup.c:869 +#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1352 msgid "No known problems detected for LUKS header." msgstr "未在 LUKS æ ‡å¤´å‘现已知问题。" -#: lib/luks1/keymanage.c:683 +#: lib/luks1/keymanage.c:702 #, c-format msgid "Error during update of LUKS header on device %s." msgstr "更新设备 %s 上的 LUKS æ ‡å¤´æ—¶å‡ºé”™ã€‚" -#: lib/luks1/keymanage.c:690 +#: lib/luks1/keymanage.c:710 #, c-format msgid "Error re-reading LUKS header after update on device %s." msgstr "在更新设备 %s åŽé‡æ–°è¯»å– LUKS æ ‡å¤´å¤±è´¥ã€‚" -#: lib/luks1/keymanage.c:742 -#, c-format -msgid "Data offset for detached LUKS header must be either 0 or higher than header size (%d sectors)." +#: lib/luks1/keymanage.c:786 +#, fuzzy +#| msgid "Data offset for detached LUKS header must be either 0 or higher than header size (%d sectors)." +msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "分离的 LUKS æ ‡å¤´çš„æ•°æ®å移é‡å¿…é¡»ä¸ºé›¶æˆ–é«˜äºŽæ ‡å¤´å¤§å°ï¼ˆ%d 扇区)。" -#: lib/luks1/keymanage.c:754 lib/luks1/keymanage.c:840 -#: lib/luks2/luks2_json_format.c:145 lib/luks2/luks2_json_metadata.c:894 +#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866 +#: lib/luks2/luks2_json_format.c:243 lib/luks2/luks2_json_metadata.c:1274 +#: src/utils_reencrypt.c:554 msgid "Wrong LUKS UUID format provided." msgstr "æ供了错误的 LUKS UUID æ ¼å¼ã€‚" -#: lib/luks1/keymanage.c:779 +#: lib/luks1/keymanage.c:819 msgid "Cannot create LUKS header: reading random salt failed." msgstr "æ— æ³•åˆ›å»º LUKS æ ‡å¤´ï¼šè¯»å–éšæœºç›å¤±è´¥ã€‚" -#: lib/luks1/keymanage.c:800 +#: lib/luks1/keymanage.c:845 #, c-format msgid "Cannot create LUKS header: header digest failed (using hash %s)." msgstr "æ— æ³•åˆ›å»º LUKS æ ‡å¤´ï¼šæ ‡å¤´æ‘˜è¦å¤±è´¥ï¼ˆæ£åœ¨ä½¿ç”¨å“ˆå¸Œ %s)。" -#: lib/luks1/keymanage.c:863 +#: lib/luks1/keymanage.c:889 #, c-format msgid "Key slot %d active, purge first." msgstr "密钥槽 %d 已激活,请先清除。" -#: lib/luks1/keymanage.c:869 +#: lib/luks1/keymanage.c:895 #, fuzzy, c-format #| msgid "Key slot %d material includes too few stripes. Header manipulation?\n" msgid "Key slot %d material includes too few stripes. Header manipulation?" msgstr "密钥槽 %d æ¡å¸¦æ•°è¿‡å°‘ã€‚æ ‡å¤´ä¿®æ”¹ï¼Ÿ\n" -#: lib/luks1/keymanage.c:1028 -#, c-format -msgid "Key slot %d unlocked." -msgstr "密钥槽 %d 已解é”。" +#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270 +msgid "PBKDF2 iteration value overflow." +msgstr "PBKDF2 è¿ä»£å€¼æº¢å‡ºã€‚" + +#: lib/luks1/keymanage.c:1040 +#, fuzzy, c-format +#| msgid "Key processing error (using hash %s)." +msgid "Cannot open keyslot (using hash %s)." +msgstr "密钥处ç†é”™è¯¯ï¼ˆä½¿ç”¨æ•£åˆ— %s)。" -#: lib/luks1/keymanage.c:1080 +#: lib/luks1/keymanage.c:1118 #, fuzzy, c-format #| msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "密钥槽 %d æ— æ•ˆï¼Œè¯·é€‰æ‹©æ ‡å· 0 到 %d 间的密钥槽。\n" -#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:450 +#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:716 #, c-format msgid "Cannot wipe device %s." msgstr "æ— æ³•æ“¦é™¤è®¾å¤‡ %s。" #: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" +#, fuzzy +#| msgid "Detected not yet supported GPG encrypted keyfile.\n" +msgid "Detected not yet supported GPG encrypted keyfile." msgstr "探测到未支æŒçš„ GPG åŠ å¯†å¯†é’¥æ–‡ä»¶ã€‚\n" #: lib/loopaes/loopaes.c:147 @@ -826,630 +1220,1502 @@ msgstr "请使用 gpg --decrypt <密钥文件> | cryptsetup --keyfile=- ...\n" msgid "Incompatible loop-AES keyfile detected." msgstr "探测到ä¸å…¼å®¹çš„ loop-AES 密钥文件。" -#: lib/loopaes/loopaes.c:246 +#: lib/loopaes/loopaes.c:245 #, fuzzy #| msgid "Kernel doesn't support loop-AES compatible mapping.\n" -msgid "Kernel doesn't support loop-AES compatible mapping." +msgid "Kernel does not support loop-AES compatible mapping." msgstr "å†…æ ¸ä¸æ”¯æŒ loop-AES å…¼å®¹æ˜ å°„ã€‚\n" -#: lib/tcrypt/tcrypt.c:482 +#: lib/tcrypt/tcrypt.c:510 #, c-format msgid "Error reading keyfile %s." msgstr "读å–密钥文件 %s 出错。" -#: lib/tcrypt/tcrypt.c:522 -#, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded." +#: lib/tcrypt/tcrypt.c:560 +#, fuzzy, c-format +#| msgid "Maximum TCRYPT passphrase length (%d) exceeded." +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "超出 TCRYPT å£ä»¤æœ€å¤§é•¿åº¦é™åˆ¶ (%d)。" -#: lib/tcrypt/tcrypt.c:563 +#: lib/tcrypt/tcrypt.c:602 #, c-format msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "PBKDF2 哈希算法 %s ä¸å¯ç”¨ï¼Œå°†è·³è¿‡ã€‚" -#: lib/tcrypt/tcrypt.c:581 src/cryptsetup.c:820 +#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1227 msgid "Required kernel crypto interface not available." msgstr "æ— æ³•æ‰¾åˆ°æ‰€éœ€çš„å†…æ ¸åŠ å¯†æŽ¥å£ã€‚" -#: lib/tcrypt/tcrypt.c:583 src/cryptsetup.c:822 +#: lib/tcrypt/tcrypt.c:623 src/cryptsetup.c:1229 msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "è¯·ç¡®å®šæ‚¨å·²è½½å…¥å†…æ ¸æ¨¡å— algif_skcipher。" -#: lib/tcrypt/tcrypt.c:729 +#: lib/tcrypt/tcrypt.c:764 #, c-format msgid "Activation is not supported for %d sector size." msgstr "扇区大å°ä¸º %d æ—¶ä¸æ”¯æŒæ¿€æ´»ã€‚" -#: lib/tcrypt/tcrypt.c:735 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode." +#: lib/tcrypt/tcrypt.c:770 +#, fuzzy +#| msgid "Kernel doesn't support activation for this TCRYPT legacy mode." +msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "å†…æ ¸ä¸æ”¯æŒæ¿€æ´»æ¤å¤„çš„æ—§ TCRYPT 模å¼ã€‚" -#: lib/tcrypt/tcrypt.c:769 +#: lib/tcrypt/tcrypt.c:801 #, c-format msgid "Activating TCRYPT system encryption for partition %s." msgstr "æ£åœ¨ä¸ºåˆ†åŒº %s 激活 TCRYPT ç³»ç»ŸåŠ å¯†ã€‚" -#: lib/tcrypt/tcrypt.c:837 -msgid "Kernel doesn't support TCRYPT compatible mapping." +#: lib/tcrypt/tcrypt.c:884 +#, fuzzy +#| msgid "Kernel doesn't support TCRYPT compatible mapping." +msgid "Kernel does not support TCRYPT compatible mapping." msgstr "å†…æ ¸ä¸æ”¯æŒ TCRYPT å…¼å®¹æ˜ å°„ã€‚" -#: lib/tcrypt/tcrypt.c:1052 +#: lib/tcrypt/tcrypt.c:1097 msgid "This function is not supported without TCRYPT header load." msgstr "未载入 TCRYPT æ ‡å¤´æ—¶ä¸æ”¯æŒæ¤åŠŸèƒ½ã€‚" -#: lib/verity/verity.c:69 lib/verity/verity.c:175 +#: lib/bitlk/bitlk.c:278 #, c-format -msgid "Verity device %s doesn't use on-disk header." -msgstr "Verity 设备 %s 未使用ç£ç›˜ä¸Šçš„æ ‡å¤´ã€‚" +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:337 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "" -#: lib/verity/verity.c:94 +#: lib/bitlk/bitlk.c:341 #, c-format -msgid "Device %s is not a valid VERITY device." -msgstr "%s ä¸æ˜¯æœ‰æ•ˆçš„ VERITY 设备。" +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "" -#: lib/verity/verity.c:101 +#: lib/bitlk/bitlk.c:358 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:460 +msgid "BITLK version 1 is currently not supported." +msgstr "" + +#: lib/bitlk/bitlk.c:466 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:478 +#, fuzzy, c-format +#| msgid "Unsupported encryption sector size." +msgid "Unsupported sector size %<PRIu16>." +msgstr "ä¸æ”¯æŒçš„åŠ å¯†æ‰‡åŒºå¤§å°ã€‚" + +#: lib/bitlk/bitlk.c:486 +#, fuzzy, c-format +#| msgid "Failed to read LUKS2 requirements." +msgid "Failed to read BITLK header from %s." +msgstr "è¯»å– LUKS2 需求时失败。" + +#: lib/bitlk/bitlk.c:511 +#, fuzzy, c-format +#| msgid "Failed to read LUKS2 requirements." +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "è¯»å– LUKS2 需求时失败。" + +#: lib/bitlk/bitlk.c:562 +#, fuzzy +#| msgid "Unsupported encryption sector size." +msgid "Unknown or unsupported encryption type." +msgstr "ä¸æ”¯æŒçš„åŠ å¯†æ‰‡åŒºå¤§å°ã€‚" + +#: lib/bitlk/bitlk.c:602 +#, fuzzy, c-format +#| msgid "Failed to read LUKS2 requirements." +msgid "Failed to read BITLK metadata entries from %s." +msgstr "è¯»å– LUKS2 需求时失败。" + +#: lib/bitlk/bitlk.c:719 +msgid "Failed to convert BITLK volume description" +msgstr "" + +#: lib/bitlk/bitlk.c:884 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing external key." +msgstr "" + +#: lib/bitlk/bitlk.c:907 +#, fuzzy, c-format +#| msgid "Volume key does not match the volume." +msgid "BEK file GUID '%s' does not match GUID of the volume." +msgstr "å·å¯†é’¥ä¸Žå·ä¸åŒ¹é…。" + +#: lib/bitlk/bitlk.c:911 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing external key." +msgstr "" + +#: lib/bitlk/bitlk.c:950 +#, fuzzy, c-format +#| msgid "Unsupported LUKS version %d." +msgid "Unsupported BEK metadata version %<PRIu32>" +msgstr "ä¸æ”¯æŒçš„ LUKS 版本 %d。" + +#: lib/bitlk/bitlk.c:955 +#, c-format +msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length" +msgstr "" + +#: lib/bitlk/bitlk.c:981 +msgid "Unexpected metadata entry found when parsing startup key." +msgstr "" + +#: lib/bitlk/bitlk.c:1076 +#, fuzzy +#| msgid "This operation is not supported for %s crypt device." +msgid "This operation is not supported." +msgstr "ä¸æ”¯æŒåœ¨ %s åŠ å¯†è®¾å¤‡ä¸Šæ‰§è¡Œæ¤æ“作。" + +#: lib/bitlk/bitlk.c:1084 +msgid "Unexpected key data size." +msgstr "" + +#: lib/bitlk/bitlk.c:1210 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:1215 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:1222 +#, fuzzy +#| msgid "Activation of temporary devices failed." +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "激活临时设备失败。" + +#: lib/bitlk/bitlk.c:1263 +#, c-format +msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>" +msgstr "" + +#: lib/bitlk/bitlk.c:1390 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "" + +#: lib/bitlk/bitlk.c:1394 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "" + +#: lib/bitlk/bitlk.c:1398 +#, fuzzy +#| msgid "Activation is not supported for %d sector size." +msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size." +msgstr "扇区大å°ä¸º %d æ—¶ä¸æ”¯æŒæ¿€æ´»ã€‚" + +#: lib/bitlk/bitlk.c:1402 +msgid "Cannot activate device, kernel dm-zero module is missing." +msgstr "" + +#: lib/fvault2/fvault2.c:542 +#, fuzzy, c-format +#| msgid "Cannot read %d bytes from keyfile %s.\n" +msgid "Could not read %u bytes of volume header." +msgstr "æ— æ³•ä»Žå¯†é’¥æ–‡ä»¶ %2$s è¯»å– %1$d å—节。\n" + +#: lib/fvault2/fvault2.c:554 +#, fuzzy, c-format +#| msgid "Unsupported VERITY version %d." +msgid "Unsupported FVAULT2 version %<PRIu16>." +msgstr "ä¸æ”¯æŒçš„ VERITY 版本 %d。" + +#: lib/verity/verity.c:68 lib/verity/verity.c:182 +#, fuzzy, c-format +#| msgid "Verity device %s doesn't use on-disk header." +msgid "Verity device %s does not use on-disk header." +msgstr "Verity 设备 %s 未使用ç£ç›˜ä¸Šçš„æ ‡å¤´ã€‚" + +#: lib/verity/verity.c:96 #, c-format msgid "Unsupported VERITY version %d." msgstr "ä¸æ”¯æŒçš„ VERITY 版本 %d。" -#: lib/verity/verity.c:132 +#: lib/verity/verity.c:131 msgid "VERITY header corrupted." msgstr "VERITY æ ‡å¤´æŸå。" -#: lib/verity/verity.c:169 +#: lib/verity/verity.c:176 #, fuzzy, c-format #| msgid "Wrong VERITY UUID format provided on device %s.\n" msgid "Wrong VERITY UUID format provided on device %s." msgstr "为设备 %s æ供的 VERITY UUID 错误。\n" -#: lib/verity/verity.c:202 +#: lib/verity/verity.c:220 #, fuzzy, c-format #| msgid "Error during update of verity header on device %s.\n" msgid "Error during update of verity header on device %s." msgstr "更新设备 %s 上的 VERITY æ ‡å¤´æ—¶å‡ºé”™ã€‚\n" -#: lib/verity/verity.c:259 +#: lib/verity/verity.c:274 +#, fuzzy +#| msgid "Requested sector_size option is not supported." +msgid "Root hash signature verification is not supported." +msgstr "ä¸æ”¯æŒè¯·æ±‚çš„ sector_size 选项。" + +#: lib/verity/verity.c:279 +msgid "Root hash signature required." +msgstr "" + +#: lib/verity/verity.c:294 msgid "Errors cannot be repaired with FEC device." msgstr "" -#: lib/verity/verity.c:261 +#: lib/verity/verity.c:296 #, c-format msgid "Found %u repairable errors with FEC device." msgstr "" -#: lib/verity/verity.c:305 -msgid "Kernel doesn't support dm-verity mapping." +#: lib/verity/verity.c:377 +#, fuzzy +#| msgid "Kernel doesn't support dm-verity mapping." +msgid "Kernel does not support dm-verity mapping." msgstr "å†…æ ¸ä¸æ”¯æŒ dm-verity æ˜ å°„ã€‚" -#: lib/verity/verity.c:316 +#: lib/verity/verity.c:381 +#, fuzzy +#| msgid "Kernel doesn't support dm-verity mapping." +msgid "Kernel does not support dm-verity signature option." +msgstr "å†…æ ¸ä¸æ”¯æŒ dm-verity æ˜ å°„ã€‚" + +#: lib/verity/verity.c:392 #, fuzzy #| msgid "Verity device detected corruption after activation.\n" msgid "Verity device detected corruption after activation." msgstr "在 VERITY 设备激活åŽæŽ¢æµ‹åˆ°æŸå。\n" -#: lib/verity/verity_hash.c:59 +#: lib/verity/verity_hash.c:66 #, fuzzy, c-format #| msgid "Spare area is not zeroed at position %<PRIu64>.\n" msgid "Spare area is not zeroed at position %<PRIu64>." msgstr "备用区ä½ç½® %<PRIu64> 未清零。\n" -#: lib/verity/verity_hash.c:160 lib/verity/verity_hash.c:287 -#: lib/verity/verity_hash.c:300 +#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300 +#: lib/verity/verity_hash.c:311 msgid "Device offset overflow." msgstr "设备å移é‡æº¢å‡ºã€‚" -#: lib/verity/verity_hash.c:200 +#: lib/verity/verity_hash.c:218 #, fuzzy, c-format #| msgid "Verification failed at position %<PRIu64>.\n" msgid "Verification failed at position %<PRIu64>." msgstr "在 %<PRIu64> 上å‘生检验错误。\n" -#: lib/verity/verity_hash.c:273 -#, fuzzy -#| msgid "Invalid size parameters for verity device.\n" -msgid "Invalid size parameters for verity device." -msgstr "为 VERITY 设备æ供的大å°æŒ‡æ ‡æ— 效。\n" - -#: lib/verity/verity_hash.c:293 +#: lib/verity/verity_hash.c:307 msgid "Hash area overflow." msgstr "哈希区域溢出。" -#: lib/verity/verity_hash.c:370 +#: lib/verity/verity_hash.c:380 msgid "Verification of data area failed." msgstr "æ•°æ®åŒºæ£€éªŒå¤±è´¥ã€‚" -#: lib/verity/verity_hash.c:375 +#: lib/verity/verity_hash.c:385 msgid "Verification of root hash failed." msgstr "æ ¹å“ˆå¸Œå€¼æ£€éªŒå¤±è´¥ã€‚" -#: lib/verity/verity_hash.c:381 +#: lib/verity/verity_hash.c:391 #, fuzzy #| msgid "Input/output error while creating hash area.\n" msgid "Input/output error while creating hash area." msgstr "创建哈希数æ®åŒºæ—¶å‘生输入/输出错误。\n" -#: lib/verity/verity_hash.c:383 +#: lib/verity/verity_hash.c:393 msgid "Creation of hash area failed." msgstr "创建哈希区失败。" -#: lib/verity/verity_hash.c:430 +#: lib/verity/verity_hash.c:428 #, fuzzy, c-format #| msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u).\n" msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." msgstr "è¦å‘Šï¼šå¦‚æ•°æ®å—大å°è¶…过内å˜åˆ†é¡µå¤§å°ï¼Œå†…æ ¸å°†æ— æ³•æ¿€æ´»è®¾å¤‡ (%u)。\n" -#: lib/verity/verity_fec.c:132 +#: lib/verity/verity_fec.c:131 #, fuzzy #| msgid "Failed to open key file.\n" msgid "Failed to allocate RS context." msgstr "打开 (open) 密钥文件失败。\n" # stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ -#: lib/verity/verity_fec.c:147 +#: lib/verity/verity_fec.c:149 #, fuzzy #| msgid "Failed to stat key file.\n" msgid "Failed to allocate buffer." msgstr "èŽ·å– (stat) 密钥文件统计数æ®å¤±è´¥ã€‚\n" -#: lib/verity/verity_fec.c:157 +#: lib/verity/verity_fec.c:159 #, fuzzy, c-format #| msgid "Failed to access temporary keystore device.\n" msgid "Failed to read RS block %<PRIu64> byte %d." msgstr "æ— æ³•è®¿é—®ä¸´æ—¶å¯†é’¥å˜å‚¨è®¾å¤‡ã€‚\n" -#: lib/verity/verity_fec.c:170 +#: lib/verity/verity_fec.c:172 #, fuzzy, c-format #| msgid "Failed to access temporary keystore device.\n" msgid "Failed to read parity for RS block %<PRIu64>." msgstr "æ— æ³•è®¿é—®ä¸´æ—¶å¯†é’¥å˜å‚¨è®¾å¤‡ã€‚\n" -#: lib/verity/verity_fec.c:177 +#: lib/verity/verity_fec.c:180 #, fuzzy, c-format #| msgid "Failed to access temporary keystore device.\n" msgid "Failed to repair parity for block %<PRIu64>." msgstr "æ— æ³•è®¿é—®ä¸´æ—¶å¯†é’¥å˜å‚¨è®¾å¤‡ã€‚\n" -#: lib/verity/verity_fec.c:188 +#: lib/verity/verity_fec.c:192 #, fuzzy, c-format #| msgid "Failed to access temporary keystore device.\n" msgid "Failed to write parity for RS block %<PRIu64>." msgstr "æ— æ³•è®¿é—®ä¸´æ—¶å¯†é’¥å˜å‚¨è®¾å¤‡ã€‚\n" -#: lib/verity/verity_fec.c:223 +#: lib/verity/verity_fec.c:208 msgid "Block sizes must match for FEC." msgstr "" -#: lib/verity/verity_fec.c:229 +#: lib/verity/verity_fec.c:214 msgid "Invalid number of parity bytes." msgstr "" -#: lib/verity/verity_fec.c:265 +#: lib/verity/verity_fec.c:248 +msgid "Invalid FEC segment length." +msgstr "" + +#: lib/verity/verity_fec.c:316 #, fuzzy, c-format #| msgid "Failed to open temporary keystore device.\n" msgid "Failed to determine size for device %s." msgstr "打开临时密钥å˜å‚¨è®¾å¤‡å¤±è´¥ã€‚\n" -#: lib/integrity/integrity.c:219 lib/integrity/integrity.c:270 +#: lib/integrity/integrity.c:57 +#, c-format +msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s." +msgstr "" + +#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:454 #, fuzzy #| msgid "Kernel doesn't support dm-verity mapping.\n" -msgid "Kernel doesn't support dm-integrity mapping." +msgid "Kernel does not support dm-integrity mapping." msgstr "å†…æ ¸ä¸æ”¯æŒ dm-verity æ˜ å°„ã€‚\n" -#: lib/luks2/luks2_disk_metadata.c:364 +#: lib/integrity/integrity.c:283 +#, fuzzy +#| msgid "Kernel doesn't support dm-verity mapping.\n" +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "å†…æ ¸ä¸æ”¯æŒ dm-verity æ˜ å°„ã€‚\n" + +#: lib/integrity/integrity.c:292 +msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)." +msgstr "" + +#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1197 +#: lib/luks2/luks2_json_metadata.c:1520 #, c-format -msgid "Device %s is too small. (LUKS2 requires at least %<PRIu64> bytes.)" -msgstr "设备 %s 过å°ã€‚(LUKS2 需è¦è‡³å°‘ %<PRIu64> å—节。)" +msgid "Failed to acquire write lock on device %s." +msgstr "æ— æ³•èŽ·å–设备 %s 上的写入é”。" -#: lib/luks2/luks2_disk_metadata.c:428 -msgid "Failed to acquire write device lock." -msgstr "æ— æ³•èŽ·å–写入设备é”。" +#: lib/luks2/luks2_disk_metadata.c:400 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "" -#: lib/luks2/luks2_json_format.c:99 +#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" + +#: lib/luks2/luks2_json_format.c:231 +#, c-format +msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "" + +#: lib/luks2/luks2_json_format.c:427 #, fuzzy -#| msgid "Failed to swap new key slot.\n" -msgid "No space for new keyslot." -msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚\n" +#| msgid "Device %s is too small." +msgid "Requested data offset is too small." +msgstr "设备 %s 太å°ã€‚" -#: lib/luks2/luks2_json_metadata.c:851 lib/luks2/luks2_json_metadata.c:974 -#: lib/luks2/luks2_json_metadata.c:1047 lib/luks2/luks2_keyslot_luks2.c:103 -#: lib/luks2/luks2_keyslot_luks2.c:126 +#: lib/luks2/luks2_json_format.c:468 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n" +msgstr "" + +#: lib/luks2/luks2_json_format.c:472 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n" +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1184 lib/luks2/luks2_json_metadata.c:1366 +#: lib/luks2/luks2_json_metadata.c:1426 lib/luks2/luks2_keyslot_luks2.c:94 +#: lib/luks2/luks2_keyslot_luks2.c:116 #, c-format msgid "Failed to acquire read lock on device %s." msgstr "æ— æ³•èŽ·å–设备 %s 的读å–é”。" -#: lib/luks2/luks2_json_metadata.c:1064 +#: lib/luks2/luks2_json_metadata.c:1443 #, c-format msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1105 +#: lib/luks2/luks2_json_metadata.c:1484 #, fuzzy #| msgid "Data offset or key size differs on device and backup, restore failed.\n" msgid "Data offset differ on device and backup, restore failed." msgstr "æºè®¾å¤‡å’Œå¤‡ä»½ä¸Šçš„æ•°æ®å移或密钥大å°ä¸ç¬¦ï¼Œæ¢å¤å¤±è´¥ã€‚\n" -#: lib/luks2/luks2_json_metadata.c:1111 +#: lib/luks2/luks2_json_metadata.c:1490 #, fuzzy #| msgid "Data offset or key size differs on device and backup, restore failed.\n" msgid "Binary header with keyslot areas size differ on device and backup, restore failed." msgstr "æºè®¾å¤‡å’Œå¤‡ä»½ä¸Šçš„æ•°æ®å移或密钥大å°ä¸ç¬¦ï¼Œæ¢å¤å¤±è´¥ã€‚\n" -#: lib/luks2/luks2_json_metadata.c:1118 +#: lib/luks2/luks2_json_metadata.c:1497 #, c-format msgid "Device %s %s%s%s%s" msgstr "设备 %s %s%s%s%s" -#: lib/luks2/luks2_json_metadata.c:1119 +#: lib/luks2/luks2_json_metadata.c:1498 #, fuzzy #| msgid "does not contain LUKS header. Replacing header can destroy data on that device." msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." msgstr "ä¸åŒ…å« LUKS æ ‡å¤´ã€‚æ›¿æ¢æ ‡å¤´å¯èƒ½æŸæ¯è®¾å¤‡ä¸Šçš„æ•°æ®ã€‚" -#: lib/luks2/luks2_json_metadata.c:1120 +#: lib/luks2/luks2_json_metadata.c:1499 #, fuzzy #| msgid "already contains LUKS header. Replacing header will destroy existing keyslots." msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." msgstr "å·²åŒ…å« LUKS æ ‡å¤´ã€‚æ›¿æ¢æ ‡å¤´å°†æŸæ¯å·²å˜åœ¨çš„密钥槽。" -#: lib/luks2/luks2_json_metadata.c:1122 +#: lib/luks2/luks2_json_metadata.c:1501 msgid "" "\n" "WARNING: unknown LUKS2 requirements detected in real device header!\n" "Replacing header with backup may corrupt the data on that device!" msgstr "" -#: lib/luks2/luks2_json_metadata.c:1124 +#: lib/luks2/luks2_json_metadata.c:1503 msgid "" "\n" "WARNING: Unfinished offline reencryption detected on the device!\n" "Replacing header with backup may corrupt data." msgstr "" -#: lib/luks2/luks2_json_metadata.c:1226 +#: lib/luks2/luks2_json_metadata.c:1600 #, c-format msgid "Ignored unknown flag %s." msgstr "å·²å¿½ç•¥æœªçŸ¥æ——æ ‡ %s。" -#: lib/luks2/luks2_json_metadata.c:1923 +#: lib/luks2/luks2_json_metadata.c:2525 lib/luks2/luks2_reencrypt.c:2090 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "" + +# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ +#: lib/luks2/luks2_json_metadata.c:2537 lib/luks2/luks2_reencrypt.c:2104 +#, fuzzy +#| msgid "Failed to set pbkdf parameters." +msgid "Failed to set dm-crypt segment." +msgstr "设置 pbkdf å‚数失败。" + +# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ +#: lib/luks2/luks2_json_metadata.c:2543 lib/luks2/luks2_reencrypt.c:2110 +#, fuzzy +#| msgid "Failed to set pbkdf parameters." +msgid "Failed to set dm-linear segment." +msgstr "设置 pbkdf å‚数失败。" + +#: lib/luks2/luks2_json_metadata.c:2661 src/utils_reencrypt.c:433 +#, fuzzy +#| msgid "No known cipher specification pattern detected.\n" +msgid "No known cipher specification pattern detected in LUKS2 header." +msgstr "未探测到已知的密文特å¾ã€‚\n" + +#: lib/luks2/luks2_json_metadata.c:2669 +msgid "OPAL device must have static device size." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2689 +msgid "Encrypted OPAL device with integrity must be smaller than locking range." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2694 +msgid "OPAL device must have same size as locking range." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2736 +msgid "Unsupported device integrity configuration." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2752 +msgid "Underlying dm-integrity device with unexpected provided data sectors." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2845 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2856 lib/luks2/luks2_reencrypt.c:4159 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2925 lib/luks2/luks2_json_metadata.c:2939 +#, c-format +msgid "Device %s was deactivated but hardware OPAL device cannot be locked." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2957 msgid "Failed to read LUKS2 requirements." msgstr "è¯»å– LUKS2 需求时失败。" -#: lib/luks2/luks2_json_metadata.c:1930 +#: lib/luks2/luks2_json_metadata.c:2964 msgid "Unmet LUKS2 requirements detected." msgstr "探测到未满足的 LUKS2 需求。" -#: lib/luks2/luks2_json_metadata.c:1938 -msgid "Offline reencryption in progress. Aborting." -msgstr "æ£åœ¨è¿›è¡Œç¦»çº¿é‡åŠ 密。ä¸æ¢ã€‚" +#: lib/luks2/luks2_json_metadata.c:2972 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2974 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2976 +msgid "Operation incompatible with device using OPAL. Aborting." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:602 +msgid "Not enough available memory to open a keyslot." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:604 +#, fuzzy +#| msgid "Keyslot %i: salt wiped." +msgid "Keyslot open failed." +msgstr "密钥槽 %i: 已清除ç›ã€‚" + +#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "" + +#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:404 +#: lib/luks2/luks2_keyslot_reenc.c:447 lib/luks2/luks2_reencrypt.c:2714 +#, c-format +msgid "Hash algorithm %s is not available." +msgstr "哈希算法 %s ä¸å¯ç”¨ã€‚" + +#: lib/luks2/luks2_keyslot_luks2.c:371 +msgid "Warning: keyslot operation could fail as it requires more than available memory.\n" +msgstr "" + +#: lib/luks2/luks2_keyslot_luks2.c:520 +#, fuzzy +#| msgid "Failed to swap new key slot.\n" +msgid "No space for new keyslot." +msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚\n" + +#: lib/luks2/luks2_keyslot_reenc.c:596 +msgid "Invalid reencryption resilience mode change requested." +msgstr "" + +#: lib/luks2/luks2_keyslot_reenc.c:717 +#, c-format +msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes." +msgstr "" + +#: lib/luks2/luks2_keyslot_reenc.c:727 +msgid "Failed to refresh reencryption verification digest." +msgstr "" -#: lib/luks2/luks2_luks1_convert.c:477 +#: lib/luks2/luks2_luks1_convert.c:545 #, fuzzy, c-format #| msgid "Cannot check password quality: %s\n" -msgid "Can not check status of device with uuid: %s." +msgid "Cannot check status of device with uuid: %s." msgstr "æ— æ³•æ£€æŸ¥å¯†ç è´¨é‡ï¼š%s\n" -#: lib/luks2/luks2_luks1_convert.c:503 +#: lib/luks2/luks2_luks1_convert.c:571 msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "" -#: lib/luks2/luks2_luks1_convert.c:540 +#: lib/luks2/luks2_luks1_convert.c:602 lib/luks2/luks2_reencrypt.c:3795 +#, c-format +msgid "Unable to use cipher specification %s-%s for LUKS2." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:617 msgid "Unable to move keyslot area. Not enough space." msgstr "æ— æ³•ç§»åŠ¨å¯†é’¥æ§½åŒºåŸŸã€‚ç©ºé—´ä¸è¶³ã€‚" -#: lib/luks2/luks2_luks1_convert.c:580 lib/luks2/luks2_luks1_convert.c:846 +#: lib/luks2/luks2_luks1_convert.c:652 +#, fuzzy +#| msgid "LUKS keyslot %u is invalid.\n" +msgid "Cannot convert to LUKS2 format - invalid metadata." +msgstr "LUKS 密钥槽 %u æ— æ•ˆã€‚\n" + +#: lib/luks2/luks2_luks1_convert.c:669 +#, fuzzy +#| msgid "Unable to move keyslot area. Not enough space." +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "æ— æ³•ç§»åŠ¨å¯†é’¥æ§½åŒºåŸŸã€‚ç©ºé—´ä¸è¶³ã€‚" + +#: lib/luks2/luks2_luks1_convert.c:675 lib/luks2/luks2_luks1_convert.c:969 msgid "Unable to move keyslot area." msgstr "æ— æ³•ç§»åŠ¨å¯†é’¥æ§½åŒºåŸŸã€‚" -#: lib/luks2/luks2_luks1_convert.c:668 +#: lib/luks2/luks2_luks1_convert.c:765 +#, fuzzy +#| msgid "LUKS keyslot %u is invalid.\n" +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "LUKS 密钥槽 %u æ— æ•ˆã€‚\n" + +#: lib/luks2/luks2_luks1_convert.c:773 #, fuzzy #| msgid "LUKS keyslot %u is invalid.\n" msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "LUKS 密钥槽 %u æ— æ•ˆã€‚\n" -#: lib/luks2/luks2_luks1_convert.c:677 +#: lib/luks2/luks2_luks1_convert.c:785 #, fuzzy, c-format #| msgid "LUKS keyslot %u is invalid.\n" msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." msgstr "LUKS 密钥槽 %u æ— æ•ˆã€‚\n" -#: lib/luks2/luks2_luks1_convert.c:685 +#: lib/luks2/luks2_luks1_convert.c:790 +#, fuzzy +#| msgid "LUKS keyslot %u is invalid.\n" +msgid "Cannot convert to LUKS1 format - device uses more segments." +msgstr "LUKS 密钥槽 %u æ— æ•ˆã€‚\n" + +#: lib/luks2/luks2_luks1_convert.c:798 #, fuzzy, c-format #| msgid "LUKS keyslot %u is invalid.\n" msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." msgstr "LUKS 密钥槽 %u æ— æ•ˆã€‚\n" -#: lib/luks2/luks2_luks1_convert.c:699 +#: lib/luks2/luks2_luks1_convert.c:812 #, fuzzy, c-format #| msgid "LUKS keyslot %u is invalid.\n" msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." msgstr "LUKS 密钥槽 %u æ— æ•ˆã€‚\n" -#: lib/luks2/luks2_luks1_convert.c:704 +#: lib/luks2/luks2_luks1_convert.c:817 #, fuzzy, c-format #| msgid "LUKS keyslot %u is invalid.\n" msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." msgstr "LUKS 密钥槽 %u æ— æ•ˆã€‚\n" -#: lib/luks2/luks2_luks1_convert.c:709 +#: lib/luks2/luks2_luks1_convert.c:822 #, fuzzy, c-format #| msgid "LUKS keyslot %u is invalid.\n" msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." msgstr "LUKS 密钥槽 %u æ— æ•ˆã€‚\n" -#: lib/luks2/luks2_token.c:266 +#: lib/luks2/luks2_reencrypt.c:1181 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1186 +#, fuzzy, c-format +#| msgid "Device %s size is not aligned to requested sector size (%u bytes)." +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "设备 %s 的大å°æ²¡æœ‰å’Œè¯·æ±‚的扇区大å°å¯¹é½ï¼ˆ%u å—节)。" + +#: lib/luks2/luks2_reencrypt.c:1393 lib/luks2/luks2_reencrypt.c:1580 +#: lib/luks2/luks2_reencrypt.c:1663 lib/luks2/luks2_reencrypt.c:1705 +#: lib/luks2/luks2_reencrypt.c:3954 #, fuzzy -#| msgid "Failed to swap new key slot.\n" -msgid "No free token slot." -msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚\n" +#| msgid "Failed to initialise default LUKS2 keyslot parameters." +msgid "Failed to initialize old segment storage wrapper." +msgstr "åˆå§‹åŒ–默认 LUKS2 密钥槽å‚数失败。" + +#: lib/luks2/luks2_reencrypt.c:1407 lib/luks2/luks2_reencrypt.c:1558 +#, fuzzy +#| msgid "Failed to initialise default LUKS2 keyslot parameters." +msgid "Failed to initialize new segment storage wrapper." +msgstr "åˆå§‹åŒ–默认 LUKS2 密钥槽å‚数失败。" + +#: lib/luks2/luks2_reencrypt.c:1534 lib/luks2/luks2_reencrypt.c:3966 +#, fuzzy +#| msgid "Failed to open key file.\n" +msgid "Failed to initialize hotzone protection." +msgstr "打开 (open) 密钥文件失败。\n" + +#: lib/luks2/luks2_reencrypt.c:1607 +#, fuzzy +#| msgid "Failed to read requirements from backup header." +msgid "Failed to read checksums for current hotzone." +msgstr "ä»Žå¤‡ä»½æ ‡å¤´è¯»å–需求失败。" + +#: lib/luks2/luks2_reencrypt.c:1614 lib/luks2/luks2_reencrypt.c:3980 +#, fuzzy, c-format +#| msgid "Failed to access temporary keystore device.\n" +msgid "Failed to read hotzone area starting at %<PRIu64>." +msgstr "æ— æ³•è®¿é—®ä¸´æ—¶å¯†é’¥å˜å‚¨è®¾å¤‡ã€‚\n" # stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ -#: lib/luks2/luks2_token.c:274 +#: lib/luks2/luks2_reencrypt.c:1633 #, fuzzy, c-format #| msgid "Failed to stat key file.\n" -msgid "Failed to create builtin token %s." +msgid "Failed to decrypt sector %zu." msgstr "èŽ·å– (stat) 密钥文件统计数æ®å¤±è´¥ã€‚\n" -#: src/cryptsetup.c:132 +#: lib/luks2/luks2_reencrypt.c:1639 +#, fuzzy, c-format +#| msgid "Failed to open key file.\n" +msgid "Failed to recover sector %zu." +msgstr "打开 (open) 密钥文件失败。\n" + +#: lib/luks2/luks2_reencrypt.c:2203 +#, c-format +msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2301 +#, fuzzy, c-format +#| msgid "Failed to acquire write lock on device %s." +msgid "Failed to activate hotzone device %s." +msgstr "æ— æ³•èŽ·å–设备 %s 上的写入é”。" + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2325 +#, fuzzy, c-format +#| msgid "Failed to open temporary keystore device.\n" +msgid "Failed to load new mapping for device %s." +msgstr "打开临时密钥å˜å‚¨è®¾å¤‡å¤±è´¥ã€‚\n" + +#: lib/luks2/luks2_reencrypt.c:2396 #, fuzzy -#| msgid "Can't do passphrase verification on non-tty inputs.\n" -msgid "Can't do passphrase verification on non-tty inputs." -msgstr "æ— æ³•ä»Žéž TTY 输入验è¯å¯†ç 。\n" +#| msgid "Failed to acquire read lock on device %s." +msgid "Failed to refresh reencryption devices stack." +msgstr "æ— æ³•èŽ·å–设备 %s 的读å–é”。" -#: src/cryptsetup.c:185 src/cryptsetup.c:760 src/cryptsetup.c:995 -#: src/cryptsetup_reencrypt.c:743 src/cryptsetup_reencrypt.c:817 +#: lib/luks2/luks2_reencrypt.c:2596 +#, fuzzy +#| msgid "Failed to swap new key slot." +msgid "Failed to set new keyslots area size." +msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚" + +#: lib/luks2/luks2_reencrypt.c:2732 +#, fuzzy, c-format +#| msgid "Device %s size is not aligned to requested sector size (%u bytes)." +msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)." +msgstr "设备 %s 的大å°æ²¡æœ‰å’Œè¯·æ±‚的扇区大å°å¯¹é½ï¼ˆ%u å—节)。" + +#: lib/luks2/luks2_reencrypt.c:2769 src/utils_reencrypt.c:189 +#, fuzzy, c-format +#| msgid "Unsupported LUKS version %d." +msgid "Unsupported resilience mode %s" +msgstr "ä¸æ”¯æŒçš„ LUKS 版本 %d。" + +#: lib/luks2/luks2_reencrypt.c:2806 +msgid "Moved segment size can not be greater than data shift value." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2848 +#, fuzzy +#| msgid "Invalid plain crypt parameters." +msgid "Invalid reencryption resilience parameters." +msgstr "æ— æ•ˆçš„çº¯åŠ å¯†é€‰é¡¹ã€‚" + +#: lib/luks2/luks2_reencrypt.c:2870 +#, c-format +msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>." +msgstr "" + +# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ +#: lib/luks2/luks2_reencrypt.c:2957 +#, fuzzy +#| msgid "Failed to stat key file.\n" +msgid "Failed to clear table." +msgstr "èŽ·å– (stat) 密钥文件统计数æ®å¤±è´¥ã€‚\n" + +#: lib/luks2/luks2_reencrypt.c:3043 +msgid "Reduced data size is larger than real device size." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3050 +#, fuzzy, c-format +#| msgid "Device %s size is not aligned to requested sector size (%u bytes)." +msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)." +msgstr "设备 %s 的大å°æ²¡æœ‰å’Œè¯·æ±‚的扇区大å°å¯¹é½ï¼ˆ%u å—节)。" + +#: lib/luks2/luks2_reencrypt.c:3084 +#, c-format +msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3091 lib/luks2/luks2_reencrypt.c:3589 +#: lib/luks2/luks2_reencrypt.c:3610 +#, fuzzy, c-format +#| msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "æ— æ³•ä½¿ç”¨æ£è¢«ä½¿ç”¨çš„设备 %sï¼ˆå·²è¢«æ˜ å°„æˆ–æŒ‚è½½ï¼‰ã€‚" + +#: lib/luks2/luks2_reencrypt.c:3280 +msgid "Device not marked for LUKS2 reencryption." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3297 lib/luks2/luks2_reencrypt.c:4271 +#, fuzzy +#| msgid "Failed to open key file.\n" +msgid "Failed to load LUKS2 reencryption context." +msgstr "打开 (open) 密钥文件失败。\n" + +#: lib/luks2/luks2_reencrypt.c:3387 +#, fuzzy +#| msgid "Failed to open key file.\n" +msgid "Failed to get reencryption state." +msgstr "打开 (open) 密钥文件失败。\n" + +#: lib/luks2/luks2_reencrypt.c:3391 lib/luks2/luks2_reencrypt.c:3705 +#, fuzzy +#| msgid "Device %s is not active." +msgid "Device is not in reencryption." +msgstr "设备 %s 未激活。" + +#: lib/luks2/luks2_reencrypt.c:3398 lib/luks2/luks2_reencrypt.c:3712 +#, fuzzy +#| msgid "Reencryption already in-progress." +msgid "Reencryption process is already running." +msgstr "é‡åŠ 密已在进行ä¸ã€‚" + +#: lib/luks2/luks2_reencrypt.c:3400 lib/luks2/luks2_reencrypt.c:3714 +#, fuzzy +#| msgid "Failed to acquire write device lock." +msgid "Failed to acquire reencryption lock." +msgstr "æ— æ³•èŽ·å–写入设备é”。" + +#: lib/luks2/luks2_reencrypt.c:3418 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3553 +msgid "Active device size and requested reencryption size don't match." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3567 +msgid "Illegal device size requested in reencryption parameters." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3644 +#, fuzzy +#| msgid "Reencryption already in-progress." +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "é‡åŠ 密已在进行ä¸ã€‚" + +#: lib/luks2/luks2_reencrypt.c:3812 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3819 +#, fuzzy +#| msgid "Failed to initialise default LUKS2 keyslot parameters." +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "åˆå§‹åŒ–默认 LUKS2 密钥槽å‚数失败。" + +#: lib/luks2/luks2_reencrypt.c:3872 lib/luks2/luks2_reencrypt.c:3907 +#, fuzzy +#| msgid "This operation is not supported for %s crypt device." +msgid "Reencryption is not supported for DAX (persistent memory) devices." +msgstr "ä¸æ”¯æŒåœ¨ %s åŠ å¯†è®¾å¤‡ä¸Šæ‰§è¡Œæ¤æ“作。" + +#: lib/luks2/luks2_reencrypt.c:3879 +#, fuzzy +#| msgid "Failed to read passphrase from keyring (error %d)." +msgid "Failed to read passphrase from keyring." +msgstr "从密钥环读å–å£ä»¤å¤±è´¥ï¼ˆé”™è¯¯ %d)。" + +#: lib/luks2/luks2_reencrypt.c:3936 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3988 +#, fuzzy +#| msgid "Failed to write activation flags to new header." +msgid "Failed to write reencryption resilience metadata." +msgstr "å‘æ–°è¡¨å¤´å†™å…¥æ´»åŠ¨æ——æ ‡å¤±è´¥ã€‚" + +#: lib/luks2/luks2_reencrypt.c:3995 +msgid "Decryption failed." +msgstr "解密失败。" + +#: lib/luks2/luks2_reencrypt.c:4000 +#, fuzzy, c-format +#| msgid "Failed to access temporary keystore device.\n" +msgid "Failed to write hotzone area starting at %<PRIu64>." +msgstr "æ— æ³•è®¿é—®ä¸´æ—¶å¯†é’¥å˜å‚¨è®¾å¤‡ã€‚\n" + +# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ +#: lib/luks2/luks2_reencrypt.c:4005 +#, fuzzy +#| msgid "Failed to stat key file." +msgid "Failed to sync data." +msgstr "èŽ·å– (stat) 密钥文件信æ¯å¤±è´¥ã€‚" + +#: lib/luks2/luks2_reencrypt.c:4013 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4102 +#, fuzzy +#| msgid "Failed to read LUKS2 requirements." +msgid "Failed to write LUKS2 metadata." +msgstr "è¯»å– LUKS2 需求时失败。" + +#: lib/luks2/luks2_reencrypt.c:4125 +#, fuzzy +#| msgid "Failed to open temporary keystore device.\n" +msgid "Failed to wipe unused data device area." +msgstr "打开临时密钥å˜å‚¨è®¾å¤‡å¤±è´¥ã€‚\n" + +#: lib/luks2/luks2_reencrypt.c:4131 +#, fuzzy, c-format +#| msgid "Failed to open key file.\n" +msgid "Failed to remove unused (unbound) keyslot %d." +msgstr "打开 (open) 密钥文件失败。\n" + +#: lib/luks2/luks2_reencrypt.c:4141 +#, fuzzy +#| msgid "Failed to open key file.\n" +msgid "Failed to remove reencryption keyslot." +msgstr "打开 (open) 密钥文件失败。\n" + +#: lib/luks2/luks2_reencrypt.c:4151 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4155 +#, fuzzy +#| msgid "Cannot read reencryption log file." +msgid "Online reencryption failed." +msgstr "æ— æ³•è¯»å–é‡åŠ 密日志文件。" + +#: lib/luks2/luks2_reencrypt.c:4160 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4212 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4218 +msgid "Missing or invalid reencrypt context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:4225 +#, fuzzy +#| msgid "Failed to acquire read lock on device %s." +msgid "Failed to initialize reencryption device stack." +msgstr "æ— æ³•èŽ·å–设备 %s 的读å–é”。" + +#: lib/luks2/luks2_reencrypt.c:4247 lib/luks2/luks2_reencrypt.c:4284 +#, fuzzy +#| msgid "Failed to open key file.\n" +msgid "Failed to update reencryption context." +msgstr "打开 (open) 密钥文件失败。\n" + +#: lib/luks2/luks2_reencrypt_digest.c:405 +msgid "Reencryption metadata is invalid." +msgstr "é‡åŠ 密元数æ®æ— 效。" + +#: lib/luks2/hw_opal/hw_opal.c:327 +#, c-format +msgid "OPAL range %d offset %<PRIu64> does not match expected values %<PRIu64>." +msgstr "" + +#: lib/luks2/hw_opal/hw_opal.c:334 +#, c-format +msgid "OPAL range %d length %<PRIu64> does not match device length %<PRIu64>." +msgstr "" + +#: lib/luks2/hw_opal/hw_opal.c:340 +#, c-format +msgid "OPAL range %d locking is disabled." +msgstr "" + +#: lib/luks2/hw_opal/hw_opal.c:350 lib/luks2/hw_opal/hw_opal.c:357 +#, c-format +msgid "Unexpected OPAL range %d lock state." +msgstr "" + +#: src/cryptsetup.c:85 +#, fuzzy +#| msgid "This operation is supported only for LUKS2 device." +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "æ¤æ“作åªé€‚用 LUKS2 设备。" + +#: src/cryptsetup.c:128 src/cryptsetup.c:2145 +#, fuzzy, c-format +#| msgid "Enter VeraCrypt PIM: " +msgid "Enter token PIN: " +msgstr "输入 VeraCrypt PIM: " + +#: src/cryptsetup.c:130 src/cryptsetup.c:2147 +#, c-format +msgid "Enter token %d PIN: " +msgstr "" + +#: src/cryptsetup.c:188 src/cryptsetup.c:1174 src/cryptsetup.c:1515 +#: src/utils_reencrypt.c:1137 src/utils_reencrypt_luks1.c:517 +#: src/utils_reencrypt_luks1.c:580 #, fuzzy #| msgid "No known cipher specification pattern detected.\n" msgid "No known cipher specification pattern detected." msgstr "未探测到已知的密文特å¾ã€‚\n" -#: src/cryptsetup.c:193 +#: src/cryptsetup.c:198 +#, c-format +msgid "WARNING: Using default options for cipher (%s-%s, key size %u bits) that could be incompatible with older versions." +msgstr "" + +#: src/cryptsetup.c:203 +#, c-format +msgid "WARNING: Using default options for hash (%s) that could be incompatible with older versions." +msgstr "" + +#: src/cryptsetup.c:207 +msgid "For plain mode, always use options --cipher, --key-size and if no keyfile is used, then also --hash." +msgstr "" + +#: src/cryptsetup.c:213 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" msgstr "è¦å‘Šï¼šåœ¨çº¯æ–‡æœ¬æ¨¡å¼ä¸‹æŒ‡å®šå¯†é’¥æ–‡ä»¶æ—¶å°†å¿½ç•¥å‚æ•° --hash。\n" -#: src/cryptsetup.c:201 +#: src/cryptsetup.c:221 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" msgstr "è¦å‘Šï¼šå°†å¿½ç•¥å‚æ•° --keyfile-size,读å–大å°åº”ä¸ŽåŠ å¯†å¯†é’¥å¤§å°ä¸€è‡´ã€‚\n" -#: src/cryptsetup.c:263 +#: src/cryptsetup.c:258 src/cryptsetup.c:1360 src/cryptsetup.c:1558 +#: src/integritysetup.c:197 src/utils_reencrypt.c:1346 +#, c-format +msgid "Blkid scan failed for %s." +msgstr "" + +#: src/cryptsetup.c:264 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "" + +#: src/cryptsetup.c:270 src/cryptsetup.c:1248 src/cryptsetup.c:1296 +#: src/cryptsetup.c:1367 src/cryptsetup.c:1492 src/cryptsetup.c:1570 +#: src/cryptsetup.c:2525 src/cryptsetup.c:2952 src/integritysetup.c:187 +#: src/utils_reencrypt.c:138 src/utils_reencrypt.c:314 +#: src/utils_reencrypt.c:764 +msgid "Operation aborted.\n" +msgstr "æ“作ä¸æ¢ã€‚\n" + +#: src/cryptsetup.c:343 msgid "Option --key-file is required." msgstr "需è¦é€‰é¡¹ --key-file。" -#: src/cryptsetup.c:308 +#: src/cryptsetup.c:394 msgid "Enter VeraCrypt PIM: " msgstr "输入 VeraCrypt PIM: " -#: src/cryptsetup.c:317 +#: src/cryptsetup.c:403 msgid "Invalid PIM value: parse error." msgstr "æ— æ•ˆçš„ PIM 值:解æžé”™è¯¯ã€‚" -#: src/cryptsetup.c:320 +#: src/cryptsetup.c:406 msgid "Invalid PIM value: 0." msgstr "æ— æ•ˆçš„ PIM 值:0。" -#: src/cryptsetup.c:323 +#: src/cryptsetup.c:409 msgid "Invalid PIM value: outside of range." msgstr "æ— æ•ˆçš„ PIM 值:超出范围。" -#: src/cryptsetup.c:346 +#: src/cryptsetup.c:432 #, fuzzy #| msgid "No device header detected with this passphrase.\n" msgid "No device header detected with this passphrase." msgstr "未从æ¤å¯†ç ä¸æŽ¢æµ‹åˆ°è®¾å¤‡æ ‡å¤´ã€‚\n" -#: src/cryptsetup.c:408 src/cryptsetup.c:1587 +#: src/cryptsetup.c:505 src/cryptsetup.c:681 +#, fuzzy, c-format +#| msgid "Device %s is not a valid LUKS device." +msgid "Device %s is not a valid BITLK device." +msgstr "%s ä¸æ˜¯æœ‰æ•ˆçš„ LUKS 设备。" + +#: src/cryptsetup.c:513 +#, fuzzy +#| msgid "Cannot retrieve volume key for plain device." +msgid "Cannot determine volume key size for BITLK, please use --key-size option." +msgstr "æ— æ³•èŽ·å–普通设备的å·å¯†é’¥ã€‚" + +#: src/cryptsetup.c:555 msgid "" "Header dump with volume key is sensitive information\n" "which allows access to encrypted partition without passphrase.\n" "This dump should be always stored encrypted on safe place." msgstr "" -#: src/cryptsetup.c:487 +#: src/cryptsetup.c:622 src/cryptsetup.c:703 src/cryptsetup.c:2550 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" + +#: src/cryptsetup.c:758 src/cryptsetup.c:788 +#, fuzzy, c-format +#| msgid "Device %s is not a valid VERITY device." +msgid "Device %s is not a valid FVAULT2 device." +msgstr "%s ä¸æ˜¯æœ‰æ•ˆçš„ VERITY 设备。" + +#: src/cryptsetup.c:796 +#, fuzzy +#| msgid "Cannot retrieve volume key for plain device." +msgid "Cannot determine volume key size for FVAULT2, please use --key-size option." +msgstr "æ— æ³•èŽ·å–普通设备的å·å¯†é’¥ã€‚" + +#: src/cryptsetup.c:850 src/veritysetup.c:323 src/integritysetup.c:409 #, c-format msgid "Device %s is still active and scheduled for deferred removal.\n" msgstr "" -#: src/cryptsetup.c:515 +# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ +#: src/cryptsetup.c:884 src/cryptsetup.c:1824 src/cryptsetup.c:2080 +#: src/cryptsetup.c:2234 src/cryptsetup.c:2681 src/cryptsetup.c:2763 +#: src/cryptsetup.c:3290 +#, fuzzy, c-format +#| msgid "Failed to stat key file.\n" +msgid "Failed to set external tokens path %s." +msgstr "èŽ·å– (stat) 密钥文件统计数æ®å¤±è´¥ã€‚\n" + +#: src/cryptsetup.c:893 msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." msgstr "" -#: src/cryptsetup.c:638 +#: src/cryptsetup.c:1053 #, fuzzy #| msgid "benchmark cipher" msgid "Benchmark interrupted." msgstr "测试密文" -#: src/cryptsetup.c:659 +#: src/cryptsetup.c:1074 #, c-format msgid "PBKDF2-%-9s N/A\n" msgstr "" -#: src/cryptsetup.c:661 +#: src/cryptsetup.c:1076 #, c-format msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" msgstr "" -#: src/cryptsetup.c:675 +#: src/cryptsetup.c:1090 #, c-format msgid "%-10s N/A\n" msgstr "" -#: src/cryptsetup.c:677 +#: src/cryptsetup.c:1092 #, c-format msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" msgstr "" -#: src/cryptsetup.c:701 -#, fuzzy -#| msgid "Result of benchmark is not reliable.\n" +#: src/cryptsetup.c:1116 msgid "Result of benchmark is not reliable." -msgstr "测试结果ä¸å¯é 。\n" +msgstr "测试结果ä¸å¯é 。" -#: src/cryptsetup.c:752 +#: src/cryptsetup.c:1166 msgid "# Tests are approximate using memory only (no storage IO).\n" msgstr "# 测试仅使用内å˜ï¼ˆæ— å˜å‚¨ IO)。\n" #. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. -#: src/cryptsetup.c:780 src/cryptsetup.c:804 -#, fuzzy +#: src/cryptsetup.c:1186 +#, fuzzy, c-format #| msgid "# Algorithm | Key | Encryption | Decryption\n" -msgid "# Algorithm | Key | Encryption | Decryption\n" +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" msgstr "# 算法 | 密钥 | åŠ å¯† | 解密\n" -#: src/cryptsetup.c:784 +#: src/cryptsetup.c:1190 #, fuzzy, c-format #| msgid "Cipher %s is not available.\n" -msgid "Cipher %s is not available." +msgid "Cipher %s (with %i bits key) is not available." msgstr "密文 %s ä¸å¯ç”¨ã€‚\n" -#: src/cryptsetup.c:813 +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:1209 +#, fuzzy +#| msgid "# Algorithm | Key | Encryption | Decryption\n" +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# 算法 | 密钥 | åŠ å¯† | 解密\n" + +#: src/cryptsetup.c:1220 msgid "N/A" msgstr "ä¸å¯ç”¨" -#: src/cryptsetup.c:873 +#: src/cryptsetup.c:1245 +msgid "" +"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n" +"and continue (upgrade metadata) only if you acknowledge the operation as genuine." +msgstr "" + +#: src/cryptsetup.c:1251 +#, fuzzy +#| msgid "Enter passphrase to be deleted: " +msgid "Enter passphrase to protect and upgrade reencryption metadata: " +msgstr "输入è¦ç§»é™¤çš„å£ä»¤: " + +#: src/cryptsetup.c:1295 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "" + +#: src/cryptsetup.c:1304 +#, fuzzy +#| msgid "Enter passphrase to be deleted: " +msgid "Enter passphrase to verify reencryption metadata digest: " +msgstr "输入è¦ç§»é™¤çš„å£ä»¤: " + +#: src/cryptsetup.c:1306 +#, fuzzy +#| msgid "Enter passphrase for key slot %u: " +msgid "Enter passphrase for reencryption recovery: " +msgstr "输入密钥槽 %u 的密ç :" + +#: src/cryptsetup.c:1366 msgid "Really try to repair LUKS device header?" msgstr "确定è¦å°è¯•ä¿®å¤ LUKS è®¾å¤‡æ ‡å¤´å—?" -#: src/cryptsetup.c:874 src/cryptsetup.c:965 src/cryptsetup.c:987 -#: src/cryptsetup.c:1560 -msgid "Operation aborted.\n" -msgstr "æ“作ä¸æ¢ã€‚\n" +#: src/cryptsetup.c:1390 src/integritysetup.c:89 src/integritysetup.c:247 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"擦除被打æ–" -#: src/cryptsetup.c:889 src/integritysetup.c:140 +#: src/cryptsetup.c:1395 src/integritysetup.c:94 src/integritysetup.c:284 msgid "" "Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" msgstr "" -#: src/cryptsetup.c:911 src/integritysetup.c:162 +#: src/cryptsetup.c:1417 src/integritysetup.c:116 #, fuzzy, c-format #| msgid "Cannot open temporary LUKS device.\n" msgid "Cannot deactivate temporary device %s." msgstr "æ— æ³•æ‰“å¼€ä¸´æ—¶ LUKS 设备。\n" -#: src/cryptsetup.c:955 +#: src/cryptsetup.c:1472 msgid "Integrity option can be used only for LUKS2 format." msgstr "" -#: src/cryptsetup.c:971 +#: src/cryptsetup.c:1477 src/cryptsetup.c:1542 +#, fuzzy +#| msgid "Unsupported LUKS version %d." +msgid "Unsupported LUKS2 metadata size options." +msgstr "ä¸æ”¯æŒçš„ LUKS 版本 %d。" + +#: src/cryptsetup.c:1482 +#, fuzzy +#| msgid "This operation is supported only for LUKS2 device." +msgid "OPAL is supported only for LUKS2 format." +msgstr "æ¤æ“作åªé€‚用 LUKS2 设备。" + +#: src/cryptsetup.c:1491 +msgid "Header file does not exist, do you want to create it?" +msgstr "" + +#: src/cryptsetup.c:1499 #, c-format msgid "Cannot create header file %s." msgstr "æ— æ³•åˆ›å»ºæ ‡å¤´æ–‡ä»¶ %s。" -#: src/cryptsetup.c:982 -#, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "这将覆盖 %s 上的数æ®ï¼Œè¯¥åŠ¨ä½œä¸å¯å–消。" - -#: src/cryptsetup.c:1002 src/integritysetup.c:187 src/integritysetup.c:196 -#: src/integritysetup.c:205 src/integritysetup.c:252 src/integritysetup.c:261 -#: src/integritysetup.c:271 +#: src/cryptsetup.c:1522 src/integritysetup.c:144 src/integritysetup.c:152 +#: src/integritysetup.c:161 src/integritysetup.c:324 src/integritysetup.c:332 +#: src/integritysetup.c:342 #, fuzzy #| msgid "No known cipher specification pattern detected.\n" msgid "No known integrity specification pattern detected." msgstr "未探测到已知的密文特å¾ã€‚\n" -#: src/cryptsetup.c:1015 +#: src/cryptsetup.c:1535 #, c-format msgid "Cannot use %s as on-disk header." msgstr "æ— æ³•å°† %s 作为ç£ç›˜ä¸Šçš„æ ‡å¤´ä½¿ç”¨ã€‚" +#: src/cryptsetup.c:1564 src/integritysetup.c:181 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "这将覆盖 %s 上的数æ®ï¼Œè¯¥åŠ¨ä½œä¸å¯å–消。" + +#: src/cryptsetup.c:1601 +msgid "OPAL Admin password cannot be empty." +msgstr "" + # stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ -#: src/cryptsetup.c:1040 src/cryptsetup.c:1314 src/cryptsetup.c:1373 -#: src/cryptsetup.c:1459 src/cryptsetup.c:1510 +#: src/cryptsetup.c:1615 src/cryptsetup.c:2097 src/cryptsetup.c:2247 +#: src/cryptsetup.c:2407 src/cryptsetup.c:2473 src/utils_reencrypt_luks1.c:443 msgid "Failed to set pbkdf parameters." msgstr "设置 pbkdf å‚数失败。" -#: src/cryptsetup.c:1092 +#: src/cryptsetup.c:1745 +msgid "Type specification in --link-vk-to-keyring keyring specification is ignored." +msgstr "" + +#: src/cryptsetup.c:1765 +msgid "Invalid --link-vk-to-keyring value." +msgstr "" + +#: src/cryptsetup.c:1805 #, fuzzy #| msgid "Reduced data offset is allowed only for detached LUKS header.\n" msgid "Reduced data offset is allowed only for detached LUKS header." msgstr "仅已脱离的 LUKS æ•°æ®å¤´å¯ä»¥ä½¿ç”¨ç¼©å‡çš„æ•°æ®å移。\n" -#: src/cryptsetup.c:1131 +#: src/cryptsetup.c:1812 +#, c-format +msgid "LUKS file container %s is too small for activation, there is no remaining space for data." +msgstr "" + +#: src/cryptsetup.c:1839 src/cryptsetup.c:2253 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:1890 msgid "Device activated but cannot make flags persistent." msgstr "" -#: src/cryptsetup.c:1209 +#: src/cryptsetup.c:1972 src/cryptsetup.c:2040 #, fuzzy, c-format #| msgid "Key slot %d selected for deletion.\n" msgid "Keyslot %d is selected for deletion." msgstr "已选ä¸å¯†é’¥æ§½ %d ä»¥åˆ é™¤ã€‚\n" -#: src/cryptsetup.c:1212 -#, fuzzy, c-format -#| msgid "Key slot %d is not used.\n" -msgid "Keyslot %d is not active." -msgstr "密钥槽 %d 未使用。\n" - -#: src/cryptsetup.c:1221 src/cryptsetup.c:1276 +#: src/cryptsetup.c:1984 src/cryptsetup.c:2044 msgid "This is the last keyslot. Device will become unusable after purging this key." msgstr "这是最åŽä¸€ä¸ªå¯†é’¥æ§½ã€‚设备在清空æ¤å¯†é’¥åŽå°†ä¸å¯ç”¨ã€‚" -#: src/cryptsetup.c:1222 +#: src/cryptsetup.c:1985 msgid "Enter any remaining passphrase: " msgstr "输入任æ„剩余的å£ä»¤: " -#: src/cryptsetup.c:1223 src/cryptsetup.c:1278 +#: src/cryptsetup.c:1986 src/cryptsetup.c:2046 msgid "Operation aborted, the keyslot was NOT wiped.\n" -msgstr "" +msgstr "æ“作ä¸æ¢ï¼Œå¯†é’¥æ§½ã€æœªè¢«ã€‘擦除。\n" -#: src/cryptsetup.c:1256 +#: src/cryptsetup.c:2022 msgid "Enter passphrase to be deleted: " msgstr "输入è¦ç§»é™¤çš„å£ä»¤: " -#: src/cryptsetup.c:1273 +#: src/cryptsetup.c:2072 src/cryptsetup.c:2456 src/cryptsetup.c:3114 +#: src/cryptsetup.c:3281 #, c-format -msgid "Key slot %d selected for deletion." -msgstr "已选ä¸å¯†é’¥æ§½ %d ä»¥ä¾›åˆ é™¤ã€‚" +msgid "Device %s is not a valid LUKS2 device." +msgstr "设备 %s ä¸æ˜¯æœ‰æ•ˆçš„ LUKS2 设备。" -#: src/cryptsetup.c:1328 src/cryptsetup.c:1387 src/cryptsetup.c:1420 +#: src/cryptsetup.c:2111 src/cryptsetup.c:2330 msgid "Enter new passphrase for key slot: " msgstr "输入密钥槽的新å£ä»¤: " -#: src/cryptsetup.c:1404 src/cryptsetup_reencrypt.c:1351 +#: src/cryptsetup.c:2213 +#, fuzzy +#| msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n" +msgstr "è¦å‘Šï¼šåœ¨çº¯æ–‡æœ¬æ¨¡å¼ä¸‹æŒ‡å®šå¯†é’¥æ–‡ä»¶æ—¶å°†å¿½ç•¥å‚æ•° --hash。\n" + +#: src/cryptsetup.c:2286 src/utils_reencrypt_luks1.c:1149 #, c-format msgid "Enter any existing passphrase: " msgstr "输入任æ„å·²å˜åœ¨çš„å£ä»¤: " -#: src/cryptsetup.c:1463 +#: src/cryptsetup.c:2411 msgid "Enter passphrase to be changed: " msgstr "输入è¦æ›´æ”¹çš„å£ä»¤: " -#: src/cryptsetup.c:1478 src/cryptsetup_reencrypt.c:1336 +#: src/cryptsetup.c:2427 src/utils_reencrypt_luks1.c:1135 msgid "Enter new passphrase: " msgstr "输入新å£ä»¤: " -#: src/cryptsetup.c:1514 +#: src/cryptsetup.c:2477 #, fuzzy #| msgid "Enter passphrase for key slot %u: " msgid "Enter passphrase for keyslot to be converted: " msgstr "输入密钥槽 %u 的密ç :" -#: src/cryptsetup.c:1537 +#: src/cryptsetup.c:2501 #, fuzzy #| msgid "Only one device argument for isLuks operation is supported.\n" msgid "Only one device argument for isLuks operation is supported." msgstr "isLuks æ“作仅支æŒä¸€ä¸ªè®¾å¤‡å‚数。\n" -#: src/cryptsetup.c:1716 src/cryptsetup.c:1737 -#, fuzzy -#| msgid "Option --header-backup-file is required.\n" +#: src/cryptsetup.c:2609 +#, fuzzy, c-format +#| msgid "Key slot %d is not used.\n" +msgid "Keyslot %d does not contain unbound key." +msgstr "密钥槽 %d 未使用。\n" + +#: src/cryptsetup.c:2614 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" + +#: src/cryptsetup.c:2709 src/cryptsetup.c:2746 +#, fuzzy, c-format +#| msgid "show active device status" +msgid "%s is not active %s device name." +msgstr "显示已激活的设备信æ¯" + +#: src/cryptsetup.c:2741 +#, c-format +msgid "%s is not active LUKS device name or header is missing." +msgstr "" + +#: src/cryptsetup.c:2819 src/cryptsetup.c:2838 msgid "Option --header-backup-file is required." -msgstr "必须指定 --header-backup-file 选项。\n" +msgstr "必须指定 --header-backup-file 选项。" -#: src/cryptsetup.c:1776 +#: src/cryptsetup.c:2869 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "" + +#: src/cryptsetup.c:2880 +#, fuzzy, c-format +#| msgid "Resume is not supported for device %s." +msgid "Refresh is not supported for device type %s" +msgstr "设备 %s ä¸æ”¯æŒæ¢å¤ã€‚" + +#: src/cryptsetup.c:2930 #, fuzzy, c-format #| msgid "Unrecognized metadata device type %s.\n" msgid "Unrecognized metadata device type %s." msgstr "æ— æ³•è¯†åˆ«çš„å…ƒæ•°æ®è®¾å¤‡ç±»åž‹ %s。\n" -#: src/cryptsetup.c:1779 +#: src/cryptsetup.c:2932 #, fuzzy #| msgid "Command requires device and mapped name as arguments.\n" msgid "Command requires device and mapped name as arguments." msgstr "命令需è¦è®¾å¤‡åŠæ˜ å°„å作为å‚数。\n" -#: src/cryptsetup.c:1798 +#: src/cryptsetup.c:2942 +msgid "Enter OPAL PSID: " +msgstr "输入 OPAL PSID:" + +#: src/cryptsetup.c:2942 +#, fuzzy +#| msgid "Enter new passphrase: " +msgid "Enter OPAL Admin password: " +msgstr "输入新å£ä»¤: " + +#: src/cryptsetup.c:2951 +msgid "WARNING: WHOLE disk will be factory reset and all data will be lost! Continue?" +msgstr "" + +#: src/cryptsetup.c:2994 #, c-format msgid "" "This operation will erase all keyslots on device %s.\n" @@ -1458,217 +2724,406 @@ msgstr "" "该æ“作将清空设备 %s 上所有的密钥槽。\n" "设备在æ¤æ“作åŽå°†ä¸å¯ç”¨ã€‚" -#: src/cryptsetup.c:1805 +#: src/cryptsetup.c:3001 msgid "Operation aborted, keyslots were NOT wiped.\n" msgstr "æ“作已ä¸æ¢ï¼Œå¯†é’¥æ§½æ²¡æœ‰è¢«æ“¦é™¤ã€‚\n" -#: src/cryptsetup.c:1841 -msgid "Missing LUKS target type, option --type is required." +#: src/cryptsetup.c:3040 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." msgstr "" -#: src/cryptsetup.c:1857 +#: src/cryptsetup.c:3056 #, c-format msgid "Device is already %s type." msgstr "设备已为 %s 类型。" -#: src/cryptsetup.c:1862 +#: src/cryptsetup.c:3063 #, fuzzy, c-format #| msgid "This operation is not supported for %s crypt device.\n" msgid "This operation will convert %s to %s format.\n" msgstr "ä¸æ”¯æŒåœ¨ %s åŠ å¯†è®¾å¤‡ä¸Šæ‰§è¡Œæ¤æ“作。\n" -#: src/cryptsetup.c:1868 +#: src/cryptsetup.c:3066 msgid "Operation aborted, device was NOT converted.\n" msgstr "" -#: src/cryptsetup.c:1908 +#: src/cryptsetup.c:3106 msgid "Option --priority, --label or --subsystem is missing." msgstr "选项 --priorityã€--label 或 --subsystem 缺失。" -#: src/cryptsetup.c:1939 +#: src/cryptsetup.c:3140 src/cryptsetup.c:3180 src/cryptsetup.c:3200 #, fuzzy, c-format #| msgid "Key slot %d is invalid.\n" msgid "Token %d is invalid." msgstr "密钥槽 %d æ— æ•ˆã€‚\n" -#: src/cryptsetup.c:1942 +#: src/cryptsetup.c:3143 src/cryptsetup.c:3203 #, fuzzy, c-format #| msgid "Key slot %d is not used.\n" msgid "Token %d in use." msgstr "密钥槽 %d 未使用。\n" -#: src/cryptsetup.c:1955 +# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ +#: src/cryptsetup.c:3155 +#, fuzzy, c-format +#| msgid "Failed to stat key file.\n" +msgid "Failed to add luks2-keyring token %d." +msgstr "èŽ·å– (stat) 密钥文件统计数æ®å¤±è´¥ã€‚\n" + +#: src/cryptsetup.c:3166 src/cryptsetup.c:3229 #, fuzzy, c-format #| msgid "Failed to swap new key slot.\n" msgid "Failed to assign token %d to keyslot %d." msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚\n" -#: src/cryptsetup.c:1969 -msgid "--key-description parameter is mandatory for token add action." +#: src/cryptsetup.c:3183 +#, fuzzy, c-format +#| msgid "Key slot %d is not used.\n" +msgid "Token %d is not in use." +msgstr "密钥槽 %d 未使用。\n" + +#: src/cryptsetup.c:3220 +#, fuzzy +#| msgid "Failed to open key file." +msgid "Failed to import token from file." +msgstr "打开 (open) 密钥文件失败。" + +#: src/cryptsetup.c:3245 +#, fuzzy, c-format +#| msgid "Failed to swap new key slot.\n" +msgid "Failed to get token %d for export." +msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚\n" + +#: src/cryptsetup.c:3258 +#, fuzzy, c-format +#| msgid "Failed to swap new key slot.\n" +msgid "Token %d is not assigned to keyslot %d." +msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚\n" + +#: src/cryptsetup.c:3260 src/cryptsetup.c:3267 +#, fuzzy, c-format +#| msgid "Failed to swap new key slot.\n" +msgid "Failed to unassign token %d from keyslot %d." +msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚\n" + +#: src/cryptsetup.c:3326 +#, fuzzy +#| msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n" +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "选项 --tcrypt-hidden, --tcrypt-system 或 --tcrypt-backup åªæ”¯æŒ TCRYPT 设备。\n" + +#: src/cryptsetup.c:3329 +#, fuzzy +#| msgid "Option --veracrypt is supported only for TCRYPT device type.\n" +msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type." +msgstr "选项 --veracrypt åªæ”¯æŒ TCRYPT 设备类型。\n" + +#: src/cryptsetup.c:3332 +#, fuzzy +#| msgid "Option --veracrypt is supported only for TCRYPT device type.\n" +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "选项 --veracrypt åªæ”¯æŒ TCRYPT 设备类型。\n" + +#: src/cryptsetup.c:3336 +#, fuzzy +#| msgid "Option --veracrypt is supported only for TCRYPT device type.\n" +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "选项 --veracrypt åªæ”¯æŒ TCRYPT 设备类型。\n" + +#: src/cryptsetup.c:3338 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "" -#: src/cryptsetup.c:1975 -msgid "Missing --token option specifying token for removal." +#: src/cryptsetup.c:3347 +#, fuzzy +#| msgid "Option --allow-discards is allowed only for open operation.\n" +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "选项 --allow-discards åªé€‚用于打开æ“作。\n" + +#: src/cryptsetup.c:3350 +msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "" -#: src/cryptsetup.c:1980 -#, fuzzy, c-format +#: src/cryptsetup.c:3353 +#, fuzzy +#| msgid "Option --shared is allowed only for open of plain device.\n" +msgid "Option --shared is allowed only for open of plain device." +msgstr "选项 --shared åªé€‚用于打开纯设备。\n" + +#: src/cryptsetup.c:3356 +#, fuzzy +#| msgid "Option --skip is supported only for open of plain and loopaes devices.\n" +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "选项 --skip åªé€‚用于打开纯设备和 loopaes 设备。\n" + +#: src/cryptsetup.c:3359 +#, fuzzy +#| msgid "Option --offset is supported only for open of plain and loopaes devices.\n" +msgid "Option --offset with open action is only supported for plain and loopaes devices." +msgstr "选项 --offset åªé€‚用于打开纯设备和 loopaes 设备。\n" + +#: src/cryptsetup.c:3362 +#, fuzzy +#| msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "选项 --tcrypt-hidden ä¸èƒ½ä¸Ž --allow-discards 共用。\n" + +#: src/cryptsetup.c:3366 +#, fuzzy +#| msgid "This operation is supported only for LUKS device." +msgid "Sector size option with open action is supported only for plain devices." +msgstr "æ¤æ“作åªé€‚用 LUKS 设备。" + +#: src/cryptsetup.c:3370 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "" + +#: src/cryptsetup.c:3375 +#, fuzzy +#| msgid "Option --test-passphrase is allowed only for open of LUKS and TCRYPT devices.\n" +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices." +msgstr "选项 --test-passphrase åªèƒ½ç”¨äºŽæ‰“å¼€ LUKS å’Œ TCRYPT 设备。\n" + +#: src/cryptsetup.c:3378 src/cryptsetup.c:3401 +msgid "Options --device-size and --size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:3381 +#, fuzzy +#| msgid "Option --shared is allowed only for open of plain device.\n" +msgid "Option --unbound is allowed only for open of luks device." +msgstr "选项 --shared åªé€‚用于打开纯设备。\n" + +#: src/cryptsetup.c:3384 +#, fuzzy +#| msgid "Option --new cannot be used together with --decrypt." +msgid "Option --unbound cannot be used without --test-passphrase." +msgstr "选项 --new ä¸å¯ä¸Ž --decrypt 共用。" + +#: src/cryptsetup.c:3393 src/veritysetup.c:671 src/integritysetup.c:767 +msgid "Options --cancel-deferred and --deferred cannot be used at the same time." +msgstr "" + +#: src/cryptsetup.c:3409 +msgid "Options --reduce-device-size and --device-size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:3412 +#, fuzzy +#| msgid "This operation is supported only for LUKS2 device." +msgid "Option --active-name can be set only for LUKS2 device." +msgstr "æ¤æ“作åªé€‚用 LUKS2 设备。" + +#: src/cryptsetup.c:3415 +msgid "Options --active-name and --force-offline-reencrypt cannot be combined." +msgstr "" + +#: src/cryptsetup.c:3423 src/cryptsetup.c:3453 +msgid "Keyslot specification is required." +msgstr "" + +#: src/cryptsetup.c:3431 +#, fuzzy +#| msgid "Option --align-payload is allowed only for luksFormat." +msgid "Options --align-payload and --offset cannot be combined." +msgstr "选项 --align-payload åªå…许用于 luksFormat。" + +#: src/cryptsetup.c:3434 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "" + +#: src/cryptsetup.c:3437 +msgid "Only one of --use-[u]random options is allowed." +msgstr "--use-[u]random 选项åªèƒ½ç”¨ä¸€å¤„。" + +#: src/cryptsetup.c:3445 +msgid "Key size is required with --unbound option." +msgstr "" + +#: src/cryptsetup.c:3465 +#, fuzzy #| msgid "Invalid device %s.\n" -msgid "Invalid token operation %s." +msgid "Invalid token action." msgstr "设备 %s æ— æ•ˆã€‚\n" -# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ -#: src/cryptsetup.c:1995 -#, fuzzy, c-format -#| msgid "Failed to stat key file.\n" -msgid "Failed to add keyring token %d." -msgstr "èŽ·å– (stat) 密钥文件统计数æ®å¤±è´¥ã€‚\n" +#: src/cryptsetup.c:3468 +msgid "--key-description parameter is mandatory for token add action." +msgstr "" -#: src/cryptsetup.c:1997 -#, fuzzy, c-format -#| msgid "Failed to open key file.\n" -msgid "Failed to remove token %d." -msgstr "打开 (open) 密钥文件失败。\n" +#: src/cryptsetup.c:3472 src/cryptsetup.c:3485 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "" -#: src/cryptsetup.c:2013 +#: src/cryptsetup.c:3476 +#, fuzzy +#| msgid "Option --new cannot be used together with --decrypt." +msgid "Option --unbound is valid only with token add action." +msgstr "选项 --new ä¸å¯ä¸Ž --decrypt 共用。" + +#: src/cryptsetup.c:3478 +msgid "Options --key-slot and --unbound cannot be combined." +msgstr "" + +#: src/cryptsetup.c:3483 +msgid "Action requires specific keyslot. Use --key-slot parameter." +msgstr "" + +#: src/cryptsetup.c:3499 msgid "<device> [--type <type>] [<name>]" msgstr "<设备> [--type <类型>] [<å称>]" -#: src/cryptsetup.c:2013 -msgid "open device as mapping <name>" -msgstr "ä»¥æ˜ å°„ <å称> 打开设备" +#: src/cryptsetup.c:3499 src/veritysetup.c:491 src/integritysetup.c:544 +msgid "open device as <name>" +msgstr "以 <å称> 打开设备" -#: src/cryptsetup.c:2014 src/cryptsetup.c:2015 src/cryptsetup.c:2016 -#: src/veritysetup.c:366 src/veritysetup.c:367 src/integritysetup.c:427 -#: src/integritysetup.c:428 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3501 src/cryptsetup.c:3502 +#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:545 +#: src/integritysetup.c:546 src/integritysetup.c:548 msgid "<name>" msgstr "<å称>" -#: src/cryptsetup.c:2014 +#: src/cryptsetup.c:3500 src/veritysetup.c:492 src/integritysetup.c:545 msgid "close device (remove mapping)" msgstr "å…³é—è®¾å¤‡ï¼ˆç§»é™¤æ˜ å°„ï¼‰" -#: src/cryptsetup.c:2015 +#: src/cryptsetup.c:3501 src/integritysetup.c:548 msgid "resize active device" msgstr "改å˜æ´»åŠ¨è®¾å¤‡å¤§å°ã€‚" -#: src/cryptsetup.c:2016 +#: src/cryptsetup.c:3502 msgid "show device status" msgstr "显示设备状æ€" -#: src/cryptsetup.c:2017 +#: src/cryptsetup.c:3503 msgid "[--cipher <cipher>]" msgstr "" -#: src/cryptsetup.c:2017 +#: src/cryptsetup.c:3503 msgid "benchmark cipher" msgstr "测试密文" -#: src/cryptsetup.c:2018 src/cryptsetup.c:2019 src/cryptsetup.c:2020 -#: src/cryptsetup.c:2021 src/cryptsetup.c:2028 src/cryptsetup.c:2029 -#: src/cryptsetup.c:2030 src/cryptsetup.c:2031 src/cryptsetup.c:2032 -#: src/cryptsetup.c:2033 src/cryptsetup.c:2034 src/cryptsetup.c:2035 +#: src/cryptsetup.c:3504 src/cryptsetup.c:3505 src/cryptsetup.c:3506 +#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3515 +#: src/cryptsetup.c:3516 src/cryptsetup.c:3517 src/cryptsetup.c:3518 +#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521 +#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524 msgid "<device>" msgstr "<设备>" -#: src/cryptsetup.c:2018 +#: src/cryptsetup.c:3504 msgid "try to repair on-disk metadata" msgstr "å°è¯•ä¿®å¤ç£ç›˜ä¸Šçš„元数æ®" -#: src/cryptsetup.c:2019 +#: src/cryptsetup.c:3505 +msgid "reencrypt LUKS2 device" +msgstr "é‡åŠ 密 LUKS2 设备" + +#: src/cryptsetup.c:3506 msgid "erase all keyslots (remove encryption key)" msgstr "æ¸…ç©ºæ‰€æœ‰å¯†é’¥æ§½ï¼ˆç§»é™¤åŠ å¯†å¯†é’¥ï¼‰" -#: src/cryptsetup.c:2020 +#: src/cryptsetup.c:3507 msgid "convert LUKS from/to LUKS2 format" msgstr "在 LUKS å’Œ LUKS2 æ ¼å¼ä¹‹é—´è½¬æ¢" -#: src/cryptsetup.c:2021 +#: src/cryptsetup.c:3508 msgid "set permanent configuration options for LUKS2" msgstr "" -#: src/cryptsetup.c:2022 src/cryptsetup.c:2023 +#: src/cryptsetup.c:3509 src/cryptsetup.c:3510 msgid "<device> [<new key file>]" msgstr "<设备> [<新密钥文件>]" -#: src/cryptsetup.c:2022 +#: src/cryptsetup.c:3509 msgid "formats a LUKS device" msgstr "æ ¼å¼åŒ–一个 LUKS 设备" -#: src/cryptsetup.c:2023 +#: src/cryptsetup.c:3510 msgid "add key to LUKS device" msgstr "å‘ LUKS è®¾å¤‡æ·»åŠ å¯†é’¥" -#: src/cryptsetup.c:2024 src/cryptsetup.c:2025 src/cryptsetup.c:2026 +#: src/cryptsetup.c:3511 src/cryptsetup.c:3512 src/cryptsetup.c:3513 msgid "<device> [<key file>]" msgstr "<设备> [<密钥文件>]" -#: src/cryptsetup.c:2024 +#: src/cryptsetup.c:3511 msgid "removes supplied key or key file from LUKS device" msgstr "移除 LUKS 设备ä¸æŒ‡å®šçš„密钥或密钥文件" -#: src/cryptsetup.c:2025 +#: src/cryptsetup.c:3512 msgid "changes supplied key or key file of LUKS device" msgstr "更改 LUKS 设备ä¸æŒ‡å®šçš„密钥或密钥文件" # stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ -#: src/cryptsetup.c:2026 +#: src/cryptsetup.c:3513 #, fuzzy #| msgid "Failed to stat key file.\n" msgid "converts a key to new pbkdf parameters" msgstr "èŽ·å– (stat) 密钥文件统计数æ®å¤±è´¥ã€‚\n" -#: src/cryptsetup.c:2027 +#: src/cryptsetup.c:3514 msgid "<device> <key slot>" msgstr "<设备> <密钥槽>" -#: src/cryptsetup.c:2027 +#: src/cryptsetup.c:3514 msgid "wipes key with number <key slot> from LUKS device" msgstr "从 LUKS 设备清ç†æ ‡å·ä¸º <key slot> 的密钥" -#: src/cryptsetup.c:2028 +#: src/cryptsetup.c:3515 msgid "print UUID of LUKS device" msgstr "输出 LUKS 设备的 UUIDï¼ˆå”¯ä¸€æ ‡è¯†ç¬¦ï¼‰" -#: src/cryptsetup.c:2029 +#: src/cryptsetup.c:3516 msgid "tests <device> for LUKS partition header" msgstr "从 <device> 探测 LUKS åˆ†åŒºæ ‡å¤´" -#: src/cryptsetup.c:2030 +#: src/cryptsetup.c:3517 msgid "dump LUKS partition information" msgstr "调出 LUKS 分区信æ¯" -#: src/cryptsetup.c:2031 +#: src/cryptsetup.c:3518 msgid "dump TCRYPT device information" msgstr "调出 TCRYPT 设备信æ¯" -#: src/cryptsetup.c:2032 +#: src/cryptsetup.c:3519 +#, fuzzy +#| msgid "dump TCRYPT device information" +msgid "dump BITLK device information" +msgstr "调出 TCRYPT 设备信æ¯" + +#: src/cryptsetup.c:3520 +#, fuzzy +#| msgid "dump TCRYPT device information" +msgid "dump FVAULT2 device information" +msgstr "调出 TCRYPT 设备信æ¯" + +#: src/cryptsetup.c:3521 #, fuzzy #| msgid "Suspend LUKS device and wipe key (all IOs are frozen)." msgid "Suspend LUKS device and wipe key (all IOs are frozen)" msgstr "挂起 LUKS 设备并清除密钥(冻结所有 IO æ“作)。" -#: src/cryptsetup.c:2033 +#: src/cryptsetup.c:3522 msgid "Resume suspended LUKS device" msgstr "æ¢å¤å·²æŒ‚èµ·çš„ LUKS 设备" -#: src/cryptsetup.c:2034 +#: src/cryptsetup.c:3523 msgid "Backup LUKS device header and keyslots" msgstr "备份 LUKS è®¾å¤‡æ ‡å¤´å’Œå¯†é’¥æ§½" -#: src/cryptsetup.c:2035 +#: src/cryptsetup.c:3524 msgid "Restore LUKS device header and keyslots" msgstr "æ¢å¤ LUKS è®¾å¤‡æ ‡å¤´å’Œå¯†é’¥æ§½" -#: src/cryptsetup.c:2036 -msgid "<add|remove> <device>" +#: src/cryptsetup.c:3525 +msgid "<add|remove|import|export> <device>" msgstr "" -#: src/cryptsetup.c:2036 -msgid "Add or remove keyring token" +#: src/cryptsetup.c:3525 +msgid "Manipulate LUKS2 tokens" msgstr "" -#: src/cryptsetup.c:2054 src/veritysetup.c:383 src/integritysetup.c:444 +#: src/cryptsetup.c:3544 src/veritysetup.c:509 src/integritysetup.c:563 msgid "" "\n" "<action> is one of:\n" @@ -1676,19 +3131,25 @@ msgstr "" "\n" "<动作> 为其ä¸ä¹‹ä¸€ï¼š\n" -#: src/cryptsetup.c:2060 +#: src/cryptsetup.c:3550 +#, fuzzy +#| msgid "" +#| "\n" +#| "You can also use old <action> syntax aliases:\n" +#| "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" +#| "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" msgid "" "\n" "You can also use old <action> syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n" msgstr "" "\n" "ä½ äº¦å¯ä½¿ç”¨è€çš„ <动作> è¯æ³•åˆ«å:\n" "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" -#: src/cryptsetup.c:2064 +#: src/cryptsetup.c:3554 #, c-format msgid "" "\n" @@ -1703,14 +3164,31 @@ msgstr "" "<key slot> 为需è¦æ›´æ”¹çš„ LUKS 密钥槽\n" "<key file> æ供给 luksAddKey 动作的密钥文件\n" -#: src/cryptsetup.c:2071 +#: src/cryptsetup.c:3561 #, c-format msgid "" "\n" "Default compiled-in metadata format is %s (for luksFormat action).\n" msgstr "" -#: src/cryptsetup.c:2076 +#: src/cryptsetup.c:3566 +msgid "" +"\n" +"LUKS2 external token plugin support is enabled.\n" +msgstr "" + +#: src/cryptsetup.c:3567 +#, c-format +msgid "LUKS2 external token plugin path: %s.\n" +msgstr "" + +#: src/cryptsetup.c:3569 +msgid "" +"\n" +"LUKS2 external token plugin support is disabled.\n" +msgstr "" + +#: src/cryptsetup.c:3573 #, fuzzy, c-format #| msgid "" #| "\n" @@ -1730,14 +3208,20 @@ msgstr "" "\t密钥文件的最大大å°ï¼š%dkB, 交互å¼å¯†ç 的最大长度:%d (å—符)\n" "LUKS 的默认 PBKDF2 è¿ä»£æ—¶é—´ï¼š%d (毫秒)\n" -#: src/cryptsetup.c:2087 -#, c-format +#: src/cryptsetup.c:3584 +#, fuzzy, c-format +#| msgid "" +#| "\n" +#| "Default compiled-in device cipher parameters:\n" +#| "\tloop-AES: %s, Key %d bits\n" +#| "\tplain: %s, Key: %d bits, Password hashing: %s\n" +#| "\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" msgid "" "\n" "Default compiled-in device cipher parameters:\n" "\tloop-AES: %s, Key %d bits\n" "\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" msgstr "" "\n" "默认集æˆçš„设备密文å‚数:\n" @@ -1745,1296 +3229,1763 @@ msgstr "" "\tplain:%s, 密钥:%d ä½, 密ç 哈希:%s\n" "\tLUKS1:%s, 密钥:%d bits, LUKS æ•°æ®å¤´å“ˆå¸Œï¼š%s, RNG:%s\n" -#: src/cryptsetup.c:2104 src/veritysetup.c:540 src/integritysetup.c:581 +#: src/cryptsetup.c:3593 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "" + +#: src/cryptsetup.c:3611 src/veritysetup.c:651 src/integritysetup.c:723 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: éœ€è¦ %s 作为å‚æ•°" -#: src/cryptsetup.c:2137 src/veritysetup.c:423 src/integritysetup.c:478 -#: src/cryptsetup_reencrypt.c:1608 -msgid "Show this help message" -msgstr "显示æ¤å¸®åŠ©" - -#: src/cryptsetup.c:2138 src/veritysetup.c:424 src/integritysetup.c:479 -#: src/cryptsetup_reencrypt.c:1609 -msgid "Display brief usage" -msgstr "显示简çŸç”¨æ³•" +#: src/cryptsetup.c:3651 src/utils_reencrypt_luks1.c:1198 +msgid "Key slot is invalid." +msgstr "å¯†é’¥æ§½æ— æ•ˆã€‚" -#: src/cryptsetup.c:2142 src/veritysetup.c:428 src/integritysetup.c:483 -#: src/cryptsetup_reencrypt.c:1613 -msgid "Help options:" -msgstr "帮助选项:" +#: src/cryptsetup.c:3678 +#, fuzzy +#| msgid "Reduce size must be multiple of 512 bytes sector." +msgid "Device size must be multiple of 512 bytes sector." +msgstr "缩å‡å¤§å°å¿…须为 512 å—节扇区的å€æ•°ã€‚" -#: src/cryptsetup.c:2143 src/veritysetup.c:429 src/integritysetup.c:484 -#: src/cryptsetup_reencrypt.c:1614 -msgid "Print package version" -msgstr "打å°è½¯ä»¶åŒ…版本" +#: src/cryptsetup.c:3683 +#, fuzzy +#| msgid "Invalid device size specification." +msgid "Invalid max reencryption hotzone size specification." +msgstr "æ— æ•ˆçš„è®¾å¤‡å¤§å°æŒ‡æ ‡ã€‚" -#: src/cryptsetup.c:2144 src/veritysetup.c:430 src/integritysetup.c:485 -#: src/cryptsetup_reencrypt.c:1615 -msgid "Shows more detailed error messages" -msgstr "显示更详细的错误信æ¯" +#: src/cryptsetup.c:3697 src/cryptsetup.c:3709 +msgid "Key size must be a multiple of 8 bits" +msgstr "密钥尺寸必须是 8 çš„å€æ•°" -#: src/cryptsetup.c:2145 src/veritysetup.c:431 src/integritysetup.c:486 -#: src/cryptsetup_reencrypt.c:1616 -msgid "Show debug messages" -msgstr "显示调试信æ¯" +#: src/cryptsetup.c:3714 +#, fuzzy +#| msgid "Maximum device reduce size is 64 MiB." +msgid "Maximum device reduce size is 1 GiB." +msgstr "最大设备缩å‡å¤§å°ä¸º 64 MiB。" -#: src/cryptsetup.c:2146 src/cryptsetup_reencrypt.c:1618 -msgid "The cipher used to encrypt the disk (see /proc/crypto)" -msgstr "ç”¨äºŽåŠ å¯†ç£ç›˜çš„密文(å‚è§ /proc/crypto)" +#: src/cryptsetup.c:3717 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "缩å‡å¤§å°å¿…须为 512 å—节扇区的å€æ•°ã€‚" -#: src/cryptsetup.c:2147 src/cryptsetup_reencrypt.c:1620 -msgid "The hash used to create the encryption key from the passphrase" -msgstr "用于从密ç åˆ›å»ºåŠ å¯†å¯†é’¥çš„å“ˆå¸Œå€¼" +#: src/cryptsetup.c:3734 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "" -#: src/cryptsetup.c:2148 -msgid "Verifies the passphrase by asking for it twice" -msgstr "两次询问密ç 以进行验è¯" +#: src/cryptsetup.c:3753 src/veritysetup.c:572 src/integritysetup.c:643 +msgid "Show this help message" +msgstr "显示æ¤å¸®åŠ©" -#: src/cryptsetup.c:2149 src/cryptsetup_reencrypt.c:1622 -msgid "Read the key from a file" -msgstr "从文件读å–密钥" +#: src/cryptsetup.c:3754 src/veritysetup.c:573 src/integritysetup.c:644 +msgid "Display brief usage" +msgstr "显示简çŸç”¨æ³•" -#: src/cryptsetup.c:2150 -msgid "Read the volume (master) key from file." -msgstr "从文件读å–å·ï¼ˆä¸»ï¼‰å¯†é’¥ã€‚" +#: src/cryptsetup.c:3755 src/veritysetup.c:574 src/integritysetup.c:645 +msgid "Print package version" +msgstr "打å°è½¯ä»¶åŒ…版本" -#: src/cryptsetup.c:2151 -#, fuzzy -#| msgid "Dump volume (master) key instead of keyslots info." -msgid "Dump volume (master) key instead of keyslots info" -msgstr "转储å·ï¼ˆä¸»ï¼‰å¯†é’¥è€Œä¸æ˜¯é”®æ§½ä¿¡æ¯ã€‚" +#: src/cryptsetup.c:3766 src/veritysetup.c:585 src/integritysetup.c:656 +msgid "Help options:" +msgstr "帮助选项:" -#: src/cryptsetup.c:2152 src/cryptsetup_reencrypt.c:1619 -msgid "The size of the encryption key" -msgstr "åŠ å¯†å¯†é’¥å¤§å°" +#: src/cryptsetup.c:3789 src/veritysetup.c:606 src/integritysetup.c:676 +msgid "[OPTION...] <action> <action-specific>" +msgstr "[选项…] <动作> <动作特定å‚æ•°>" -#: src/cryptsetup.c:2152 src/integritysetup.c:500 src/integritysetup.c:504 -#: src/integritysetup.c:508 src/cryptsetup_reencrypt.c:1619 -msgid "BITS" -msgstr "ä½" +#: src/cryptsetup.c:3798 src/veritysetup.c:615 src/integritysetup.c:687 +msgid "Argument <action> missing." +msgstr "缺失å‚æ•° <动作>。" -#: src/cryptsetup.c:2153 src/cryptsetup_reencrypt.c:1635 -msgid "Limits the read from keyfile" -msgstr "é™åˆ¶ä»Žå¯†é’¥æ–‡ä»¶è¯»å–" +#: src/cryptsetup.c:3877 src/veritysetup.c:646 src/integritysetup.c:718 +msgid "Unknown action." +msgstr "未知动作。" -#: src/cryptsetup.c:2153 src/cryptsetup.c:2154 src/cryptsetup.c:2155 -#: src/cryptsetup.c:2156 src/veritysetup.c:434 src/veritysetup.c:435 -#: src/veritysetup.c:436 src/veritysetup.c:439 src/veritysetup.c:440 -#: src/integritysetup.c:491 src/integritysetup.c:495 src/integritysetup.c:496 -#: src/cryptsetup_reencrypt.c:1634 src/cryptsetup_reencrypt.c:1635 -#: src/cryptsetup_reencrypt.c:1636 src/cryptsetup_reencrypt.c:1637 -msgid "bytes" -msgstr "å—节" +#: src/cryptsetup.c:3895 +#, fuzzy +#| msgid "Option --key-file takes precedence over specified key file argument.\n" +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "选项 --key-file 优先使用指定的密钥文件å‚数。\n" -#: src/cryptsetup.c:2154 src/cryptsetup_reencrypt.c:1634 -msgid "Number of bytes to skip in keyfile" -msgstr "è¦ä»Žå¯†é’¥æ–‡ä»¶è·³è¿‡çš„å—节数" +#: src/cryptsetup.c:3901 +msgid "Only one --key-file argument is allowed." +msgstr "åªå…许å˜åœ¨ä¸€ä¸ª --key-file 选项。" -#: src/cryptsetup.c:2155 -msgid "Limits the read from newly added keyfile" -msgstr "é™åˆ¶ä»Žæ–°å¢žå¯†é’¥æ–‡ä»¶çš„读å–" +#: src/cryptsetup.c:3906 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "" -#: src/cryptsetup.c:2156 -msgid "Number of bytes to skip in newly added keyfile" -msgstr "è¦ä»Žæ–°å¢žå¯†é’¥æ–‡ä»¶è·³è¿‡çš„å—节数" +#: src/cryptsetup.c:3911 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "" -#: src/cryptsetup.c:2157 -msgid "Slot number for new key (default is first free)" -msgstr "新密钥的槽å·ï¼ˆé»˜è®¤ä¸ºç¬¬ä¸€ä¸ªå¯ç”¨çš„)" +#: src/cryptsetup.c:3916 +msgid "Cannot link volume key to a keyring when keyring is disabled." +msgstr "" -#: src/cryptsetup.c:2158 -msgid "The size of the device" -msgstr "设备大å°" +#: src/cryptsetup.c:3927 +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "" -#: src/cryptsetup.c:2158 src/cryptsetup.c:2159 src/cryptsetup.c:2160 -#: src/cryptsetup.c:2166 src/integritysetup.c:492 src/integritysetup.c:497 -msgid "SECTORS" -msgstr "扇区" +#: src/cryptsetup.c:3935 +msgid "No action taken. Invoked with --test-args option.\n" +msgstr "" -#: src/cryptsetup.c:2159 -msgid "The start offset in the backend device" -msgstr "åŽç«¯è®¾å¤‡çš„起始å移é‡" +#: src/cryptsetup.c:3948 +msgid "Cannot disable metadata locking." +msgstr "æ— æ³•ç¦ç”¨å…ƒæ•°æ®é”定。" -#: src/cryptsetup.c:2160 -msgid "How many sectors of the encrypted data to skip at the beginning" -msgstr "从开头è¦è·³è¿‡çš„åŠ å¯†æ•°æ®æ‰‡åŒºæ•°é‡" +#: src/veritysetup.c:54 +msgid "Invalid salt string specified." +msgstr "æŒ‡å®šäº†æ— æ•ˆçš„ç›å—串。" -#: src/cryptsetup.c:2161 -msgid "Create a readonly mapping" -msgstr "创建åªè¯»æ˜ å°„" +#: src/veritysetup.c:87 +#, fuzzy, c-format +#| msgid "Cannot create hash image %s for writing.\n" +msgid "Cannot create hash image %s for writing." +msgstr "æ— æ³•ä¸ºåˆ›å»ºå“ˆå¸Œæ˜ åƒ %s 以供写入。\n" -#: src/cryptsetup.c:2162 src/integritysetup.c:487 -#: src/cryptsetup_reencrypt.c:1625 -msgid "Do not ask for confirmation" -msgstr "ä¸è¦è¯·æ±‚确认" +#: src/veritysetup.c:97 +#, fuzzy, c-format +#| msgid "Cannot create hash image %s for writing.\n" +msgid "Cannot create FEC image %s for writing." +msgstr "æ— æ³•ä¸ºåˆ›å»ºå“ˆå¸Œæ˜ åƒ %s 以供写入。\n" -#: src/cryptsetup.c:2163 -msgid "Timeout for interactive passphrase prompt (in seconds)" -msgstr "交互å¼å¯†ç æ示符超时长度(秒)" +#: src/veritysetup.c:136 +#, fuzzy, c-format +#| msgid "Cannot create hash image %s for writing.\n" +msgid "Cannot create root hash file %s for writing." +msgstr "æ— æ³•ä¸ºåˆ›å»ºå“ˆå¸Œæ˜ åƒ %s 以供写入。\n" -#: src/cryptsetup.c:2163 src/cryptsetup.c:2164 src/integritysetup.c:488 -#: src/cryptsetup_reencrypt.c:1626 -msgid "secs" -msgstr "秒" +#: src/veritysetup.c:143 +#, fuzzy, c-format +#| msgid "Cannot write to keyfile %s." +msgid "Cannot write to root hash file %s." +msgstr "æ— æ³•å†™å…¥å¯†é’¥æ–‡ä»¶ %s。" -#: src/cryptsetup.c:2164 src/integritysetup.c:488 -#: src/cryptsetup_reencrypt.c:1626 -msgid "Progress line update (in seconds)" -msgstr "" +#: src/veritysetup.c:198 src/veritysetup.c:476 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "%s ä¸æ˜¯æœ‰æ•ˆçš„ VERITY 设备。" -#: src/cryptsetup.c:2165 src/cryptsetup_reencrypt.c:1627 -msgid "How often the input of the passphrase can be retried" -msgstr "输入密ç 的最大é‡è¯•é¢‘率" +#: src/veritysetup.c:215 src/veritysetup.c:232 +#, fuzzy, c-format +#| msgid "Cannot create header file %s." +msgid "Cannot read root hash file %s." +msgstr "æ— æ³•åˆ›å»ºæ ‡å¤´æ–‡ä»¶ %s。" -#: src/cryptsetup.c:2166 -msgid "Align payload at <n> sector boundaries - for luksFormat" -msgstr "于 <n> 个扇区边界处对其载è·æ•°æ® - ä¾› luks æ ¼å¼ç”¨" +#: src/veritysetup.c:220 +#, fuzzy, c-format +#| msgid "Invalid root hash string specified.\n" +msgid "Invalid root hash file %s." +msgstr "æŒ‡å®šäº†æ— æ•ˆçš„æ ¹å“ˆå¸Œå€¼å—串。\n" -#: src/cryptsetup.c:2167 +#: src/veritysetup.c:241 #, fuzzy -#| msgid "File with LUKS header and keyslots backup." -msgid "File with LUKS header and keyslots backup" -msgstr "带有 LUKS æ•°æ®å¤´å’Œå¯†é’¥æ§½å¤‡ä»½çš„文件。" - -#: src/cryptsetup.c:2168 src/cryptsetup_reencrypt.c:1628 -msgid "Use /dev/random for generating volume key" -msgstr "使用 /dev/random 生æˆå·å¯†é’¥" +#| msgid "Invalid root hash string specified.\n" +msgid "Invalid root hash string specified." +msgstr "æŒ‡å®šäº†æ— æ•ˆçš„æ ¹å“ˆå¸Œå€¼å—串。\n" -#: src/cryptsetup.c:2169 src/cryptsetup_reencrypt.c:1629 -msgid "Use /dev/urandom for generating volume key" -msgstr "使用 /dev/urandom 生æˆå·å¯†é’¥" +#: src/veritysetup.c:249 +#, fuzzy, c-format +#| msgid "Invalid device %s." +msgid "Invalid signature file %s." +msgstr "设备 %s æ— æ•ˆã€‚" -#: src/cryptsetup.c:2170 -#, fuzzy -#| msgid "Share device with another non-overlapping crypt segment." -msgid "Share device with another non-overlapping crypt segment" -msgstr "与å¦ä¸€ä¸ªä¸é‡åˆçš„åŠ å¯†æ®µå…±äº«è®¾å¤‡ã€‚" +#: src/veritysetup.c:256 +#, fuzzy, c-format +#| msgid "Cannot read keyfile %s.\n" +msgid "Cannot read signature file %s." +msgstr "" +"æ— æ³•è¯»å–密钥文件 %s。\n" +"\n" -#: src/cryptsetup.c:2171 src/veritysetup.c:443 -#, fuzzy -#| msgid "UUID for device to use." -msgid "UUID for device to use" -msgstr "设备使用的 UUID å·²å 用。" +#: src/veritysetup.c:279 src/veritysetup.c:293 +msgid "Command requires <root_hash> or --root-hash-file option as argument." +msgstr "" -#: src/cryptsetup.c:2172 -#, fuzzy -#| msgid "Allow discards (aka TRIM) requests for device." -msgid "Allow discards (aka TRIM) requests for device" -msgstr "å…许设备的 discard(或称 TRIM)请求。" +#: src/veritysetup.c:489 +msgid "<data_device> <hash_device>" +msgstr "<æ•°æ®è®¾å¤‡> <哈希设备>" -#: src/cryptsetup.c:2173 src/cryptsetup_reencrypt.c:1646 -#, fuzzy -#| msgid "Device or file with separated LUKS header." -msgid "Device or file with separated LUKS header" -msgstr "带有分离 LUKS æ•°æ®å¤´çš„设备或文件。" +#: src/veritysetup.c:489 src/integritysetup.c:543 +msgid "format device" +msgstr "æ ¼å¼åŒ–设备" -#: src/cryptsetup.c:2174 +#: src/veritysetup.c:490 #, fuzzy -#| msgid "Do not activate device, just check passphrase." -msgid "Do not activate device, just check passphrase" -msgstr "ä¸è¦æ¿€æ´»è®¾å¤‡ï¼Œä»…检查密ç 。" +#| msgid "<data_device> <hash_device> <root_hash>" +msgid "<data_device> <hash_device> [<root_hash>]" +msgstr "<æ•°æ®è®¾å¤‡> <哈希设备> <æ ¹å“ˆå¸Œå€¼>" -#: src/cryptsetup.c:2175 -#, fuzzy -#| msgid "Use hidden header (hidden TCRYPT device)." -msgid "Use hidden header (hidden TCRYPT device)" -msgstr "使用éšè—æ•°æ®å¤´ï¼ˆéšè— TCRYPT 设备)" +#: src/veritysetup.c:490 +msgid "verify device" +msgstr "验è¯è®¾å¤‡" -#: src/cryptsetup.c:2176 +#: src/veritysetup.c:491 #, fuzzy -#| msgid "Device is system TCRYPT drive (with bootloader)." -msgid "Device is system TCRYPT drive (with bootloader)" -msgstr "设备为系统 TCRYPT 驱动器(带有引导器)。" - -#: src/cryptsetup.c:2177 -msgid "Use backup (secondary) TCRYPT header" -msgstr "使用备份(次级)TCRYPT æ ‡å¤´" +#| msgid "<data_device> <hash_device> <root_hash>" +msgid "<data_device> <name> <hash_device> [<root_hash>]" +msgstr "<æ•°æ®è®¾å¤‡> <哈希设备> <æ ¹å“ˆå¸Œå€¼>" -#: src/cryptsetup.c:2178 -#, fuzzy -#| msgid "Scan also for VeraCrypt compatible device." -msgid "Scan also for VeraCrypt compatible device" -msgstr "åŒæ—¶æ‰«æ VeraCrypt 兼容的设备。" +#: src/veritysetup.c:493 src/integritysetup.c:546 +msgid "show active device status" +msgstr "显示已激活的设备信æ¯" -#: src/cryptsetup.c:2179 -#, fuzzy -#| msgid "Scan also for VeraCrypt compatible device." -msgid "Personal Iteration Multiplier for VeraCrypt compatible device" -msgstr "åŒæ—¶æ‰«æ VeraCrypt 兼容的设备。" +#: src/veritysetup.c:494 +msgid "<hash_device>" +msgstr "<哈希设备>" -#: src/cryptsetup.c:2180 -#, fuzzy -#| msgid "Scan also for VeraCrypt compatible device." -msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" -msgstr "åŒæ—¶æ‰«æ VeraCrypt 兼容的设备。" +#: src/veritysetup.c:494 src/integritysetup.c:547 +msgid "show on-disk information" +msgstr "显示ç£ç›˜ä¸Šçš„ä¿¡æ¯" -#: src/cryptsetup.c:2181 -#, fuzzy -#| msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgid "Type of device metadata: luks, plain, loopaes, tcrypt" -msgstr "设备元数æ®ç±»åž‹ï¼šluks, 纯粹 (plain), loopaes, tcrypt." +#: src/veritysetup.c:513 +#, c-format +msgid "" +"\n" +"<name> is the device to create under %s\n" +"<data_device> is the data device\n" +"<hash_device> is the device containing verification data\n" +"<root_hash> hash of the root node on <hash_device>\n" +msgstr "" +"\n" +"<å称> 是在 %s 下è¦åˆ›å»ºçš„设备\n" +"<æ•°æ®è®¾å¤‡> 就是数æ®è®¾å¤‡\n" +"<哈希设备> 是å«æœ‰éªŒè¯ä¿¡æ¯çš„设备\n" +"<æ ¹å“ˆå¸Œå€¼> 是 <哈希设备> æ ¹èŠ‚ç‚¹çš„å“ˆå¸Œå€¼\n" -#: src/cryptsetup.c:2182 -#, fuzzy -#| msgid "Disable password quality check (if enabled)." -msgid "Disable password quality check (if enabled)" -msgstr "ç¦ç”¨å¯†ç è´¨é‡æ£€æŸ¥ (如果已å¯ç”¨)。" +#: src/veritysetup.c:520 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"编译时决定的默认 dm-verify å‚数:\n" +"\t哈希: %s, æ•°æ®å— (å—节): %u, å“ˆå¸Œå— (å—节): %u, ç›å¤§å°: %u, å“ˆå¸Œæ ¼å¼: %u\n" -#: src/cryptsetup.c:2183 +#: src/veritysetup.c:661 #, fuzzy -#| msgid "Use dm-crypt same_cpu_crypt performance compatibility option." -msgid "Use dm-crypt same_cpu_crypt performance compatibility option" -msgstr "使用 dm-crypt same_cpu_crypt 性能兼容性选项。" +#| msgid "Option --allow-discards is allowed only for open operation.\n" +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "选项 --allow-discards åªé€‚用于打开æ“作。\n" -#: src/cryptsetup.c:2184 +#: src/veritysetup.c:666 #, fuzzy -#| msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" -msgstr "使用 dm-crypt submit_from_crypt_cpus 性能兼容性选项。" +#| msgid "Option --allow-discards is allowed only for open operation.\n" +msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together." +msgstr "选项 --allow-discards åªé€‚用于打开æ“作。\n" -#: src/cryptsetup.c:2185 -msgid "Device removal is deferred until the last user closes it" +#: src/integritysetup.c:177 +#, c-format +msgid "" +"This will overwrite data on %s and %s irrevocably.\n" +"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)." msgstr "" -#: src/cryptsetup.c:2186 -msgid "PBKDF iteration time for LUKS (in ms)" -msgstr "LUKS 默认 PBKDF è¿ä»£æ—¶é—´ï¼ˆæ¯«ç§’)" - -#: src/cryptsetup.c:2186 src/cryptsetup_reencrypt.c:1624 -msgid "msecs" -msgstr "毫秒" - -#: src/cryptsetup.c:2187 src/cryptsetup_reencrypt.c:1642 -msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +#: src/integritysetup.c:217 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "" -#: src/cryptsetup.c:2188 src/cryptsetup_reencrypt.c:1643 -msgid "PBKDF memory cost limit" -msgstr "PBKDF 内å˜å¼€é”€é™åˆ¶" - -#: src/cryptsetup.c:2188 src/cryptsetup_reencrypt.c:1643 -msgid "kilobytes" -msgstr "åƒå—节" +#: src/integritysetup.c:298 +msgid "Setting recalculate flag is not supported, you may consider using --wipe instead." +msgstr "" -#: src/cryptsetup.c:2189 src/cryptsetup_reencrypt.c:1644 -msgid "PBKDF parallel cost" -msgstr "PBKDF 并行开销" +#: src/integritysetup.c:373 src/integritysetup.c:530 +#, fuzzy, c-format +#| msgid "Device %s is not a valid VERITY device." +msgid "Device %s is not a valid INTEGRITY device." +msgstr "%s ä¸æ˜¯æœ‰æ•ˆçš„ VERITY 设备。" -#: src/cryptsetup.c:2189 src/cryptsetup_reencrypt.c:1644 -msgid "threads" -msgstr "线程" +#: src/integritysetup.c:543 src/integritysetup.c:547 +#, fuzzy +#| msgid "verify device" +msgid "<integrity_device>" +msgstr "验è¯è®¾å¤‡" -#: src/cryptsetup.c:2190 src/cryptsetup_reencrypt.c:1645 -msgid "PBKDF iterations cost (forced, disables benchmark)" +#: src/integritysetup.c:544 +msgid "<integrity_device> <name>" msgstr "" -#: src/cryptsetup.c:2191 -msgid "Keyslot priority: ignore, normal, prefer)" +#: src/integritysetup.c:567 +#, fuzzy, c-format +#| msgid "" +#| "\n" +#| "<name> is the device to create under %s\n" +#| "<data_device> is the data device\n" +#| "<hash_device> is the device containing verification data\n" +#| "<root_hash> hash of the root node on <hash_device>\n" +msgid "" +"\n" +"<name> is the device to create under %s\n" +"<integrity_device> is the device containing data with integrity tags\n" msgstr "" +"\n" +"<å称> 是在 %s 下è¦åˆ›å»ºçš„设备\n" +"<æ•°æ®è®¾å¤‡> 就是数æ®è®¾å¤‡\n" +"<哈希设备> 是å«æœ‰éªŒè¯ä¿¡æ¯çš„设备\n" +"<æ ¹å“ˆå¸Œå€¼> 是 <哈希设备> æ ¹èŠ‚ç‚¹çš„å“ˆå¸Œå€¼\n" -#: src/cryptsetup.c:2192 -#, fuzzy -#| msgid "try to repair on-disk metadata" -msgid "Disable locking of on-disk metadata" -msgstr "å°è¯•ä¿®å¤ç£ç›˜ä¸Šçš„元数æ®" - -#: src/cryptsetup.c:2193 -msgid "Disable loading volume keys via kernel keyring" +#: src/integritysetup.c:572 +#, fuzzy, c-format +#| msgid "" +#| "\n" +#| "Default compiled-in dm-verity parameters:\n" +#| "\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +"\tMaximum keyfile size: %dkB\n" msgstr "" +"\n" +"编译时决定的默认 dm-verify å‚数:\n" +"\t哈希: %s, æ•°æ®å— (å—节): %u, å“ˆå¸Œå— (å—节): %u, ç›å¤§å°: %u, å“ˆå¸Œæ ¼å¼: %u\n" -#: src/cryptsetup.c:2194 -msgid "Data integrity algorithm (LUKS2 only)" +#: src/integritysetup.c:629 +#, c-format +msgid "Invalid --%s size. Maximum is %u bytes." msgstr "" -#: src/cryptsetup.c:2195 src/integritysetup.c:511 -#, fuzzy -#| msgid "Invalid size parameters for verity device.\n" -msgid "Disable journal for integrity device" -msgstr "为 VERITY 设备æ供的大å°æŒ‡æ ‡æ— 效。\n" +#: src/integritysetup.c:732 +msgid "Both key file and key size options must be specified." +msgstr "密钥文件和密钥大å°é€‰é¡¹å‡å¿…须指定。" -#: src/cryptsetup.c:2196 src/integritysetup.c:489 -msgid "Do not wipe device after format" +#: src/integritysetup.c:736 +msgid "Both journal integrity key file and key size options must be specified." msgstr "" -#: src/cryptsetup.c:2197 -msgid "Do not ask for passphrase if activation by token fails" -msgstr "" +#: src/integritysetup.c:739 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "å¦‚æžœä½¿ç”¨äº†æ—¥å¿—åŠ å¯†å¯†é’¥ï¼Œåˆ™å¿…é¡»æŒ‡å®šæ—¥å¿—å®Œæ•´æ€§æ ¡éªŒç®—æ³•ã€‚" -#: src/cryptsetup.c:2198 -msgid "Token number (default: any)" -msgstr "" +#: src/integritysetup.c:743 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "æ—¥å¿—åŠ å¯†å¯†é’¥æ–‡ä»¶å’Œå¯†é’¥å¤§å°é€‰é¡¹å‡å¿…须指定。" -#: src/cryptsetup.c:2199 -msgid "Key description" -msgstr "" +#: src/integritysetup.c:746 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "å¦‚æžœä½¿ç”¨äº†æ—¥å¿—åŠ å¯†å¯†é’¥ï¼Œåˆ™å¿…é¡»æŒ‡å®šæ—¥å¿—åŠ å¯†ç®—æ³•ã€‚" -#: src/cryptsetup.c:2200 -msgid "Encryption sector size (default: 512 bytes)" +#: src/integritysetup.c:750 +msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "" -#: src/cryptsetup.c:2201 -msgid "Set activation flags persistent for device" +#: src/integritysetup.c:757 +msgid "Journal options cannot be used in bitmap mode." msgstr "" -#: src/cryptsetup.c:2202 -#, fuzzy -#| msgid "formats a LUKS device" -msgid "Set label for the LUKS2 device" -msgstr "æ ¼å¼åŒ–一个 LUKS 设备" +#: src/integritysetup.c:762 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "" -#: src/cryptsetup.c:2203 -#, fuzzy -#| msgid "formats a LUKS device" -msgid "Set subsystem label for the LUKS2 device" -msgstr "æ ¼å¼åŒ–一个 LUKS 设备" +#: src/utils_tools.c:118 +msgid "" +"\n" +"WARNING!\n" +"========\n" +msgstr "" +"\n" +"è¦å‘Šï¼\n" +"========\n" -#: src/cryptsetup.c:2204 -msgid "Create unbound (no assigned data segment) LUKS2 keyslot" +#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word. +#: src/utils_tools.c:120 +#, c-format +msgid "" +"%s\n" +"\n" +"Are you sure? (Type 'yes' in capital letters): " msgstr "" -#: src/cryptsetup.c:2220 src/veritysetup.c:464 src/integritysetup.c:528 -msgid "[OPTION...] <action> <action-specific>" -msgstr "[选项…] <动作> <动作特定å‚æ•°>" +#: src/utils_tools.c:126 +msgid "Error reading response from terminal." +msgstr "从终端读å–å“应时失败。" -#: src/cryptsetup.c:2277 src/veritysetup.c:504 src/integritysetup.c:545 -msgid "Argument <action> missing." -msgstr "缺失å‚æ•° <动作>。" +#: src/utils_tools.c:158 +msgid "Command successful." +msgstr "命令æˆåŠŸã€‚" -#: src/cryptsetup.c:2333 src/veritysetup.c:535 src/integritysetup.c:576 -msgid "Unknown action." -msgstr "未知动作。" +#: src/utils_tools.c:166 +msgid "wrong or missing parameters" +msgstr "错误或缺失的å‚æ•°" -#: src/cryptsetup.c:2343 -#, fuzzy -#| msgid "Option --shared is allowed only for open of plain device.\n" -msgid "Option --deferred is allowed only for close command.\n" -msgstr "选项 --shared åªé€‚用于打开纯设备。\n" +#: src/utils_tools.c:168 +msgid "no permission or bad passphrase" +msgstr "æ— æƒé™æˆ–å£ä»¤é”™è¯¯" -#: src/cryptsetup.c:2348 -msgid "Option --shared is allowed only for open of plain device.\n" -msgstr "选项 --shared åªé€‚用于打开纯设备。\n" +#: src/utils_tools.c:170 +msgid "out of memory" +msgstr "内å˜è€—å°½" -#: src/cryptsetup.c:2353 -msgid "Option --allow-discards is allowed only for open operation.\n" -msgstr "选项 --allow-discards åªé€‚用于打开æ“作。\n" +#: src/utils_tools.c:172 +msgid "wrong device or file specified" +msgstr "指定了错误的设备或文件" -#: src/cryptsetup.c:2358 -#, fuzzy -#| msgid "Option --allow-discards is allowed only for open operation.\n" -msgid "Option --persistent is allowed only for open operation.\n" -msgstr "选项 --allow-discards åªé€‚用于打开æ“作。\n" +#: src/utils_tools.c:174 +msgid "device already exists or device is busy" +msgstr "设备已å˜åœ¨æˆ–设备æ£å¿™" -#: src/cryptsetup.c:2363 -msgid "Option --persistent is not allowed with --test-passphrase.\n" -msgstr "" +#: src/utils_tools.c:176 +msgid "unknown error" +msgstr "未知错误" -#: src/cryptsetup.c:2372 -#, fuzzy -#| msgid "" -#| "Option --key-size is allowed only for luksFormat, open and benchmark.\n" -#| "To limit read from keyfile use --keyfile-size=(bytes)." -msgid "" -"Option --key-size is allowed only for luksFormat, luksAddKey (with --unbound),\n" -"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." -msgstr "" -"选项 --key-size åªèƒ½ç”¨äºŽ luksFormat, 打开和性能测试。\n" -"è¦é™åˆ¶å¯†é’¥æ–‡ä»¶è¯»å–请使用 --keyfile-size=(å—节数)。" +#: src/utils_tools.c:178 +#, c-format +msgid "Command failed with code %i (%s)." +msgstr "命令失败,代ç %i(%s)。" -#: src/cryptsetup.c:2378 -#, fuzzy -#| msgid "Option --align-payload is allowed only for luksFormat." -msgid "Option --integrity is allowed only for luksFormat (LUKS2).\n" -msgstr "选项 --align-payload åªå…许用于 luksFormat。" +#: src/utils_tools.c:256 +#, fuzzy, c-format +#| msgid "Key slot %d changed." +msgid "Key slot %i created." +msgstr "密钥槽 %d 已改å˜ã€‚" -#: src/cryptsetup.c:2383 -msgid "Option --integrity-no-wipe can be used only for format action with integrity extension.\n" -msgstr "" +#: src/utils_tools.c:258 +#, fuzzy, c-format +#| msgid "Key slot %d unlocked." +msgid "Key slot %i unlocked." +msgstr "密钥槽 %d 已解é”。" -#: src/cryptsetup.c:2389 -#, fuzzy -#| msgid "Option --uuid is allowed only for luksFormat and luksUUID." -msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations.\n" -msgstr "选项 --uuid åªå…许用于 luksFormat å’Œ luksUUID。" +#: src/utils_tools.c:260 +#, fuzzy, c-format +#| msgid "Key slot %d unlocked." +msgid "Key slot %i removed." +msgstr "密钥槽 %d 已解é”。" -#: src/cryptsetup.c:2395 -msgid "Option --test-passphrase is allowed only for open of LUKS and TCRYPT devices.\n" -msgstr "选项 --test-passphrase åªèƒ½ç”¨äºŽæ‰“å¼€ LUKS å’Œ TCRYPT 设备。\n" +#: src/utils_tools.c:269 +#, fuzzy, c-format +#| msgid "Key slot %d is not used.\n" +msgid "Token %i created." +msgstr "密钥槽 %d 未使用。\n" -#: src/cryptsetup.c:2400 src/cryptsetup_reencrypt.c:1717 -msgid "Key size must be a multiple of 8 bits" -msgstr "密钥尺寸必须是 8 çš„å€æ•°" +#: src/utils_tools.c:271 +#, fuzzy, c-format +#| msgid "Key slot %d is not used.\n" +msgid "Token %i removed." +msgstr "密钥槽 %d 未使用。\n" -#: src/cryptsetup.c:2406 src/cryptsetup_reencrypt.c:1402 -#: src/cryptsetup_reencrypt.c:1722 -msgid "Key slot is invalid." -msgstr "å¯†é’¥æ§½æ— æ•ˆã€‚" +#: src/utils_tools.c:281 +msgid "No token could be unlocked with this PIN." +msgstr "" -#: src/cryptsetup.c:2413 -#, fuzzy -#| msgid "Option --key-file takes precedence over specified key file argument.\n" -msgid "Option --key-file takes precedence over specified key file argument." -msgstr "选项 --key-file 优先使用指定的密钥文件å‚数。\n" +#: src/utils_tools.c:283 +#, fuzzy, c-format +#| msgid "Key slot %d is not used.\n" +msgid "Token %i requires PIN." +msgstr "密钥槽 %d 未使用。\n" -#: src/cryptsetup.c:2420 src/veritysetup.c:547 src/integritysetup.c:595 -#: src/cryptsetup_reencrypt.c:1696 -msgid "Negative number for option not permitted." -msgstr "ä¸å…许在选项ä¸å¡«å…¥è´Ÿæ•°ã€‚" +#: src/utils_tools.c:285 +#, c-format +msgid "Token (type %s) requires PIN." +msgstr "" -#: src/cryptsetup.c:2424 -msgid "Only one --key-file argument is allowed." -msgstr "åªå…许å˜åœ¨ä¸€ä¸ª --key-file 选项。" +#: src/utils_tools.c:288 +#, c-format +msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." +msgstr "" -#: src/cryptsetup.c:2428 src/cryptsetup_reencrypt.c:1688 -#: src/cryptsetup_reencrypt.c:1726 -msgid "Only one of --use-[u]random options is allowed." -msgstr "--use-[u]random 选项åªèƒ½ç”¨ä¸€å¤„。" +#: src/utils_tools.c:290 +#, c-format +msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)." +msgstr "" -#: src/cryptsetup.c:2432 -msgid "Option --use-[u]random is allowed only for luksFormat." -msgstr "选项 --use-[u]random åªé€‚用于 luksFormat。" +#: src/utils_tools.c:293 +#, c-format +msgid "Token %i requires additional missing resource." +msgstr "" -#: src/cryptsetup.c:2436 -msgid "Option --uuid is allowed only for luksFormat and luksUUID." -msgstr "选项 --uuid åªå…许用于 luksFormat å’Œ luksUUID。" +#: src/utils_tools.c:295 +#, c-format +msgid "Token (type %s) requires additional missing resource." +msgstr "" -#: src/cryptsetup.c:2440 -msgid "Option --align-payload is allowed only for luksFormat." -msgstr "选项 --align-payload åªå…许用于 luksFormat。" +#: src/utils_tools.c:298 +#, c-format +msgid "No usable token (type %s) is available." +msgstr "" -#: src/cryptsetup.c:2446 -msgid "Option --skip is supported only for open of plain and loopaes devices.\n" -msgstr "选项 --skip åªé€‚用于打开纯设备和 loopaes 设备。\n" +#: src/utils_tools.c:300 +msgid "No usable token is available." +msgstr "" -#: src/cryptsetup.c:2452 -msgid "Option --offset is supported only for open of plain and loopaes devices.\n" -msgstr "选项 --offset åªé€‚用于打开纯设备和 loopaes 设备。\n" +#: src/utils_tools.c:393 +#, fuzzy, c-format +#| msgid "Cannot read keyfile %s.\n" +msgid "Cannot read keyfile %s." +msgstr "" +"æ— æ³•è¯»å–密钥文件 %s。\n" +"\n" -#: src/cryptsetup.c:2458 -msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n" -msgstr "选项 --tcrypt-hidden, --tcrypt-system 或 --tcrypt-backup åªæ”¯æŒ TCRYPT 设备。\n" +#: src/utils_tools.c:398 +#, fuzzy, c-format +#| msgid "Cannot read %d bytes from keyfile %s.\n" +msgid "Cannot read %d bytes from keyfile %s." +msgstr "æ— æ³•ä»Žå¯†é’¥æ–‡ä»¶ %2$s è¯»å– %1$d å—节。\n" -#: src/cryptsetup.c:2463 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" -msgstr "选项 --tcrypt-hidden ä¸èƒ½ä¸Ž --allow-discards 共用。\n" +#: src/utils_tools.c:423 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "æ— æ³•æ‰“å¼€å¯†é’¥æ–‡ä»¶ %s 以供写入。" -#: src/cryptsetup.c:2468 -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "选项 --veracrypt åªæ”¯æŒ TCRYPT 设备类型。\n" +#: src/utils_tools.c:430 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "æ— æ³•å†™å…¥å¯†é’¥æ–‡ä»¶ %s。" -#: src/cryptsetup.c:2474 -msgid "Invalid argument for parameter --veracrypt-pim supplied.\n" +#: src/utils_progress.c:74 +#, c-format +msgid "%02<PRIu64>m%02<PRIu64>s" msgstr "" -#: src/cryptsetup.c:2478 -#, fuzzy -#| msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices.\n" -msgstr "选项 --veracrypt åªæ”¯æŒ TCRYPT 设备类型。\n" - -#: src/cryptsetup.c:2486 -#, fuzzy -#| msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices.\n" -msgstr "选项 --veracrypt åªæ”¯æŒ TCRYPT 设备类型。\n" - -#: src/cryptsetup.c:2490 -msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive.\n" +#: src/utils_progress.c:76 +#, c-format +msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s" msgstr "" -#: src/cryptsetup.c:2497 -msgid "Option --priority can be only ignore/normal/prefer.\n" +#: src/utils_progress.c:78 +#, c-format +msgid "%02<PRIu64> days" msgstr "" -#: src/cryptsetup.c:2502 -msgid "Keyslot specification is required.\n" +#: src/utils_progress.c:105 src/utils_progress.c:138 +#, c-format +msgid "%4<PRIu64> %s written" msgstr "" -#: src/cryptsetup.c:2507 src/cryptsetup_reencrypt.c:1702 -msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id.\n" +#: src/utils_progress.c:109 src/utils_progress.c:142 +#, c-format +msgid "speed %5.1f %s/s" msgstr "" -#: src/cryptsetup.c:2512 src/cryptsetup_reencrypt.c:1707 -msgid "PBKDF forced iterations cannot be combined with iteration time option.\n" +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. 'eol' is always new-line or empty. +#. See above. +#. +#: src/utils_progress.c:118 +#, c-format +msgid "Progress: %5.1f%%, ETA %s, %s, %s%s" msgstr "" -#: src/cryptsetup.c:2518 -#, fuzzy -#| msgid "This operation is not supported for this device type.\n" -msgid "Sector size option is not supported for this command.\n" -msgstr "ä¸æ”¯æŒåœ¨è¿™ç±»è®¾å¤‡ä¸Šæ‰§è¡Œæ¤æ“作。\n" - -#: src/cryptsetup.c:2524 -msgid "Unsupported encryption sector size.\n" -msgstr "ä¸æ”¯æŒçš„åŠ å¯†æ‰‡åŒºå¤§å°ã€‚\n" - -#: src/cryptsetup.c:2529 -msgid "Key size is required with --unbound option.\n" +#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed +#. to get translated as well. See above +#. +#: src/utils_progress.c:150 +#, c-format +msgid "Finished, time %s, %s, %s\n" msgstr "" -#: src/cryptsetup.c:2534 -#, fuzzy -#| msgid "Option --new cannot be used together with --decrypt." -msgid "Option --unbound may be used only with luksAddKey action.\n" -msgstr "选项 --new ä¸å¯ä¸Ž --decrypt 共用。" - -#: src/cryptsetup.c:2544 -msgid "Cannot disable metadata locking.\n" -msgstr "æ— æ³•ç¦ç”¨å…ƒæ•°æ®é”定。\n" +#: src/utils_password.c:41 src/utils_password.c:72 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "æ— æ³•æ£€æŸ¥å¯†ç è´¨é‡ï¼š%s" -#: src/veritysetup.c:67 -msgid "Invalid salt string specified." -msgstr "æŒ‡å®šäº†æ— æ•ˆçš„ç›å—串。" +#: src/utils_password.c:49 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" +msgstr "" +"密ç è´¨é‡æ£€æŸ¥å¤±è´¥ï¼š\n" +" %s" -#: src/veritysetup.c:98 -#, fuzzy, c-format -#| msgid "Cannot create hash image %s for writing.\n" -msgid "Cannot create hash image %s for writing." -msgstr "æ— æ³•ä¸ºåˆ›å»ºå“ˆå¸Œæ˜ åƒ %s 以供写入。\n" +#: src/utils_password.c:79 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "密ç è´¨é‡æ£€æŸ¥å¤±è´¥ï¼šæ— 效密ç (%s)" -#: src/veritysetup.c:108 -#, fuzzy, c-format -#| msgid "Cannot create hash image %s for writing.\n" -msgid "Cannot create FEC image %s for writing." -msgstr "æ— æ³•ä¸ºåˆ›å»ºå“ˆå¸Œæ˜ åƒ %s 以供写入。\n" +#: src/utils_password.c:231 src/utils_password.c:245 +msgid "Error reading passphrase from terminal." +msgstr "从终端读å–å£ä»¤æ—¶å‡ºé”™ã€‚" -#: src/veritysetup.c:181 -#, fuzzy -#| msgid "Invalid root hash string specified.\n" -msgid "Invalid root hash string specified." -msgstr "æŒ‡å®šäº†æ— æ•ˆçš„æ ¹å“ˆå¸Œå€¼å—串。\n" +#: src/utils_password.c:243 +msgid "Verify passphrase: " +msgstr "确认密ç :" -#: src/veritysetup.c:363 -msgid "<data_device> <hash_device>" -msgstr "<æ•°æ®è®¾å¤‡> <哈希设备>" +#: src/utils_password.c:250 +msgid "Passphrases do not match." +msgstr "å£ä»¤ä¸åŒ¹é…。" -#: src/veritysetup.c:363 src/integritysetup.c:425 -msgid "format device" -msgstr "æ ¼å¼åŒ–设备" +#: src/utils_password.c:288 +msgid "Cannot use offset with terminal input." +msgstr "ä¸èƒ½å°†å移é‡ç”¨äºŽç»ˆç«¯è¾“入。" -#: src/veritysetup.c:364 -msgid "<data_device> <hash_device> <root_hash>" -msgstr "<æ•°æ®è®¾å¤‡> <哈希设备> <æ ¹å“ˆå¸Œå€¼>" +#: src/utils_password.c:292 +#, c-format +msgid "Enter passphrase: " +msgstr "输入å£ä»¤ï¼š" -#: src/veritysetup.c:364 -msgid "verify device" -msgstr "验è¯è®¾å¤‡" +#: src/utils_password.c:295 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "输入 %s çš„å£ä»¤ï¼š" -#: src/veritysetup.c:365 -#, fuzzy -#| msgid "<data_device> <hash_device> <root_hash>" -msgid "<data_device> <name> <hash_device> <root_hash>" -msgstr "<æ•°æ®è®¾å¤‡> <哈希设备> <æ ¹å“ˆå¸Œå€¼>" +#: src/utils_password.c:329 +msgid "No key available with this passphrase." +msgstr "æ¤å£ä»¤æ— å¯ç”¨çš„密钥。" -#: src/veritysetup.c:365 src/integritysetup.c:426 -msgid "open device as <name>" -msgstr "以 <å称> 打开设备" +#: src/utils_password.c:331 +msgid "No usable keyslot is available." +msgstr "" -#: src/veritysetup.c:366 src/integritysetup.c:427 +#: src/utils_luks.c:68 #, fuzzy -#| msgid "close device (remove mapping)" -msgid "close device (deactivate and remove mapping)" -msgstr "å…³é—è®¾å¤‡ï¼ˆç§»é™¤æ˜ å°„ï¼‰" +#| msgid "Can't do passphrase verification on non-tty inputs.\n" +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "æ— æ³•ä»Žéž TTY 输入验è¯å¯†ç 。\n" -#: src/veritysetup.c:367 src/integritysetup.c:428 -msgid "show active device status" -msgstr "显示已激活的设备信æ¯" +#: src/utils_luks.c:183 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "以åªè¯»æ¨¡å¼æ‰“开文件 %s 失败。" -#: src/veritysetup.c:368 -msgid "<hash_device>" -msgstr "<哈希设备>" +#: src/utils_luks.c:196 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "" -#: src/veritysetup.c:368 src/integritysetup.c:429 -msgid "show on-disk information" -msgstr "显示ç£ç›˜ä¸Šçš„ä¿¡æ¯" +#: src/utils_luks.c:203 +msgid "Failed to read JSON file." +msgstr "è¯»å– JSON 文件失败。" -#: src/veritysetup.c:387 -#, c-format +#: src/utils_luks.c:208 msgid "" "\n" -"<name> is the device to create under %s\n" -"<data_device> is the data device\n" -"<hash_device> is the device containing verification data\n" -"<root_hash> hash of the root node on <hash_device>\n" +"Read interrupted." msgstr "" "\n" -"<å称> 是在 %s 下è¦åˆ›å»ºçš„设备\n" -"<æ•°æ®è®¾å¤‡> 就是数æ®è®¾å¤‡\n" -"<哈希设备> 是å«æœ‰éªŒè¯ä¿¡æ¯çš„设备\n" -"<æ ¹å“ˆå¸Œå€¼> 是 <哈希设备> æ ¹èŠ‚ç‚¹çš„å“ˆå¸Œå€¼\n" +"读å–被打æ–。" -#: src/veritysetup.c:394 -#, c-format +#: src/utils_luks.c:249 +#, fuzzy, c-format +#| msgid "Cannot open keyfile %s for write." +msgid "Failed to open file %s in write mode." +msgstr "æ— æ³•æ‰“å¼€å¯†é’¥æ–‡ä»¶ %s 以供写入。" + +#: src/utils_luks.c:258 msgid "" "\n" -"Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +"Write interrupted." msgstr "" "\n" -"编译时决定的默认 dm-verify å‚数:\n" -"\t哈希: %s, æ•°æ®å— (å—节): %u, å“ˆå¸Œå— (å—节): %u, ç›å¤§å°: %u, å“ˆå¸Œæ ¼å¼: %u\n" - -#: src/veritysetup.c:432 -msgid "Do not use verity superblock" -msgstr "ä¸ä½¿ç”¨çœŸç†è¶…级å—" +"写入被打æ–。" -#: src/veritysetup.c:433 -msgid "Format type (1 - normal, 0 - original Chrome OS)" -msgstr "æ ¼å¼ç±»åž‹ (1 - æ£å¸¸, 0 - 原版 Chrome OS)" +#: src/utils_luks.c:262 +msgid "Failed to write JSON file." +msgstr "写入 JSON 文件失败。" -#: src/veritysetup.c:433 -msgid "number" -msgstr "æ•°å—" - -#: src/veritysetup.c:434 -msgid "Block size on the data device" -msgstr "æ•°æ®è®¾å¤‡çš„å—大å°" - -#: src/veritysetup.c:435 -msgid "Block size on the hash device" -msgstr "哈希设备的å—大å°" - -#: src/veritysetup.c:436 -msgid "FEC parity bytes" -msgstr "FEC æ ¡éªŒå—节" +#: src/utils_reencrypt.c:120 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "" -#: src/veritysetup.c:437 -msgid "The number of blocks in the data file" -msgstr "æ•°æ®æ–‡ä»¶çš„å—æ•°é‡" +#: src/utils_reencrypt.c:124 +#, fuzzy, c-format +#| msgid "Failed to acquire write lock on device %s." +msgid "Failed to auto-detect device %s holders." +msgstr "æ— æ³•èŽ·å–设备 %s 上的写入é”。" -#: src/veritysetup.c:437 -msgid "blocks" -msgstr "å—" +#: src/utils_reencrypt.c:130 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "设备 %s ä¸æ˜¯å—设备。\n" -#: src/veritysetup.c:438 -msgid "Path to device with error correction data" +#: src/utils_reencrypt.c:132 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" msgstr "" -#: src/veritysetup.c:438 -msgid "path" +#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274 +#, c-format +msgid "" +"Device %s is not a block device. Can not auto-detect if it is active or not.\n" +"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)." msgstr "" -#: src/veritysetup.c:439 -msgid "Starting offset on the hash device" -msgstr "哈希设备开始ä½ç½®å移é‡" - -#: src/veritysetup.c:440 -#, fuzzy -#| msgid "Starting offset on the hash device" -msgid "Starting offset on the FEC device" -msgstr "哈希设备开始ä½ç½®å移é‡" - -#: src/veritysetup.c:441 -msgid "Hash algorithm" -msgstr "哈希算法" +#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221 +#: src/utils_reencrypt.c:231 +msgid "Requested --resilience option cannot be applied to current reencryption operation." +msgstr "" -#: src/veritysetup.c:441 -msgid "string" -msgstr "å—符串" +#: src/utils_reencrypt.c:203 +msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt." +msgstr "" -#: src/veritysetup.c:442 -msgid "Salt" -msgstr "ç›" +#: src/utils_reencrypt.c:208 +msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt." +msgstr "" -#: src/veritysetup.c:442 -msgid "hex string" -msgstr "åå…进制å—符串" +#: src/utils_reencrypt.c:215 +msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied." +msgstr "" -#: src/veritysetup.c:444 -msgid "Restart kernel if corruption is detected" +#: src/utils_reencrypt.c:293 +msgid "Device requires reencryption recovery. Run repair first." msgstr "" -#: src/veritysetup.c:445 -msgid "Ignore corruption, log it only" -msgstr "忽略数æ®æŸå,仅对其进行日志记录" +#: src/utils_reencrypt.c:307 +#, c-format +msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?" +msgstr "" -#: src/veritysetup.c:446 -#, fuzzy -#| msgid "Do not use verity superblock" -msgid "Do not verify zeroed blocks" -msgstr "ä¸ä½¿ç”¨çœŸç†è¶…级å—" +#: src/utils_reencrypt.c:416 +msgid "Legacy LUKS2 reencryption is no longer supported." +msgstr "" -#: src/veritysetup.c:447 -msgid "Verify data block only the first time it is read" +#: src/utils_reencrypt.c:421 +msgid "Can not reencrypt LUKS2 device configured to use OPAL." msgstr "" -#: src/veritysetup.c:553 -#, fuzzy -#| msgid "Option --allow-discards is allowed only for open operation.\n" -msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation.\n" -msgstr "选项 --allow-discards åªé€‚用于打开æ“作。\n" +#: src/utils_reencrypt.c:427 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "ä¸æ”¯æŒå¸¦æœ‰å®Œæ•´æ€§ profile ä¿¡æ¯çš„设备的é‡åŠ 密。" -#: src/veritysetup.c:558 -msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together.\n" +#: src/utils_reencrypt.c:464 +#, c-format +msgid "" +"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n" +"(block size: %<PRIu32> bytes) detected on device %s." msgstr "" -#: src/integritysetup.c:78 src/utils_password.c:317 -#, fuzzy, c-format -#| msgid "Cannot read keyfile %s.\n" -msgid "Cannot read keyfile %s." +#: src/utils_reencrypt.c:533 src/utils_reencrypt.c:1412 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." msgstr "" -"æ— æ³•è¯»å–密钥文件 %s。\n" -"\n" -#: src/integritysetup.c:82 src/utils_password.c:321 -#, fuzzy, c-format -#| msgid "Cannot read %d bytes from keyfile %s.\n" -msgid "Cannot read %d bytes from keyfile %s." -msgstr "æ— æ³•ä»Žå¯†é’¥æ–‡ä»¶ %2$s è¯»å– %1$d å—节。\n" +#: src/utils_reencrypt.c:540 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "" -#: src/integritysetup.c:224 +#: src/utils_reencrypt.c:550 #, c-format -msgid "Formatted with tag size %u, internal integrity %s.\n" +msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n" msgstr "" -#: src/integritysetup.c:425 src/integritysetup.c:429 -#, fuzzy -#| msgid "verify device" -msgid "<integrity_device>" -msgstr "验è¯è®¾å¤‡" - -#: src/integritysetup.c:426 -msgid "<integrity_device> <name>" -msgstr "" +#: src/utils_reencrypt.c:580 +#, fuzzy, c-format +#| msgid "Requested header backup file %s already exists." +msgid "Temporary header file %s already exists. Aborting." +msgstr "è¯·æ±‚çš„æ ‡å¤´å¤‡ä»½æ–‡ä»¶ %s å·²å˜åœ¨ã€‚" -#: src/integritysetup.c:448 +#: src/utils_reencrypt.c:582 src/utils_reencrypt.c:589 #, fuzzy, c-format -#| msgid "" -#| "\n" -#| "<name> is the device to create under %s\n" -#| "<data_device> is the data device\n" -#| "<hash_device> is the device containing verification data\n" -#| "<root_hash> hash of the root node on <hash_device>\n" -msgid "" -"\n" -"<name> is the device to create under %s\n" -"<integrity_device> is the device containing data with integrity tags\n" +#| msgid "Cannot create header file %s." +msgid "Cannot create temporary header file %s." +msgstr "æ— æ³•åˆ›å»ºæ ‡å¤´æ–‡ä»¶ %s。" + +#: src/utils_reencrypt.c:614 +msgid "LUKS2 metadata size is larger than data shift value." msgstr "" -"\n" -"<å称> 是在 %s 下è¦åˆ›å»ºçš„设备\n" -"<æ•°æ®è®¾å¤‡> 就是数æ®è®¾å¤‡\n" -"<哈希设备> 是å«æœ‰éªŒè¯ä¿¡æ¯çš„设备\n" -"<æ ¹å“ˆå¸Œå€¼> 是 <哈希设备> æ ¹èŠ‚ç‚¹çš„å“ˆå¸Œå€¼\n" -#: src/integritysetup.c:453 +#: src/utils_reencrypt.c:651 #, fuzzy, c-format -#| msgid "" -#| "\n" -#| "Default compiled-in dm-verity parameters:\n" -#| "\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" -msgid "" -"\n" -"Default compiled-in dm-integrity parameters:\n" -"\tTag size: %u bytes, Checksum algorithm: %s\n" +#| msgid "Failed to acquire read lock on device %s." +msgid "Failed to place new header at head of device %s." +msgstr "æ— æ³•èŽ·å–设备 %s 的读å–é”。" + +#: src/utils_reencrypt.c:661 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" msgstr "" -"\n" -"编译时决定的默认 dm-verify å‚数:\n" -"\t哈希: %s, æ•°æ®å— (å—节): %u, å“ˆå¸Œå— (å—节): %u, ç›å¤§å°: %u, å“ˆå¸Œæ ¼å¼: %u\n" -#: src/integritysetup.c:491 -msgid "Journal size" -msgstr "日志大å°" +#: src/utils_reencrypt.c:697 +#, fuzzy, c-format +#| msgid "Device %s is not active." +msgid "Active device %s is not LUKS2." +msgstr "设备 %s 未激活。" -#: src/integritysetup.c:492 -msgid "Interleave sectors" +#: src/utils_reencrypt.c:725 +msgid "Restoring original LUKS2 header." msgstr "" -#: src/integritysetup.c:493 -msgid "Journal watermark" -msgstr "" +#: src/utils_reencrypt.c:733 +#, fuzzy +#| msgid "Writing LUKS header to disk." +msgid "Original LUKS2 header restore failed." +msgstr "æ£åœ¨å°† LUKS æ ‡å¤´å†™å…¥ç£ç›˜ã€‚" -#: src/integritysetup.c:493 -msgid "percent" +#: src/utils_reencrypt.c:759 +#, c-format +msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?" msgstr "" -#: src/integritysetup.c:494 -msgid "Journal commit time" -msgstr "日志æ交时间" +#: src/utils_reencrypt.c:807 +#, fuzzy +#| msgid "Failed to write activation flags to new header." +msgid "Failed to add read/write permissions to exported header file." +msgstr "å‘æ–°è¡¨å¤´å†™å…¥æ´»åŠ¨æ——æ ‡å¤±è´¥ã€‚" -#: src/integritysetup.c:494 -msgid "ms" +#: src/utils_reencrypt.c:860 +#, c-format +msgid "Reencryption initialization failed. Header backup is available in %s." msgstr "" -#: src/integritysetup.c:495 -msgid "Tag size (per-sector)" +#: src/utils_reencrypt.c:888 +msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)." msgstr "" -#: src/integritysetup.c:496 -msgid "Sector size" -msgstr "扇区大å°" +#: src/utils_reencrypt.c:1023 src/utils_reencrypt.c:1032 +#, fuzzy +#| msgid "Do not change key, no data area reencryption" +msgid "Not enough free keyslots for reencryption." +msgstr "ä¸è¦æ›´æ”¹å¯†é’¥ï¼Œæ— æ•°æ®åŒºé‡åŠ 密" -#: src/integritysetup.c:497 -msgid "Buffers size" -msgstr "缓冲大å°" +#: src/utils_reencrypt.c:1053 src/utils_reencrypt_luks1.c:1100 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "密钥文件åªèƒ½åœ¨æŒ‡å®š --key-slot 时或有且åªæœ‰ä¸€ä¸ªæ§½å¯ç”¨æ—¶ä½¿ç”¨ã€‚" -#: src/integritysetup.c:499 -msgid "Data integrity algorithm" -msgstr "æ•°æ®å®Œæ•´æ€§æ ¡éªŒç®—法" +#: src/utils_reencrypt.c:1062 src/utils_reencrypt_luks1.c:1147 +#: src/utils_reencrypt_luks1.c:1158 +#, fuzzy, c-format +#| msgid "Enter passphrase for key slot %u: " +msgid "Enter passphrase for key slot %d: " +msgstr "输入密钥槽 %u çš„å£ä»¤: " -#: src/integritysetup.c:500 -#, fuzzy -#| msgid "The size of the encryption key" -msgid "The size of the data integrity key" -msgstr "åŠ å¯†å¯†é’¥å¤§å°" +#: src/utils_reencrypt.c:1074 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "输入密钥槽 %u çš„å£ä»¤: " -#: src/integritysetup.c:501 -#, fuzzy -#| msgid "Read the key from a file." -msgid "Read the integrity key from a file" -msgstr "从文件读å–密钥。" +#: src/utils_reencrypt.c:1126 +#, c-format +msgid "Switching data encryption cipher to %s.\n" +msgstr "" -#: src/integritysetup.c:503 -msgid "Journal integrity algorithm" +#: src/utils_reencrypt.c:1180 +msgid "No data segment parameters changed. Reencryption aborted." msgstr "" -#: src/integritysetup.c:504 -#, fuzzy -#| msgid "The size of the encryption key" -msgid "The size of the journal integrity key" -msgstr "åŠ å¯†å¯†é’¥å¤§å°" +#: src/utils_reencrypt.c:1282 +msgid "" +"Encryption sector size increase on offline device is not supported.\n" +"Activate the device first or use --force-offline-reencrypt option (dangerous!)." +msgstr "" -#: src/integritysetup.c:505 -#, fuzzy -#| msgid "Read the key from a file." -msgid "Read the journal integrity key from a file" -msgstr "从文件读å–密钥。" +#: src/utils_reencrypt.c:1322 src/utils_reencrypt_luks1.c:726 +#: src/utils_reencrypt_luks1.c:798 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"é‡åŠ 密被ä¸æ–。" -#: src/integritysetup.c:507 -msgid "Journal encryption algorithm" -msgstr "æ—¥å¿—åŠ å¯†ç®—æ³•" +#: src/utils_reencrypt.c:1327 +msgid "Resuming LUKS reencryption in forced offline mode.\n" +msgstr "" -#: src/integritysetup.c:508 -#, fuzzy -#| msgid "The size of the encryption key" -msgid "The size of the journal encryption key" -msgstr "åŠ å¯†å¯†é’¥å¤§å°" +#: src/utils_reencrypt.c:1350 +#, c-format +msgid "Device %s contains broken LUKS metadata. Aborting operation." +msgstr "" -#: src/integritysetup.c:509 -#, fuzzy -#| msgid "Read the key from a file." -msgid "Read the journal encryption key from a file" -msgstr "从文件读å–密钥。" +#: src/utils_reencrypt.c:1366 src/utils_reencrypt.c:1388 +#, fuzzy, c-format +#| msgid "Device %s is not a valid LUKS device." +msgid "Device %s is already LUKS device. Aborting operation." +msgstr "%s ä¸æ˜¯æœ‰æ•ˆçš„ LUKS 设备。" -#: src/integritysetup.c:512 -msgid "Recovery mode (no journal, no tag checking)" +#: src/utils_reencrypt.c:1394 +#, c-format +msgid "Device %s is already in LUKS reencryption. Aborting operation." msgstr "" -#: src/integritysetup.c:601 -msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action.\n" +#: src/utils_reencrypt.c:1476 +msgid "LUKS2 decryption requires --header option." msgstr "" -#: src/integritysetup.c:607 -msgid "Invalid journal size specification." -msgstr "æ— æ•ˆçš„æ—¥å¿—å¤§å°æŒ‡æ ‡ã€‚" - -#: src/integritysetup.c:612 -msgid "Both key file and key size options must be specified." -msgstr "密钥文件和密钥大å°é€‰é¡¹å‡å¿…须指定。" +#: src/utils_reencrypt.c:1524 +#, fuzzy +#| msgid "Command requires device and mapped name as arguments.\n" +msgid "Command requires device as argument." +msgstr "命令需è¦è®¾å¤‡åŠæ˜ å°„å作为å‚数。\n" -#: src/integritysetup.c:615 -msgid "Integrity algorithm must be specified if integrity key is used." +#: src/utils_reencrypt.c:1537 +#, c-format +msgid "Conflicting versions. Device %s is LUKS1." msgstr "" -#: src/integritysetup.c:620 -msgid "Both journal integrity key file and key size options must be specified." +#: src/utils_reencrypt.c:1543 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS1 reencryption." msgstr "" -#: src/integritysetup.c:623 -msgid "Journal integrity algorithm must be specified if journal integrity key is used." -msgstr "å¦‚æžœä½¿ç”¨äº†æ—¥å¿—åŠ å¯†å¯†é’¥ï¼Œåˆ™å¿…é¡»æŒ‡å®šæ—¥å¿—å®Œæ•´æ€§æ ¡éªŒç®—æ³•ã€‚" - -#: src/integritysetup.c:628 -msgid "Both journal encryption key file and key size options must be specified." -msgstr "æ—¥å¿—åŠ å¯†å¯†é’¥æ–‡ä»¶å’Œå¯†é’¥å¤§å°é€‰é¡¹å‡å¿…须指定。" +#: src/utils_reencrypt.c:1549 +#, c-format +msgid "Conflicting versions. Device %s is LUKS2." +msgstr "" -#: src/integritysetup.c:631 -msgid "Journal encryption algorithm must be specified if journal encryption key is used." -msgstr "å¦‚æžœä½¿ç”¨äº†æ—¥å¿—åŠ å¯†å¯†é’¥ï¼Œåˆ™å¿…é¡»æŒ‡å®šæ—¥å¿—åŠ å¯†ç®—æ³•ã€‚" +#: src/utils_reencrypt.c:1555 +#, c-format +msgid "Conflicting versions. Device %s is in LUKS2 reencryption." +msgstr "" -#: src/cryptsetup_reencrypt.c:174 -msgid "Reencryption already in-progress." -msgstr "é‡åŠ 密已在进行ä¸ã€‚" +#: src/utils_reencrypt.c:1561 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "" -#: src/cryptsetup_reencrypt.c:180 -msgid "Reencryption of device with integrity profile is not supported." -msgstr "ä¸æ”¯æŒå¸¦æœ‰å®Œæ•´æ€§ profile ä¿¡æ¯çš„设备的é‡åŠ 密。" +#: src/utils_reencrypt.c:1568 +msgid "Device reencryption not in progress." +msgstr "未在进行设备é‡åŠ 密。" -#: src/cryptsetup_reencrypt.c:203 +#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:295 #, c-format msgid "Cannot exclusively open %s, device in use." msgstr "æ— æ³•ç‹¬å 打开 %s,设备æ£åœ¨ä½¿ç”¨ä¸ã€‚" -#: src/cryptsetup_reencrypt.c:217 src/cryptsetup_reencrypt.c:1147 +#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945 msgid "Allocation of aligned memory failed." msgstr "分é…对é½å†…å˜å¤±è´¥ã€‚" -#: src/cryptsetup_reencrypt.c:224 +#: src/utils_reencrypt_luks1.c:150 #, c-format msgid "Cannot read device %s." msgstr "æ— æ³•è¯»å–设备 %s。" -#: src/cryptsetup_reencrypt.c:235 +#: src/utils_reencrypt_luks1.c:161 #, c-format msgid "Marking LUKS1 device %s unusable." msgstr "æ£åœ¨æ ‡è®° LUKS1 设备 %s 为ä¸å¯ç”¨çŠ¶æ€ã€‚" -#: src/cryptsetup_reencrypt.c:239 -#, c-format -msgid "Setting LUKS2 offline reencrypt flag on device %s." -msgstr "æ£åœ¨è®¾å¤‡ %s 上设定 LUKS2 离线é‡åŠ å¯†æ——æ ‡ã€‚" - -#: src/cryptsetup_reencrypt.c:256 +#: src/utils_reencrypt_luks1.c:177 #, c-format msgid "Cannot write device %s." msgstr "æ— æ³•å†™å…¥è®¾å¤‡ %s。" -#: src/cryptsetup_reencrypt.c:340 +#: src/utils_reencrypt_luks1.c:226 msgid "Cannot write reencryption log file." msgstr "æ— æ³•å†™å…¥é‡åŠ 密日志文件。" -#: src/cryptsetup_reencrypt.c:396 +#: src/utils_reencrypt_luks1.c:282 msgid "Cannot read reencryption log file." msgstr "æ— æ³•è¯»å–é‡åŠ 密日志文件。" -#: src/cryptsetup_reencrypt.c:434 +#: src/utils_reencrypt_luks1.c:293 +msgid "Wrong log format." +msgstr "é”™è¯¯çš„æ—¥å¿—æ ¼å¼ã€‚" + +#: src/utils_reencrypt_luks1.c:320 #, c-format msgid "Log file %s exists, resuming reencryption.\n" msgstr "日志文件 %s å˜åœ¨ï¼Œç»§ç»é‡åŠ 密。\n" -#: src/cryptsetup_reencrypt.c:484 +#: src/utils_reencrypt_luks1.c:369 msgid "Activating temporary device using old LUKS header." msgstr "æ£ä½¿ç”¨æ—§ LUKS æ ‡å¤´æ¿€æ´»ä¸´æ—¶è®¾å¤‡ã€‚" -#: src/cryptsetup_reencrypt.c:495 +#: src/utils_reencrypt_luks1.c:379 msgid "Activating temporary device using new LUKS header." msgstr "æ£ä½¿ç”¨æ–° LUKS æ ‡å¤´æ¿€æ´»ä¸´æ—¶è®¾å¤‡ã€‚" -#: src/cryptsetup_reencrypt.c:505 +#: src/utils_reencrypt_luks1.c:389 msgid "Activation of temporary devices failed." msgstr "激活临时设备失败。" # stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ -#: src/cryptsetup_reencrypt.c:587 -msgid "Failed to set PBKDF parameters." -msgstr "设置 pbkdf å‚数失败。" +#: src/utils_reencrypt_luks1.c:449 +#, fuzzy +#| msgid "Failed to stat key file." +msgid "Failed to set data offset." +msgstr "èŽ·å– (stat) 密钥文件信æ¯å¤±è´¥ã€‚" -#: src/cryptsetup_reencrypt.c:594 +# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ +#: src/utils_reencrypt_luks1.c:455 +#, fuzzy +#| msgid "Failed to stat key file." +msgid "Failed to set metadata size." +msgstr "èŽ·å– (stat) 密钥文件信æ¯å¤±è´¥ã€‚" + +#: src/utils_reencrypt_luks1.c:463 #, c-format msgid "New LUKS header for device %s created." msgstr "已创建设备 %s çš„æ–° LUKS æ ‡å¤´ã€‚" -#: src/cryptsetup_reencrypt.c:603 -#, c-format -msgid "Activated keyslot %i." -msgstr "已激活密钥槽 %i。" - -#: src/cryptsetup_reencrypt.c:653 -#, c-format -msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." -msgstr "该版本的 cryptsetup-reencrypt æ— æ³•å¤„ç†æ–°çš„内部 token 类型 %s。" - -#: src/cryptsetup_reencrypt.c:675 -msgid "Failed to read activation flags from backup header." -msgstr "ä»Žå¤‡ä»½æ ‡å¤´è¯»å–æ´»åŠ¨æ——æ ‡å¤±è´¥ã€‚" - -#: src/cryptsetup_reencrypt.c:679 -msgid "Failed to write activation flags to new header." -msgstr "å‘æ–°è¡¨å¤´å†™å…¥æ´»åŠ¨æ——æ ‡å¤±è´¥ã€‚" - -#: src/cryptsetup_reencrypt.c:683 src/cryptsetup_reencrypt.c:687 -msgid "Failed to read requirements from backup header." -msgstr "ä»Žå¤‡ä»½æ ‡å¤´è¯»å–需求失败。" - -#: src/cryptsetup_reencrypt.c:723 +#: src/utils_reencrypt_luks1.c:500 #, c-format msgid "%s header backup of device %s created." msgstr "已创建 %s æ ‡å¤´å¤‡ä»½ï¼ˆå¯¹åº”è®¾å¤‡ %s)。" -#: src/cryptsetup_reencrypt.c:783 +#: src/utils_reencrypt_luks1.c:556 msgid "Creation of LUKS backup headers failed." msgstr "LUKS å¤‡ä»½æ ‡å¤´åˆ›å»ºå¤±è´¥ã€‚" -#: src/cryptsetup_reencrypt.c:917 +#: src/utils_reencrypt_luks1.c:685 #, c-format msgid "Cannot restore %s header on device %s." msgstr "æ— æ³•æ¢å¤ %s æ ‡å¤´ï¼ˆåœ¨è®¾å¤‡ %s 上)。" -#: src/cryptsetup_reencrypt.c:919 +#: src/utils_reencrypt_luks1.c:687 #, c-format msgid "%s header on device %s restored." msgstr "å·²æ¢å¤ %s æ ‡å¤´ï¼ˆåœ¨è®¾å¤‡ %s 上)。" -#: src/cryptsetup_reencrypt.c:957 src/cryptsetup_reencrypt.c:1037 -msgid "Cannot seek to device offset." -msgstr "æ— æ³•å¯»æ‰¾åˆ°è®¾å¤‡å移ä½ç½®ã€‚" - -#: src/cryptsetup_reencrypt.c:1080 -msgid "Cannot seek to device offset.\n" -msgstr "æ— æ³•å¯»æ‰¾åˆ°è®¾å¤‡å移ä½ç½®ã€‚\n" - -#: src/cryptsetup_reencrypt.c:1119 src/cryptsetup_reencrypt.c:1125 +#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923 msgid "Cannot open temporary LUKS device." msgstr "æ— æ³•æ‰“å¼€ä¸´æ—¶ LUKS 设备。" -#: src/cryptsetup_reencrypt.c:1130 src/cryptsetup_reencrypt.c:1135 +#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933 msgid "Cannot get device size." msgstr "æ— æ³•èŽ·å–设备大å°ã€‚" -#: src/cryptsetup_reencrypt.c:1172 -msgid "Interrupted by a signal." -msgstr "被信å·ä¸æ–。" - -#: src/cryptsetup_reencrypt.c:1174 +#: src/utils_reencrypt_luks1.c:968 msgid "IO error during reencryption." msgstr "é‡åŠ 密时å‘生 IO 错误。" -#: src/cryptsetup_reencrypt.c:1205 +#: src/utils_reencrypt_luks1.c:998 msgid "Provided UUID is invalid." msgstr "æ供的 UUID æ— æ•ˆã€‚" -#: src/cryptsetup_reencrypt.c:1307 -msgid "Key file can be used only with --key-slot or with exactly one key slot active." -msgstr "密钥文件åªèƒ½åœ¨æŒ‡å®š --key-slot 时或有且åªæœ‰ä¸€ä¸ªæ§½å¯ç”¨æ—¶ä½¿ç”¨ã€‚" - -#: src/cryptsetup_reencrypt.c:1349 src/cryptsetup_reencrypt.c:1360 -#, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "输入密钥槽 %u çš„å£ä»¤: " - -#: src/cryptsetup_reencrypt.c:1431 +#: src/utils_reencrypt_luks1.c:1224 msgid "Cannot open reencryption log file." msgstr "æ— æ³•æ‰“å¼€é‡åŠ 密日志文件。" -#: src/cryptsetup_reencrypt.c:1437 +#: src/utils_reencrypt_luks1.c:1230 msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." msgstr "没有æ£åœ¨è¿›è¡Œä¸çš„解密æ“作,æ供的 UUID 仅能用于继ç»å·²æŒ‚起的解密æ“作。" -#: src/cryptsetup_reencrypt.c:1512 +#: src/utils_reencrypt_luks1.c:1286 #, c-format -msgid "Changed pbkdf parameters in keyslot %i." -msgstr "已在密钥槽 %i 更改 pbkdf å‚数。" +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "é‡åŠ 密会改å˜ï¼š%s%s%s%s%s%s。" -#: src/cryptsetup_reencrypt.c:1617 -msgid "Reencryption block size" -msgstr "é‡åŠ 密å—大å°" +#: src/utils_reencrypt_luks1.c:1287 +msgid "volume key" +msgstr "å·å¯†é’¥" -#: src/cryptsetup_reencrypt.c:1617 -msgid "MiB" -msgstr "MiB" +#: src/utils_reencrypt_luks1.c:1289 +msgid "set hash to " +msgstr "设置哈希值为 " -#: src/cryptsetup_reencrypt.c:1621 -msgid "Do not change key, no data area reencryption" -msgstr "ä¸è¦æ›´æ”¹å¯†é’¥ï¼Œæ— æ•°æ®åŒºé‡åŠ 密" +#: src/utils_reencrypt_luks1.c:1290 +msgid ", set cipher to " +msgstr ",设定密文为 " -#: src/cryptsetup_reencrypt.c:1623 -msgid "Read new volume (master) key from file" -msgstr "从文件读å–å·ï¼ˆä¸»ï¼‰å¯†é’¥" +#: src/utils_blockdev.c:189 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "" -#: src/cryptsetup_reencrypt.c:1624 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "LUKS 默认 PBKDF2 è¿ä»£æ—¶é—´ï¼ˆæ¯«ç§’)" +#: src/utils_blockdev.c:197 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "" -#: src/cryptsetup_reencrypt.c:1630 -msgid "Use direct-io when accessing devices" -msgstr "在访问设备时使用 direct-io" +#: src/utils_blockdev.c:219 src/utils_blockdev.c:302 src/utils_blockdev.c:354 +#, fuzzy +#| msgid "Failed to initialise default LUKS2 keyslot parameters." +msgid "Failed to initialize device signature probes." +msgstr "åˆå§‹åŒ–默认 LUKS2 密钥槽å‚数失败。" -#: src/cryptsetup_reencrypt.c:1631 -msgid "Use fsync after each block" -msgstr "在æ¯ä¸ªæ•°æ®å—åŽä½¿ç”¨ fsync" +# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ +#: src/utils_blockdev.c:282 +#, fuzzy, c-format +#| msgid "Failed to stat key file." +msgid "Failed to stat device %s." +msgstr "èŽ·å– (stat) 密钥文件信æ¯å¤±è´¥ã€‚" -#: src/cryptsetup_reencrypt.c:1632 -msgid "Update log file after every block" -msgstr "在æ¯ä¸ªæ•°æ®å—åŽæ›´æ–°æ—¥å¿—文件" +#: src/utils_blockdev.c:297 +#, fuzzy, c-format +#| msgid "Cannot open keyfile %s for write." +msgid "Failed to open file %s in read/write mode." +msgstr "æ— æ³•æ‰“å¼€å¯†é’¥æ–‡ä»¶ %s 以供写入。" -#: src/cryptsetup_reencrypt.c:1633 -msgid "Use only this slot (others will be disabled)" -msgstr "仅使用这个密钥槽(其他的密钥槽将被ç¦ç”¨ï¼‰" +#: src/utils_blockdev.c:317 +#, c-format +msgid "Existing '%s' partition signature on device %s will be wiped." +msgstr "" -#: src/cryptsetup_reencrypt.c:1636 -msgid "Reduce data device size (move data offset). DANGEROUS!" -msgstr "å‡å°‘æ•°æ®è®¾å¤‡å¤§å°ï¼ˆç§»åŠ¨æ•°æ®å移é‡ï¼‰ã€‚å±é™©ï¼" +#: src/utils_blockdev.c:320 +#, c-format +msgid "Existing '%s' superblock signature on device %s will be wiped." +msgstr "" -#: src/cryptsetup_reencrypt.c:1637 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" -msgstr "åªä½¿ç”¨æŒ‡å®šçš„设备大å°ï¼ˆå¿½ç•¥è®¾å¤‡å…¶ä½™éƒ¨åˆ†ï¼‰ã€‚å±é™©ï¼" +#: src/utils_blockdev.c:323 +#, fuzzy +#| msgid "Failed to acquire write device lock." +msgid "Failed to wipe device signature." +msgstr "æ— æ³•èŽ·å–写入设备é”。" -#: src/cryptsetup_reencrypt.c:1638 -msgid "Create new header on not encrypted device" -msgstr "åœ¨æœªåŠ å¯†çš„è®¾å¤‡ä¸Šåˆ›å»ºæ–°çš„æ ‡å¤´" +#: src/utils_blockdev.c:330 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "" -#: src/cryptsetup_reencrypt.c:1639 -msgid "Permanently decrypt device (remove encryption)" -msgstr "æ°¸ä¹…è§£å¯†è®¾å¤‡ï¼ˆç§»é™¤åŠ å¯†ï¼‰" +#: src/utils_args.c:65 +#, fuzzy, c-format +#| msgid "Invalid device size specification." +msgid "Invalid size specification in parameter --%s." +msgstr "æ— æ•ˆçš„è®¾å¤‡å¤§å°æŒ‡æ ‡ã€‚" -#: src/cryptsetup_reencrypt.c:1640 -msgid "The UUID used to resume decryption" -msgstr "用于继ç»è§£å¯†çš„ UUID" +#: src/utils_args.c:125 +#, fuzzy, c-format +#| msgid "Option --allow-discards is allowed only for open operation.\n" +msgid "Option --%s is not allowed with %s action." +msgstr "选项 --allow-discards åªé€‚用于打开æ“作。\n" -#: src/cryptsetup_reencrypt.c:1641 -msgid "Type of LUKS metadata: luks1, luks2" -msgstr "LUKS 元数æ®ç±»åž‹ï¼šluks1ã€luks2" +# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ +#: tokens/ssh/cryptsetup-ssh.c:123 +#, fuzzy +#| msgid "Failed to stat key file.\n" +msgid "Failed to write ssh token json." +msgstr "èŽ·å– (stat) 密钥文件统计数æ®å¤±è´¥ã€‚\n" -#: src/cryptsetup_reencrypt.c:1662 -msgid "[OPTION...] <device>" -msgstr "[选项...] <设备>" +#: tokens/ssh/cryptsetup-ssh.c:141 +msgid "" +"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n" +"\n" +"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n" +"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n" +"\n" +"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext." +msgstr "" -#: src/cryptsetup_reencrypt.c:1676 -#, c-format -msgid "Reencryption will change: %s%s%s%s%s%s." -msgstr "é‡åŠ 密会改å˜ï¼š%s%s%s%s%s%s。" +#: tokens/ssh/cryptsetup-ssh.c:151 +#, fuzzy +#| msgid "<device>" +msgid "<action> <device>" +msgstr "<设备>" -#: src/cryptsetup_reencrypt.c:1677 -msgid "volume key" -msgstr "å·å¯†é’¥" +#: tokens/ssh/cryptsetup-ssh.c:154 +msgid "Options for the 'add' action:" +msgstr "" -#: src/cryptsetup_reencrypt.c:1679 -msgid "set hash to " -msgstr "设置哈希值为 " +#: tokens/ssh/cryptsetup-ssh.c:155 +msgid "IP address/URL of the remote server for this token" +msgstr "" -#: src/cryptsetup_reencrypt.c:1680 -msgid ", set cipher to " -msgstr ",设定密文为 " +#: tokens/ssh/cryptsetup-ssh.c:156 +msgid "Username used for the remote server" +msgstr "为远程æœåŠ¡å™¨ä½¿ç”¨çš„用户å" -#: src/cryptsetup_reencrypt.c:1684 -msgid "Argument required." -msgstr "需è¦å‚数。" +#: tokens/ssh/cryptsetup-ssh.c:157 +msgid "Path to the key file on the remote server" +msgstr "远程æœåŠ¡å™¨ä¸Šå¯†é’¥æ–‡ä»¶çš„路径" -#: src/cryptsetup_reencrypt.c:1712 -msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "é‡åŠ 密å—大å°åªèƒ½æ˜¯ 1 MiB 到 64 MiB 之间的值。" +#: tokens/ssh/cryptsetup-ssh.c:158 +msgid "Path to the SSH key for connecting to the remote server" +msgstr "" -#: src/cryptsetup_reencrypt.c:1731 src/cryptsetup_reencrypt.c:1736 -msgid "Invalid device size specification." -msgstr "æ— æ•ˆçš„è®¾å¤‡å¤§å°æŒ‡æ ‡ã€‚" +#: tokens/ssh/cryptsetup-ssh.c:160 +msgid "Path to directory containinig libcryptsetup external tokens" +msgstr "" -#: src/cryptsetup_reencrypt.c:1739 -msgid "Maximum device reduce size is 64 MiB." -msgstr "最大设备缩å‡å¤§å°ä¸º 64 MiB。" +#: tokens/ssh/cryptsetup-ssh.c:161 +msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase." +msgstr "" -#: src/cryptsetup_reencrypt.c:1742 -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "缩å‡å¤§å°å¿…须为 512 å—节扇区的å€æ•°ã€‚" +#: tokens/ssh/cryptsetup-ssh.c:163 +msgid "Generic options:" +msgstr "通用选项:" -#: src/cryptsetup_reencrypt.c:1746 -msgid "Option --new must be used together with --reduce-device-size or --header." -msgstr "选项 --new 必须与 --reduce-device-size 或 --header 共用。" +#: tokens/ssh/cryptsetup-ssh.c:164 +msgid "Shows more detailed error messages" +msgstr "显示更详细的错误信æ¯" -#: src/cryptsetup_reencrypt.c:1750 -msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." -msgstr "选项 --keep-key åªèƒ½ä¸Ž --hashã€--iter-time 或 --pbkdf-force-iterations 共用。" +#: tokens/ssh/cryptsetup-ssh.c:165 +msgid "Show debug messages" +msgstr "显示调试信æ¯" -#: src/cryptsetup_reencrypt.c:1754 -msgid "Option --new cannot be used together with --decrypt." -msgstr "选项 --new ä¸å¯ä¸Ž --decrypt 共用。" +#: tokens/ssh/cryptsetup-ssh.c:166 +#, fuzzy +#| msgid "Show debug messages" +msgid "Show debug messages including JSON metadata" +msgstr "显示调试信æ¯" -#: src/cryptsetup_reencrypt.c:1758 -msgid "Option --decrypt is incompatible with specified parameters." -msgstr "选项 --decrypt 与选定å‚æ•°ä¸å…¼å®¹ã€‚" +#: tokens/ssh/cryptsetup-ssh.c:281 +#, fuzzy +#| msgid "Failed to open temporary keystore device." +msgid "Failed to open and import private key:\n" +msgstr "打开临时密钥å˜å‚¨è®¾å¤‡å¤±è´¥ã€‚" -#: src/cryptsetup_reencrypt.c:1762 -msgid "Option --uuid is allowed only together with --decrypt." -msgstr "选项 --uuid ä¸å¯ä¸Ž --decrypt 共用。" +#: tokens/ssh/cryptsetup-ssh.c:285 +msgid "Failed to import private key (password protected?).\n" +msgstr "导入ç§é’¥å¤±è´¥ï¼ˆå˜åœ¨å¯†ç ä¿æŠ¤ï¼Ÿï¼‰ã€‚\n" -#: src/cryptsetup_reencrypt.c:1766 -msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." -msgstr "æ— æ•ˆçš„ luks 类型。请使用下列选项之一:'luks'ã€'luks1' 或 'luks2'。" +#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " +#: tokens/ssh/cryptsetup-ssh.c:287 +#, c-format +msgid "%s@%s's password: " +msgstr "%s@%s 的密ç :" -#: src/utils_tools.c:159 -msgid "Error reading response from terminal." -msgstr "从终端读å–å“应时失败。" +# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ +#: tokens/ssh/cryptsetup-ssh.c:376 +#, c-format +msgid "Failed to parse arguments.\n" +msgstr "解æžå‚数失败。\n" -#: src/utils_tools.c:184 -msgid "Command successful.\n" -msgstr "命令æˆåŠŸã€‚\n" +#: tokens/ssh/cryptsetup-ssh.c:387 +#, c-format +msgid "An action must be specified\n" +msgstr "必须指定一个æ“作\n" -#: src/utils_tools.c:192 -msgid "wrong or missing parameters" -msgstr "错误或缺失的å‚æ•°" +#: tokens/ssh/cryptsetup-ssh.c:393 +#, c-format +msgid "Device must be specified for '%s' action.\n" +msgstr "" -#: src/utils_tools.c:194 -msgid "no permission or bad passphrase" -msgstr "æ— æƒé™æˆ–å£ä»¤é”™è¯¯" +#: tokens/ssh/cryptsetup-ssh.c:398 +#, c-format +msgid "SSH server must be specified for '%s' action.\n" +msgstr "" -#: src/utils_tools.c:196 -msgid "out of memory" -msgstr "内å˜è€—å°½" +#: tokens/ssh/cryptsetup-ssh.c:403 +#, c-format +msgid "SSH user must be specified for '%s' action.\n" +msgstr "" -#: src/utils_tools.c:198 -msgid "wrong device or file specified" -msgstr "指定了错误的设备或文件" +#: tokens/ssh/cryptsetup-ssh.c:408 +#, c-format +msgid "SSH path must be specified for '%s' action.\n" +msgstr "" -#: src/utils_tools.c:200 -msgid "device already exists or device is busy" -msgstr "设备已å˜åœ¨æˆ–设备æ£å¿™" +#: tokens/ssh/cryptsetup-ssh.c:413 +#, c-format +msgid "SSH key path must be specified for '%s' action.\n" +msgstr "" -#: src/utils_tools.c:202 -msgid "unknown error" -msgstr "未知错误" +#: tokens/ssh/cryptsetup-ssh.c:420 +#, c-format +msgid "Failed open %s using provided credentials.\n" +msgstr "" -#: src/utils_tools.c:204 +#: tokens/ssh/cryptsetup-ssh.c:437 #, c-format -msgid "Command failed with code %i (%s).\n" -msgstr "命令失败,代ç %i(%s)。\n" +msgid "Only 'add' action is currently supported by this plugin.\n" +msgstr "" + +#: tokens/ssh/ssh-utils.c:46 +msgid "Cannot create sftp session: " +msgstr "æ— æ³•åˆ›å»º sftp 会è¯ï¼š" + +#: tokens/ssh/ssh-utils.c:53 +msgid "Cannot init sftp session: " +msgstr "æ— æ³•åˆå§‹åŒ– sftp 会è¯ï¼š" + +#: tokens/ssh/ssh-utils.c:59 +msgid "Cannot open sftp session: " +msgstr "æ— æ³•æ‰“å¼€ sftp 会è¯ï¼š" + +#: tokens/ssh/ssh-utils.c:66 +#, fuzzy +#| msgid "Cannot write to keyfile %s." +msgid "Cannot stat sftp file: " +msgstr "æ— æ³•å†™å…¥å¯†é’¥æ–‡ä»¶ %s。" + +#: tokens/ssh/ssh-utils.c:74 +msgid "Not enough memory.\n" +msgstr "内å˜ä¸è¶³ã€‚\n" + +#: tokens/ssh/ssh-utils.c:81 +msgid "Cannot read remote key: " +msgstr "æ— æ³•è¯»å–密钥文件:" + +#: tokens/ssh/ssh-utils.c:122 +msgid "Connection failed: " +msgstr "连接失败:" + +#: tokens/ssh/ssh-utils.c:132 +msgid "Server not known: " +msgstr "æœåŠ¡å™¨æœªçŸ¥ï¼š" + +#: tokens/ssh/ssh-utils.c:160 +msgid "Public key auth method not allowed on host.\n" +msgstr "" + +#: tokens/ssh/ssh-utils.c:171 +msgid "Public key authentication error: " +msgstr "公钥认è¯é”™è¯¯ï¼š" -#: src/utils_password.c:43 src/utils_password.c:75 #, c-format -msgid "Cannot check password quality: %s" -msgstr "æ— æ³•æ£€æŸ¥å¯†ç è´¨é‡ï¼š%s" +#~ msgid "Cannot format device %s which is still in use." +#~ msgstr "æ— æ³•æ ¼å¼åŒ–æ£åœ¨ä½¿ç”¨çš„设备 %s。" -#: src/utils_password.c:51 #, c-format -msgid "" -"Password quality check failed:\n" -" %s" -msgstr "" -"密ç è´¨é‡æ£€æŸ¥å¤±è´¥ï¼š\n" -" %s" +#~ msgid "Replaced with key slot %d." +#~ msgstr "替æ¢ä¸ºå¯†é’¥æ§½ %d。" -#: src/utils_password.c:83 #, c-format -msgid "Password quality check failed: Bad passphrase (%s)" -msgstr "密ç è´¨é‡æ£€æŸ¥å¤±è´¥ï¼šæ— 效密ç (%s)" +#~ msgid "Key slot %d is not used." +#~ msgstr "密钥槽 %d 未使用。" -#: src/utils_password.c:212 src/utils_password.c:227 -msgid "Error reading passphrase from terminal." -msgstr "从终端读å–å£ä»¤æ—¶å‡ºé”™ã€‚" +#~ msgid "Function not available in FIPS mode." +#~ msgstr "功能在 FIPS 模å¼æ— 效。" -#: src/utils_password.c:225 -msgid "Verify passphrase: " -msgstr "确认密ç :" +#~ msgid "Cannot get process priority." +#~ msgstr "æ— æ³•èŽ·å–进程优先级。" -#: src/utils_password.c:232 -msgid "Passphrases do not match." -msgstr "å£ä»¤ä¸åŒ¹é…。" +#~ msgid "Cannot unlock memory." +#~ msgstr "æ— æ³•è§£é”内å˜ã€‚" -#: src/utils_password.c:269 -msgid "Cannot use offset with terminal input." -msgstr "ä¸èƒ½å°†å移é‡ç”¨äºŽç»ˆç«¯è¾“入。" +#, c-format +#~ msgid "WARNING: Locking directory %s/%s is missing!\n" +#~ msgstr "è¦å‘Šï¼šé”定目录 %s/%s 缺失ï¼\n" + +#, fuzzy +#~| msgid "Invalid size parameters for verity device.\n" +#~ msgid "Invalid size parameters for verity device." +#~ msgstr "为 VERITY 设备æ供的大å°æŒ‡æ ‡æ— 效。\n" -#: src/utils_password.c:272 #, c-format -msgid "Enter passphrase: " -msgstr "输入å£ä»¤ï¼š" +#~ msgid "Device %s is too small. (LUKS2 requires at least %<PRIu64> bytes.)" +#~ msgstr "设备 %s 过å°ã€‚(LUKS2 需è¦è‡³å°‘ %<PRIu64> å—节。)" + +#, fuzzy +#~| msgid "Failed to swap new key slot.\n" +#~ msgid "No free token slot." +#~ msgstr "交æ¢æ–°å¯†é’¥æ§½å¤±è´¥ã€‚\n" -#: src/utils_password.c:274 #, c-format -msgid "Enter passphrase for %s: " -msgstr "输入 %s çš„å£ä»¤ï¼š" +#~ msgid "Key slot %d selected for deletion." +#~ msgstr "已选ä¸å¯†é’¥æ§½ %d ä»¥ä¾›åˆ é™¤ã€‚" -#: src/utils_password.c:304 -msgid "No key available with this passphrase." -msgstr "æ¤å£ä»¤æ— å¯ç”¨çš„密钥。" +#~ msgid "open device as mapping <name>" +#~ msgstr "ä»¥æ˜ å°„ <å称> 打开设备" + +#~ msgid "The cipher used to encrypt the disk (see /proc/crypto)" +#~ msgstr "ç”¨äºŽåŠ å¯†ç£ç›˜çš„密文(å‚è§ /proc/crypto)" + +#~ msgid "The hash used to create the encryption key from the passphrase" +#~ msgstr "用于从密ç åˆ›å»ºåŠ å¯†å¯†é’¥çš„å“ˆå¸Œå€¼" + +#~ msgid "Verifies the passphrase by asking for it twice" +#~ msgstr "两次询问密ç 以进行验è¯" + +#~ msgid "Read the key from a file" +#~ msgstr "从文件读å–密钥" + +#~ msgid "Read the volume (master) key from file." +#~ msgstr "从文件读å–å·ï¼ˆä¸»ï¼‰å¯†é’¥ã€‚" + +#, fuzzy +#~| msgid "Dump volume (master) key instead of keyslots info." +#~ msgid "Dump volume (master) key instead of keyslots info" +#~ msgstr "转储å·ï¼ˆä¸»ï¼‰å¯†é’¥è€Œä¸æ˜¯é”®æ§½ä¿¡æ¯ã€‚" + +#~ msgid "The size of the encryption key" +#~ msgstr "åŠ å¯†å¯†é’¥å¤§å°" + +#~ msgid "BITS" +#~ msgstr "ä½" + +#~ msgid "Limits the read from keyfile" +#~ msgstr "é™åˆ¶ä»Žå¯†é’¥æ–‡ä»¶è¯»å–" + +#~ msgid "bytes" +#~ msgstr "å—节" + +#~ msgid "Number of bytes to skip in keyfile" +#~ msgstr "è¦ä»Žå¯†é’¥æ–‡ä»¶è·³è¿‡çš„å—节数" + +#~ msgid "Limits the read from newly added keyfile" +#~ msgstr "é™åˆ¶ä»Žæ–°å¢žå¯†é’¥æ–‡ä»¶çš„读å–" + +#~ msgid "Number of bytes to skip in newly added keyfile" +#~ msgstr "è¦ä»Žæ–°å¢žå¯†é’¥æ–‡ä»¶è·³è¿‡çš„å—节数" + +#~ msgid "Slot number for new key (default is first free)" +#~ msgstr "新密钥的槽å·ï¼ˆé»˜è®¤ä¸ºç¬¬ä¸€ä¸ªå¯ç”¨çš„)" + +#~ msgid "The size of the device" +#~ msgstr "设备大å°" + +#~ msgid "SECTORS" +#~ msgstr "扇区" + +#~ msgid "The start offset in the backend device" +#~ msgstr "åŽç«¯è®¾å¤‡çš„起始å移é‡" + +#~ msgid "How many sectors of the encrypted data to skip at the beginning" +#~ msgstr "从开头è¦è·³è¿‡çš„åŠ å¯†æ•°æ®æ‰‡åŒºæ•°é‡" + +#~ msgid "Create a readonly mapping" +#~ msgstr "创建åªè¯»æ˜ å°„" + +#~ msgid "Do not ask for confirmation" +#~ msgstr "ä¸è¦è¯·æ±‚确认" + +#~ msgid "Timeout for interactive passphrase prompt (in seconds)" +#~ msgstr "交互å¼å¯†ç æ示符超时长度(秒)" + +#~ msgid "secs" +#~ msgstr "秒" + +#~ msgid "How often the input of the passphrase can be retried" +#~ msgstr "输入密ç 的最大é‡è¯•é¢‘率" + +#~ msgid "Align payload at <n> sector boundaries - for luksFormat" +#~ msgstr "于 <n> 个扇区边界处对其载è·æ•°æ® - ä¾› luks æ ¼å¼ç”¨" + +#, fuzzy +#~| msgid "File with LUKS header and keyslots backup." +#~ msgid "File with LUKS header and keyslots backup" +#~ msgstr "带有 LUKS æ•°æ®å¤´å’Œå¯†é’¥æ§½å¤‡ä»½çš„文件。" + +#~ msgid "Use /dev/random for generating volume key" +#~ msgstr "使用 /dev/random 生æˆå·å¯†é’¥" + +#~ msgid "Use /dev/urandom for generating volume key" +#~ msgstr "使用 /dev/urandom 生æˆå·å¯†é’¥" + +#, fuzzy +#~| msgid "Share device with another non-overlapping crypt segment." +#~ msgid "Share device with another non-overlapping crypt segment" +#~ msgstr "与å¦ä¸€ä¸ªä¸é‡åˆçš„åŠ å¯†æ®µå…±äº«è®¾å¤‡ã€‚" + +#, fuzzy +#~| msgid "UUID for device to use." +#~ msgid "UUID for device to use" +#~ msgstr "设备使用的 UUID å·²å 用。" + +#, fuzzy +#~| msgid "Allow discards (aka TRIM) requests for device." +#~ msgid "Allow discards (aka TRIM) requests for device" +#~ msgstr "å…许设备的 discard(或称 TRIM)请求。" + +#, fuzzy +#~| msgid "Device or file with separated LUKS header." +#~ msgid "Device or file with separated LUKS header" +#~ msgstr "带有分离 LUKS æ•°æ®å¤´çš„设备或文件。" + +#, fuzzy +#~| msgid "Do not activate device, just check passphrase." +#~ msgid "Do not activate device, just check passphrase" +#~ msgstr "ä¸è¦æ¿€æ´»è®¾å¤‡ï¼Œä»…检查密ç 。" + +#, fuzzy +#~| msgid "Use hidden header (hidden TCRYPT device)." +#~ msgid "Use hidden header (hidden TCRYPT device)" +#~ msgstr "使用éšè—æ•°æ®å¤´ï¼ˆéšè— TCRYPT 设备)" + +#, fuzzy +#~| msgid "Device is system TCRYPT drive (with bootloader)." +#~ msgid "Device is system TCRYPT drive (with bootloader)" +#~ msgstr "设备为系统 TCRYPT 驱动器(带有引导器)。" + +#~ msgid "Use backup (secondary) TCRYPT header" +#~ msgstr "使用备份(次级)TCRYPT æ ‡å¤´" + +#, fuzzy +#~| msgid "Scan also for VeraCrypt compatible device." +#~ msgid "Scan also for VeraCrypt compatible device" +#~ msgstr "åŒæ—¶æ‰«æ VeraCrypt 兼容的设备。" + +#, fuzzy +#~| msgid "Scan also for VeraCrypt compatible device." +#~ msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +#~ msgstr "åŒæ—¶æ‰«æ VeraCrypt 兼容的设备。" + +#, fuzzy +#~| msgid "Scan also for VeraCrypt compatible device." +#~ msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +#~ msgstr "åŒæ—¶æ‰«æ VeraCrypt 兼容的设备。" + +#, fuzzy +#~| msgid "Type of device metadata: luks, plain, loopaes, tcrypt." +#~ msgid "Type of device metadata: luks, plain, loopaes, tcrypt" +#~ msgstr "设备元数æ®ç±»åž‹ï¼šluks, 纯粹 (plain), loopaes, tcrypt." + +#, fuzzy +#~| msgid "Disable password quality check (if enabled)." +#~ msgid "Disable password quality check (if enabled)" +#~ msgstr "ç¦ç”¨å¯†ç è´¨é‡æ£€æŸ¥ (如果已å¯ç”¨)。" + +#, fuzzy +#~| msgid "Use dm-crypt same_cpu_crypt performance compatibility option." +#~ msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +#~ msgstr "使用 dm-crypt same_cpu_crypt 性能兼容性选项。" + +#, fuzzy +#~| msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." +#~ msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +#~ msgstr "使用 dm-crypt submit_from_crypt_cpus 性能兼容性选项。" + +#~ msgid "PBKDF iteration time for LUKS (in ms)" +#~ msgstr "LUKS 默认 PBKDF è¿ä»£æ—¶é—´ï¼ˆæ¯«ç§’)" + +#~ msgid "msecs" +#~ msgstr "毫秒" + +#~ msgid "PBKDF memory cost limit" +#~ msgstr "PBKDF 内å˜å¼€é”€é™åˆ¶" + +#~ msgid "kilobytes" +#~ msgstr "åƒå—节" + +#~ msgid "PBKDF parallel cost" +#~ msgstr "PBKDF 并行开销" + +#~ msgid "threads" +#~ msgstr "线程" + +#, fuzzy +#~| msgid "try to repair on-disk metadata" +#~ msgid "Disable locking of on-disk metadata" +#~ msgstr "å°è¯•ä¿®å¤ç£ç›˜ä¸Šçš„元数æ®" + +#, fuzzy +#~| msgid "Invalid size parameters for verity device.\n" +#~ msgid "Disable journal for integrity device" +#~ msgstr "为 VERITY 设备æ供的大å°æŒ‡æ ‡æ— 效。\n" + +#, fuzzy +#~| msgid "formats a LUKS device" +#~ msgid "Set label for the LUKS2 device" +#~ msgstr "æ ¼å¼åŒ–一个 LUKS 设备" + +#, fuzzy +#~| msgid "formats a LUKS device" +#~ msgid "Set subsystem label for the LUKS2 device" +#~ msgstr "æ ¼å¼åŒ–一个 LUKS 设备" + +#, fuzzy +#~| msgid "Option --shared is allowed only for open of plain device.\n" +#~ msgid "Option --deferred is allowed only for close command.\n" +#~ msgstr "选项 --shared åªé€‚用于打开纯设备。\n" + +#~ msgid "Option --allow-discards is allowed only for open operation.\n" +#~ msgstr "选项 --allow-discards åªé€‚用于打开æ“作。\n" + +#, fuzzy +#~| msgid "" +#~| "Option --key-size is allowed only for luksFormat, open and benchmark.\n" +#~| "To limit read from keyfile use --keyfile-size=(bytes)." +#~ msgid "" +#~ "Option --key-size is allowed only for luksFormat, luksAddKey (with --unbound),\n" +#~ "open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +#~ msgstr "" +#~ "选项 --key-size åªèƒ½ç”¨äºŽ luksFormat, 打开和性能测试。\n" +#~ "è¦é™åˆ¶å¯†é’¥æ–‡ä»¶è¯»å–请使用 --keyfile-size=(å—节数)。" + +#, fuzzy +#~| msgid "Option --align-payload is allowed only for luksFormat." +#~ msgid "Option --integrity is allowed only for luksFormat (LUKS2).\n" +#~ msgstr "选项 --align-payload åªå…许用于 luksFormat。" + +#, fuzzy +#~| msgid "Option --uuid is allowed only for luksFormat and luksUUID." +#~ msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations.\n" +#~ msgstr "选项 --uuid åªå…许用于 luksFormat å’Œ luksUUID。" + +#~ msgid "Negative number for option not permitted." +#~ msgstr "ä¸å…许在选项ä¸å¡«å…¥è´Ÿæ•°ã€‚" + +#~ msgid "Option --use-[u]random is allowed only for luksFormat." +#~ msgstr "选项 --use-[u]random åªé€‚用于 luksFormat。" + +#~ msgid "Option --uuid is allowed only for luksFormat and luksUUID." +#~ msgstr "选项 --uuid åªå…许用于 luksFormat å’Œ luksUUID。" + +#, fuzzy +#~| msgid "This operation is not supported for this device type.\n" +#~ msgid "Sector size option is not supported for this command.\n" +#~ msgstr "ä¸æ”¯æŒåœ¨è¿™ç±»è®¾å¤‡ä¸Šæ‰§è¡Œæ¤æ“作。\n" + +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "ä¸æ”¯æŒçš„åŠ å¯†æ‰‡åŒºå¤§å°ã€‚\n" + +#, fuzzy +#~| msgid "close device (remove mapping)" +#~ msgid "close device (deactivate and remove mapping)" +#~ msgstr "å…³é—è®¾å¤‡ï¼ˆç§»é™¤æ˜ å°„ï¼‰" + +#~ msgid "Do not use verity superblock" +#~ msgstr "ä¸ä½¿ç”¨çœŸç†è¶…级å—" + +#~ msgid "Format type (1 - normal, 0 - original Chrome OS)" +#~ msgstr "æ ¼å¼ç±»åž‹ (1 - æ£å¸¸, 0 - 原版 Chrome OS)" + +#~ msgid "number" +#~ msgstr "æ•°å—" + +#~ msgid "Block size on the data device" +#~ msgstr "æ•°æ®è®¾å¤‡çš„å—大å°" + +#~ msgid "Block size on the hash device" +#~ msgstr "哈希设备的å—大å°" + +#~ msgid "FEC parity bytes" +#~ msgstr "FEC æ ¡éªŒå—节" + +#~ msgid "The number of blocks in the data file" +#~ msgstr "æ•°æ®æ–‡ä»¶çš„å—æ•°é‡" + +#~ msgid "blocks" +#~ msgstr "å—" + +#~ msgid "Starting offset on the hash device" +#~ msgstr "哈希设备开始ä½ç½®å移é‡" + +#, fuzzy +#~| msgid "Starting offset on the hash device" +#~ msgid "Starting offset on the FEC device" +#~ msgstr "哈希设备开始ä½ç½®å移é‡" + +#~ msgid "Hash algorithm" +#~ msgstr "哈希算法" + +#~ msgid "string" +#~ msgstr "å—符串" + +#~ msgid "Salt" +#~ msgstr "ç›" + +#~ msgid "hex string" +#~ msgstr "åå…进制å—符串" + +#~ msgid "Ignore corruption, log it only" +#~ msgstr "忽略数æ®æŸå,仅对其进行日志记录" + +#, fuzzy +#~| msgid "Do not use verity superblock" +#~ msgid "Do not verify zeroed blocks" +#~ msgstr "ä¸ä½¿ç”¨çœŸç†è¶…级å—" + +#~ msgid "Journal size" +#~ msgstr "日志大å°" + +#~ msgid "Journal commit time" +#~ msgstr "日志æ交时间" + +#~ msgid "Sector size" +#~ msgstr "扇区大å°" + +#~ msgid "Buffers size" +#~ msgstr "缓冲大å°" + +#~ msgid "Data integrity algorithm" +#~ msgstr "æ•°æ®å®Œæ•´æ€§æ ¡éªŒç®—法" + +#, fuzzy +#~| msgid "The size of the encryption key" +#~ msgid "The size of the data integrity key" +#~ msgstr "åŠ å¯†å¯†é’¥å¤§å°" + +#, fuzzy +#~| msgid "Read the key from a file." +#~ msgid "Read the integrity key from a file" +#~ msgstr "从文件读å–密钥。" + +#, fuzzy +#~| msgid "The size of the encryption key" +#~ msgid "The size of the journal integrity key" +#~ msgstr "åŠ å¯†å¯†é’¥å¤§å°" + +#, fuzzy +#~| msgid "Read the key from a file." +#~ msgid "Read the journal integrity key from a file" +#~ msgstr "从文件读å–密钥。" + +#~ msgid "Journal encryption algorithm" +#~ msgstr "æ—¥å¿—åŠ å¯†ç®—æ³•" + +#, fuzzy +#~| msgid "The size of the encryption key" +#~ msgid "The size of the journal encryption key" +#~ msgstr "åŠ å¯†å¯†é’¥å¤§å°" + +#, fuzzy +#~| msgid "Read the key from a file." +#~ msgid "Read the journal encryption key from a file" +#~ msgstr "从文件读å–密钥。" + +#~ msgid "Invalid journal size specification." +#~ msgstr "æ— æ•ˆçš„æ—¥å¿—å¤§å°æŒ‡æ ‡ã€‚" -#: src/utils_password.c:339 #, c-format -msgid "Cannot open keyfile %s for write." -msgstr "æ— æ³•æ‰“å¼€å¯†é’¥æ–‡ä»¶ %s 以供写入。" +#~ msgid "Setting LUKS2 offline reencrypt flag on device %s." +#~ msgstr "æ£åœ¨è®¾å¤‡ %s 上设定 LUKS2 离线é‡åŠ å¯†æ——æ ‡ã€‚" + +# stat() 主è¦å°±æ˜¯å‡ºæ¥ä¸€ä¸ªå„ç§æ–‡ä»¶ä¿¡æ¯â€¦â€¦ +#~ msgid "Failed to set PBKDF parameters." +#~ msgstr "设置 pbkdf å‚数失败。" -#: src/utils_password.c:346 #, c-format -msgid "Cannot write to keyfile %s." -msgstr "æ— æ³•å†™å…¥å¯†é’¥æ–‡ä»¶ %s。" +#~ msgid "Activated keyslot %i." +#~ msgstr "已激活密钥槽 %i。" + +#, c-format +#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +#~ msgstr "该版本的 cryptsetup-reencrypt æ— æ³•å¤„ç†æ–°çš„内部 token 类型 %s。" + +#~ msgid "Failed to read activation flags from backup header." +#~ msgstr "ä»Žå¤‡ä»½æ ‡å¤´è¯»å–æ´»åŠ¨æ——æ ‡å¤±è´¥ã€‚" + +#~ msgid "Cannot seek to device offset.\n" +#~ msgstr "æ— æ³•å¯»æ‰¾åˆ°è®¾å¤‡å移ä½ç½®ã€‚\n" + +#~ msgid "Interrupted by a signal." +#~ msgstr "被信å·ä¸æ–。" + +#, c-format +#~ msgid "Changed pbkdf parameters in keyslot %i." +#~ msgstr "已在密钥槽 %i 更改 pbkdf å‚数。" + +#~ msgid "Reencryption block size" +#~ msgstr "é‡åŠ 密å—大å°" + +#~ msgid "MiB" +#~ msgstr "MiB" + +#~ msgid "Read new volume (master) key from file" +#~ msgstr "从文件读å–å·ï¼ˆä¸»ï¼‰å¯†é’¥" + +#~ msgid "Use direct-io when accessing devices" +#~ msgstr "在访问设备时使用 direct-io" + +#~ msgid "Use fsync after each block" +#~ msgstr "在æ¯ä¸ªæ•°æ®å—åŽä½¿ç”¨ fsync" + +#~ msgid "Update log file after every block" +#~ msgstr "在æ¯ä¸ªæ•°æ®å—åŽæ›´æ–°æ—¥å¿—文件" + +#~ msgid "Use only this slot (others will be disabled)" +#~ msgstr "仅使用这个密钥槽(其他的密钥槽将被ç¦ç”¨ï¼‰" + +#~ msgid "Reduce data device size (move data offset). DANGEROUS!" +#~ msgstr "å‡å°‘æ•°æ®è®¾å¤‡å¤§å°ï¼ˆç§»åŠ¨æ•°æ®å移é‡ï¼‰ã€‚å±é™©ï¼" + +#~ msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +#~ msgstr "åªä½¿ç”¨æŒ‡å®šçš„设备大å°ï¼ˆå¿½ç•¥è®¾å¤‡å…¶ä½™éƒ¨åˆ†ï¼‰ã€‚å±é™©ï¼" + +#~ msgid "Create new header on not encrypted device" +#~ msgstr "åœ¨æœªåŠ å¯†çš„è®¾å¤‡ä¸Šåˆ›å»ºæ–°çš„æ ‡å¤´" + +#~ msgid "Permanently decrypt device (remove encryption)" +#~ msgstr "æ°¸ä¹…è§£å¯†è®¾å¤‡ï¼ˆç§»é™¤åŠ å¯†ï¼‰" + +#~ msgid "The UUID used to resume decryption" +#~ msgstr "用于继ç»è§£å¯†çš„ UUID" + +#~ msgid "Type of LUKS metadata: luks1, luks2" +#~ msgstr "LUKS 元数æ®ç±»åž‹ï¼šluks1ã€luks2" + +#~ msgid "[OPTION...] <device>" +#~ msgstr "[选项...] <设备>" + +#~ msgid "Argument required." +#~ msgstr "需è¦å‚数。" + +#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +#~ msgstr "é‡åŠ 密å—大å°åªèƒ½æ˜¯ 1 MiB 到 64 MiB 之间的值。" + +#~ msgid "Option --new must be used together with --reduce-device-size or --header." +#~ msgstr "选项 --new 必须与 --reduce-device-size 或 --header 共用。" + +#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +#~ msgstr "选项 --keep-key åªèƒ½ä¸Ž --hashã€--iter-time 或 --pbkdf-force-iterations 共用。" + +#~ msgid "Option --decrypt is incompatible with specified parameters." +#~ msgstr "选项 --decrypt 与选定å‚æ•°ä¸å…¼å®¹ã€‚" + +#~ msgid "Option --uuid is allowed only together with --decrypt." +#~ msgstr "选项 --uuid ä¸å¯ä¸Ž --decrypt 共用。" + +#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +#~ msgstr "æ— æ•ˆçš„ luks 类型。请使用下列选项之一:'luks'ã€'luks1' 或 'luks2'。" #~ msgid "memory allocation error in action_luksFormat" #~ msgstr "在 action_luksFormat ä¸å‘生内å˜åˆ†é…错误" diff --git a/scripts/meson.build b/scripts/meson.build new file mode 100644 index 0000000..fbb94aa --- /dev/null +++ b/scripts/meson.build @@ -0,0 +1,7 @@ +if tmpfilesdir != '' + cryptsetup_conf = configure_file( + input: 'cryptsetup.conf.in', + output: 'cryptsetup.conf', + configuration: conf, + install_dir: tmpfilesdir) +endif diff --git a/src/cryptsetup.c b/src/cryptsetup.c index e387c1c..a46e2dd 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -28,9 +28,13 @@ #include "utils_luks.h" static char *keyfiles[MAX_KEYFILES]; +static char *keyring_links[MAX_KEYRING_LINKS]; +static char *vks_in_keyring[MAX_VK_IN_KEYRING]; static char *keyfile_stdin = NULL; static int keyfiles_count = 0; +static int keyring_links_count = 0; +static int vks_in_keyring_count = 0; int64_t data_shift = 0; const char *device_type = "luks"; @@ -57,6 +61,10 @@ void tools_cleanup(void) while (keyfiles_count) free(keyfiles[--keyfiles_count]); + while (keyring_links_count) + free(keyring_links[--keyring_links_count]); + while (vks_in_keyring_count) + free(vks_in_keyring[--vks_in_keyring_count]); total_keyfiles = 0; } @@ -89,27 +97,49 @@ static int _set_keyslot_encryption_params(struct crypt_device *cd) return crypt_keyslot_set_encryption(cd, ARG_STR(OPT_KEYSLOT_CIPHER_ID), ARG_UINT32(OPT_KEYSLOT_KEY_SIZE_ID) / 8); } -static int _try_token_pin_unlock(struct crypt_device *cd, - int token_id, - const char *activated_name, - const char *token_type, - uint32_t activate_flags, - int tries, - bool activation) +static int _try_token_unlock(struct crypt_device *cd, + int keyslot, + int token_id, + const char *activated_name, + const char *token_type, + uint32_t activate_flags, + int tries, + bool activation, + bool token_only) { + int r; + struct crypt_keyslot_context *kc; size_t pin_len; char msg[64], *pin = NULL; - int r; assert(tries >= 1); assert(token_id >= 0 || token_id == CRYPT_ANY_TOKEN); + assert(keyslot >= 0 || keyslot == CRYPT_ANY_SLOT); + + r = crypt_keyslot_context_init_by_token(cd, token_id, token_type, NULL, 0, NULL, &kc); + if (r < 0) + return r; + + if (activation) + r = crypt_activate_by_keyslot_context(cd, activated_name, keyslot, kc, CRYPT_ANY_SLOT, NULL, activate_flags); + else + r = crypt_resume_by_keyslot_context(cd, activated_name, keyslot, kc); + + tools_keyslot_msg(r, UNLOCKED); + tools_token_error_msg(r, token_type, token_id, false); + + /* Token requires PIN (-ENOANO). Ask for it if there is evident preference for tokens */ + if (r != -ENOANO || (!token_only && !token_type && token_id == CRYPT_ANY_TOKEN)) + goto out; if (token_id == CRYPT_ANY_TOKEN) r = snprintf(msg, sizeof(msg), _("Enter token PIN: ")); else r = snprintf(msg, sizeof(msg), _("Enter token %d PIN: "), token_id); - if (r < 0 || (size_t)r >= sizeof(msg)) - return -EINVAL; + if (r < 0 || (size_t)r >= sizeof(msg)) { + r = -EINVAL; + goto out; + } do { r = tools_get_key(msg, &pin, &pin_len, 0, 0, NULL, @@ -117,20 +147,26 @@ static int _try_token_pin_unlock(struct crypt_device *cd, if (r < 0) break; + r = crypt_keyslot_context_set_pin(cd, pin, pin_len, kc); + if (r < 0) { + crypt_safe_free(pin); + break; + } + if (activation) - r = crypt_activate_by_token_pin(cd, activated_name, token_type, - token_id, pin, pin_len, NULL, - activate_flags); + r = crypt_activate_by_keyslot_context(cd, activated_name, keyslot, + kc, CRYPT_ANY_SLOT, NULL, activate_flags); else - r = crypt_resume_by_token_pin(cd, activated_name, token_type, - token_id, pin, pin_len, NULL); + r = crypt_resume_by_keyslot_context(cd, activated_name, keyslot, kc); + crypt_safe_free(pin); pin = NULL; tools_keyslot_msg(r, UNLOCKED); - tools_token_error_msg(r, ARG_STR(OPT_TOKEN_TYPE_ID), token_id, true); + tools_token_error_msg(r, token_type, token_id, true); check_signal(&r); } while (r == -ENOANO && (--tries > 0)); - +out: + crypt_keyslot_context_free(kc); return r; } @@ -151,6 +187,7 @@ static int action_open_plain(void) size_t passwordLen, key_size_max, signatures = 0, key_size = (ARG_UINT32(OPT_KEY_SIZE_ID) ?: DEFAULT_PLAIN_KEYBITS) / 8; uint32_t activate_flags = 0; + bool compat_warning = false; int r; r = crypt_parse_name_and_mode(ARG_STR(OPT_CIPHER_ID) ?: DEFAULT_CIPHER(PLAIN), @@ -160,6 +197,23 @@ static int action_open_plain(void) goto out; } + /* + * Warn user if no cipher options and passphrase hashing is not specified. + * For keyfile, password hashing is not used, no need to print warning for missing --hash. + * Keep this enabled even in batch mode to fix scripts and avoid data corruption. + */ + if (!ARG_SET(OPT_CIPHER_ID) || !ARG_SET(OPT_KEY_SIZE_ID)) { + log_err(_("WARNING: Using default options for cipher (%s-%s, key size %u bits) that could be incompatible with older versions."), + cipher, cipher_mode, key_size * 8); + compat_warning = true; + } + if (!ARG_SET(OPT_HASH_ID) && !ARG_SET(OPT_KEY_FILE_ID)) { + log_err(_("WARNING: Using default options for hash (%s) that could be incompatible with older versions."), params.hash); + compat_warning = true; + } + if (compat_warning) + log_err(_("For plain mode, always use options --cipher, --key-size and if no keyfile is used, then also --hash.")); + /* FIXME: temporary hack, no hashing for keyfiles in plain mode */ if (ARG_SET(OPT_KEY_FILE_ID) && !tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID))) { params.hash = NULL; @@ -204,11 +258,14 @@ static int action_open_plain(void) goto out; /* Skip blkid scan when activating plain device with offset */ - if (!ARG_UINT64(OPT_OFFSET_ID)) { + if (!ARG_UINT64(OPT_OFFSET_ID) && !ARG_SET(OPT_DISABLE_BLKID_ID)) { /* Print all present signatures in read-only mode */ r = tools_detect_signatures(action_argv[0], PRB_FILTER_NONE, &signatures, ARG_SET(OPT_BATCH_MODE_ID)); - if (r < 0) + if (r < 0) { + if (r == -EIO) + log_err(_("Blkid scan failed for %s."), action_argv[0]); goto out; + } } if (signatures && !ARG_SET(OPT_BATCH_MODE_ID)) { @@ -829,6 +886,15 @@ static int action_resize(void) else if (ARG_SET(OPT_SIZE_ID)) dev_size = ARG_UINT64(OPT_SIZE_ID); + if (ARG_SET(OPT_EXTERNAL_TOKENS_PATH_ID)) { + r = crypt_token_set_external_path(ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + if (r < 0) { + log_err(_("Failed to set external tokens path %s."), + ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + goto out; + } + } + if (cad.flags & CRYPT_ACTIVATE_KEYRING_KEY) { if (ARG_SET(OPT_DISABLE_KEYRING_ID)) { r = -EINVAL; @@ -838,16 +904,9 @@ static int action_resize(void) } /* try load VK in kernel keyring using token */ - r = crypt_activate_by_token_pin(cd, NULL, ARG_STR(OPT_TOKEN_TYPE_ID), - ARG_INT32(OPT_TOKEN_ID_ID), NULL, 0, NULL, - CRYPT_ACTIVATE_KEYRING_KEY); - tools_keyslot_msg(r, UNLOCKED); - tools_token_error_msg(r, ARG_STR(OPT_TOKEN_TYPE_ID), ARG_INT32(OPT_TOKEN_ID_ID), false); - - /* Token requires PIN. Ask if there is evident preference for tokens */ - if (r == -ENOANO && (ARG_SET(OPT_TOKEN_ONLY_ID) || ARG_SET(OPT_TOKEN_TYPE_ID) || - ARG_SET(OPT_TOKEN_ID_ID))) - r = _try_token_pin_unlock(cd, ARG_INT32(OPT_TOKEN_ID_ID), NULL, ARG_STR(OPT_TOKEN_TYPE_ID), CRYPT_ACTIVATE_KEYRING_KEY, 1, true); + r = _try_token_unlock(cd, ARG_INT32(OPT_KEY_SLOT_ID), ARG_INT32(OPT_TOKEN_ID_ID), + NULL, ARG_STR(OPT_TOKEN_TYPE_ID), CRYPT_ACTIVATE_KEYRING_KEY, + 1, true, ARG_SET(OPT_TOKEN_ONLY_ID)); if (r >= 0 || quit || ARG_SET(OPT_TOKEN_ONLY_ID)) goto out; @@ -883,7 +942,7 @@ static int action_status(void) struct crypt_device *cd = NULL; char *backing_file; const char *device; - int path = 0, r = 0; + int path = 0, r = 0, hw_enc; /* perhaps a path, not a dm device name */ if (strchr(action_argv[0], '/')) @@ -932,13 +991,33 @@ static int action_status(void) if (r < 0 && r != -ENOTSUP) goto out; - log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd)); - log_std(" keysize: %d bits\n", crypt_get_volume_key_size(cd) * 8); - log_std(" key location: %s\n", (cad.flags & CRYPT_ACTIVATE_KEYRING_KEY) ? "keyring" : "dm-crypt"); + hw_enc = crypt_get_hw_encryption_type(cd); + if (hw_enc < 0) { + r = hw_enc; + goto out; + } + + if (hw_enc == CRYPT_SW_ONLY) { + log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd)); + log_std(" keysize: %d bits\n", crypt_get_volume_key_size(cd) * 8); + log_std(" key location: %s\n", (cad.flags & CRYPT_ACTIVATE_KEYRING_KEY) ? "keyring" : "dm-crypt"); + } else if (hw_enc == CRYPT_OPAL_HW_ONLY) { + log_std(" encryption: HW OPAL only\n"); + log_std(" OPAL keysize: %d bits\n", crypt_get_hw_encryption_key_size(cd) * 8); + } else if (hw_enc == CRYPT_SW_AND_OPAL_HW) { + log_std(" encryption: dm-crypt over HW OPAL\n"); + log_std(" OPAL keysize: %d bits\n", crypt_get_hw_encryption_key_size(cd) * 8); + log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd)); + log_std(" keysize: %d bits\n", (crypt_get_volume_key_size(cd) - crypt_get_hw_encryption_key_size(cd)) * 8); + log_std(" key location: %s\n", (cad.flags & CRYPT_ACTIVATE_KEYRING_KEY) ? "keyring" : "dm-crypt"); + } + if (ip.integrity) log_std(" integrity: %s\n", ip.integrity); if (ip.integrity_key_size) log_std(" integrity keysize: %d bits\n", ip.integrity_key_size * 8); + if (ip.tag_size) + log_std(" integrity tag size: %u bytes\n", ip.tag_size); device = crypt_get_device_name(cd); log_std(" device: %s\n", device); if ((backing_file = crypt_loop_backing_file(device))) { @@ -1282,9 +1361,14 @@ static int action_luksRepair(void) goto out; } - r = tools_detect_signatures(action_argv[0], PRB_FILTER_LUKS, NULL, ARG_SET(OPT_BATCH_MODE_ID)); - if (r < 0) - goto out; + if (!ARG_SET(OPT_DISABLE_BLKID_ID)) { + r = tools_detect_signatures(action_argv[0], PRB_FILTER_LUKS, NULL, ARG_SET(OPT_BATCH_MODE_ID)); + if (r < 0) { + if (r == -EIO) + log_err(_("Blkid scan failed for %s."), action_argv[0]); + goto out; + } + } if (!ARG_SET(OPT_BATCH_MODE_ID) && !yesDialog(_("Really try to repair LUKS device header?"), @@ -1353,12 +1437,13 @@ static int strcmp_or_null(const char *str, const char *expected) int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_passwordLen) { - int r = -EINVAL, keysize, integrity_keysize = 0, fd, created = 0; + bool wipe_signatures = false; + int encrypt_type, r = -EINVAL, keysize, integrity_keysize = 0, fd, created = 0; struct stat st; const char *header_device, *type; char *msg = NULL, *key = NULL, *password = NULL; char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN], integrity[MAX_CIPHER_LEN]; - size_t passwordLen, signatures; + size_t passwordLen, signatures = 0; struct crypt_device *cd = NULL; struct crypt_params_luks1 params1 = { .hash = ARG_STR(OPT_HASH_ID) ?: DEFAULT_LUKS1_HASH, @@ -1372,6 +1457,9 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password .label = ARG_STR(OPT_LABEL_ID), .subsystem = ARG_STR(OPT_SUBSYSTEM_ID) }; + struct crypt_params_hw_opal opal_params = { + .user_key_size = DEFAULT_LUKS1_KEYBITS / 8 + }; void *params; type = luksType(device_type); @@ -1397,6 +1485,11 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password log_err(_("Unsupported LUKS2 metadata size options.")); return -EINVAL; } + + if (ARG_SET(OPT_HW_OPAL_ID) || ARG_SET(OPT_HW_OPAL_ONLY_ID)) { + log_err(_("OPAL is supported only for LUKS2 format.")); + return -EINVAL; + } } else return -EINVAL; @@ -1466,9 +1559,14 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password } /* Print all present signatures in read-only mode */ - r = tools_detect_signatures(header_device, PRB_FILTER_NONE, &signatures, ARG_SET(OPT_BATCH_MODE_ID)); - if (r < 0) - goto out; + if (!ARG_SET(OPT_DISABLE_BLKID_ID)) { + r = tools_detect_signatures(header_device, PRB_FILTER_NONE, &signatures, ARG_SET(OPT_BATCH_MODE_ID)); + if (r < 0) { + if (r == -EIO) + log_err(_("Blkid scan failed for %s."), header_device); + goto out; + } + } if (!created && !ARG_SET(OPT_BATCH_MODE_ID)) { r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), header_device); @@ -1485,6 +1583,11 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password keysize = get_adjusted_key_size(cipher_mode, DEFAULT_LUKS1_KEYBITS, integrity_keysize); + if (ARG_SET(OPT_HW_OPAL_ONLY_ID)) + keysize = opal_params.user_key_size; + else if (ARG_SET(OPT_HW_OPAL_ID)) + keysize += opal_params.user_key_size; + if (ARG_SET(OPT_USE_RANDOM_ID)) crypt_set_rng_type(cd, CRYPT_RNG_RANDOM); else if (ARG_SET(OPT_USE_URANDOM_ID)) @@ -1496,6 +1599,19 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password if (r < 0) goto out; + if (ARG_SET(OPT_HW_OPAL_ID) || ARG_SET(OPT_HW_OPAL_ONLY_ID)) { + r = tools_get_key("Enter OPAL Admin password: ", CONST_CAST(char **)&opal_params.admin_key, &opal_params.admin_key_size, + 0, 0, NULL, + ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd); + if (r < 0) + goto out; + if (opal_params.admin_key_size == 0) { + log_err(_("OPAL Admin password cannot be empty.")); + r = -EPERM; + goto out; + } + } + if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) { r = tools_read_vk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), &key, keysize); if (r < 0) @@ -1509,13 +1625,20 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password } /* Signature candidates found */ - if (signatures && ((r = tools_wipe_all_signatures(header_device, true, false)) < 0)) + if (!ARG_SET(OPT_DISABLE_BLKID_ID) && signatures && + ((r = tools_wipe_all_signatures(header_device, true, false)) < 0)) goto out; if (ARG_SET(OPT_INTEGRITY_LEGACY_PADDING_ID)) crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING); - r = crypt_format(cd, type, cipher, cipher_mode, + if (ARG_SET(OPT_HW_OPAL_ID) || ARG_SET(OPT_HW_OPAL_ONLY_ID)) + r = crypt_format_luks2_opal(cd, + ARG_SET(OPT_HW_OPAL_ONLY_ID) ? NULL : cipher, + ARG_SET(OPT_HW_OPAL_ONLY_ID) ? NULL : cipher_mode, + ARG_STR(OPT_UUID_ID), key, keysize, params, &opal_params); + else + r = crypt_format(cd, type, cipher, cipher_mode, ARG_STR(OPT_UUID_ID), key, keysize, params); check_signal(&r); if (r < 0) @@ -1529,25 +1652,44 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password key, keysize, password, passwordLen); if (r < 0) { - (void) tools_wipe_all_signatures(header_device, true, false); + wipe_signatures = true; goto out; } tools_keyslot_msg(r, CREATED); if (ARG_SET(OPT_INTEGRITY_ID) && !ARG_SET(OPT_INTEGRITY_NO_WIPE_ID) && - strcmp_or_null(params2.integrity, "none")) + strcmp_or_null(params2.integrity, "none")) { r = _wipe_data_device(cd); + /* Interrupted wipe should not fail luksFormat action */ + if (r == -EINTR) + r = 0; + } out: + crypt_safe_free(key); + + if (r < 0) { + encrypt_type = crypt_get_hw_encryption_type(cd); + if (encrypt_type == CRYPT_OPAL_HW_ONLY || + encrypt_type == CRYPT_SW_AND_OPAL_HW) { + (void) crypt_wipe_hw_opal(cd, CRYPT_LUKS2_SEGMENT, + opal_params.admin_key, opal_params.admin_key_size, + 0); + } + if (wipe_signatures) + (void) tools_wipe_all_signatures(header_device, true, false); + } + + crypt_safe_free(CONST_CAST(void *)opal_params.admin_key); + if (r >= 0 && r_cd && r_password && r_passwordLen) { *r_cd = cd; *r_password = password; *r_passwordLen = passwordLen; - } else { - crypt_free(cd); - crypt_safe_free(password); + return r; } - crypt_safe_free(key); + crypt_free(cd); + crypt_safe_free(password); return r; } @@ -1557,17 +1699,166 @@ static int action_luksFormat(void) return luksFormat(NULL, NULL, NULL); } +static int parse_vk_description(const char *key_description, char **ret_key_description) +{ + char *tmp; + int r; + + assert(key_description); + assert(ret_key_description); + + /* apply default key type */ + if (*key_description != '%') + r = asprintf(&tmp, "%%user:%s", key_description) < 0 ? -EINVAL : 0; + else + r = (tmp = strdup(key_description)) ? 0 : -ENOMEM; + if (!r) + *ret_key_description = tmp; + + return r; +} + +static int parse_single_vk_and_keyring_description( + struct crypt_device *cd, + char *keyring_key_description, char **keyring_part_out, char + **key_part_out, char **type_part_out) +{ + int r = -EINVAL; + char *endp, *sep, *key_part, *type_part = NULL; + char *key_part_copy = NULL, *type_part_copy = NULL, *keyring_part = NULL; + + if (!cd || !keyring_key_description) + return -EINVAL; + + /* "::" is separator between keyring specification a key description */ + key_part = strstr(keyring_key_description, "::"); + if (!key_part) + goto out; + + *key_part = '\0'; + key_part = key_part + 2; + + if (*key_part == '%') { + type_part = key_part + 1; + sep = strstr(type_part, ":"); + if (!sep) + goto out; + *sep = '\0'; + + key_part = sep + 1; + } + + if (*keyring_key_description == '%') { + keyring_key_description = strstr(keyring_key_description, ":"); + if (!keyring_key_description) + goto out; + log_verbose(_("Type specification in --link-vk-to-keyring keyring specification is ignored.")); + keyring_key_description++; + } + + (void)strtol(keyring_key_description, &endp, 0); + + r = 0; + if (*keyring_key_description == '@' || !*endp) + keyring_part = strdup(keyring_key_description); + else + r = asprintf(&keyring_part, "%%:%s", keyring_key_description); + + if (!keyring_part || r < 0) { + r = -ENOMEM; + goto out; + } + + if (!(key_part_copy = strdup(key_part))) { + r = -ENOMEM; + goto out; + } + if (type_part && !(type_part_copy = strdup(type_part))) + r = -ENOMEM; + +out: + if (r < 0) { + free(keyring_part); + free(key_part_copy); + free(type_part_copy); + } else { + *keyring_part_out = keyring_part; + *key_part_out = key_part_copy; + *type_part_out = type_part_copy; + } + + return r; +} + +static int parse_vk_and_keyring_description( + struct crypt_device *cd, + char **keyring_key_descriptions, + int keyring_key_links_count) +{ + int r = 0; + + char *keyring_part_out1 = NULL, *key_part_out1 = NULL, *type_part_out1 = NULL; + char *keyring_part_out2 = NULL, *key_part_out2 = NULL, *type_part_out2 = NULL; + + if (keyring_key_links_count > 0) { + r = parse_single_vk_and_keyring_description(cd, + keyring_key_descriptions[0], + &keyring_part_out1, &key_part_out1, + &type_part_out1); + if (r < 0) + goto out; + } + if (keyring_key_links_count > 1) { + r = parse_single_vk_and_keyring_description(cd, + keyring_key_descriptions[1], + &keyring_part_out2, &key_part_out2, + &type_part_out2); + if (r < 0) + goto out; + + if ((type_part_out1 && type_part_out2) && strcmp(type_part_out1, type_part_out2)) { + log_err(_("Key types have to be the same for both volume keys.")); + r = -EINVAL; + goto out; + } + if ((keyring_part_out1 && keyring_part_out2) && strcmp(keyring_part_out1, keyring_part_out2)) { + log_err(_("Both volume keys have to be linked to the same keyring.")); + r = -EINVAL; + goto out; + } + } + + if (keyring_key_links_count > 0) { + r = crypt_set_keyring_to_link(cd, key_part_out1, key_part_out2, + type_part_out1, keyring_part_out1); + if (r == -EAGAIN) + log_err(_("You need to supply more key names.")); + } +out: + if (r == -EINVAL) + log_err(_("Invalid --link-vk-to-keyring value.")); + free(keyring_part_out1); + free(key_part_out1); + free(type_part_out1); + free(keyring_part_out2); + free(key_part_out2); + free(type_part_out2); + + return r; +} + static int action_open_luks(void) { struct crypt_active_device cad; struct crypt_device *cd = NULL; const char *data_device, *header_device, *activated_name; - char *key = NULL; + char *key = NULL, *vk_description_activation1 = NULL, *vk_description_activation2 = NULL; uint32_t activate_flags = 0; int r, keysize, tries; char *password = NULL; size_t passwordLen; struct stat st; + struct crypt_keyslot_context *kc1 = NULL, *kc2 = NULL; if (ARG_SET(OPT_REFRESH_ID)) { activated_name = action_argc > 1 ? action_argv[1] : action_argv[0]; @@ -1606,6 +1897,21 @@ static int action_open_luks(void) set_activation_flags(&activate_flags); + if (ARG_SET(OPT_EXTERNAL_TOKENS_PATH_ID)) { + r = crypt_token_set_external_path(ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + if (r < 0) { + log_err(_("Failed to set external tokens path %s."), + ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + goto out; + } + } + + if (ARG_SET(OPT_LINK_VK_TO_KEYRING_ID)) { + r = parse_vk_and_keyring_description(cd, keyring_links, keyring_links_count); + if (r < 0) + goto out; + } + if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) { keysize = crypt_get_volume_key_size(cd); if (!keysize && !ARG_SET(OPT_KEY_SIZE_ID)) { @@ -1620,16 +1926,37 @@ static int action_open_luks(void) goto out; r = crypt_activate_by_volume_key(cd, activated_name, key, keysize, activate_flags); + } else if (ARG_SET(OPT_VOLUME_KEY_KEYRING_ID)) { + if (vks_in_keyring_count == 1) { + r = parse_vk_description(vks_in_keyring[0], &vk_description_activation1); + if (r < 0) + goto out; + r = crypt_keyslot_context_init_by_vk_in_keyring(cd, vk_description_activation1, &kc1); + if (r) + goto out; + r = crypt_activate_by_keyslot_context(cd, activated_name, CRYPT_ANY_SLOT, kc1, CRYPT_ANY_SLOT, NULL, activate_flags); + } else if (vks_in_keyring_count == 2) { + r = parse_vk_description(vks_in_keyring[0], &vk_description_activation1); + if (r < 0) + goto out; + r = parse_vk_description(vks_in_keyring[1], &vk_description_activation2); + if (r < 0) + goto out; + r = crypt_keyslot_context_init_by_vk_in_keyring(cd, vk_description_activation1, &kc1); + if (r) + goto out; + r = crypt_keyslot_context_init_by_vk_in_keyring(cd, vk_description_activation2, &kc2); + if (r) + goto out; + r = crypt_activate_by_keyslot_context(cd, activated_name, CRYPT_ANY_SLOT, kc1, CRYPT_ANY_SLOT, kc2, activate_flags); + } + if (r) + goto out; } else { - r = crypt_activate_by_token_pin(cd, activated_name, ARG_STR(OPT_TOKEN_TYPE_ID), - ARG_INT32(OPT_TOKEN_ID_ID), NULL, 0, NULL, activate_flags); - tools_keyslot_msg(r, UNLOCKED); - tools_token_error_msg(r, ARG_STR(OPT_TOKEN_TYPE_ID), ARG_INT32(OPT_TOKEN_ID_ID), false); - - /* Token requires PIN. Ask if there is evident preference for tokens */ - if (r == -ENOANO && (ARG_SET(OPT_TOKEN_ONLY_ID) || ARG_SET(OPT_TOKEN_TYPE_ID) || - ARG_SET(OPT_TOKEN_ID_ID))) - r = _try_token_pin_unlock(cd, ARG_INT32(OPT_TOKEN_ID_ID), activated_name, ARG_STR(OPT_TOKEN_TYPE_ID), activate_flags, set_tries_tty(), true); + r = _try_token_unlock(cd, ARG_INT32(OPT_KEY_SLOT_ID), + ARG_INT32(OPT_TOKEN_ID_ID), activated_name, + ARG_STR(OPT_TOKEN_TYPE_ID), activate_flags, + set_tries_tty(), true, ARG_SET(OPT_TOKEN_ONLY_ID)); if (r >= 0 || r == -EEXIST || quit || ARG_SET(OPT_TOKEN_ONLY_ID)) goto out; @@ -1657,9 +1984,14 @@ out: crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, cad.flags & activate_flags))) log_err(_("Device activated but cannot make flags persistent.")); + crypt_keyslot_context_free(kc1); + crypt_keyslot_context_free(kc2); crypt_safe_free(key); crypt_safe_free(password); crypt_free(cd); + free(vk_description_activation1); + free(vk_description_activation2); + return r; } @@ -1839,6 +2171,15 @@ static int luksAddUnboundKey(void) goto out; } + if (ARG_SET(OPT_EXTERNAL_TOKENS_PATH_ID)) { + r = crypt_token_set_external_path(ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + if (r < 0) { + log_err(_("Failed to set external tokens path %s."), + ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + goto out; + } + } + r = _set_keyslot_encryption_params(cd); if (r < 0) goto out; @@ -1943,7 +2284,8 @@ static int action_luksAddKey(void) { int keyslot_old, keyslot_new, keysize = 0, r = -EINVAL; const char *new_key_file = (action_argc > 1 ? action_argv[1] : NULL); - char *key = NULL, *password = NULL, *password_new = NULL, *pin = NULL, *pin_new = NULL; + char *key = NULL, *password = NULL, *password_new = NULL, *pin = NULL, *pin_new = NULL, + *vk_description = NULL; size_t pin_size, pin_size_new, password_size = 0, password_new_size = 0; struct crypt_device *cd = NULL; struct crypt_keyslot_context *p_kc_new = NULL, *kc = NULL, *kc_new = NULL; @@ -1983,6 +2325,15 @@ static int action_luksAddKey(void) if (r < 0) goto out; + if (ARG_SET(OPT_EXTERNAL_TOKENS_PATH_ID)) { + r = crypt_token_set_external_path(ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + if (r < 0) { + log_err(_("Failed to set external tokens path %s."), + ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + goto out; + } + } + /* Never call pwquality if using null cipher */ if (crypt_is_cipher_null(crypt_get_cipher(cd))) ARG_SET_TRUE(OPT_FORCE_PASSWORD_ID); @@ -2019,7 +2370,11 @@ static int action_luksAddKey(void) ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_UINT64(OPT_KEYFILE_OFFSET_ID), &kc); - else if (ARG_SET(OPT_TOKEN_ID_ID) || ARG_SET(OPT_TOKEN_TYPE_ID) || ARG_SET(OPT_TOKEN_ONLY_ID)) { + else if (ARG_SET(OPT_VOLUME_KEY_KEYRING_ID)) { + r = parse_vk_description(ARG_STR(OPT_VOLUME_KEY_KEYRING_ID), &vk_description); + if (!r) + r = crypt_keyslot_context_init_by_vk_in_keyring(cd, vk_description, &kc); + } else if (ARG_SET(OPT_TOKEN_ID_ID) || ARG_SET(OPT_TOKEN_TYPE_ID) || ARG_SET(OPT_TOKEN_ONLY_ID)) { r = crypt_keyslot_context_init_by_token(cd, ARG_INT32(OPT_TOKEN_ID_ID), ARG_STR(OPT_TOKEN_TYPE_ID), @@ -2034,7 +2389,7 @@ static int action_luksAddKey(void) goto out; /* Check password before asking for new one */ - r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, + r = crypt_activate_by_passphrase(cd, NULL, keyslot_old, password, password_size, 0); check_signal(&r); tools_passphrase_msg(r); @@ -2107,6 +2462,7 @@ static int action_luksAddKey(void) } out: tools_keyslot_msg(r, CREATED); + free(vk_description); crypt_keyslot_context_free(kc); crypt_keyslot_context_free(kc_new); crypt_safe_free(password); @@ -2416,6 +2772,15 @@ static int action_luksDump(void) goto out; } + if (ARG_SET(OPT_EXTERNAL_TOKENS_PATH_ID)) { + r = crypt_token_set_external_path(ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + if (r < 0) { + log_err(_("Failed to set external tokens path %s."), + ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + goto out; + } + } + if (ARG_SET(OPT_DUMP_VOLUME_KEY_ID)) r = luksDump_with_volume_key(cd); else if (ARG_SET(OPT_UNBOUND_ID)) @@ -2448,11 +2813,12 @@ static int action_luksSuspend(void) static int action_luksResume(void) { struct crypt_device *cd = NULL; - char *password = NULL; + char *password = NULL, *vk_description_activation = NULL; size_t passwordLen; int r, tries; struct crypt_active_device cad; const char *req_type = luksType(device_type); + struct crypt_keyslot_context *kc = NULL; if (req_type && !isLUKS(req_type)) return -EINVAL; @@ -2460,7 +2826,14 @@ static int action_luksResume(void) if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(ARG_STR(OPT_HEADER_ID))))) return r; + if (ARG_SET(OPT_LINK_VK_TO_KEYRING_ID)) { + r = parse_vk_and_keyring_description(cd, keyring_links, keyring_links_count); + if (r < 0) + goto out; + } + r = -EINVAL; + if (!isLUKS(crypt_get_type(cd))) { log_err(_("%s is not active LUKS device name or header is missing."), action_argv[0]); goto out; @@ -2481,20 +2854,34 @@ static int action_luksResume(void) goto out; } - /* try to resume LUKS2 device by token first */ - r = crypt_resume_by_token_pin(cd, action_argv[0], ARG_STR(OPT_TOKEN_TYPE_ID), - ARG_INT32(OPT_TOKEN_ID_ID), NULL, 0, NULL); - tools_keyslot_msg(r, UNLOCKED); - tools_token_error_msg(r, ARG_STR(OPT_TOKEN_TYPE_ID), ARG_INT32(OPT_TOKEN_ID_ID), false); + if (ARG_SET(OPT_EXTERNAL_TOKENS_PATH_ID)) { + r = crypt_token_set_external_path(ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + if (r < 0) { + log_err(_("Failed to set external tokens path %s."), + ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + goto out; + } + } - /* Token requires PIN. Ask if there is evident preference for tokens */ - if (r == -ENOANO && (ARG_SET(OPT_TOKEN_ONLY_ID) || ARG_SET(OPT_TOKEN_TYPE_ID) || - ARG_SET(OPT_TOKEN_ID_ID))) - r = _try_token_pin_unlock(cd, ARG_INT32(OPT_TOKEN_ID_ID), action_argv[0], ARG_STR(OPT_TOKEN_TYPE_ID), 0, set_tries_tty(), false); + /* try to resume LUKS2 device by token first */ + r = _try_token_unlock(cd, ARG_INT32(OPT_KEY_SLOT_ID), ARG_INT32(OPT_TOKEN_ID_ID), + action_argv[0], ARG_STR(OPT_TOKEN_TYPE_ID), 0, + set_tries_tty(), false, ARG_SET(OPT_TOKEN_ONLY_ID)); if (r >= 0 || quit || ARG_SET(OPT_TOKEN_ONLY_ID)) goto out; + if (ARG_SET(OPT_VOLUME_KEY_KEYRING_ID)) { + r = parse_vk_description(ARG_STR(OPT_VOLUME_KEY_KEYRING_ID), &vk_description_activation); + if (r < 0) + goto out; + r = crypt_keyslot_context_init_by_vk_in_keyring(cd, vk_description_activation, &kc); + if (r) + goto out; + r = crypt_resume_by_keyslot_context(cd, action_argv[0], CRYPT_ANY_SLOT, kc); + goto out; + } + tries = set_tries_tty(); do { r = tools_get_key(NULL, &password, &passwordLen, @@ -2513,7 +2900,9 @@ static int action_luksResume(void) password = NULL; } while ((r == -EPERM || r == -ERANGE) && (--tries > 0)); out: + crypt_keyslot_context_free(kc); crypt_safe_free(password); + free(vk_description_activation); crypt_free(cd); return r; } @@ -2642,15 +3031,48 @@ out: return r; } +static int opal_erase(struct crypt_device *cd, bool factory_reset) { + char *password = NULL; + size_t password_size = 0; + int r; + + r = tools_get_key(factory_reset ? _("Enter OPAL PSID: ") : _("Enter OPAL Admin password: "), + &password, &password_size, ARG_UINT64(OPT_KEYFILE_OFFSET_ID), + ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID), + ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), + !ARG_SET(OPT_FORCE_PASSWORD_ID), cd); + if (r < 0) + return r; + + if (factory_reset && !ARG_SET(OPT_BATCH_MODE_ID) && + !yesDialog(_("WARNING: WHOLE disk will be factory reset and all data will be lost! Continue?"), + _("Operation aborted.\n"))) { + crypt_safe_free(password); + return -EPERM; + } + + r = crypt_wipe_hw_opal(cd, factory_reset ? CRYPT_NO_SEGMENT : CRYPT_LUKS2_SEGMENT, + password, password_size, 0); + + crypt_safe_free(password); + return r; +} + static int action_luksErase(void) { struct crypt_device *cd = NULL; crypt_keyslot_info ki; char *msg = NULL; - int i, max, r; + int i, max, r, hw_enc; - if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) + if ((r = crypt_init_data_device(&cd, uuid_or_device(ARG_STR(OPT_HEADER_ID) ?: action_argv[0]), action_argv[0]))) + return r; + + /* Allow factory reset even if there's no LUKS header, as long as OPAL is enabled on the device */ + if (ARG_SET(OPT_HW_OPAL_FACTORY_RESET_ID)) { + r = opal_erase(cd, true); goto out; + } if ((r = crypt_load(cd, luksType(device_type), NULL))) { log_err(_("Device %s is not a valid LUKS device."), @@ -2658,7 +3080,15 @@ static int action_luksErase(void) goto out; } - if(asprintf(&msg, _("This operation will erase all keyslots on device %s.\n" + hw_enc = crypt_get_hw_encryption_type(cd); + if (hw_enc < 0) + goto out; + if (hw_enc == CRYPT_OPAL_HW_ONLY || hw_enc == CRYPT_SW_AND_OPAL_HW) { + r = opal_erase(cd, false); + goto out; + } + + if (asprintf(&msg, _("This operation will erase all keyslots on device %s.\n" "Device will become unusable after this operation."), uuid_or_device_header(NULL)) == -1) { r = -ENOMEM; @@ -2951,6 +3381,16 @@ static int action_token(void) return r; } + if (ARG_SET(OPT_EXTERNAL_TOKENS_PATH_ID)) { + r = crypt_token_set_external_path(ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + if (r < 0) { + log_err(_("Failed to set external tokens path %s."), + ARG_STR(OPT_EXTERNAL_TOKENS_PATH_ID)); + crypt_free(cd); + return r; + } + } + r = -EINVAL; if (!strcmp(action_argv[0], "add")) { @@ -3063,7 +3503,7 @@ static const char *verify_resize(void) static const char *verify_reencrypt(void) { if (ARG_SET(OPT_REDUCE_DEVICE_SIZE_ID) && ARG_SET(OPT_DEVICE_SIZE_ID)) - return _("Options --reduce-device-size and --data-size cannot be combined."); + return _("Options --reduce-device-size and --device-size cannot be combined."); if (isLUKS1(luksType(device_type)) && ARG_SET(OPT_ACTIVE_NAME_ID)) return _("Option --active-name can be set only for LUKS2 device."); @@ -3220,10 +3660,10 @@ static void help(poptContext popt_context, path = crypt_token_external_path(); if (path) { - log_std(_("\nLUKS2 external token plugin support is %s.\n"), _("compiled-in")); + log_std(_("\nLUKS2 external token plugin support is enabled.\n")); log_std(_("LUKS2 external token plugin path: %s.\n"), path); } else - log_std(_("\nLUKS2 external token plugin support is %s.\n"), _("disabled")); + log_std(_("\nLUKS2 external token plugin support is disabled.\n")); pbkdf_luks1 = crypt_get_pbkdf_default(CRYPT_LUKS1); pbkdf_luks2 = crypt_get_pbkdf_default(CRYPT_LUKS2); @@ -3315,6 +3755,7 @@ static void basic_options_cb(poptContext popt_context, const char *arg, void *data __attribute__((unused))) { + char buf[128]; tools_parse_arg_value(popt_context, tool_core_args[key->val].type, tool_core_args + key->val, arg, key->val, needs_size_conversion); /* special cases additional handling */ @@ -3366,6 +3807,29 @@ static void basic_options_cb(poptContext popt_context, _("Key size must be a multiple of 8 bits"), poptGetInvocationName(popt_context)); break; + case OPT_VOLUME_KEY_KEYRING_ID: + if (vks_in_keyring_count < MAX_VK_IN_KEYRING) + vks_in_keyring[vks_in_keyring_count++] = strdup(ARG_STR(OPT_VOLUME_KEY_KEYRING_ID)); + else { + if (snprintf(buf, sizeof(buf), _("At most %d volume key specifications can be supplied."), MAX_KEYRING_LINKS) < 0) + buf[0] = '\0'; + usage(popt_context, EXIT_FAILURE, + buf, + poptGetInvocationName(popt_context)); + } + break; + case OPT_LINK_VK_TO_KEYRING_ID: + if (keyring_links_count < MAX_KEYRING_LINKS) + keyring_links[keyring_links_count++] = strdup(ARG_STR(OPT_LINK_VK_TO_KEYRING_ID)); + else { + + if (snprintf(buf, sizeof(buf), _("At most %d keyring link specifications can be supplied."), MAX_KEYRING_LINKS) < 0) + buf[0] = '\0'; + usage(popt_context, EXIT_FAILURE, + buf, + poptGetInvocationName(popt_context)); + } + break; case OPT_REDUCE_DEVICE_SIZE_ID: if (ARG_UINT64(OPT_REDUCE_DEVICE_SIZE_ID) > 1024 * 1024 * 1024) usage(popt_context, EXIT_FAILURE, _("Maximum device reduce size is 1 GiB."), @@ -3439,6 +3903,9 @@ int main(int argc, const char **argv) textdomain(PACKAGE); popt_context = poptGetContext(PACKAGE, argc, argv, popt_options, 0); + if (!popt_context) + exit(EXIT_FAILURE); + poptSetOtherOptionHelp(popt_context, _("[OPTION...] <action> <action-specific>")); @@ -3506,7 +3973,10 @@ int main(int argc, const char **argv) aname = CLOSE_ACTION; } else if (!strcmp(aname, "luksErase")) { aname = ERASE_ACTION; - device_type = "luks"; + if (ARG_SET(OPT_TYPE_ID)) + device_type = ARG_STR(OPT_TYPE_ID); + else + device_type = "luks"; } else if (!strcmp(aname, "luksConfig")) { aname = CONFIG_ACTION; device_type = "luks2"; @@ -3562,6 +4032,11 @@ int main(int argc, const char **argv) _("PBKDF forced iterations cannot be combined with iteration time option."), poptGetInvocationName(popt_context)); + if (ARG_SET(OPT_DISABLE_KEYRING_ID) && ARG_SET(OPT_LINK_VK_TO_KEYRING_ID)) + usage(popt_context, EXIT_FAILURE, + _("Cannot link volume key to a keyring when keyring is disabled."), + poptGetInvocationName(popt_context)); + if (ARG_SET(OPT_DEBUG_ID) || ARG_SET(OPT_DEBUG_JSON_ID)) { crypt_set_debug_level(ARG_SET(OPT_DEBUG_JSON_ID)? CRYPT_DEBUG_JSON : CRYPT_DEBUG_ALL); dbg_version_and_cmd(argc, argv); diff --git a/src/cryptsetup.h b/src/cryptsetup.h index 011a669..8de8744 100644 --- a/src/cryptsetup.h +++ b/src/cryptsetup.h @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/cryptsetup_arg_list.h b/src/cryptsetup_arg_list.h index a7e5bb0..7496748 100644 --- a/src/cryptsetup_arg_list.h +++ b/src/cryptsetup_arg_list.h @@ -1,8 +1,8 @@ /* * Cryptsetup command line arguments list * - * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2023 Ondrej Kozina + * Copyright (C) 2020-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -37,11 +37,13 @@ ARG(OPT_DEBUG, '\0', POPT_ARG_NONE, N_("Show debug messages"), NULL, CRYPT_ARG_B ARG(OPT_DEBUG_JSON, '\0', POPT_ARG_NONE, N_("Show debug messages including JSON metadata"), NULL, CRYPT_ARG_BOOL, {}, {}) +ARG(OPT_DECRYPT, '\0', POPT_ARG_NONE, N_("Decrypt LUKS2 device (remove encryption)"), NULL, CRYPT_ARG_BOOL, {}, {}) + ARG(OPT_DEFERRED, '\0', POPT_ARG_NONE, N_("Device removal is deferred until the last user closes it"), NULL, CRYPT_ARG_BOOL, {}, OPT_DEFERRED_ACTIONS) -ARG(OPT_DEVICE_SIZE, '\0', POPT_ARG_STRING, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_DEVICE_SIZE_ACTIONS) +ARG(OPT_DEVICE_SIZE, '\0', POPT_ARG_STRING, N_("Use only specified device size (ignore rest of device), DANGEROUS!"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_DEVICE_SIZE_ACTIONS) -ARG(OPT_DECRYPT, '\0', POPT_ARG_NONE, N_("Decrypt LUKS2 device (remove encryption)."), NULL, CRYPT_ARG_BOOL, {}, {}) +ARG(OPT_DISABLE_BLKID, '\0', POPT_ARG_NONE, N_("Disable blkid on-disk signature detection and wiping"), NULL, CRYPT_ARG_BOOL, {}, OPT_DISABLE_BLKID_ACTIONS) ARG(OPT_DISABLE_EXTERNAL_TOKENS, '\0', POPT_ARG_NONE, N_("Disable loading of external LUKS2 token plugins"), NULL, CRYPT_ARG_BOOL, {}, {}) @@ -55,11 +57,13 @@ ARG(OPT_DUMP_JSON, '\0', POPT_ARG_NONE, N_("Dump info in JSON format (LUKS2 only ARG(OPT_DUMP_VOLUME_KEY, '\0', POPT_ARG_NONE, N_("Dump volume key instead of keyslots info"), NULL, CRYPT_ARG_BOOL, {}, {}) -ARG(OPT_ENCRYPT, '\0', POPT_ARG_NONE, N_("Encrypt LUKS2 device (in-place encryption)."), NULL, CRYPT_ARG_BOOL, {}, {}) +ARG(OPT_ENCRYPT, '\0', POPT_ARG_NONE, N_("Encrypt LUKS2 device (in-place encryption)"), NULL, CRYPT_ARG_BOOL, {}, {}) + +ARG(OPT_EXTERNAL_TOKENS_PATH, '\0', POPT_ARG_STRING, N_("Path to directory with external token handlers (plugins)."), NULL, CRYPT_ARG_STRING, {}, OPT_EXTERNAL_TOKENS_PATH_ACTIONS) ARG(OPT_FORCE_PASSWORD, '\0', POPT_ARG_NONE, N_("Disable password quality check (if enabled)"), NULL, CRYPT_ARG_BOOL, {}, {}) -ARG(OPT_FORCE_OFFLINE_REENCRYPT, '\0', POPT_ARG_NONE, N_("Force offline LUKS2 reencryption and bypass active device detection."), NULL, CRYPT_ARG_BOOL, {}, OPT_FORCE_OFFLINE_REENCRYPT_ACTIONS) +ARG(OPT_FORCE_OFFLINE_REENCRYPT, '\0', POPT_ARG_NONE, N_("Force offline LUKS2 reencryption and bypass active device detection"), NULL, CRYPT_ARG_BOOL, {}, OPT_FORCE_OFFLINE_REENCRYPT_ACTIONS) ARG(OPT_HASH, 'h', POPT_ARG_STRING, N_("The hash used to create the encryption key from the passphrase"), NULL, CRYPT_ARG_STRING, {}, {}) @@ -67,9 +71,15 @@ ARG(OPT_HEADER, '\0', POPT_ARG_STRING, N_("Device or file with separated LUKS he ARG(OPT_HEADER_BACKUP_FILE, '\0', POPT_ARG_STRING, N_("File with LUKS header and keyslots backup"), NULL, CRYPT_ARG_STRING, {}, {}) -ARG(OPT_HOTZONE_SIZE, '\0', POPT_ARG_STRING, N_("Maximal reencryption hotzone size."), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_HOTZONE_SIZE_ACTIONS) +ARG(OPT_HOTZONE_SIZE, '\0', POPT_ARG_STRING, N_("Maximal reencryption hotzone size"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_HOTZONE_SIZE_ACTIONS) + +ARG(OPT_HW_OPAL, '\0', POPT_ARG_NONE, N_("Use HW OPAL encryption together with SW encryption"), NULL, CRYPT_ARG_BOOL, {}, OPT_HW_OPAL_ACTIONS) + +ARG(OPT_HW_OPAL_FACTORY_RESET, '\0', POPT_ARG_NONE, N_("Wipe WHOLE OPAL disk on luksErase"), NULL, CRYPT_ARG_BOOL, {}, OPT_ERASE_ACTIONS) -ARG(OPT_INIT_ONLY, '\0', POPT_ARG_NONE, N_("Initialize LUKS2 reencryption in metadata only."), NULL, CRYPT_ARG_BOOL, {}, {}) +ARG(OPT_HW_OPAL_ONLY, '\0', POPT_ARG_NONE, N_("Use only HW OPAL encryption"), NULL, CRYPT_ARG_BOOL, {}, OPT_HW_OPAL_ONLY_ACTIONS) + +ARG(OPT_INIT_ONLY, '\0', POPT_ARG_NONE, N_("Initialize LUKS2 reencryption in metadata only"), NULL, CRYPT_ARG_BOOL, {}, {}) ARG(OPT_INTEGRITY, 'I', POPT_ARG_STRING, N_("Data integrity algorithm (LUKS2 only)"), NULL, CRYPT_ARG_STRING, {}, OPT_INTEGRITY_ACTIONS) @@ -85,7 +95,7 @@ ARG(OPT_IV_LARGE_SECTORS, '\0', POPT_ARG_NONE, N_("Use IV counted in sector size ARG(OPT_JSON_FILE, '\0', POPT_ARG_STRING, N_("Read or write the json from or to a file"), NULL, CRYPT_ARG_STRING, {}, {}) -ARG(OPT_KEEP_KEY, '\0', POPT_ARG_NONE, N_("Do not change volume key."), NULL, CRYPT_ARG_BOOL, {}, OPT_KEEP_KEY_ACTIONS) +ARG(OPT_KEEP_KEY, '\0', POPT_ARG_NONE, N_("Do not change volume key"), NULL, CRYPT_ARG_BOOL, {}, OPT_KEEP_KEY_ACTIONS) ARG(OPT_KEY_DESCRIPTION, '\0', POPT_ARG_STRING, N_("Key description"), NULL, CRYPT_ARG_STRING, {}, {}) @@ -105,20 +115,20 @@ ARG(OPT_KEYSLOT_KEY_SIZE, '\0', POPT_ARG_STRING, N_("LUKS2 keyslot: The size of ARG(OPT_LABEL, '\0', POPT_ARG_STRING, N_("Set label for the LUKS2 device"), NULL, CRYPT_ARG_STRING, {}, OPT_LABEL_ACTIONS) +ARG(OPT_LINK_VK_TO_KEYRING, '\0', POPT_ARG_STRING, N_("Set keyring where to link volume key"), NULL, CRYPT_ARG_STRING, {}, OPT_LINK_VK_TO_KEYRING_ACTIONS) + ARG(OPT_LUKS2_KEYSLOTS_SIZE, '\0', POPT_ARG_STRING, N_("LUKS2 header keyslots area size"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_LUKS2_KEYSLOTS_SIZE_ACTIONS) ARG(OPT_LUKS2_METADATA_SIZE, '\0', POPT_ARG_STRING, N_("LUKS2 header metadata area size"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_LUKS2_METADATA_SIZE_ACTIONS) -ARG(OPT_VOLUME_KEY_FILE, '\0', POPT_ARG_STRING, N_("Use the volume key from file."), NULL, CRYPT_ARG_STRING, {}, {}) - ARG(OPT_NEW_KEYFILE, '\0', POPT_ARG_STRING, N_("Read the key for a new slot from a file"), NULL, CRYPT_ARG_STRING, {}, OPT_NEW_KEYFILE_ACTIONS) -ARG(OPT_NEW_KEY_SLOT, '\0', POPT_ARG_STRING, N_("Slot number for new key (default is first free)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_SLOT }, OPT_NEW_KEY_SLOT_ACTIONS) - ARG(OPT_NEW_KEYFILE_OFFSET , '\0', POPT_ARG_STRING, N_("Number of bytes to skip in newly added keyfile"), N_("bytes"), CRYPT_ARG_UINT64, {}, {}) ARG(OPT_NEW_KEYFILE_SIZE, '\0', POPT_ARG_STRING, N_("Limits the read from newly added keyfile"), N_("bytes"), CRYPT_ARG_UINT32, {}, {}) +ARG(OPT_NEW_KEY_SLOT, '\0', POPT_ARG_STRING, N_("Slot number for new key (default is first free)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_SLOT }, OPT_NEW_KEY_SLOT_ACTIONS) + ARG(OPT_NEW_TOKEN_ID, '\0', POPT_ARG_STRING, N_("Token number (default: any)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_TOKEN }, OPT_NEW_TOKEN_ID_ACTIONS) ARG(OPT_OFFSET, 'o', POPT_ARG_STRING, N_("The start offset in the backend device"), N_("SECTORS"), CRYPT_ARG_UINT64, {}, OPT_OFFSET_ACTIONS) @@ -149,7 +159,7 @@ ARG(OPT_PROGRESS_FREQUENCY, '\0', POPT_ARG_STRING, N_("Progress line update (in ARG(OPT_READONLY, 'r', POPT_ARG_NONE, N_("Create a readonly mapping"), NULL, CRYPT_ARG_BOOL, {}, {}) -ARG(OPT_REDUCE_DEVICE_SIZE, '\0', POPT_ARG_STRING, N_("Reduce data device size (move data offset). DANGEROUS!"), N_("bytes"), CRYPT_ARG_UINT64, {}, {}) +ARG(OPT_REDUCE_DEVICE_SIZE, '\0', POPT_ARG_STRING, N_("Reduce data device size (move data offset), DANGEROUS!"), N_("bytes"), CRYPT_ARG_UINT64, {}, {}) ARG(OPT_REFRESH, '\0', POPT_ARG_NONE, N_("Refresh (reactivate) device with new parameters"), NULL, CRYPT_ARG_BOOL, {}, OPT_REFRESH_ACTIONS) @@ -157,7 +167,7 @@ ARG(OPT_RESILIENCE, '\0', POPT_ARG_STRING, N_("Reencryption hotzone resilience t ARG(OPT_RESILIENCE_HASH, '\0', POPT_ARG_STRING, N_("Reencryption hotzone checksums hash"), NULL, CRYPT_ARG_STRING, {}, {}) -ARG(OPT_RESUME_ONLY, '\0', POPT_ARG_NONE, N_("Resume initialized LUKS2 reencryption only."), NULL, CRYPT_ARG_BOOL, {}, {}) +ARG(OPT_RESUME_ONLY, '\0', POPT_ARG_NONE, N_("Resume initialized LUKS2 reencryption only"), NULL, CRYPT_ARG_BOOL, {}, {}) ARG(OPT_SECTOR_SIZE, '\0', POPT_ARG_STRING, N_("Encryption sector size (default: 512 bytes)"), "INT", CRYPT_ARG_UINT32, {}, OPT_SECTOR_SIZE_ACTIONS) @@ -171,12 +181,6 @@ ARG(OPT_SKIP, 'p', POPT_ARG_STRING, N_("How many sectors of the encrypted data t ARG(OPT_SUBSYSTEM, '\0', POPT_ARG_STRING, N_("Set subsystem label for the LUKS2 device"), NULL, CRYPT_ARG_STRING, {}, OPT_SUBSYSTEM_ACTIONS) -ARG(OPT_TCRYPT_BACKUP, '\0', POPT_ARG_NONE, N_("Use backup (secondary) TCRYPT header"), NULL, CRYPT_ARG_BOOL, {}, OPT_TCRYPT_BACKUP_ACTIONS) - -ARG(OPT_TCRYPT_HIDDEN, '\0', POPT_ARG_NONE, N_("Use hidden header (hidden TCRYPT device)"), NULL, CRYPT_ARG_BOOL, {}, OPT_TCRYPT_HIDDEN_ACTIONS) - -ARG(OPT_TCRYPT_SYSTEM, '\0', POPT_ARG_NONE, N_("Device is system TCRYPT drive (with bootloader)"), NULL, CRYPT_ARG_BOOL, {}, OPT_TCRYPT_SYSTEM_ACTIONS) - ARG(OPT_TEST_ARGS, '\0', POPT_ARG_NONE, N_("Do not run action, just validate all command line parameters"), NULL, CRYPT_ARG_BOOL, {}, {}) ARG(OPT_TEST_PASSPHRASE, '\0', POPT_ARG_NONE, N_("Do not activate device, just check passphrase"), NULL, CRYPT_ARG_BOOL, {}, OPT_TEST_PASSPHRASE_ACTIONS) @@ -191,6 +195,12 @@ ARG(OPT_TOKEN_REPLACE, '\0', POPT_ARG_NONE, N_("Replace the current token"), NUL ARG(OPT_TOKEN_TYPE, '\0', POPT_ARG_STRING, N_("Restrict allowed token types used to retrieve LUKS2 key"), NULL, CRYPT_ARG_STRING, {}, {}) +ARG(OPT_TCRYPT_BACKUP, '\0', POPT_ARG_NONE, N_("Use backup (secondary) TCRYPT header"), NULL, CRYPT_ARG_BOOL, {}, OPT_TCRYPT_BACKUP_ACTIONS) + +ARG(OPT_TCRYPT_HIDDEN, '\0', POPT_ARG_NONE, N_("Use hidden header (hidden TCRYPT device)"), NULL, CRYPT_ARG_BOOL, {}, OPT_TCRYPT_HIDDEN_ACTIONS) + +ARG(OPT_TCRYPT_SYSTEM, '\0', POPT_ARG_NONE, N_("Device is system TCRYPT drive (with bootloader)"), NULL, CRYPT_ARG_BOOL, {}, OPT_TCRYPT_SYSTEM_ACTIONS) + ARG(OPT_TRIES, 'T', POPT_ARG_STRING, N_("How often the input of the passphrase can be retried"), "INT", CRYPT_ARG_UINT32, { .u32_value = 3 }, {}) ARG(OPT_TYPE, 'M', POPT_ARG_STRING, N_("Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"), NULL, CRYPT_ARG_STRING, {}, {}) @@ -213,6 +223,10 @@ ARG(OPT_VERBOSE, 'v', POPT_ARG_NONE, N_("Shows more detailed error messages"), N ARG(OPT_VERIFY_PASSPHRASE, 'y', POPT_ARG_NONE, N_("Verifies the passphrase by asking for it twice"), NULL, CRYPT_ARG_BOOL, {}, {}) +ARG(OPT_VOLUME_KEY_FILE, '\0', POPT_ARG_STRING, N_("Use the volume key from file"), NULL, CRYPT_ARG_STRING, {}, {}) + +ARG(OPT_VOLUME_KEY_KEYRING, '\0', POPT_ARG_STRING, N_("Use the specified keyring key as a volume key"), NULL, CRYPT_ARG_STRING, {}, {}) + /* added for reencryption */ ARG(OPT_BLOCK_SIZE, 'B', POPT_ARG_STRING, N_("Reencryption block size"), N_("MiB"), CRYPT_ARG_UINT32, { .u32_value = 4 }, {}) diff --git a/src/cryptsetup_args.h b/src/cryptsetup_args.h index 63604a3..5df9e1e 100644 --- a/src/cryptsetup_args.h +++ b/src/cryptsetup_args.h @@ -1,8 +1,8 @@ /* * Command line arguments helpers * - * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2023 Ondrej Kozina + * Copyright (C) 2020-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -25,57 +25,64 @@ #include "utils_arg_names.h" #include "utils_arg_macros.h" +#define ADDKEY_ACTION "luksAddKey" #define BITLKDUMP_ACTION "bitlkDump" #define BENCHMARK_ACTION "benchmark" +#define CHANGEKEY_ACTION "luksChangeKey" #define CLOSE_ACTION "close" +#define CONVERTKEY_ACTION "luksConvertKey" #define CONFIG_ACTION "config" #define CONVERT_ACTION "convert" #define ERASE_ACTION "erase" -#define FVAULT2DUMP_ACTION "fvault2Dump" -#define ISLUKS_ACTION "isLuks" -#define ADDKEY_ACTION "luksAddKey" -#define CHANGEKEY_ACTION "luksChangeKey" -#define CONVERTKEY_ACTION "luksConvertKey" -#define LUKSDUMP_ACTION "luksDump" #define FORMAT_ACTION "luksFormat" +#define FVAULT2DUMP_ACTION "fvault2Dump" #define HEADERBACKUP_ACTION "luksHeaderBackup" #define HEADERRESTORE_ACTION "luksHeaderRestore" +#define ISLUKS_ACTION "isLuks" #define KILLKEY_ACTION "luksKillSlot" -#define REMOVEKEY_ACTION "luksRemoveKey" -#define RESUME_ACTION "luksResume" -#define SUSPEND_ACTION "luksSuspend" -#define UUID_ACTION "luksUUID" +#define LUKSDUMP_ACTION "luksDump" #define OPEN_ACTION "open" #define REENCRYPT_ACTION "reencrypt" +#define REMOVEKEY_ACTION "luksRemoveKey" #define REPAIR_ACTION "repair" #define RESIZE_ACTION "resize" +#define RESUME_ACTION "luksResume" #define STATUS_ACTION "status" +#define SUSPEND_ACTION "luksSuspend" #define TCRYPTDUMP_ACTION "tcryptDump" #define TOKEN_ACTION "token" +#define UUID_ACTION "luksUUID" /* avoid unshielded commas in ARG() macros later */ #define OPT_ALIGN_PAYLOAD_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION } #define OPT_ALLOW_DISCARDS_ACTIONS { OPEN_ACTION } #define OPT_DEFERRED_ACTIONS { CLOSE_ACTION } #define OPT_DEVICE_SIZE_ACTIONS { OPEN_ACTION, RESIZE_ACTION, REENCRYPT_ACTION } +#define OPT_DISABLE_BLKID_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION } #define OPT_DISABLE_VERACRYPT_ACTIONS { OPEN_ACTION, TCRYPTDUMP_ACTION } -#define OPT_HOTZONE_SIZE_ACTIONS { REENCRYPT_ACTION } +#define OPT_ERASE_ACTIONS { ERASE_ACTION } +#define OPT_EXTERNAL_TOKENS_PATH_ACTIONS { RESIZE_ACTION, OPEN_ACTION, ADDKEY_ACTION, LUKSDUMP_ACTION, RESUME_ACTION, TOKEN_ACTION } #define OPT_FORCE_OFFLINE_REENCRYPT_ACTIONS { REENCRYPT_ACTION } -#define OPT_INTEGRITY_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION } -#define OPT_INTEGRITY_NO_WIPE_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION } +#define OPT_HOTZONE_SIZE_ACTIONS { REENCRYPT_ACTION } +#define OPT_HW_OPAL_ACTIONS { FORMAT_ACTION } +#define OPT_HW_OPAL_ONLY_ACTIONS OPT_HW_OPAL_ACTIONS +#define OPT_INTEGRITY_ACTIONS { FORMAT_ACTION } +#define OPT_INTEGRITY_NO_WIPE_ACTIONS { FORMAT_ACTION } #define OPT_ITER_TIME_ACTIONS { BENCHMARK_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, REENCRYPT_ACTION } #define OPT_IV_LARGE_SECTORS_ACTIONS { OPEN_ACTION } #define OPT_KEEP_KEY_ACTIONS { REENCRYPT_ACTION } +#define OPT_KEY_DESCRIPTION_ACTIONS { TOKEN_ACTION } #define OPT_KEY_SIZE_ACTIONS { OPEN_ACTION, BENCHMARK_ACTION, FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION } #define OPT_KEY_SLOT_ACTIONS { OPEN_ACTION, REENCRYPT_ACTION, CONFIG_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, LUKSDUMP_ACTION, TOKEN_ACTION, RESUME_ACTION } #define OPT_KEYSLOT_CIPHER_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION } #define OPT_KEYSLOT_KEY_SIZE_ACTIONS OPT_KEYSLOT_CIPHER_ACTIONS -#define OPT_NEW_KEYFILE_ACTIONS { ADDKEY_ACTION } -#define OPT_NEW_KEY_SLOT_ACTIONS { ADDKEY_ACTION } -#define OPT_NEW_TOKEN_ID_ACTIONS { ADDKEY_ACTION } #define OPT_LABEL_ACTIONS { CONFIG_ACTION, FORMAT_ACTION, REENCRYPT_ACTION } +#define OPT_LINK_VK_TO_KEYRING_ACTIONS { OPEN_ACTION, RESUME_ACTION } #define OPT_LUKS2_KEYSLOTS_SIZE_ACTIONS { REENCRYPT_ACTION, FORMAT_ACTION } #define OPT_LUKS2_METADATA_SIZE_ACTIONS { REENCRYPT_ACTION, FORMAT_ACTION } +#define OPT_NEW_KEYFILE_ACTIONS { ADDKEY_ACTION } +#define OPT_NEW_KEY_SLOT_ACTIONS { ADDKEY_ACTION } +#define OPT_NEW_TOKEN_ID_ACTIONS { ADDKEY_ACTION } #define OPT_OFFSET_ACTIONS { OPEN_ACTION, REENCRYPT_ACTION, FORMAT_ACTION } #define OPT_PBKDF_ACTIONS { BENCHMARK_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, REENCRYPT_ACTION } #define OPT_PBKDF_FORCE_ITERATIONS_ACTIONS { FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, REENCRYPT_ACTION } diff --git a/src/integritysetup.c b/src/integritysetup.c index eee6171..0e5d70f 100644 --- a/src/integritysetup.c +++ b/src/integritysetup.c @@ -1,8 +1,8 @@ /* * integritysetup - setup integrity protected volumes for dm-integrity * - * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2017-2023 Milan Broz + * Copyright (C) 2017-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2017-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -190,13 +190,18 @@ static int action_format(void) goto out; } - r = tools_detect_signatures(action_argv[0], PRB_FILTER_NONE, &signatures, ARG_SET(OPT_BATCH_MODE_ID)); - if (r < 0) - goto out; + if (!ARG_SET(OPT_DISABLE_BLKID_ID)) { + r = tools_detect_signatures(action_argv[0], PRB_FILTER_NONE, &signatures, ARG_SET(OPT_BATCH_MODE_ID)); + if (r < 0) { + if (r == -EIO) + log_err(_("Blkid scan failed for %s."), action_argv[0]); + goto out; + } - /* Signature candidates found */ - if (signatures && ((r = tools_wipe_all_signatures(action_argv[0], true, false)) < 0)) - goto out; + /* Signature candidates found */ + if (signatures && ((r = tools_wipe_all_signatures(action_argv[0], true, false)) < 0)) + goto out; + } if (ARG_SET(OPT_INTEGRITY_LEGACY_PADDING_ID)) crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING); @@ -212,8 +217,12 @@ static int action_format(void) log_std(_("Formatted with tag size %u, internal integrity %s.\n"), params2.tag_size, params2.integrity); - if (!ARG_SET(OPT_NO_WIPE_ID)) + if (!ARG_SET(OPT_NO_WIPE_ID)) { r = _wipe_data_device(cd, integrity_key); + /* Interrupted wipe should not fail format action */ + if (r == -EINTR) + r = 0; + } out: crypt_safe_free(integrity_key); crypt_safe_free(CONST_CAST(void*)params.journal_integrity_key); @@ -660,6 +669,9 @@ int main(int argc, const char **argv) textdomain(PACKAGE); popt_context = poptGetContext("integrity", argc, argv, popt_options, 0); + if (!popt_context) + exit(EXIT_FAILURE); + poptSetOtherOptionHelp(popt_context, _("[OPTION...] <action> <action-specific>")); diff --git a/src/integritysetup_arg_list.h b/src/integritysetup_arg_list.h index 39f2906..083184b 100644 --- a/src/integritysetup_arg_list.h +++ b/src/integritysetup_arg_list.h @@ -1,8 +1,8 @@ /* * Integritysetup command line arguments list * - * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2023 Ondrej Kozina + * Copyright (C) 2020-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,7 +29,7 @@ ARG(OPT_BUFFER_SECTORS, '\0', POPT_ARG_STRING, N_("Buffers size"), N_("SECTORS") ARG(OPT_BITMAP_FLUSH_TIME, '\0', POPT_ARG_STRING, N_("Bitmap mode flush time"), N_("ms"), CRYPT_ARG_UINT32, {}, {}) -ARG(OPT_BITMAP_SECTORS_PER_BIT, '\0', POPT_ARG_STRING, N_("Number of 512-byte sectors per bit (bitmap mode)."), "INT", CRYPT_ARG_UINT32, {}, {}) +ARG(OPT_BITMAP_SECTORS_PER_BIT, '\0', POPT_ARG_STRING, N_("Number of 512-byte sectors per bit (bitmap mode)"), "INT", CRYPT_ARG_UINT32, {}, {}) ARG(OPT_CANCEL_DEFERRED, '\0', POPT_ARG_NONE, N_("Cancel a previously set deferred device removal"), NULL, CRYPT_ARG_BOOL, {}, OPT_DEFERRED_ACTIONS) @@ -39,8 +39,14 @@ ARG(OPT_DEBUG, '\0', POPT_ARG_NONE, N_("Show debug messages"), NULL, CRYPT_ARG_B ARG(OPT_DEFERRED, '\0', POPT_ARG_NONE, N_("Device removal is deferred until the last user closes it"), NULL, CRYPT_ARG_BOOL, {}, OPT_DEFERRED_ACTIONS) +ARG(OPT_DEVICE_SIZE, '\0', POPT_ARG_STRING, N_("Use only specified device size (ignore rest of device), DANGEROUS!"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_DEVICE_SIZE_ACTIONS) + +ARG(OPT_DISABLE_BLKID, '\0', POPT_ARG_NONE, N_("Disable blkid on-disk signature detection and wiping"), NULL, CRYPT_ARG_BOOL, {}, OPT_DISABLE_BLKID_ACTIONS) + ARG(OPT_INTEGRITY, 'I', POPT_ARG_STRING, N_("Data integrity algorithm"), NULL, CRYPT_ARG_STRING, { .str_value = CONST_CAST(void *)DEFAULT_ALG_NAME }, {}) +ARG(OPT_INTEGRITY_BITMAP_MODE, 'B', POPT_ARG_NONE, N_("Use bitmap to track changes and disable journal for integrity device"), NULL, CRYPT_ARG_BOOL, {}, {}) + ARG(OPT_INTEGRITY_KEY_FILE, '\0', POPT_ARG_STRING, N_("Read the integrity key from a file"), NULL, CRYPT_ARG_STRING, {}, {}) ARG(OPT_INTEGRITY_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the data integrity key"), N_("BITS"), CRYPT_ARG_UINT32, {}, {}) @@ -53,6 +59,12 @@ ARG(OPT_INTEGRITY_LEGACY_RECALC, '\0', POPT_ARG_NONE, N_("Allow recalculating of ARG(OPT_INTEGRITY_NO_JOURNAL, 'D', POPT_ARG_NONE, N_("Disable journal for integrity device"), NULL, CRYPT_ARG_BOOL, {}, {}) +ARG(OPT_INTEGRITY_RECALCULATE, '\0', POPT_ARG_NONE, N_("Recalculate initial tags automatically"), NULL, CRYPT_ARG_BOOL, {}, OPT_INTEGRITY_RECALCULATE_ACTIONS) + +ARG(OPT_INTEGRITY_RECALCULATE_RESET, '\0', POPT_ARG_NONE, N_("Reset automatic recalculate position"), NULL, CRYPT_ARG_BOOL, {}, OPT_INTEGRITY_RECALCULATE_ACTIONS) + +ARG(OPT_INTEGRITY_RECOVERY_MODE, 'R', POPT_ARG_NONE, N_("Recovery mode (no journal, no tag checking)"), NULL, CRYPT_ARG_BOOL, {}, {}) + ARG(OPT_INTERLEAVE_SECTORS, '\0', POPT_ARG_STRING, N_("Interleave sectors"), N_("SECTORS"), CRYPT_ARG_UINT32, {}, OPT_INTERLEAVE_SECTORS_ACTIONS) ARG(OPT_JOURNAL_COMMIT_TIME, '\0', POPT_ARG_STRING, N_("Journal commit time"), N_("ms"), CRYPT_ARG_UINT32, {}, {}) @@ -75,26 +87,16 @@ ARG(OPT_JOURNAL_WATERMARK, '\0', POPT_ARG_STRING, N_("Journal watermark"), N_("p ARG(OPT_NO_WIPE, '\0', POPT_ARG_NONE, N_("Do not wipe device after format"), NULL, CRYPT_ARG_BOOL, {}, OPT_NO_WIPE_ACTIONS) -ARG(OPT_WIPE, '\0', POPT_ARG_NONE, N_("Wipe the end of the device after resize"), NULL, CRYPT_ARG_BOOL, {}, OPT_WIPE_ACTIONS) - ARG(OPT_PROGRESS_FREQUENCY, '\0', POPT_ARG_STRING, N_("Progress line update (in seconds)"), N_("secs"), CRYPT_ARG_UINT32, {}, {}) ARG(OPT_PROGRESS_JSON, '\0', POPT_ARG_NONE, N_("Print wipe progress data in json format (suitable for machine processing)"), NULL, CRYPT_ARG_BOOL, {}, OPT_PROGRESS_JSON_ACTIONS) -ARG(OPT_INTEGRITY_BITMAP_MODE, 'B', POPT_ARG_NONE, N_("Use bitmap to track changes and disable journal for integrity device"), NULL, CRYPT_ARG_BOOL, {}, {}) - -ARG(OPT_INTEGRITY_RECALCULATE, '\0', POPT_ARG_NONE, N_("Recalculate initial tags automatically."), NULL, CRYPT_ARG_BOOL, {}, OPT_INTEGRITY_RECALCULATE_ACTIONS) - -ARG(OPT_INTEGRITY_RECALCULATE_RESET, '\0', POPT_ARG_NONE, N_("Reset automatic recalculate position."), NULL, CRYPT_ARG_BOOL, {}, OPT_INTEGRITY_RECALCULATE_ACTIONS) - -ARG(OPT_INTEGRITY_RECOVERY_MODE, 'R', POPT_ARG_NONE, N_("Recovery mode (no journal, no tag checking)"), NULL, CRYPT_ARG_BOOL, {}, {}) - ARG(OPT_SECTOR_SIZE, 's', POPT_ARG_STRING, N_("Sector size"), N_("bytes"), CRYPT_ARG_UINT32, { .u32_value = 512 }, OPT_SECTOR_SIZE_ACTIONS) +ARG(OPT_SIZE, 'b', POPT_ARG_STRING, N_("The size of the device"), N_("SECTORS"), CRYPT_ARG_UINT64, {}, OPT_SIZE_ACTIONS) + ARG(OPT_TAG_SIZE, 't', POPT_ARG_STRING, N_("Tag size (per-sector)"), N_("bytes"), CRYPT_ARG_UINT32, {}, OPT_TAG_SIZE_ACTIONS) ARG(OPT_VERBOSE, 'v', POPT_ARG_NONE, N_("Shows more detailed error messages"), NULL, CRYPT_ARG_BOOL, {}, {}) -ARG(OPT_DEVICE_SIZE, '\0', POPT_ARG_STRING, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_DEVICE_SIZE_ACTIONS) - -ARG(OPT_SIZE, 'b', POPT_ARG_STRING, N_("The size of the device"), N_("SECTORS"), CRYPT_ARG_UINT64, {}, OPT_SIZE_ACTIONS) +ARG(OPT_WIPE, '\0', POPT_ARG_NONE, N_("Wipe the end of the device after resize"), NULL, CRYPT_ARG_BOOL, {}, OPT_WIPE_ACTIONS) diff --git a/src/integritysetup_args.h b/src/integritysetup_args.h index 8241008..5595a84 100644 --- a/src/integritysetup_args.h +++ b/src/integritysetup_args.h @@ -1,8 +1,8 @@ /* * Command line arguments helpers * - * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2023 Ondrej Kozina + * Copyright (C) 2020-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -25,24 +25,25 @@ #include "utils_arg_names.h" #include "utils_arg_macros.h" +#define DUMP_ACTION "dump" #define FORMAT_ACTION "format" -#define OPEN_ACTION "open" #define CLOSE_ACTION "close" -#define STATUS_ACTION "status" -#define DUMP_ACTION "dump" +#define OPEN_ACTION "open" #define RESIZE_ACTION "resize" +#define STATUS_ACTION "status" #define OPT_ALLOW_DISCARDS_ACTIONS { OPEN_ACTION } #define OPT_DEFERRED_ACTIONS { CLOSE_ACTION } +#define OPT_DEVICE_SIZE_ACTIONS { RESIZE_ACTION } +#define OPT_DISABLE_BLKID_ACTIONS { FORMAT_ACTION } #define OPT_INTEGRITY_RECALCULATE_ACTIONS { OPEN_ACTION } +#define OPT_INTERLEAVE_SECTORS_ACTIONS { FORMAT_ACTION } #define OPT_JOURNAL_SIZE_ACTIONS { FORMAT_ACTION } #define OPT_NO_WIPE_ACTIONS { FORMAT_ACTION } -#define OPT_INTERLEAVE_SECTORS_ACTIONS { FORMAT_ACTION } #define OPT_PROGRESS_JSON_ACTIONS { FORMAT_ACTION, RESIZE_ACTION } #define OPT_SECTOR_SIZE_ACTIONS { FORMAT_ACTION } -#define OPT_TAG_SIZE_ACTIONS { FORMAT_ACTION } -#define OPT_DEVICE_SIZE_ACTIONS { RESIZE_ACTION } #define OPT_SIZE_ACTIONS { RESIZE_ACTION } +#define OPT_TAG_SIZE_ACTIONS { FORMAT_ACTION } #define OPT_WIPE_ACTIONS { RESIZE_ACTION } enum { diff --git a/src/meson.build b/src/meson.build new file mode 100644 index 0000000..3fd1ff5 --- /dev/null +++ b/src/meson.build @@ -0,0 +1,77 @@ +src_build_dir = meson.current_build_dir() + +if get_option('cryptsetup') + cryptsetup_files = files( + 'cryptsetup.c', + 'utils_args.c', + 'utils_blockdev.c', + 'utils_luks.c', + 'utils_password.c', + 'utils_progress.c', + 'utils_reencrypt.c', + 'utils_reencrypt_luks1.c', + 'utils_tools.c', + ) + cryptsetup_files += lib_tools_files + cryptsetup_deps = [ + popt, + pwquality, + passwdqc, + uuid, + blkid, + ] + cryptsetup = executable('cryptsetup', + cryptsetup_files, + dependencies: cryptsetup_deps, + link_with: libcryptsetup, + link_args: link_args, + include_directories: includes_tools) +endif + +if get_option('veritysetup') + veritysetup_files = files( + 'utils_args.c', + 'utils_tools.c', + 'veritysetup.c', + ) + veritysetup_files += lib_tools_files + veritysetup_deps = [ + popt, + blkid, + ] + + veritysetup = executable('veritysetup', + veritysetup_files, + dependencies: veritysetup_deps, + link_with: libcryptsetup, + link_args: link_args, + include_directories: includes_tools) +endif + +if get_option('integritysetup') + integritysetup_files = files( + 'integritysetup.c', + 'utils_args.c', + 'utils_blockdev.c', + 'utils_progress.c', + 'utils_tools.c', + ) + integritysetup_files += lib_tools_files + integritysetup_deps = [ + popt, + uuid, + blkid, + ] + + integritysetup = executable('integritysetup', + integritysetup_files, + dependencies: integritysetup_deps, + link_with: libcryptsetup, + link_args: link_args, + include_directories: includes_tools) +endif + +src_ssh_token_files = files( + 'utils_password.c', + 'utils_tools.c', +) diff --git a/src/utils_arg_macros.h b/src/utils_arg_macros.h index 901b3f4..eba0eca 100644 --- a/src/utils_arg_macros.h +++ b/src/utils_arg_macros.h @@ -1,8 +1,8 @@ /* * Command line arguments parsing helpers * - * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2023 Ondrej Kozina + * Copyright (C) 2020-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/utils_arg_names.h b/src/utils_arg_names.h index 66a59e8..4ec5510 100644 --- a/src/utils_arg_names.h +++ b/src/utils_arg_names.h @@ -1,8 +1,8 @@ /* * Command line arguments name list * - * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2023 Ondrej Kozina + * Copyright (C) 2020-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -41,6 +41,7 @@ #define OPT_DEFERRED "deferred" #define OPT_DEVICE_SIZE "device-size" #define OPT_DECRYPT "decrypt" +#define OPT_DISABLE_BLKID "disable-blkid" #define OPT_DISABLE_EXTERNAL_TOKENS "disable-external-tokens" #define OPT_DISABLE_KEYRING "disable-keyring" #define OPT_DISABLE_LOCKS "disable-locks" @@ -49,6 +50,7 @@ #define OPT_DUMP_MASTER_KEY "dump-master-key" #define OPT_DUMP_VOLUME_KEY "dump-volume-key" #define OPT_ENCRYPT "encrypt" +#define OPT_EXTERNAL_TOKENS_PATH "external-tokens-path" #define OPT_FEC_DEVICE "fec-device" #define OPT_FEC_OFFSET "fec-offset" #define OPT_FEC_ROOTS "fec-roots" @@ -61,6 +63,9 @@ #define OPT_HEADER "header" #define OPT_HEADER_BACKUP_FILE "header-backup-file" #define OPT_HOTZONE_SIZE "hotzone-size" +#define OPT_HW_OPAL "hw-opal" +#define OPT_HW_OPAL_ONLY "hw-opal-only" +#define OPT_HW_OPAL_FACTORY_RESET "hw-opal-factory-reset" #define OPT_IGNORE_CORRUPTION "ignore-corruption" #define OPT_IGNORE_ZERO_BLOCKS "ignore-zero-blocks" #define OPT_INIT_ONLY "init-only" @@ -102,10 +107,12 @@ #define OPT_NO_WIPE "no-wipe" #define OPT_WIPE "wipe" #define OPT_LABEL "label" +#define OPT_LINK_VK_TO_KEYRING "link-vk-to-keyring" #define OPT_LUKS2_KEYSLOTS_SIZE "luks2-keyslots-size" #define OPT_LUKS2_METADATA_SIZE "luks2-metadata-size" #define OPT_MASTER_KEY_FILE "master-key-file" #define OPT_VOLUME_KEY_FILE "volume-key-file" +#define OPT_VOLUME_KEY_KEYRING "volume-key-keyring" #define OPT_NEW "new" #define OPT_NEW_KEY_SLOT "new-key-slot" #define OPT_NEW_KEYFILE "new-keyfile" diff --git a/src/utils_args.c b/src/utils_args.c index fda2350..47be0c3 100644 --- a/src/utils_args.c +++ b/src/utils_args.c @@ -1,8 +1,8 @@ /* * Command line arguments parsing helpers * - * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2023 Ondrej Kozina + * Copyright (C) 2020-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/utils_blockdev.c b/src/utils_blockdev.c index ae6dec4..c797cf4 100644 --- a/src/utils_blockdev.c +++ b/src/utils_blockdev.c @@ -1,8 +1,8 @@ /* * Linux block devices helpers * - * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2023 Ondrej Kozina + * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -222,17 +222,22 @@ int tools_detect_signatures(const char *device, tools_probe_filter_info filter, switch (filter) { case PRB_FILTER_LUKS: + log_dbg("Blkid check (filter LUKS)."); if (blk_superblocks_filter_luks(h)) { r = -EINVAL; + log_dbg("Blkid filter LUKS probe failed."); goto out; } /* fall-through */ case PRB_FILTER_NONE: + log_dbg("Blkid check (filter none)."); blk_set_chains_for_full_print(h); break; case PRB_ONLY_LUKS: + log_dbg("Blkid check (LUKS only)."); blk_set_chains_for_fast_detection(h); if (blk_superblocks_only_luks(h)) { + log_dbg("Blkid only LUKS probe failed."); r = -EINVAL; goto out; } @@ -251,8 +256,11 @@ int tools_detect_signatures(const char *device, tools_probe_filter_info filter, (*count)++; } - if (pr == PRB_FAIL) - r = -EINVAL; + if (pr == PRB_FAIL) { + /* Expect device cannot be read */ + r = -EIO; + log_dbg("Blkid probe failed."); + } out: blk_free(h); return r; @@ -302,6 +310,8 @@ int tools_wipe_all_signatures(const char *path, bool exclusive, bool only_luks) goto out; } + log_dbg("Blkid wipe."); + while ((pr = blk_probe(h)) < PRB_EMPTY) { if (blk_is_partition(h)) log_verbose(_("Existing '%s' partition signature on device %s will be wiped."), diff --git a/src/utils_luks.c b/src/utils_luks.c index 6a10ab6..5007b3f 100644 --- a/src/utils_luks.c +++ b/src/utils_luks.c @@ -1,9 +1,9 @@ /* * Helper utilities for LUKS2 features * - * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2023 Milan Broz - * Copyright (C) 2018-2023 Ondrej Kozina + * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2024 Milan Broz + * Copyright (C) 2018-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -50,7 +50,8 @@ bool isLUKS1(const char *type) bool isLUKS2(const char *type) { - return type && !strcmp(type, CRYPT_LUKS2); + /* OPAL just changes the driver, header format is identical, so overload */ + return type && (!strcmp(type, CRYPT_LUKS2)); } int verify_passphrase(int def) diff --git a/src/utils_luks.h b/src/utils_luks.h index 28220ab..6183b26 100644 --- a/src/utils_luks.h +++ b/src/utils_luks.h @@ -1,9 +1,9 @@ /* * Helper utilities for LUKS in cryptsetup * - * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2018-2023 Milan Broz - * Copyright (C) 2018-2023 Ondrej Kozina + * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2024 Milan Broz + * Copyright (C) 2018-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/utils_password.c b/src/utils_password.c index 3374e18..70da4b0 100644 --- a/src/utils_password.c +++ b/src/utils_password.c @@ -1,8 +1,8 @@ /* * Password quality check wrapper * - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2023 Milan Broz + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -98,6 +98,7 @@ static int tools_check_password(const char *password) #elif defined ENABLE_PASSWDQC return tools_check_passwdqc(password); #else + UNUSED(password); return 0; #endif } diff --git a/src/utils_progress.c b/src/utils_progress.c index 76b1818..3105bed 100644 --- a/src/utils_progress.c +++ b/src/utils_progress.c @@ -1,8 +1,8 @@ /* * cryptsetup - progress output utilities * - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/utils_reencrypt.c b/src/utils_reencrypt.c index a78557c..7546811 100644 --- a/src/utils_reencrypt.c +++ b/src/utils_reencrypt.c @@ -1,9 +1,9 @@ /* * cryptsetup - action re-encryption utilities * - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz - * Copyright (C) 2021-2023 Ondrej Kozina + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz + * Copyright (C) 2021-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -306,7 +306,7 @@ static int reencrypt_luks2_load(struct crypt_device *cd, const char *data_device if (!ARG_SET(OPT_BATCH_MODE_ID) && !ARG_SET(OPT_RESUME_ONLY_ID)) { r = asprintf(&msg, _("Device %s is already in LUKS2 reencryption. " "Do you wish to resume previously initialised operation?"), - crypt_get_metadata_device_name(cd) ?: data_device); + crypt_get_metadata_device_name(cd) ?: crypt_get_device_name(cd)); if (r < 0) { r = -ENOMEM; goto out; @@ -349,11 +349,6 @@ static int luks2_reencrypt_in_progress(struct crypt_device *cd) if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags)) return -EINVAL; - if (flags & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) { - log_err(_("Legacy LUKS2 reencryption is no longer supported.")); - return -EINVAL; - } - return flags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT; } @@ -411,14 +406,34 @@ static enum device_status_info load_luks(struct crypt_device **r_cd, static bool luks2_reencrypt_eligible(struct crypt_device *cd) { + uint32_t flags; struct crypt_params_integrity ip = { 0 }; + if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags)) + return false; + + if (flags & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) { + log_err(_("Legacy LUKS2 reencryption is no longer supported.")); + return false; + } + + if (flags & CRYPT_REQUIREMENT_OPAL) { + log_err(_("Can not reencrypt LUKS2 device configured to use OPAL.")); + return false; + } + /* raw integrity info is available since 2.0 */ if (crypt_get_integrity_info(cd, &ip) || ip.tag_size) { log_err(_("Reencryption of device with integrity profile is not supported.")); return false; } + /* Check that cipher is in compatible format */ + if (!crypt_get_cipher(cd)) { + log_err(_("No known cipher specification pattern detected in LUKS2 header.")); + return false; + } + return true; } @@ -1322,9 +1337,15 @@ static int check_broken_luks_signature(const char *device) int r; size_t count; + if (ARG_SET(OPT_DISABLE_BLKID_ID)) + return 0; + r = tools_detect_signatures(device, PRB_ONLY_LUKS, &count, ARG_SET(OPT_BATCH_MODE_ID)); - if (r < 0) + if (r < 0) { + if (r == -EIO) + log_err(_("Blkid scan failed for %s."), device); return -EINVAL; + } if (count) { log_err(_("Device %s contains broken LUKS metadata. Aborting operation."), device); return -EINVAL; @@ -1449,6 +1470,8 @@ static int _decrypt(struct crypt_device **cd, enum device_status_info dev_st, co if ((r = reencrypt_luks2_load(*cd, data_device)) < 0) return r; } else if (dev_st == DEVICE_LUKS2) { + if (!luks2_reencrypt_eligible(*cd)) + return -EINVAL; if (!ARG_SET(OPT_HEADER_ID)) { log_err(_("LUKS2 decryption requires --header option.")); return -EINVAL; diff --git a/src/utils_reencrypt_luks1.c b/src/utils_reencrypt_luks1.c index ae849c0..1e36ad9 100644 --- a/src/utils_reencrypt_luks1.c +++ b/src/utils_reencrypt_luks1.c @@ -1,8 +1,8 @@ /* * cryptsetup - LUKS1 utility for offline re-encryption * - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2023 Milan Broz + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/utils_tools.c b/src/utils_tools.c index a0e2ebc..5cfd9e6 100644 --- a/src/utils_tools.c +++ b/src/utils_tools.c @@ -3,8 +3,8 @@ * * Copyright (C) 2004 Jana Saout <jana@saout.de> * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org> - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -435,8 +435,9 @@ int tools_write_mk(const char *file, const char *key, int keysize) void tools_package_version(const char *name, bool use_pwlibs) { - bool udev = false, blkid = false, keyring = false, fips = false; - bool kernel_capi = false, pwquality = false, passwdqc = false; + bool udev = false, blkid = false, keyring = false, fips = false, + kernel_capi = false, pwquality = false, passwdqc = false, + hw_opal = false; #ifdef USE_UDEV udev = true; #endif @@ -457,12 +458,16 @@ void tools_package_version(const char *name, bool use_pwlibs) #elif defined(ENABLE_PASSWDQC) passwdqc = true; #endif - log_std("%s %s flags: %s%s%s%s%s%s%s\n", name, PACKAGE_VERSION, +#ifdef HAVE_HW_OPAL + hw_opal = true; +#endif + log_std("%s %s flags: %s%s%s%s%s%s%s%s\n", name, PACKAGE_VERSION, udev ? "UDEV " : "", blkid ? "BLKID " : "", keyring ? "KEYRING " : "", fips ? "FIPS " : "", kernel_capi ? "KERNEL_CAPI " : "", pwquality && use_pwlibs ? "PWQUALITY " : "", - passwdqc && use_pwlibs ? "PASSWDQC " : ""); + passwdqc && use_pwlibs ? "PASSWDQC " : "", + hw_opal ? "HW_OPAL " : ""); } diff --git a/src/veritysetup.c b/src/veritysetup.c index 8be81cc..3fd90fc 100644 --- a/src/veritysetup.c +++ b/src/veritysetup.c @@ -1,8 +1,8 @@ /* * veritysetup - setup cryptographic volumes for dm-verity * - * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2023 Milan Broz + * Copyright (C) 2012-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -599,6 +599,9 @@ int main(int argc, const char **argv) textdomain(PACKAGE); popt_context = poptGetContext("verity", argc, argv, popt_options, 0); + if (!popt_context) + exit(EXIT_FAILURE); + poptSetOtherOptionHelp(popt_context, _("[OPTION...] <action> <action-specific>")); diff --git a/src/veritysetup_arg_list.h b/src/veritysetup_arg_list.h index 014273e..34002f3 100644 --- a/src/veritysetup_arg_list.h +++ b/src/veritysetup_arg_list.h @@ -1,8 +1,8 @@ /* * Veritysetup command line arguments list * - * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2023 Ondrej Kozina + * Copyright (C) 2020-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/src/veritysetup_args.h b/src/veritysetup_args.h index d47813d..43f4a23 100644 --- a/src/veritysetup_args.h +++ b/src/veritysetup_args.h @@ -1,8 +1,8 @@ /* * Command line arguments helpers * - * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2020-2023 Ondrej Kozina + * Copyright (C) 2020-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -35,8 +35,8 @@ #define OPT_DEFERRED_ACTIONS { CLOSE_ACTION } #define OPT_IGNORE_CORRUPTION_ACTIONS { OPEN_ACTION } #define OPT_IGNORE_ZERO_BLOCKS_ACTIONS { OPEN_ACTION } -#define OPT_RESTART_ON_CORRUPTION_ACTIONS { OPEN_ACTION } #define OPT_PANIC_ON_CORRUPTION_ACTIONS { OPEN_ACTION } +#define OPT_RESTART_ON_CORRUPTION_ACTIONS { OPEN_ACTION } #define OPT_ROOT_HASH_FILE_ACTIONS { FORMAT_ACTION, OPEN_ACTION, VERIFY_ACTION } #define OPT_ROOT_HASH_SIGNATURE_ACTIONS { OPEN_ACTION } #define OPT_USE_TASKLETS_ACTIONS { OPEN_ACTION } diff --git a/tests/Makefile.am b/tests/Makefile.am index c8a46a8..75c1d3d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -4,6 +4,7 @@ TESTS = 00modules-test \ compat-args-test \ compat-test \ compat-test2 \ + compat-test-opal \ loopaes-test \ align-test \ align-test2 \ @@ -44,15 +45,7 @@ if EXTERNAL_TOKENS TESTS += systemd-test-plugin endif -ssh-test-plugin: fake_token_path.so -systemd-test-plugin: fake_token_path.so fake_systemd_tpm_path.so - -# Do not use global CFLAGS here as the *.so link does not support sanitizers -fake_token_path.so: fake_token_path.c - $(CC) $(LDFLAGS) -I $(top_srcdir)/lib -fPIC -shared -D_GNU_SOURCE \ - -Wl,--version-script=$(top_srcdir)/lib/libcryptsetup.sym \ - -o fake_token_path.so $(top_srcdir)/tests/fake_token_path.c \ - -DBUILD_DIR=\"$(abs_top_srcdir)/.libs/\" +systemd-test-plugin: fake_systemd_tpm_path.so fake_systemd_tpm_path.so: fake_systemd_tpm_path.c $(CC) $(LDFLAGS) -fPIC -shared -D_GNU_SOURCE -o fake_systemd_tpm_path.so \ @@ -68,6 +61,7 @@ EXTRA_DIST = compatimage.img.xz compatv10image.img.xz \ luks2_valid_hdr.img.xz \ luks2_header_requirements.tar.xz \ luks2_mda_images.tar.xz \ + luks2_invalid_cipher.img.xz \ evil_hdr-payload_overwrite.xz \ evil_hdr-stripes_payload_dmg.xz \ evil_hdr-luks_hdr_damage.xz \ @@ -79,6 +73,7 @@ EXTRA_DIST = compatimage.img.xz compatv10image.img.xz \ compat-args-test \ compat-test \ compat-test2 \ + compat-test-opal \ loopaes-test align-test discards-test mode-test password-hash-test \ align-test2 verity-compat-test \ reencryption-compat-test \ @@ -103,14 +98,14 @@ EXTRA_DIST = compatimage.img.xz compatv10image.img.xz \ ssh-test-plugin \ generate-symbols-list \ run-all-symbols \ - fake_token_path.c \ fake_systemd_tpm_path.c \ unit-wipe-test \ systemd-test-plugin -CLEANFILES = cryptsetup-tst* valglog* *-fail-*.log test-symbols-list.h fake_token_path.so fake_systemd_tpm_path.so +CLEANFILES = cryptsetup-tst* valglog* *-fail-*.log test-symbols-list.h fake_systemd_tpm_path.so clean-local: - -rm -rf tcrypt-images luks1-images luks2-images bitlk-images fvault2-images conversion_imgs luks2_valid_hdr.img blkid-luks2-pv-img blkid-luks2-pv-img.bcp external-tokens + -rm -rf tcrypt-images luks1-images luks2-images bitlk-images fvault2-images conversion_imgs \ + luks2_valid_hdr.img blkid-luks2-pv-img blkid-luks2-pv-img.bcp external-tokens luks2_invalid_cipher.img differ_SOURCES = differ.c differ_CFLAGS = $(AM_CFLAGS) -Wall -O2 @@ -165,7 +160,7 @@ all_symbols_test_CPPFLAGS = $(AM_CPPFLAGS) -D_GNU_SOURCE check_PROGRAMS = api-test api-test-2 differ vectors-test unit-utils-io unit-utils-crypt-test unit-wipe all-symbols-test -check-programs: test-symbols-list.h $(check_PROGRAMS) fake_token_path.so fake_systemd_tpm_path.so +check-programs: test-symbols-list.h $(check_PROGRAMS) fake_systemd_tpm_path.so conversion_imgs: @tar xJf conversion_imgs.tar.xz @@ -177,6 +172,7 @@ valgrind-check: api-test api-test-2 differ @VALG=1 ./compat-args-test @VALG=1 ./compat-test @VALG=1 ./compat-test2 + @[ -z "$(OPAL2_PSID_FILE)" ] || VALG=1 ./compat-test-opal @VALG=1 ./luks2-validation-test @VALG=1 ./verity-compat-test @VALG=1 ./integrity-compat-test @@ -198,7 +194,7 @@ valgrind-check: api-test api-test-2 differ @VALG=1 ./password-hash-test @VALG=1 ./reencryption-compat-test @VALG=1 ./fvault2-compat-test - @[ -z "$RUN_SSH_PLUGIN_TEST" ] || VALG=1 ./ssh-test-plugin + @[ -z "$(RUN_SSH_PLUGIN_TEST)" ] || VALG=1 ./ssh-test-plugin @INFOSTRING="unit-utils-crypt-test" ./valg-api.sh ./unit-utils-crypt-test @INFOSTRING="vectors-test" ./valg-api.sh ./vectors-test @grep -l "ERROR SUMMARY: [^0][0-9]* errors" valglog* || echo "No leaks detected." diff --git a/tests/align-test b/tests/align-test index 5941cde..d2932ae 100755 --- a/tests/align-test +++ b/tests/align-test @@ -12,8 +12,13 @@ FAST_PBKDF="--pbkdf-force-iterations 1000" FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi + function fips_mode() { @@ -54,7 +59,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -92,7 +100,7 @@ add_device() { exit 77 fi - sleep 2 + sleep 1 DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) if [ ! -e /sys/block/$DEV/alignment_offset ] ; then @@ -176,7 +184,7 @@ format_plain() # sector size { echo -n "Formatting plain device (sector size $1)..." if [ -n "$DM_SECTOR_SIZE" ] ; then - echo $PWD1 | $CRYPTSETUP open --type plain --hash sha256 --sector-size $1 $DEV $DEV_NAME || fail + echo $PWD1 | $CRYPTSETUP open --type plain --cipher aes-cbc-essiv:sha256 --key-size 256 --hash sha256 --sector-size $1 $DEV $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail echo "PASSED" else diff --git a/tests/align-test2 b/tests/align-test2 index 33126a4..23d418a 100755 --- a/tests/align-test2 +++ b/tests/align-test2 @@ -11,8 +11,12 @@ PWD1="93R4P4pIqAH8" PWD2="mymJeD8ivEhE" FAST_PBKDF="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi cleanup() { udevadm settle >/dev/null 2>&1 @@ -49,7 +53,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -87,7 +94,7 @@ add_device() { exit 77 fi - sleep 2 + sleep 1 DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) if [ ! -e /sys/block/$DEV/alignment_offset ] ; then diff --git a/tests/all-symbols-test.c b/tests/all-symbols-test.c index 10c7fe2..8d75044 100644 --- a/tests/all-symbols-test.c +++ b/tests/all-symbols-test.c @@ -1,7 +1,7 @@ /* * Test utility checking symbol versions in libcryptsetup. * - * Copyright (C) 2021-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2021-2024 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -85,6 +85,10 @@ static int check_dlvsym(void *h, const char *symbol, const char *version) } log_dbg("OK\n"); +#else + UNUSED(h); + UNUSED(symbol); + UNUSED(version); #endif return 0; } diff --git a/tests/api-test-2.c b/tests/api-test-2.c index 824ae65..8a7a60e 100644 --- a/tests/api-test-2.c +++ b/tests/api-test-2.c @@ -1,9 +1,9 @@ /* * cryptsetup library LUKS2 API check functions * - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz - * Copyright (C) 2016-2023 Ondrej Kozina + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz + * Copyright (C) 2016-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -59,10 +59,12 @@ typedef int32_t key_serial_t; #define L_DEVICE_0S "luks_zerosec" #define L_DEVICE_WRONG "luks_wr" #define L_DEVICE_OK "luks_ok" +#define L_PLACEHOLDER "bdev_reference_placeholder" #define REQS_LUKS2_HEADER "luks2_header_requirements" #define NO_REQS_LUKS2_HEADER "luks2_header_requirements_free" #define BACKUP_FILE "csetup_backup_file" #define IMAGE1 "compatimage2.img" +#define EMPTY_HEADER "empty.hdr" #define IMAGE_EMPTY "empty.img" #define IMAGE_EMPTY_SMALL "empty_small.img" #define IMAGE_EMPTY_SMALL_2 "empty_small2.img" @@ -83,6 +85,19 @@ typedef int32_t key_serial_t; #define DEVICE_CHAR "/dev/zero" #define THE_LFILE_TEMPLATE "cryptsetup-tstlp.XXXXXX" +#define TEST_KEYRING_USER "cs_apitest2_keyring_in_user" +#define TEST_KEYRING_USER_NAME "%keyring:" TEST_KEYRING_USER +#define TEST_KEYRING_SESSION "cs_apitest2_keyring_in_session" +#define TEST_KEYRING_SESSION_NAME "%keyring:" TEST_KEYRING_SESSION +#define TEST_KEY_VK_USER "api_test_user_vk1" +#define TEST_KEY_VK_USER_NAME "\%user:" TEST_KEY_VK_USER +#define TEST_KEY_VK_LOGON "cs_api_test_prefix:api_test_logon_vk1" +#define TEST_KEY_VK_LOGON_NAME "\%logon:" TEST_KEY_VK_LOGON +#define TEST_KEY_VK_USER2 "api_test_user_vk2" +#define TEST_KEY_VK_USER2_NAME "\%user:" TEST_KEY_VK_USER2 +#define TEST_KEY_VK_LOGON2 "cs_api_test_prefix:api_test_logon_vk2" +#define TEST_KEY_VK_LOGON2_NAME "\%logon:" TEST_KEY_VK_LOGON + #define KEY_DESC_TEST0 "cs_token_test:test_key0" #define KEY_DESC_TEST1 "cs_token_test:test_key1" @@ -141,6 +156,10 @@ static uint32_t default_luks2_iter_time = 0; static uint32_t default_luks2_memory_kb = 0; static uint32_t default_luks2_parallel_threads = 0; +#ifdef KERNEL_KEYRING +static char keyring_in_user_str_id[32] = {0}; +#endif + static struct crypt_pbkdf_type min_pbkdf2 = { .type = "pbkdf2", .iterations = 1000, @@ -196,7 +215,7 @@ static int get_luks2_offsets(int metadata_device, uint64_t *r_header_size, uint64_t *r_payload_offset) { - struct crypt_device *cd = NULL; + struct crypt_device *_cd = NULL; static uint64_t default_header_size = 0; if (r_header_size) @@ -205,16 +224,16 @@ static int get_luks2_offsets(int metadata_device, *r_payload_offset = 0; if (!default_header_size) { - if (crypt_init(&cd, THE_LOOP_DEV)) + if (crypt_init(&_cd, THE_LOOP_DEV)) return -EINVAL; - if (crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, NULL)) { - crypt_free(cd); + if (crypt_format(_cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, NULL)) { + crypt_free(_cd); return -EINVAL; } - default_header_size = crypt_get_data_offset(cd); + default_header_size = crypt_get_data_offset(_cd); - crypt_free(cd); + crypt_free(_cd); } if (!sector_size) @@ -225,7 +244,7 @@ static int get_luks2_offsets(int metadata_device, if (r_payload_offset) { if (metadata_device) - *r_payload_offset = alignpayload_sec * sector_size; + *r_payload_offset = (uint64_t)alignpayload_sec * sector_size; else *r_payload_offset = DIV_ROUND_UP_MODULO(default_header_size * 512, (alignpayload_sec ?: 1) * sector_size); @@ -278,6 +297,9 @@ static void _cleanup_dmdevices(void) { struct stat st; + if (!stat(DMDIR L_PLACEHOLDER, &st)) + _system("dmsetup remove " DM_RETRY L_PLACEHOLDER DM_NOSTDERR, 0); + if (!stat(DMDIR H_DEVICE, &st)) _system("dmsetup remove " DM_RETRY H_DEVICE DM_NOSTDERR, 0); @@ -299,80 +321,6 @@ static void _cleanup_dmdevices(void) t_dev_offset = 0; } -static void _cleanup(void) -{ - struct stat st; - - CRYPT_FREE(cd); - CRYPT_FREE(cd2); - - //_system("udevadm settle", 0); - - if (!stat(DMDIR CDEVICE_1, &st)) - _system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0); - - if (!stat(DMDIR CDEVICE_2, &st)) - _system("dmsetup remove " DM_RETRY CDEVICE_2 DM_NOSTDERR, 0); - - if (!stat(DEVICE_EMPTY, &st)) - _system("dmsetup remove " DM_RETRY DEVICE_EMPTY_name DM_NOSTDERR, 0); - - if (!stat(DEVICE_ERROR, &st)) - _system("dmsetup remove " DM_RETRY DEVICE_ERROR_name DM_NOSTDERR, 0); - - _cleanup_dmdevices(); - - if (loop_device(THE_LOOP_DEV)) - loop_detach(THE_LOOP_DEV); - - if (loop_device(DEVICE_1)) - loop_detach(DEVICE_1); - - if (loop_device(DEVICE_2)) - loop_detach(DEVICE_2); - - if (loop_device(DEVICE_3)) - loop_detach(DEVICE_3); - - if (loop_device(DEVICE_4)) - loop_detach(DEVICE_4); - - if (loop_device(DEVICE_5)) - loop_detach(DEVICE_5); - - if (loop_device(DEVICE_6)) - loop_detach(DEVICE_6); - - _system("rm -f " IMAGE_EMPTY, 0); - _system("rm -f " IMAGE1, 0); - _system("rm -rf " CONV_DIR, 0); - - if (test_loop_file) - remove(test_loop_file); - if (tmp_file_1) - remove(tmp_file_1); - - remove(REQS_LUKS2_HEADER); - remove(NO_REQS_LUKS2_HEADER); - remove(BACKUP_FILE); - remove(IMAGE_PV_LUKS2_SEC); - remove(IMAGE_PV_LUKS2_SEC ".bcp"); - remove(IMAGE_EMPTY_SMALL); - remove(IMAGE_EMPTY_SMALL_2); - - _remove_keyfiles(); - - free(tmp_file_1); - free(test_loop_file); - free(THE_LOOP_DEV); - free(DEVICE_1); - free(DEVICE_2); - free(DEVICE_3); - free(DEVICE_4); - free(DEVICE_5); - free(DEVICE_6); -} - static int _setup(void) { int fd, ro = 0; @@ -429,6 +377,8 @@ static int _setup(void) _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL_2 " bs=512 count=2050 2>/dev/null", 1); + _system("dd if=/dev/zero of=" EMPTY_HEADER " bs=4K count=1 2>/dev/null", 1); + _system(" [ ! -e " NO_REQS_LUKS2_HEADER " ] && tar xJf " REQS_LUKS2_HEADER ".tar.xz", 1); fd = loop_attach(&DEVICE_4, NO_REQS_LUKS2_HEADER, 0, 0, &ro); close(fd); @@ -467,7 +417,7 @@ static int _setup(void) return 0; } -static int set_fast_pbkdf(struct crypt_device *cd) +static int set_fast_pbkdf(struct crypt_device *_cd) { const struct crypt_pbkdf_type *pbkdf = &min_argon2; @@ -475,7 +425,7 @@ static int set_fast_pbkdf(struct crypt_device *cd) if (_fips_mode) pbkdf = &min_pbkdf2; - return crypt_set_pbkdf_type(cd, pbkdf); + return crypt_set_pbkdf_type(_cd, pbkdf); } #ifdef KERNEL_KEYRING @@ -489,6 +439,21 @@ static key_serial_t keyctl_unlink(key_serial_t key, key_serial_t keyring) return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring); } +static key_serial_t keyctl_link(key_serial_t key, key_serial_t keyring) +{ + return syscall(__NR_keyctl, KEYCTL_LINK, key, keyring); +} + +static long keyctl_update(key_serial_t id, const void *payload, size_t plen) +{ + return syscall(__NR_keyctl, KEYCTL_UPDATE, id, payload, plen); +} + +static long keyctl_read(key_serial_t id, char *buffer, size_t buflen) +{ + return syscall(__NR_keyctl, KEYCTL_READ, id, buffer, buflen); +} + static key_serial_t request_key(const char *type, const char *description, const char *callout_info, @@ -497,33 +462,168 @@ static key_serial_t request_key(const char *type, return syscall(__NR_request_key, type, description, callout_info, keyring); } -static key_serial_t _kernel_key_by_segment(struct crypt_device *cd, int segment) +/* key handle permissions mask */ +typedef uint32_t key_perm_t; +#define KEY_POS_ALL 0x3f000000 +#define KEY_USR_ALL 0x003f0000 + +static key_serial_t add_key_set_perm(const char *type, const char *description, const void *payload, size_t plen, key_serial_t keyring, key_perm_t perm) +{ + long l; + key_serial_t kid = syscall(__NR_add_key, type, description, payload, plen, KEY_SPEC_THREAD_KEYRING); + + if (kid < 0) + return kid; + + l = syscall(__NR_keyctl, KEYCTL_SETPERM, kid, perm); + if (l == 0) + l = syscall(__NR_keyctl, KEYCTL_LINK, kid, keyring); + + syscall(__NR_keyctl, KEYCTL_UNLINK, kid, KEY_SPEC_THREAD_KEYRING); + + return l == 0 ? kid : -EINVAL; +} + +static key_serial_t _kernel_key_by_segment_and_type(struct crypt_device *_cd, int segment, + const char* type) { char key_description[1024]; - if (snprintf(key_description, sizeof(key_description), "cryptsetup:%s-d%u", crypt_get_uuid(cd), segment) < 1) + if (snprintf(key_description, sizeof(key_description), "cryptsetup:%s-d%u", crypt_get_uuid(_cd), segment) < 1) return -1; - return request_key("logon", key_description, NULL, 0); + return request_key(type, key_description, NULL, 0); } -static int _volume_key_in_keyring(struct crypt_device *cd, int segment) +static key_serial_t _kernel_key_by_segment(struct crypt_device *_cd, int segment) { - return _kernel_key_by_segment(cd, segment) >= 0 ? 0 : -1; + return _kernel_key_by_segment_and_type(_cd, segment, "logon"); +} + +static int _volume_key_in_keyring(struct crypt_device *_cd, int segment) +{ + return _kernel_key_by_segment(_cd, segment) >= 0 ? 0 : -1; +} + +static int _drop_keyring_key_from_keyring_name(const char *key_description, key_serial_t keyring, const char* type) +{ + //key_serial_t kid = request_key(type, key_description, NULL, keyring); + key_serial_t kid = request_key(type, key_description, NULL, 0); + + if (kid < 0) + return -2; + + return keyctl_unlink(kid, keyring); } -static int _drop_keyring_key(struct crypt_device *cd, int segment) +static int _drop_keyring_key_from_keyring_type(struct crypt_device *_cd, int segment, + key_serial_t keyring, const char* type) { - key_serial_t kid = _kernel_key_by_segment(cd, segment); + key_serial_t kid = _kernel_key_by_segment_and_type(_cd, segment, type); if (kid < 0) return -1; - return keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING); + return keyctl_unlink(kid, keyring); +} + +static int _drop_keyring_key(struct crypt_device *_cd, int segment) +{ + return _drop_keyring_key_from_keyring_type(_cd, segment, KEY_SPEC_THREAD_KEYRING, "logon"); } #endif -static int test_open(struct crypt_device *cd __attribute__((unused)), +static void _cleanup(void) +{ + struct stat st; + + CRYPT_FREE(cd); + CRYPT_FREE(cd2); + + //_system("udevadm settle", 0); + + if (!stat(DMDIR CDEVICE_1, &st)) + _system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0); + + if (!stat(DMDIR CDEVICE_2, &st)) + _system("dmsetup remove " DM_RETRY CDEVICE_2 DM_NOSTDERR, 0); + + if (!stat(DEVICE_EMPTY, &st)) + _system("dmsetup remove " DM_RETRY DEVICE_EMPTY_name DM_NOSTDERR, 0); + + if (!stat(DEVICE_ERROR, &st)) + _system("dmsetup remove " DM_RETRY DEVICE_ERROR_name DM_NOSTDERR, 0); + + _cleanup_dmdevices(); + + if (loop_device(THE_LOOP_DEV)) + loop_detach(THE_LOOP_DEV); + + if (loop_device(DEVICE_1)) + loop_detach(DEVICE_1); + + if (loop_device(DEVICE_2)) + loop_detach(DEVICE_2); + + if (loop_device(DEVICE_3)) + loop_detach(DEVICE_3); + + if (loop_device(DEVICE_4)) + loop_detach(DEVICE_4); + + if (loop_device(DEVICE_5)) + loop_detach(DEVICE_5); + + if (loop_device(DEVICE_6)) + loop_detach(DEVICE_6); + + _system("rm -f " IMAGE_EMPTY, 0); + _system("rm -f " IMAGE1, 0); + _system("rm -rf " CONV_DIR, 0); + _system("rm -f " EMPTY_HEADER, 0); + + if (test_loop_file) + remove(test_loop_file); + if (tmp_file_1) + remove(tmp_file_1); + + remove(REQS_LUKS2_HEADER); + remove(NO_REQS_LUKS2_HEADER); + remove(BACKUP_FILE); + remove(IMAGE_PV_LUKS2_SEC); + remove(IMAGE_PV_LUKS2_SEC ".bcp"); + remove(IMAGE_EMPTY_SMALL); + remove(IMAGE_EMPTY_SMALL_2); + + _remove_keyfiles(); + + free(tmp_file_1); + free(test_loop_file); + free(THE_LOOP_DEV); + free(DEVICE_1); + free(DEVICE_2); + free(DEVICE_3); + free(DEVICE_4); + free(DEVICE_5); + free(DEVICE_6); + +#ifdef KERNEL_KEYRING + char *end; + key_serial_t krid; + + if (keyring_in_user_str_id[0] != '\0') { + krid = strtoul(keyring_in_user_str_id, &end, 0); + if (!*end) + (void)keyctl_unlink(krid, KEY_SPEC_USER_KEYRING); + } + + krid = request_key("keyring", TEST_KEYRING_SESSION, NULL, 0); + if (krid > 0) + (void)keyctl_unlink(krid, KEY_SPEC_SESSION_KEYRING); +#endif +} + +static int test_open(struct crypt_device *_cd __attribute__((unused)), int token __attribute__((unused)), char **buffer, size_t *buffer_len, @@ -539,7 +639,35 @@ static int test_open(struct crypt_device *cd __attribute__((unused)), return 0; } -static int test_validate(struct crypt_device *cd __attribute__((unused)), const char *json) +static int test_open_pass(struct crypt_device *_cd __attribute__((unused)), + int token __attribute__((unused)), + char **buffer, + size_t *buffer_len, + void *usrptr __attribute__((unused))) +{ + *buffer = strdup(PASSPHRASE); + if (!*buffer) + return -ENOMEM; + *buffer_len = strlen(*buffer); + + return 0; +} + +static int test_open_pass1(struct crypt_device *_cd __attribute__((unused)), + int token __attribute__((unused)), + char **buffer, + size_t *buffer_len, + void *usrptr __attribute__((unused))) +{ + *buffer = strdup(PASSPHRASE1); + if (!*buffer) + return -ENOMEM; + *buffer_len = strlen(*buffer); + + return 0; +} + +static int test_validate(struct crypt_device *_cd __attribute__((unused)), const char *json) { return (strstr(json, "magic_string") == NULL); } @@ -1925,6 +2053,10 @@ static void Tokens(void) #define LUKS2_KEYRING_TOKEN_JSON_BAD(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\":[" x "]," \ "\"key_description\":" y ", \"some_field\":\"some_value\"}" +#define TEST_TOKEN2_JSON(x) "{\"type\":\"test_token2\",\"keyslots\":[" x "] }" + +#define TEST_TOKEN3_JSON(x) "{\"type\":\"test_token3\",\"keyslots\":[" x "] }" + int ks, token_max; const char *dummy; @@ -1933,6 +2065,7 @@ static void Tokens(void) char passptr[] = PASSPHRASE; char passptr1[] = PASSPHRASE1; struct crypt_active_device cad; + struct crypt_keyslot_context *kc; static const crypt_token_handler th = { .name = "test_token", @@ -1948,6 +2081,12 @@ static void Tokens(void) }, th_reserved = { .name = "luks2-prefix", .open = test_open + }, th4 = { + .name = "test_token2", + .open = test_open_pass, // PASSPHRASE + }, th5 = { + .name = "test_token3", + .open = test_open_pass1, // PASSPHRASE1 }; struct crypt_token_params_luks2_keyring params = { @@ -2153,6 +2292,60 @@ static void Tokens(void) OK_(crypt_deactivate(cd, CDEVICE_1)); CRYPT_FREE(cd); + // test token based API with keyslot parameter + OK_(crypt_token_register(&th4)); // PASSPHRASE + OK_(crypt_token_register(&th5)); // PASSPHRASE1 + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(set_fast_pbkdf(cd)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 1); + EQ_(crypt_keyslot_add_by_volume_key(cd, 2, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 2); + + EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 3); + EQ_(crypt_keyslot_add_by_volume_key(cd, 4, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 4); + EQ_(crypt_keyslot_add_by_volume_key(cd, 5, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 5); + + OK_(crypt_keyslot_set_priority(cd, 0, CRYPT_SLOT_PRIORITY_IGNORE)); + OK_(crypt_keyslot_set_priority(cd, 3, CRYPT_SLOT_PRIORITY_IGNORE)); + + OK_(crypt_keyslot_set_priority(cd, 2, CRYPT_SLOT_PRIORITY_PREFER)); + OK_(crypt_keyslot_set_priority(cd, 5, CRYPT_SLOT_PRIORITY_PREFER)); + + EQ_(crypt_keyslot_add_by_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 6); + EQ_(crypt_keyslot_add_by_key(cd, 7, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 7); + + OK_(crypt_keyslot_set_priority(cd, 6, CRYPT_SLOT_PRIORITY_PREFER)); + OK_(crypt_keyslot_set_priority(cd, 7, CRYPT_SLOT_PRIORITY_PREFER)); + + EQ_(crypt_token_json_set(cd, 0, TEST_TOKEN2_JSON("\"0\", \"5\", \"1\", \"6\"")), 0); // PASSPHRASE + EQ_(crypt_token_json_set(cd, 1, TEST_TOKEN3_JSON("\"4\", \"6\", \"0\", \"5\"")), 1); // PASSPHRASE1 + + /* keyslots: + * + * 0 ignore (token 0) + * 1 normal (token 0) + * 2 prefer - + * 3 ignore - + * 4 normal (token 1) + * 5 prefer (token 1, token 0 wrong passphrase) + * 6 prefer (unbound, token 0, token 1 wrong passphrase) + * 7 prefer (unbound) + */ + + OK_(crypt_keyslot_context_init_by_token(cd, 0, NULL, NULL, 0, NULL, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 1); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 6); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, 7, kc, CRYPT_ANY_SLOT, NULL, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), -ENOENT); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, 5, kc, CRYPT_ANY_SLOT, NULL, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), -EPERM); + crypt_keyslot_context_free(kc); + + OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 5); + crypt_keyslot_context_free(kc); + + CRYPT_FREE(cd); + EQ_(crypt_token_max(CRYPT_LUKS2), 32); FAIL_(crypt_token_max(CRYPT_LUKS1), "No token support in LUKS1"); FAIL_(crypt_token_max(NULL), "No LUKS format specified"); @@ -2802,7 +2995,8 @@ static void Pbkdf(void) OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); OK_(strcmp(pbkdf->hash, default_luks1_hash)); EQ_(pbkdf->time_ms, default_luks2_iter_time); - EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); + GE_(pbkdf->max_memory_kb, 64 * 1024); + GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); // set and verify argon2 type OK_(crypt_set_pbkdf_type(cd, &argon2)); @@ -2827,7 +3021,8 @@ static void Pbkdf(void) OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); OK_(strcmp(pbkdf->hash, default_luks1_hash)); EQ_(pbkdf->time_ms, default_luks2_iter_time); - EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); + GE_(pbkdf->max_memory_kb, 64 * 1024); + GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); // try to pass illegal values argon2.parallel_threads = 0; @@ -2858,14 +3053,16 @@ static void Pbkdf(void) OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); OK_(strcmp(pbkdf->hash, default_luks1_hash)); EQ_(pbkdf->time_ms, default_luks2_iter_time); - EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); + GE_(pbkdf->max_memory_kb, 64 * 1024); + GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); crypt_set_iteration_time(cd, 1); OK_(crypt_load(cd, CRYPT_LUKS, NULL)); OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); OK_(strcmp(pbkdf->hash, default_luks1_hash)); EQ_(pbkdf->time_ms, 1); - EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); + GE_(pbkdf->max_memory_kb, 64 * 1024); + GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); CRYPT_FREE(cd); @@ -2913,6 +3110,17 @@ static void Pbkdf(void) argon2.hash = NULL; OK_(crypt_set_pbkdf_type(cd, &argon2)); + argon2.flags = CRYPT_PBKDF_NO_BENCHMARK; + argon2.max_memory_kb = 2 * 1024 * 1024; + argon2.iterations = 6; + argon2.parallel_threads = 8; + OK_(crypt_set_pbkdf_type(cd, &argon2)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + EQ_(pbkdf->iterations, 6); + EQ_(pbkdf->max_memory_kb, 2 * 1024 *1024); + EQ_(pbkdf->parallel_threads, 4); /* hard maximum*/ + EQ_(pbkdf->flags, CRYPT_PBKDF_NO_BENCHMARK); + CRYPT_FREE(cd); NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS1)); @@ -3015,6 +3223,9 @@ static void Luks2KeyslotAdd(void) OK_(crypt_deactivate(cd, CDEVICE_1)); EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1); + /* check we can resume device with new volume key */ + OK_(crypt_suspend(cd, CDEVICE_1)); + EQ_(crypt_resume_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1)), 1); OK_(crypt_deactivate(cd, CDEVICE_1)); /* old keyslot must be unusable */ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Key doesn't match volume key digest"); @@ -4332,6 +4543,52 @@ static void Luks2Reencryption(void) CRYPT_FREE(cd); _cleanup_dmdevices(); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 1)); + + /* offline in-place encryption with reserved space in the head of data device */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + memset(&rparams, 0, sizeof(rparams)); + params2.sector_size = 512; + rparams.mode = CRYPT_REENCRYPT_ENCRYPT; + rparams.direction = CRYPT_REENCRYPT_FORWARD; + rparams.resilience = "checksum"; + rparams.hash = "sha256"; + rparams.luks2 = ¶ms2; + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30); + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams)); + FAIL_(crypt_reencrypt_run(cd, NULL, NULL), "context not initialized"); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams)); + OK_(crypt_reencrypt_run(cd, NULL, NULL)); + EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE); + CRYPT_FREE(cd); + + /* wipe existing header from previous run */ + _system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=4K count=5 2>/dev/null", 1); + /* open existing device from kernel (simulate active filesystem) */ + OK_(create_dmdevice_over_device(L_PLACEHOLDER, DMDIR L_DEVICE_OK, 1, r_header_size)); + + /* online in-place encryption with reserved space */ + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + OK_(crypt_init(&cd, EMPTY_HEADER)); + OK_(crypt_set_data_offset(cd, r_header_size)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30); + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams)); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_header_restore(cd, CRYPT_LUKS2, EMPTY_HEADER)); + NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_SHARED), "Failed to activate device in reencryption with shared flag."); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams)); + OK_(crypt_reencrypt_run(cd, NULL, NULL)); + EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 1)); @@ -5005,10 +5262,479 @@ static void VolumeKeyGet(void) _cleanup_dmdevices(); } -static int _crypt_load_check(struct crypt_device *cd) +static void KeyslotContextAndKeyringLink(void) +{ +#ifdef KERNEL_KEYRING + const char *cipher = "aes"; + const char *cipher_mode = "xts-plain64"; + struct crypt_keyslot_context *kc, *kc2; + uint64_t r_payload_offset; + char key[128]; + size_t key_size = 128; + key_serial_t kid, keyring_in_user_id, keyring_in_session_id, linked_kid, linked_kid2; + int suspend_status; + struct crypt_active_device cad; + char vk_buf[1024]; + long vk_len; + + struct crypt_pbkdf_type pbkdf = { + .type = CRYPT_KDF_ARGON2I, + .hash = "sha256", + .parallel_threads = 1, + .max_memory_kb = 128, + .iterations = 4, + .flags = CRYPT_PBKDF_NO_BENCHMARK + }; + struct crypt_params_luks2 params2 = { + .pbkdf = &pbkdf, + .sector_size = 4096 + }; + struct crypt_params_reencrypt rparams = { + .direction = CRYPT_REENCRYPT_FORWARD, + .resilience = "checksum", + .hash = "sha256", + .luks2 = ¶ms2, + }; + uint64_t r_header_size; + + if (_fips_mode) { + pbkdf.type = CRYPT_KDF_PBKDF2; + pbkdf.parallel_threads = 0; + pbkdf.max_memory_kb = 0; + pbkdf.iterations = 1000; + } + + OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); + + // prepare the device + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(set_fast_pbkdf(cd)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, KEY1, strlen(KEY1)), 1); + EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0)); + + kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid, "Test or kernel keyring are broken."); + + keyring_in_user_id = add_key_set_perm("keyring", TEST_KEYRING_USER, NULL, 0, KEY_SPEC_USER_KEYRING, KEY_POS_ALL | KEY_USR_ALL); + NOTFAIL_(keyring_in_user_id, "Test or kernel keyring are broken."); + NOTFAIL_(snprintf(keyring_in_user_str_id, sizeof(keyring_in_user_str_id)-1, "%u", keyring_in_user_id), "Failed to get string id."); + keyring_in_session_id = add_key_set_perm("keyring", TEST_KEYRING_SESSION, NULL, 0, KEY_SPEC_SESSION_KEYRING, KEY_POS_ALL | KEY_USR_ALL); + NOTFAIL_(keyring_in_session_id, "Test or kernel keyring are broken."); + + // test passphrase + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, NULL, CRYPT_ANY_SLOT, NULL, 0), -EINVAL); + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + crypt_keyslot_context_free(kc); + + OK_(crypt_keyslot_context_init_by_passphrase(cd, KEY1, strlen(KEY1), &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 1); + crypt_keyslot_context_free(kc); + + OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + crypt_keyslot_context_free(kc); + + OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 1); + crypt_keyslot_context_free(kc); + + OK_(crypt_keyslot_context_init_by_keyring(cd, KEY_DESC_TEST0, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + crypt_keyslot_context_free(kc); + + // test activation + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + FAIL_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), "already active"); + OK_(crypt_deactivate(cd, CDEVICE_1)); + crypt_keyslot_context_free(kc); + + OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + FAIL_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), "already active"); + OK_(crypt_deactivate(cd, CDEVICE_1)); + crypt_keyslot_context_free(kc); + + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 1); + FAIL_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), "already active"); + OK_(crypt_deactivate(cd, CDEVICE_1)); + crypt_keyslot_context_free(kc); + + OK_(crypt_keyslot_context_init_by_keyring(cd, KEY_DESC_TEST0, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + crypt_keyslot_context_free(kc); + + // test linking to a custom keyring linked in user keyring + OK_(crypt_set_keyring_to_link(cd, TEST_KEY_VK_USER, NULL, "user", keyring_in_user_str_id /* TEST_KEYRING_USER_NAME */)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0)); + + /* + * Otherwise we will not be able to search the TEST_KEYRING_USER in current context (see request_key(2): + * "The keyrings are searched in the order: thread-specific keyring, process-specific keyring, and then session keyring." + */ + NOTFAIL_(keyctl_link(keyring_in_user_id, KEY_SPEC_THREAD_KEYRING), "Failed to link in thread keyring."); + + FAIL_((linked_kid = request_key("logon", TEST_KEY_VK_USER, NULL, 0)), "VK was linked to custom keyring under wrong key type."); + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring."); + NOTFAIL_(_kernel_key_by_segment_and_type(cd, 0, "logon"), "dm-crypt VK was not uploaded in thread kernel keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + NOTFAIL_(keyctl_unlink(linked_kid, keyring_in_user_id), "VK was not linked to custom keyring after deactivation."); + FAIL_(_kernel_key_by_segment_and_type(cd, 0, "logon"), "dm-crypt VK remain linked in thread keyring."); + + OK_(crypt_set_keyring_to_link(cd, TEST_KEY_VK_LOGON, NULL, "logon", keyring_in_user_str_id /* TEST_KEYRING_USER_NAME */)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0)); + NOTFAIL_((linked_kid = request_key("logon", TEST_KEY_VK_LOGON, NULL, 0)), "VK was not linked to custom keyring."); + NOTFAIL_(_kernel_key_by_segment_and_type(cd, 0, "logon"), "dm-crypt VK was not uploaded in thread kernel keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + NOTFAIL_(keyctl_unlink(linked_kid, keyring_in_user_id), "VK was not linked to custom keyring after deactivation."); + FAIL_(_kernel_key_by_segment_and_type(cd, 0, "logon"), "dm-crypt VK remain linked in thread keyring."); + + OK_(crypt_set_keyring_to_link(cd, TEST_KEY_VK_LOGON, NULL, "logon", TEST_KEYRING_SESSION_NAME)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0)); + NOTFAIL_((linked_kid = request_key("logon", TEST_KEY_VK_LOGON, NULL, 0)), "VK was not linked to custom keyring."); + NOTFAIL_(_kernel_key_by_segment_and_type(cd, 0, "logon"), "dm-crypt VK was not uploaded in thread kernel keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + NOTFAIL_(keyctl_unlink(linked_kid, keyring_in_session_id), "VK was not linked to custom keyring after deactivation."); + FAIL_(_kernel_key_by_segment_and_type(cd, 0, "logon"), "dm-crypt VK remain linked in thread keyring."); + + // test repeated activation + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0)); + NOTFAIL_((linked_kid = request_key("logon", TEST_KEY_VK_LOGON, NULL, 0)), "VK was not linked to custom keyring after repeated activation."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + NOTFAIL_(request_key("logon", TEST_KEY_VK_LOGON, NULL, 0), "VK was not linked to custom keyring after deactivation."); + NOTFAIL_(keyctl_unlink(linked_kid, keyring_in_session_id), "VK was not linked to custom keyring after deactivation."); + FAIL_(request_key("logon", TEST_KEY_VK_LOGON, NULL, 0), "VK was probably wrongly linked in yet another keyring "); + + // change key type to default (user) + OK_(crypt_set_keyring_to_link(cd, TEST_KEY_VK_USER, NULL, NULL, TEST_KEYRING_USER_NAME)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0)); + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring after resetting key type."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + //NOTFAIL_(request_key("user", TEST_KEY_VK_USER, NULL, 0), "VK was not linked to custom keyring after deactivation."); + NOTFAIL_(keyctl_unlink(linked_kid, keyring_in_user_id), "VK was not linked to custom keyring after deactivation."); + FAIL_(request_key("user", TEST_KEY_VK_USER, NULL, 0), "VK was probably wrongly linked in yet another keyring "); + + // disable linking to session keyring + crypt_set_keyring_to_link(cd, NULL, NULL, NULL, NULL); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0)); + FAIL_(request_key("user", TEST_KEY_VK_USER, NULL, 0), "VK was probably wrongly linked in yet another keyring "); + FAIL_(request_key("logon", TEST_KEY_VK_LOGON, NULL, 0), "VK was probably wrongly linked in yet another keyring "); + NOTFAIL_(_kernel_key_by_segment_and_type(cd, 0, "logon"), "VK was not found in thread keyring"); + OK_(crypt_deactivate(cd, CDEVICE_1)); + FAIL_(_kernel_key_by_segment_and_type(cd, 0, "logon"), "failed to unlink the key from thread keyring"); + + // link VK to keyring and re-activate by the linked VK + crypt_set_keyring_to_link(cd, TEST_KEY_VK_USER, NULL, "user", TEST_KEYRING_SESSION_NAME); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + NOTFAIL_(request_key("user", TEST_KEY_VK_USER, NULL, 0), "VK was not linked to session keyring."); + OK_(crypt_keyslot_context_init_by_vk_in_keyring(cd, TEST_KEY_VK_USER_NAME, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + NOTFAIL_(request_key("user", TEST_KEY_VK_USER, NULL, 0), "VK was not linked to session keyring after deactivation."); + OK_(_drop_keyring_key_from_keyring_name(TEST_KEY_VK_USER, keyring_in_session_id, "user")); + FAIL_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), "activation via VK in keyring after dropping the key"); + + // load VK back to keyring by activating + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + // activate by bad VK in keyring (test if VK digest is verified) + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to session keyring after activation."); + GE_((vk_len = keyctl_read(linked_kid, vk_buf, sizeof(vk_buf))), 0); + vk_buf[0] = ~vk_buf[0]; + OK_(keyctl_update(linked_kid, vk_buf, vk_len)); + FAIL_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + OK_(_drop_keyring_key_from_keyring_name(TEST_KEY_VK_USER, keyring_in_session_id, "user")); + crypt_keyslot_context_free(kc); + + // After this point put resume tests only! + OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + suspend_status = crypt_suspend(cd, CDEVICE_1); + if (suspend_status == -ENOTSUP) { + printf("WARNING: Suspend/Resume not supported, skipping test.\n"); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken."); + CRYPT_FREE(cd); + _cleanup_dmdevices(); + return; + } + OK_(suspend_status); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED); + OK_(crypt_resume_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED); + OK_(crypt_deactivate(cd, CDEVICE_1)); + crypt_keyslot_context_free(kc); + + OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + OK_(crypt_suspend(cd, CDEVICE_1)); + EQ_(crypt_resume_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + crypt_keyslot_context_free(kc); + + OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 1); + OK_(crypt_suspend(cd, CDEVICE_1)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED); + EQ_(crypt_resume_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc), 1); + OK_(crypt_deactivate(cd, CDEVICE_1)); + crypt_keyslot_context_free(kc); + + OK_(crypt_keyslot_context_init_by_keyring(cd, KEY_DESC_TEST0, &kc)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + OK_(crypt_suspend(cd, CDEVICE_1)); + EQ_(crypt_resume_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + crypt_keyslot_context_free(kc); + + // resume by VK keyring context + crypt_set_keyring_to_link(cd, TEST_KEY_VK_USER, NULL, "user", TEST_KEYRING_SESSION_NAME); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0)); + NOTFAIL_(request_key("user", TEST_KEY_VK_USER, NULL, 0), "VK was not linked to session keyring."); + OK_(crypt_suspend(cd, CDEVICE_1)); + OK_(crypt_keyslot_context_init_by_vk_in_keyring(cd, TEST_KEY_VK_USER_NAME, &kc)); + EQ_(crypt_resume_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + NOTFAIL_(request_key("user", TEST_KEY_VK_USER, NULL, 0), "VK was not linked to session keyring after deactivation."); + OK_(_drop_keyring_key_from_keyring_name(TEST_KEY_VK_USER, keyring_in_session_id, "user")); + FAIL_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), "activation via VK in keyring after dropping the key"); + crypt_keyslot_context_free(kc); + + NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken."); + CRYPT_FREE(cd); + + // test storing two VKs in keyring during reencryption + OK_(get_luks2_offsets(1, 0, 0, &r_header_size, NULL)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16)); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 1); + EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0); + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2); + + // when no key name is specified, don't allow specifying type and keyring + EQ_(crypt_set_keyring_to_link(cd, NULL, NULL, NULL, keyring_in_user_str_id), -EINVAL); + EQ_(crypt_set_keyring_to_link(cd, NULL, NULL, "user", NULL), -EINVAL); + EQ_(crypt_set_keyring_to_link(cd, NULL, NULL, "user", keyring_in_user_str_id), -EINVAL); + + // key names have to be specified starting from the first + EQ_(crypt_set_keyring_to_link(cd, NULL, TEST_KEY_VK_USER, "user", keyring_in_user_str_id), -EINVAL); + EQ_(crypt_set_keyring_to_link(cd, TEST_KEY_VK_USER, NULL, "user", keyring_in_user_str_id), -ESRCH); + + EQ_(crypt_set_keyring_to_link(cd, TEST_KEY_VK_USER, TEST_KEY_VK_USER2, "user", keyring_in_user_str_id), 0); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + FAIL_((linked_kid = request_key("logon", TEST_KEY_VK_USER, NULL, 0)), "VK was linked to custom keyring under wrong key type."); + FAIL_((linked_kid2 = request_key("logon", TEST_KEY_VK_USER2, NULL, 0)), "VK was linked to custom keyring under wrong key type."); + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring."); + NOTFAIL_((linked_kid2 = request_key("user", TEST_KEY_VK_USER2, NULL, 0)), "VK was not linked to custom keyring."); + NOTFAIL_(_kernel_key_by_segment_and_type(cd, 0, "logon"), "dm-crypt VK was not uploaded in thread kernel keyring."); + NOTFAIL_(_kernel_key_by_segment_and_type(cd, 1, "logon"), "dm-crypt VK was not uploaded in thread kernel keyring."); + + OK_(crypt_deactivate(cd, CDEVICE_1)); + NOTFAIL_(keyctl_unlink(linked_kid, keyring_in_user_id), "VK was not linked to custom keyring after deactivation."); + NOTFAIL_(keyctl_unlink(linked_kid2, keyring_in_user_id), "VK was not linked to custom keyring after deactivation."); + FAIL_(_kernel_key_by_segment_and_type(cd, 0, "logon"), "dm-crypt VK remain linked in thread keyring."); + // BUG: Reencryption code does not unlink the second VK + // FAIL_(_kernel_key_by_segment_and_type(cd, 1, "logon"), "dm-crypt VK remain linked in thread keyring."); + + // check that VKs are linked without calling crypt_activate_by_passphrase again, when activate is called on the same context + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring."); + NOTFAIL_((linked_kid2 = request_key("user", TEST_KEY_VK_USER2, NULL, 0)), "VK was not linked to custom keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + NOTFAIL_(keyctl_unlink(linked_kid, keyring_in_user_id), "VK was not linked to custom keyring after deactivation."); + NOTFAIL_(keyctl_unlink(linked_kid2, keyring_in_user_id), "VK was not linked to custom keyring after deactivation."); + + // verify that the VK is no longer stored in a custom keyring + EQ_(crypt_set_keyring_to_link(cd, NULL, NULL, NULL, NULL), 0); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + FAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring."); + FAIL_((linked_kid2 = request_key("user", TEST_KEY_VK_USER2, NULL, 0)), "VK was not linked to custom keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + // test that after reencryption finishes (and there is only one VK), only one VK name is used + EQ_(crypt_set_keyring_to_link(cd, TEST_KEY_VK_USER, TEST_KEY_VK_USER2, "user", keyring_in_user_str_id), 0); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2); + OK_(crypt_reencrypt_run(cd, NULL, NULL)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring."); + FAIL_((linked_kid2 = request_key("user", TEST_KEY_VK_USER2, NULL, 0)), "VK was not linked to custom keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + // Reenncryption: test reactivation using linked keys + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 1); + EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0); + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2); + EQ_(crypt_set_keyring_to_link(cd, TEST_KEY_VK_USER, TEST_KEY_VK_USER2, "user", keyring_in_user_str_id), 0); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring."); + NOTFAIL_((linked_kid2 = request_key("user", TEST_KEY_VK_USER2, NULL, 0)), "VK was not linked to custom keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + OK_(crypt_keyslot_context_init_by_vk_in_keyring(cd, TEST_KEY_VK_USER_NAME , &kc)); + OK_(crypt_keyslot_context_init_by_vk_in_keyring(cd, TEST_KEY_VK_USER2_NAME, &kc2)); + + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0), -ESRCH); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc2, CRYPT_ANY_SLOT, NULL, 0), -ESRCH); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, NULL, CRYPT_ANY_SLOT, kc, 0), -EINVAL); + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, NULL, CRYPT_ANY_SLOT, kc2, 0), -EINVAL); + + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), 0); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + OK_(_drop_keyring_key_from_keyring_name(TEST_KEY_VK_USER, keyring_in_user_id, "user")); + OK_(_drop_keyring_key_from_keyring_name(TEST_KEY_VK_USER2, keyring_in_user_id, "user")); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), -EINVAL); + + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring."); + NOTFAIL_((linked_kid2 = request_key("user", TEST_KEY_VK_USER2, NULL, 0)), "VK was not linked to custom keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + GE_((vk_len = keyctl_read(linked_kid, vk_buf, sizeof(vk_buf))), 0); + vk_buf[0] = ~vk_buf[0]; + OK_(keyctl_update(linked_kid, vk_buf, vk_len)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), -EINVAL); + + OK_(_drop_keyring_key_from_keyring_name(TEST_KEY_VK_USER, keyring_in_user_id, "user")); + OK_(_drop_keyring_key_from_keyring_name(TEST_KEY_VK_USER2, keyring_in_user_id, "user")); + CRYPT_FREE(cd); + + // Decryption: test reactivation using linked keys + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 1); + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + rparams.mode = CRYPT_REENCRYPT_DECRYPT; + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, CRYPT_ANY_SLOT, NULL, NULL, &rparams), 0); + EQ_(crypt_set_keyring_to_link(cd, TEST_KEY_VK_USER, TEST_KEY_VK_USER2, "user", keyring_in_user_str_id), 0); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 1); + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring."); + FAIL_((linked_kid2 = request_key("user", TEST_KEY_VK_USER2, NULL, 0)), "second VK was linked to custom keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + OK_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0)); + OK_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc, 0)); + // lazy evaluation, if the first context supplies key and only one key is required, the second (invalid) context is not invoked + OK_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0)); + // first context takes precedence, if t fails, the second is not tried + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc2, CRYPT_ANY_SLOT, kc, 0), -EINVAL); + + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + OK_(_drop_keyring_key_from_keyring_name(TEST_KEY_VK_USER, keyring_in_user_id, "user")); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), -EINVAL); + + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 1); + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring."); + FAIL_((linked_kid2 = request_key("user", TEST_KEY_VK_USER2, NULL, 0)), "VK was not linked to custom keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + GE_((vk_len = keyctl_read(linked_kid, vk_buf, sizeof(vk_buf))), 0); + vk_buf[0] = ~vk_buf[0]; + OK_(keyctl_update(linked_kid, vk_buf, vk_len)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), -EINVAL); + + OK_(_drop_keyring_key_from_keyring_name(TEST_KEY_VK_USER, keyring_in_user_id, "user")); + CRYPT_FREE(cd); + + // Encryption: test reactivation using linked keys + _cleanup_dmdevices(); + OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2)); + + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + + memset(&rparams, 0, sizeof(rparams)); + params2.sector_size = 512; + params2.data_device = DMDIR L_DEVICE_OK; + rparams.mode = CRYPT_REENCRYPT_ENCRYPT; + rparams.luks2 = ¶ms2; + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + rparams.resilience = "checksum"; + rparams.hash = "sha256"; + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 1); + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 1, "aes", "xts-plain64", &rparams), 0); + + EQ_(crypt_set_keyring_to_link(cd, TEST_KEY_VK_USER, TEST_KEY_VK_USER2, "user", keyring_in_user_str_id), 0); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 1); + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring."); + FAIL_((linked_kid2 = request_key("user", TEST_KEY_VK_USER2, NULL, 0)), "second VK was linked to custom keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + OK_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, NULL, 0)); + OK_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc, 0)); + // lazy evaluation, if the first context supplies key and only one key is required, the second (invalid) context is not invoked + OK_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0)); + // first context takes precedence, if t fails, the second is not tried + EQ_(crypt_activate_by_keyslot_context(cd, NULL, CRYPT_ANY_SLOT, kc2, CRYPT_ANY_SLOT, kc, 0), -EINVAL); + + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + OK_(_drop_keyring_key_from_keyring_name(TEST_KEY_VK_USER, keyring_in_user_id, "user")); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), -EINVAL); + + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 1); + NOTFAIL_((linked_kid = request_key("user", TEST_KEY_VK_USER, NULL, 0)), "VK was not linked to custom keyring."); + FAIL_((linked_kid2 = request_key("user", TEST_KEY_VK_USER2, NULL, 0)), "VK was not linked to custom keyring."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + GE_((vk_len = keyctl_read(linked_kid, vk_buf, sizeof(vk_buf))), 0); + vk_buf[0] = ~vk_buf[0]; + OK_(keyctl_update(linked_kid, vk_buf, vk_len)); + EQ_(crypt_activate_by_keyslot_context(cd, CDEVICE_1, CRYPT_ANY_SLOT, kc, CRYPT_ANY_SLOT, kc2, 0), -EINVAL); + + OK_(_drop_keyring_key_from_keyring_name(TEST_KEY_VK_USER, keyring_in_user_id, "user")); + CRYPT_FREE(cd); + + crypt_keyslot_context_free(kc); + crypt_keyslot_context_free(kc2); + + _cleanup_dmdevices(); +#else + printf("WARNING: cryptsetup compiled with kernel keyring service disabled, skipping test.\n"); +#endif +} + +static int _crypt_load_check(struct crypt_device *_cd) { #ifdef HAVE_BLKID - return crypt_load(cd, CRYPT_LUKS, NULL); + return crypt_load(_cd, CRYPT_LUKS, NULL); #else return -ENOTSUP; #endif @@ -5132,6 +5858,7 @@ int main(int argc, char *argv[]) #endif RUN_(LuksKeyslotAdd, "Adding keyslot via new API"); RUN_(VolumeKeyGet, "Getting volume key via keyslot context API"); + RUN_(KeyslotContextAndKeyringLink, "Activate via keyslot context API and linking VK to a keyring"); RUN_(Luks2Repair, "LUKS2 repair"); // test disables metadata locking. Run always last! _cleanup(); diff --git a/tests/api-test.c b/tests/api-test.c index aa430dd..71f1270 100644 --- a/tests/api-test.c +++ b/tests/api-test.c @@ -1,9 +1,9 @@ /* * cryptsetup library API check functions * - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz - * Copyright (C) 2016-2023 Ondrej Kozina + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz + * Copyright (C) 2016-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/api_test.h b/tests/api_test.h index 14efead..462c9aa 100644 --- a/tests/api_test.h +++ b/tests/api_test.h @@ -1,9 +1,9 @@ /* * cryptsetup library API check functions * - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz - * Copyright (C) 2016-2023 Ondrej Kozina + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz + * Copyright (C) 2016-2024 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -45,6 +45,8 @@ int t_set_readahead(const char *device, unsigned value); int fips_mode(void); +int create_dmdevice_over_device(const char *dm_name, const char *device, uint64_t size, uint64_t offset); + int create_dmdevice_over_loop(const char *dm_name, const uint64_t size); int get_key_dm(const char *name, char *buffer, unsigned int buffer_size); @@ -138,7 +140,7 @@ void xlog(const char *msg, const char *tst, const char *func, int line, const ch #define T_DM_INTEGRITY_DISCARDS_SUPPORTED (1 << 23) /* dm-integrity discards/TRIM option is supported */ #define T_DM_INTEGRITY_RESIZE_SUPPORTED (1 << 23) /* dm-integrity resize of the integrity device supported (introduced in the same version as discards)*/ #define T_DM_VERITY_PANIC_CORRUPTION_SUPPORTED (1 << 24) /* dm-verity panic on corruption */ -#define T_DM_CRYPT_NO_WORKQUEUE_SUPPORTED (1 << 25) /* dm-crypt suppot for bypassing workqueues */ +#define T_DM_CRYPT_NO_WORKQUEUE_SUPPORTED (1 << 25) /* dm-crypt support for bypassing workqueues */ #define T_DM_INTEGRITY_FIX_HMAC_SUPPORTED (1 << 26) /* hmac covers also superblock */ #define T_DM_INTEGRITY_RESET_RECALC_SUPPORTED (1 << 27) /* dm-integrity automatic recalculation supported */ #define T_DM_VERITY_TASKLETS_SUPPORTED (1 << 28) /* dm-verity tasklets supported */ diff --git a/tests/bitlk-compat-test b/tests/bitlk-compat-test index 8559e06..aa4a71f 100755 --- a/tests/bitlk-compat-test +++ b/tests/bitlk-compat-test @@ -8,8 +8,12 @@ TST_DIR=bitlk-images MAP=bitlktst DUMP_VK_FILE=bitlk-test-vk -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi [ -z "$srcdir" ] && srcdir="." @@ -93,7 +97,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -156,6 +163,9 @@ for file in $(ls $TST_DIR/bitlk-*) ; do echo $PASSPHRASE | $CRYPTSETUP bitlkDump -r $file --dump-volume-key --volume-key-file $DUMP_VK_FILE >/dev/null 2>&1 ret=$? [ $ret -eq 0 ] || fail " failed to dump volume key" + $CRYPTSETUP bitlkOpen -r $file $MAP --volume-key-file $DUMP_VK_FILE --test-passphrase >/dev/null 2>&1 + ret=$? + [ $ret -eq 1 ] || fail " test passphrase with volume key unexpectedly succeeded" $CRYPTSETUP bitlkOpen -r $file $MAP --volume-key-file $DUMP_VK_FILE >/dev/null 2>&1 ret=$? [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "aes-cbc" ) && echo " [N/A]" && continue diff --git a/tests/blockwise-compat-test b/tests/blockwise-compat-test index 11db493..8db91c9 100755 --- a/tests/blockwise-compat-test +++ b/tests/blockwise-compat-test @@ -68,7 +68,7 @@ add_device() { if [ $? -ne 0 ] ; then skip "This kernel seems to not support proper scsi_debug module." fi - grep -q scsi_debug /sys/block/*/device/model || sleep 2 + sleep 1 DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) DEV="/dev/$DEV" [ -b $DEV ] || fail "Cannot find $DEV." diff --git a/tests/compat-args-test b/tests/compat-args-test index c41e942..788cc7c 100755 --- a/tests/compat-args-test +++ b/tests/compat-args-test @@ -4,8 +4,12 @@ PS4='$LINENO:' [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi TEST_UUID="12345678-1234-1234-1234-123456789abc" @@ -37,7 +41,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() diff --git a/tests/compat-test b/tests/compat-test index 6dc8004..433beb2 100755 --- a/tests/compat-test +++ b/tests/compat-test @@ -5,8 +5,12 @@ PS4='$LINENO:' CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup CRYPTSETUP_RAW=$CRYPTSETUP -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi DIFFER=./differ DEV_NAME=dummy @@ -28,6 +32,7 @@ PWDW="rUkL4RUryBom" VK_FILE="compattest_vkfile" FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" +PLAIN_OPT="--hash sha256 --cipher aes-cbc-essiv:sha256 --key-size 256" LUKS_HEADER="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591" KEY_SLOT0="S208-211 S212-215 R216-247 A248-251 A251-255" @@ -198,7 +203,10 @@ function valgrind_setup() [ -n "$VALG" ] || return command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi CRYPTSETUP=valgrind_run CRYPTSETUP_RAW="./valg.sh ${CRYPTSETUP_VALGRIND}" } @@ -538,8 +546,8 @@ $CRYPTSETUP luksKillSlot -q $LOOPDEV 1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail prepare "[19] create & status & resize" wipe -echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash xxx 2>/dev/null && fail -echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha256 --cipher aes-cbc-essiv:sha256 --offset 3 --skip 4 --readonly || fail +echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash xxx --cipher aes-cbc-essiv:sha256 --key-size 256 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV $PLAIN_OPT --offset 3 --skip 4 --readonly || fail $CRYPTSETUP -q status $DEV_NAME | grep "offset:" | grep -q "3 sectors" || fail $CRYPTSETUP -q status $DEV_NAME | grep "skipped:" | grep -q "4 sectors" || fail $CRYPTSETUP -q status $DEV_NAME | grep "mode:" | grep -q "readonly" || fail @@ -559,15 +567,15 @@ $CRYPTSETUP -q resize $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "32765 sectors" || fail $CRYPTSETUP -q remove $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME >/dev/null && fail -echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP create $DEV_NAME $PLAIN_OPT $LOOPDEV || fail $CRYPTSETUP -q remove $DEV_NAME || fail -echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha256 $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME $PLAIN_OPT $LOOPDEV || fail $CRYPTSETUP -q remove $DEV_NAME || fail -echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha256 --size 100 $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME $PLAIN_OPT --size 100 $LOOPDEV || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail $CRYPTSETUP -q remove $DEV_NAME || fail # 4k sector resize (if kernel supports it) -echo $PWD1 | $CRYPTSETUP -q open --type plain --hash sha256 $LOOPDEV $DEV_NAME --sector-size 4096 --size 8 >/dev/null 2>&1 +echo $PWD1 | $CRYPTSETUP -q open --type plain $PLAIN_OPT $LOOPDEV $DEV_NAME --sector-size 4096 --size 8 >/dev/null 2>&1 if [ $? -eq 0 ] ; then $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "8 sectors" || fail $CRYPTSETUP -q resize $DEV_NAME --size 16 || fail @@ -580,7 +588,7 @@ if [ $? -eq 0 ] ; then fi # Resize not aligned to logical block size add_scsi_device dev_size_mb=32 sector_size=4096 -echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $DEV || fail +echo $PWD1 | $CRYPTSETUP create $DEV_NAME $PLAIN_OPT $DEV || fail OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/') $CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail dmsetup info $DEV_NAME | grep -q SUSPENDED && fail @@ -588,25 +596,25 @@ NEW_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+ test $OLD_SIZE -eq $NEW_SIZE || fail $CRYPTSETUP close $DEV_NAME || fail # Add check for unaligned plain crypt activation -echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $DEV -b 7 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP create $DEV_NAME $PLAIN_OPT $DEV -b 7 2>/dev/null && fail $CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail # verify is ignored on non-tty input echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha256 --verify-passphrase 2>/dev/null || fail $CRYPTSETUP -q remove $DEV_NAME || fail -$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail -$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size -1 2>/dev/null && fail -$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 -l -1 2>/dev/null && fail -$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail -$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail -$CRYPTSETUP create $DEV_NAME $LOOPDEV -d blah 2>/dev/null && fail +$CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail +$CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 --key-size -1 2>/dev/null && fail +$CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 -l -1 2>/dev/null && fail +$CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 || fail +$CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail +$CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d blah 2>/dev/null && fail $CRYPTSETUP -q remove $DEV_NAME || fail -$CRYPTSETUP create $DEV_NAME $LOOPDEV -d /dev/urandom || fail +$CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d /dev/urandom || fail $CRYPTSETUP -q remove $DEV_NAME || fail prepare "[20] Disallow open/create if already mapped." wipe -$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail -$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail -$CRYPTSETUP create $DEV_NAME2 $LOOPDEV -d $KEY1 2>/dev/null && fail +$CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 || fail +$CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail +$CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME2 $LOOPDEV -d $KEY1 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP remove $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV || fail @@ -708,15 +716,15 @@ $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d /dev/mapper/$DEV_NAME2 \ dmsetup remove --retry $DEV_NAME2 prepare "[25] Create shared segments" wipe -echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha256 --offset 0 --size 256 || fail -echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha256 --offset 512 --size 256 2>/dev/null && fail -echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha256 --offset 512 --size 256 --shared || fail +echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV $PLAIN_OPT --offset 0 --size 256 || fail +echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV $PLAIN_OPT --offset 512 --size 256 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV $PLAIN_OPT --offset 512 --size 256 --shared || fail $CRYPTSETUP -q remove $DEV_NAME2 || fail $CRYPTSETUP -q remove $DEV_NAME || fail prepare "[26] Suspend/Resume" wipe # only LUKS is supported -echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP create $DEV_NAME $PLAIN_OPT $LOOPDEV || fail $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail $CRYPTSETUP -q remove $DEV_NAME || fail @@ -836,8 +844,8 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: DISABLED" || fail prepare "[31] Deferred removal of device" wipe -echo $PWD1 | $CRYPTSETUP open --type plain --hash sha256 $LOOPDEV $DEV_NAME || fail -echo $PWD2 | $CRYPTSETUP open --type plain --hash sha256 /dev/mapper/$DEV_NAME $DEV_NAME2 || fail +echo $PWD1 | $CRYPTSETUP open --type plain $PLAIN_OPT $LOOPDEV $DEV_NAME || fail +echo $PWD2 | $CRYPTSETUP open --type plain $PLAIN_OPT /dev/mapper/$DEV_NAME $DEV_NAME2 || fail $CRYPTSETUP close $DEV_NAME >/dev/null 2>&1 && fail $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail $CRYPTSETUP close --deferred $DEV_NAME >/dev/null 2>&1 diff --git a/tests/compat-test-opal b/tests/compat-test-opal new file mode 100755 index 0000000..3d5c07c --- /dev/null +++ b/tests/compat-test-opal @@ -0,0 +1,1329 @@ +#!/bin/bash + +PS4='$LINENO:' +[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." +CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup +CRYPTSETUP_RAW=$CRYPTSETUP + +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi + +DEV_NAME=dummy +DEV_NAME2=dummy2 +NO_HEADER_IMG=missing-header +HEADER_IMG=luks-header +HEADER_LUKS2_INV=luks2_invalid_cipher.img +KEY1=key1 +KEY2=key2 +KEY5=key5 +KEYE=keye +KEY_PWD1=key_pwd1 +OPAL2_ADMIN_PIN="adminPin01" +PWD1="93R4P4pIqAH8" +PWD2="mymJeD8ivEhE" +PWD3="ocMakf3fAcQO" +PWD4="Qx3qn46vq0v" +PWDW="rUkL4RUryBom" +TEST_KEYRING_NAME="compattest2_keyring" +TEST_TOKEN0="compattest2_desc0" +TEST_TOKEN1="compattest2_desc1" +VK_FILE="compattest2_vkfile" +IMPORT_TOKEN="{\"type\":\"some_type\",\"keyslots\":[],\"base64_data\":\"zxI7vKB1Qwl4VPB4D-N-OgcC14hPCG0IDu8O7eCqaQ\"}" +TOKEN_FILE0=test-token-file0 +TOKEN_FILE1=test-token-file1 +KEY_FILE0=test-key-file0 +KEY_FILE1=test-key-file1 + +FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" + +TEST_UUID="12345678-1234-1234-1234-123456789abc" + +FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) + +function remove_mapping() +{ + [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 + [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME + [ -b /dev/mapper/"$DEV_NAME"_dif ] && dmsetup remove --retry "$DEV_NAME"_dif + rm -f $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $VK_FILE \ + $HEADER_LUKS2_INV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_* \ + $KEY_FILE0 $KEY_FILE1 $KEY_PWD1 $NO_HEADER_IMG >/dev/null 2>&1 + + # unlink whole test keyring + [ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null + unset TEST_KEYRING +} + +function fail() +{ + [ -n "$1" ] && echo "$1" + remove_mapping + reset_device_psid_nofail + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done + exit 2 +} + +function fips_mode() +{ + [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] +} + +function can_fail_fips() +{ + # Ignore this fail if running in FIPS mode + fips_mode || fail $1 +} + +function skip() +{ + [ -n "$1" ] && echo "$1" + remove_mapping + exit 77 +} + +function reset_device_psid() +{ + $CRYPTSETUP_RAW luksErase --hw-opal-factory-reset --key-file $OPAL2_PSID_FILE $OPAL2_DEV -q || \ + fail "PSID reset fail, wrong device used?" +} + +function reset_device_psid_nofail() +{ + $CRYPTSETUP_RAW luksErase --hw-opal-factory-reset --key-file $OPAL2_PSID_FILE $OPAL2_DEV -q 2>/dev/null +} + +function prepare() +{ + [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME + + case "$2" in + reset) + remove_mapping + reset_device_psid + ;; + wipe) + $CRYPTSETUP_RAW isLuks --type luks2 $HEADER_IMG -q 2>/dev/null + if [ $? -eq 0 ]; then + echo $OPAL2_ADMIN_PIN | $CRYPTSETUP_RAW luksErase $OPAL2_DEV -q --header $HEADER_IMG + else + echo $OPAL2_ADMIN_PIN | $CRYPTSETUP_RAW luksErase $OPAL2_DEV -q 2>/dev/null + fi + remove_mapping + ;; + new) + remove_mapping + ;; + reuse | *) + ;; + esac + + if [ ! -e $KEY1 ]; then + echo -n $'\x48\xc6\x74\x4f\x41\x4e\x50\xc0\x79\xc2\x2d\x5b\x5f\x68\x84\x17' >$KEY1 + echo -n $'\x9c\x03\x5e\x1b\x4d\x0f\x9a\x75\xb3\x90\x70\x32\x0a\xf8\xae\xc4'>>$KEY1 + fi + + if [ ! -e $KEY2 ]; then + dd if=/dev/urandom of=$KEY2 count=1 bs=64 >/dev/null 2>&1 + fi + + if [ ! -e $KEY5 ]; then + dd if=/dev/urandom of=$KEY5 count=1 bs=16 >/dev/null 2>&1 + fi + + if [ ! -e $KEY_PWD1 ]; then + echo -n "$PWD1" > $KEY_PWD1 + fi + + if [ ! -e $KEYE ]; then + touch $KEYE + fi + + [ -n "$1" ] && echo "CASE: $1" +} + +function check_exists() +{ + [ -b /dev/mapper/$DEV_NAME ] || fail +} + +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + +function dm_crypt_keyring_support() +{ + VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) + [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." + + VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) + VER_MIN=$(echo $VER_STR | cut -f 2 -d.) + VER_PTC=$(echo $VER_STR | cut -f 3 -d.) + + test -d /proc/sys/kernel/keys || return 1 + + [ $VER_MAJ -gt 1 ] && return 0 + [ $VER_MAJ -eq 1 -a $VER_MIN -gt 18 ] && return 0 + [ $VER_MAJ -eq 1 -a $VER_MIN -eq 18 -a $VER_PTC -ge 1 ] && return 0 + return 1 +} + +function dm_crypt_keyring_new_kernel() +{ + KER_STR=$(uname -r) + [ -z "$KER_STR" ] && fail "Failed to parse kernel version." + KER_MAJ=$(echo $KER_STR | cut -f 1 -d.) + KER_MIN=$(echo $KER_STR | cut -f 2 -d.) + + [ $KER_MAJ -ge 5 ] && return 0 + [ $KER_MAJ -eq 4 -a $KER_MIN -ge 15 ] && return 0 + return 1 +} + +function test_and_prepare_keyring() { + command -v keyctl >/dev/null || skip "Cannot find keyctl, test skipped" + keyctl list "@s" > /dev/null || skip "Current session keyring is unreachable, test skipped" + TEST_KEYRING=$(keyctl newring $TEST_KEYRING_NAME "@u" 2> /dev/null) + test -n "$TEST_KEYRING" || skip "Failed to create keyring in user keyring" + keyctl search "@s" keyring "$TEST_KEYRING" > /dev/null 2>&1 || keyctl link "@u" "@s" > /dev/null 2>&1 + load_key user test_key test_data "$TEST_KEYRING" || skip "Kernel keyring service is useless on this system, test skipped." +} + +# $1 type +# $2 description +# $3 payload +# $4 keyring +function load_key() +{ + keyctl add $@ >/dev/null +} + +function setup_luks2_env() { + echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $OPAL2_DEV || fail + $CRYPTSETUP luksDump $OPAL2_DEV >/dev/null || fail + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME || fail + HAVE_KEYRING=$($CRYPTSETUP status $DEV_NAME | grep "keyring") + if [ -n "$HAVE_KEYRING" ]; then + HAVE_KEYRING=1 + else + HAVE_KEYRING=0 + fi + if $($CRYPTSETUP --version | grep -q "BLKID"); then + HAVE_BLKID=1 + else + HAVE_BLKID=0 + fi + $CRYPTSETUP close $DEV_NAME || fail +} + +# $1 key name +# $2 keyring to link VK to +# $3 key type (optional) +test_vk_link() { + KEY_TYPE=${3:-user} + if [ -z "$3" ]; then + KEY_DESC=$1 + else + KEY_DESC="%$3:$1" + fi + + KEYCTL_KEY_NAME="%$KEY_TYPE:$1" + + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "$2"::"$KEY_DESC" || fail + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + $CRYPTSETUP close $DEV_NAME + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." + keyctl unlink "$KEYCTL_KEY_NAME" "$2" || fail +} + +# $1 key name +# $2 keyring to link VK to +# $3 key type (optional) +test_vk_link_and_reactivate() { + KEY_TYPE=${3:-user} + if [ -z "$3" ]; then + KEY_DESC=$1 + else + KEY_DESC="%$3:$1" + fi + + KEYCTL_KEY_NAME="%$KEY_TYPE:$1" + + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "$2"::"$KEY_DESC" || fail + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + $CRYPTSETUP close $DEV_NAME || fail + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." + $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --volume-key-keyring $KEY_DESC <&-|| fail "Failed to unlock volume via a VK in keyring." + $CRYPTSETUP luksSuspend $DEV_NAME || fail "Failed to suspend device." + $CRYPTSETUP luksResume $DEV_NAME --volume-key-keyring $KEY_DESC <&- || fail "Failed to resume via a VK in keyring." + + echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase 2>/dev/null || fail + echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase 2>/dev/null && fail + echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-keyring $KEY_DESC $OPAL2_DEV --new-key-slot 1 || fail "Failed to add passphrase by VK in keyring." + echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase 2>/dev/null || fail + $CRYPTSETUP luksKillSlot -q $OPAL2_DEV 1 2>/dev/null || fail + + $CRYPTSETUP close $DEV_NAME || fail + # zero-out the key in keyring + keyctl pipe $KEYCTL_KEY_NAME | tr -c '\0' '\0' | keyctl pupdate $KEYCTL_KEY_NAME + $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --volume-key-keyring $KEY_DESC <&- > /dev/null 2>&1 && fail "Unlocked volume via a bad VK in keyring." + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after bad activation." + keyctl unlink $KEYCTL_KEY_NAME "$2" || fail +} + +function test_reencryption_does_not_init() +{ + local _hdr="" + local _hdrdev=$NO_HEADER_IMG + if [ -n "$1" ]; then + _hdr="--header $1" + _hdrdev=$1 + fi + local _dumpdev=${1:-$OPAL2_DEV} + + # store sequence id to check if reencryption was aborted without metadata modifications + OLD_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" + [ 0$OLD_SEQID -gt 0 ] || fail + + echo $PWD1 | $CRYPTSETUP reencrypt $_hdr -q --init-only $OPAL2_DEV 2>/dev/null && fail + NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" + [ 0$NEW_SEQID -gt 0 ] || fail + test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." + + echo $PWD1 | $CRYPTSETUP reencrypt $_hdr -q $OPAL2_DEV 2>/dev/null && fail + NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" + [ 0$NEW_SEQID -gt 0 ] || fail + test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." + + echo $PWD1 |$CRYPTSETUP reencrypt -q --decrypt --header $_hdrdev --init-only $OPAL2_DEV 2>/dev/null && fail + if [ $_hdrdev = $NO_HEADER_IMG ]; then + test -e $_hdrdev && fail "Decryption header was created." + fi + NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" + [ 0$NEW_SEQID -gt 0 ] || fail + test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." + + echo $PWD1 |$CRYPTSETUP reencrypt -q --decrypt --header $_hdrdev $OPAL2_DEV 2>/dev/null && fail + if [ $_hdrdev = $NO_HEADER_IMG ]; then + test -e $_hdrdev && fail "Decryption header was created." + fi + NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" + [ 0$NEW_SEQID -gt 0 ] || fail + test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." + + # repeat the test with active device + echo $PWD1 | $CRYPTSETUP open $_hdr $OPAL2_DEV $DEV_NAME -q || fail + + echo $PWD1 | $CRYPTSETUP reencrypt $_hdr -q --init-only --active-name $DEV_NAME 2>/dev/null && fail + NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" + [ 0$NEW_SEQID -gt 0 ] || fail + test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." + + echo $PWD1 | $CRYPTSETUP reencrypt $_hdr -q --active-name $DEV_NAME 2>/dev/null && fail + NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" + [ 0$NEW_SEQID -gt 0 ] || fail + test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." + + echo $PWD1 |$CRYPTSETUP reencrypt -q --decrypt --header $_hdrdev --init-only --active-name $DEV_NAME 2>/dev/null && fail + if [ $_hdrdev = $NO_HEADER_IMG ]; then + test -e $_hdrdev && fail "Decryption header was created." + fi + NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" + [ 0$NEW_SEQID -gt 0 ] || fail + test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." + + echo $PWD1 |$CRYPTSETUP reencrypt -q --decrypt --header $_hdrdev --active-name $DEV_NAME 2>/dev/null && fail + if [ $_hdrdev = $NO_HEADER_IMG ]; then + test -e $_hdrdev && fail "Decryption header was created." + fi + NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" + [ 0$NEW_SEQID -gt 0 ] || fail + test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." + + $CRYPTSETUP close $DEV_NAME || fail +} + +function test_device() #opal_mode, #format_params, #--integrity-no-wipe +{ + echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 $1 $2 $3 -q $FAST_PBKDF_OPT $OPAL2_DEV || fail + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME || fail + test -z "$3" || dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1M count=1 oflag=direct >/dev/null 2>&1 || fail + $CRYPTSETUP luksSuspend $DEV_NAME || fail + dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail + dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 || fail + $CRYPTSETUP close $DEV_NAME || fail + dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail + echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail +} + +function test_device_detached_header() #hdr, #opal_mode, #format_params, #--integrity-no-wipe +{ + echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 --header $1 $2 $3 $4 -q $FAST_PBKDF_OPT $OPAL2_DEV || fail + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --header $1 || fail + test -z "$4" || dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1M count=1 oflag=direct >/dev/null 2>&1 || fail + $CRYPTSETUP luksSuspend $DEV_NAME || fail + dd if=$OPAL2_DEV of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail + echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $1 || fail + dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 || fail + $CRYPTSETUP close $DEV_NAME || fail + dd if=$OPAL2_DEV of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --header $1 || fail + $CRYPTSETUP close $DEV_NAME --header $1 || fail + dd if=$OPAL2_DEV of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 && fail + echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q --header $1 || fail + rm -f $1 +} + +export LANG=C + +[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." + +# Do not run automatically. +[ -z "$OPAL2_DEV" ] && skip "WARNING: Variable OPAL2_DEV must be defined (partition or block dev), test skipped." +[ -z "$OPAL2_PSID_FILE" ] && skip "WARNING: Variable OPAL2_PSID_FILE must be defined, test skipped." +[ -f "$OPAL2_PSID_FILE" ] || skip "WARNING: $OPAL2_PSID_FILE is not reachable, test skipped." + +prepare "[0] Detect LUKS2 environment" reset +setup_luks2_env + +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run + +prepare "[1] Data offset" +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --offset 1 2>/dev/null && fail + +prepare "[2] Sector size and old payload alignment" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 511 2>/dev/null && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 256 2>/dev/null && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 8192 2>/dev/null && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 512 || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 4096 >/dev/null || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 2048 >/dev/null || fail + +prepare "[3] format" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 --hw-opal $OPAL2_DEV || fail +# FIXME: BUG (--hw-opal-only should reject --cipher, --key-size & co) +#echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q $FAST_PBKDF_OPT --hw-opal-only -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 $OPAL2_DEV 2> /dev/null && fail +prepare "[4] format using hash sha512" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP $FAST_PBKDF_OPT -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 --hw-opal $OPAL2_DEV || fail +$CRYPTSETUP -q luksDump $OPAL2_DEV | grep "0: pbkdf2" -A2 | grep "Hash:" | grep -qe sha512 || fail +# Check JSON dump for some mandatory section +$CRYPTSETUP -q luksDump $OPAL2_DEV --dump-json-metadata | grep -q '"tokens":' || fail + +prepare "[5] open" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 --hw-opal $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME --test-passphrase || fail +echo $PWDW | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME --test-passphrase 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail +check_exists + +prepare "" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 --hw-opal-only $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME --test-passphrase || fail +echo $PWDW | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME --test-passphrase 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail +check_exists + +# Key Slot 1 and key material section 1 must change, the rest must not. +prepare "[6] add key" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 --hw-opal $OPAL2_DEV || fail +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $OPAL2_DEV $FAST_PBKDF_OPT || fail +echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP close $DEV_NAME || fail + +# Unsuccessful Key Delete - nothing may change +prepare "[7] unsuccessful delete" new +echo $PWDW | $CRYPTSETUP luksKillSlot $OPAL2_DEV 1 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksKillSlot should return EPERM exit code" + +# Delete Key Test +# Key Slot 1 and key material section 1 must change, the rest must not +prepare "[8] successful delete" +$CRYPTSETUP -q luksKillSlot $OPAL2_DEV 1 || fail +echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME 2> /dev/null && fail +[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP close $DEV_NAME || fail + +# Key Slot 1 and key material section 1 must change, the rest must not +prepare "[9] add key test for key files" new +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $OPAL2_DEV $KEY1 || fail +$CRYPTSETUP -d $KEY1 luksOpen $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP close $DEV_NAME || fail + +# Key Slot 1 and key material section 1 must change, the rest must not +prepare "[10] delete key test with key1 as remaining key" new +$CRYPTSETUP -d $KEY1 luksKillSlot $OPAL2_DEV 0 || fail +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP luksOpen -d $KEY1 $OPAL2_DEV $DEV_NAME || fail + +# Delete last slot +prepare "[11] delete last key" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 --hw-opal $OPAL2_DEV $FAST_PBKDF_OPT || fail +echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 0 || fail +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail + +prepare "[12] open/close - stacked devices" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal $OPAL2_DEV $FAST_PBKDF_OPT || fail +echo $PWD1 | $CRYPTSETUP -q luksOpen $OPAL2_DEV $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 /dev/mapper/$DEV_NAME $FAST_PBKDF_OPT || fail +echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail +$CRYPTSETUP -q luksClose $DEV_NAME2 || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail + +prepare "[13] UUID - use and report provided UUID" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --uuid blah --type luks2 --hw-opal $OPAL2_DEV 2>/dev/null && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --uuid $TEST_UUID --type luks2 --hw-opal $OPAL2_DEV || fail +tst=$($CRYPTSETUP -q luksUUID $OPAL2_DEV) +[ "$tst"x = "$TEST_UUID"x ] || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail +$CRYPTSETUP -q luksUUID --uuid $TEST_UUID $OPAL2_DEV || fail +tst=$($CRYPTSETUP -q luksUUID $OPAL2_DEV) +[ "$tst"x = "$TEST_UUID"x ] || fail + +prepare "[14] luksFormat" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom --type luks2 --hw-opal $OPAL2_DEV || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom -s 512 --uuid $TEST_UUID --type luks2 --hw-opal $OPAL2_DEV || fail +$CRYPTSETUP luksOpen -d $KEY_PWD1 $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +# open by UUID +if [ -d /dev/disk/by-uuid ] ; then + $CRYPTSETUP luksOpen -d $KEY_PWD1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail + $CRYPTSETUP luksOpen -d $KEY_PWD1 UUID=$TEST_UUID $DEV_NAME || fail + $CRYPTSETUP -q luksClose $DEV_NAME || fail +fi +# skip tests using empty passphrases +if [ ! fips_mode ]; then +# empty passphrase (OPAL admin pin cannot be empty) +echo -e "\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail +$CRYPTSETUP luksOpen -d $KEYE $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +fi + +# format hw-opal-only +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom --type luks2 --hw-opal-only $OPAL2_DEV || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom -s 512 --uuid $TEST_UUID --type luks2 --hw-opal-only $OPAL2_DEV || fail +$CRYPTSETUP luksOpen -d $KEY_PWD1 $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +# open by UUID +if [ -d /dev/disk/by-uuid ] ; then + $CRYPTSETUP luksOpen -d $KEY_PWD1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail + $CRYPTSETUP luksOpen -d $KEY_PWD1 UUID=$TEST_UUID $DEV_NAME || fail + $CRYPTSETUP -q luksClose $DEV_NAME || fail +fi +# skip tests using empty passphrases +if [ ! fips_mode ]; then +# empty passphrase (OPAL admin pin cannot be empty) +echo -e "\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV || fail +$CRYPTSETUP luksOpen -d $KEYE $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +fi + +# open by volume key +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -s 256 --volume-key-file $KEY2 --type luks2 --hw-opal $OPAL2_DEV || fail +$CRYPTSETUP luksOpen --volume-key-file /dev/urandom $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP luksOpen --volume-key-file $KEY2 $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail + +prepare "[15] AddKey volume key, passphrase and keyfile" wipe +# volumekey +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --volume-key-file /dev/zero --key-slot 3 || fail +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2" || fail +echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV --volume-key-file /dev/zero --key-slot 4 || fail +echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase --key-slot 4 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "4: luks2" || fail +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV --volume-key-file /dev/null --key-slot 5 2>/dev/null && fail +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV --volume-key-file /dev/zero --key-slot 5 $KEY1 || fail +$CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase --key-slot 5 -d $KEY1 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "5: luks2" || fail + +# special "-" handling +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 3 || fail +echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $OPAL2_DEV -d $KEY_PWD1 - || fail +echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase 2>/dev/null && fail +echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV -d - --test-passphrase || fail +echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $OPAL2_DEV -d - $KEY2 || fail +$CRYPTSETUP luksOpen $OPAL2_DEV -d $KEY2 --test-passphrase || fail +echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail +echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail + +# [0]PWD3 [1]PWD2 [3]PWD1 [4]KEY2 +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 3 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2" || fail +$CRYPTSETUP luksAddKey -q $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY_PWD1 $KEY2 --key-slot 3 2>/dev/null && fail +# keyfile/keyfile +$CRYPTSETUP luksAddKey -q $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY_PWD1 $KEY2 --key-slot 4 || fail +$CRYPTSETUP luksOpen $OPAL2_DEV -d $KEY2 --test-passphrase --key-slot 4 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "4: luks2" || fail +# passphrase/keyfile +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV -d $KEY_PWD1 --key-slot 0 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "0: luks2" || fail +echo $PWD3 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase --key-slot 0 || fail +# passphrase/passphrase +echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV --key-slot 1 || fail +echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase --key-slot 1 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "1: luks2" || fail +# keyfile/passphrase +echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV $KEY_PWD1 --key-slot 2 --new-keyfile-size 8 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2" || fail + +prepare "[16] RemoveKey passphrase and keyfile" reuse +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2" || fail +$CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY_PWD1 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2" && fail +$CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY_PWD1 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksRemoveKey should return EPERM exit code" +$CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY2 --keyfile-size 1 2>/dev/null && fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "4: luks2" || fail +$CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY2 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "4: luks2" && fail +# if password or keyfile is provided, batch mode must not suppress it +echo "badpw" | $CRYPTSETUP luksKillSlot $OPAL2_DEV 2 2>/dev/null && fail +echo "badpw" | $CRYPTSETUP luksKillSlot $OPAL2_DEV 2 -q 2>/dev/null && fail +echo "badpw" | $CRYPTSETUP luksKillSlot $OPAL2_DEV 2 --key-file=- 2>/dev/null && fail +echo "badpw" | $CRYPTSETUP luksKillSlot $OPAL2_DEV 2 --key-file=- -q 2>/dev/null && fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2" || fail +# kill slot using passphrase from 1 +echo $PWD2 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 2 2>/dev/null || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2" && fail +# remove key0 / slot 0 +echo $PWD3 | $CRYPTSETUP luksRemoveKey $OPAL2_DEV || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "0: luks2" && fail +# last keyslot, in batch mode no passphrase needed... +$CRYPTSETUP luksKillSlot -q $OPAL2_DEV 1 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "1: luks2" && fail + +prepare "[17] create & resize" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail +# OPAL2 devices cannot be resized +$CRYPTSETUP -q resize --size 99 $DEV_NAME <&- 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP -q resize --size 99 $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP close $DEV_NAME || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT -q --type luks2 --hw-opal-only $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail +# OPAL2 devices cannot be resized +$CRYPTSETUP -q resize --size 99 $DEV_NAME <&- 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP -q resize --size 99 $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP close $DEV_NAME || fail +echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail + +prepare "[18] Disallow open/create if already mapped." wipe +$CRYPTSETUP create -q $DEV_NAME $OPAL2_DEV -d $KEY1 2>/dev/null || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV 2>/dev/null && fail +$CRYPTSETUP remove $DEV_NAME || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP luksOpen -q $OPAL2_DEV $DEV_NAME2 >/dev/null 2>&1 && fail +dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 || fail "OPAL segment perhaps locked after failed activation over already active device." +$CRYPTSETUP luksClose $DEV_NAME || fail + +prepare "[19] luksDump" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --key-size 256 $FAST_PBKDF_OPT --uuid $TEST_UUID --type luks2 --hw-opal $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $OPAL2_DEV -d $KEY_PWD1 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "0: luks2" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q $TEST_UUID || fail +echo $PWDW | $CRYPTSETUP luksDump $OPAL2_DEV --dump-volume-key 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksDump $OPAL2_DEV --dump-volume-key | grep -q "MK dump:" || fail +$CRYPTSETUP luksDump -q $OPAL2_DEV --dump-volume-key -d $KEY_PWD1 | grep -q "MK dump:" || fail +echo $PWD1 | $CRYPTSETUP luksDump -q $OPAL2_DEV --dump-master-key --master-key-file $VK_FILE >/dev/null || fail +rm -f $VK_FILE +echo $PWD1 | $CRYPTSETUP luksDump -q $OPAL2_DEV --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail +echo $PWD1 | $CRYPTSETUP luksDump -q $OPAL2_DEV --dump-volume-key --volume-key-file $VK_FILE 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE $OPAL2_DEV || fail +# Use volume key file without keyslots +echo $PWD1 | $CRYPTSETUP luksRemoveKey -q $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP luksRemoveKey -q $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP luksRemoveKey -q $OPAL2_DEV || fail +$CRYPTSETUP luksOpen --volume-key-file $VK_FILE --key-size 512 --test-passphrase $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE --key-size 512 $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP luksOpen --test-passphrase $OPAL2_DEV || fail + +prepare "[20] ChangeKey passphrase and keyfile" wipe +# [0]PWD1 [1]PWD2 +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal $OPAL2_DEV $FAST_PBKDF_OPT --key-slot 0 --key-size 256 --luks2-keyslots-size 756k >/dev/null || fail +echo $PWD2 | $CRYPTSETUP luksAddKey -q $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY_PWD1 --key-slot 1 || fail +# [0]KEY2 [1]PWD2 +$CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY_PWD1 $KEY2 --key-slot 0 || fail +# [0]KEY2 [1]PWD1 +echo -e "$PWD2\n$PWD1" | $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT --key-slot 1 || fail +# [0]KEY1 [1]PWD1 - with LUKS2 it should stay +$CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "0: luks2" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2" && fail +# [0]KEY1 [1]PWD2 +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $OPAL2_DEV || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "1: luks2" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2" && fail +# test out of raw area, change in-place (space only for 2 keyslots) +$CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "0: luks2" || fail +$CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null && fail +# make a free space in keyslot area +echo $PWD2 | $CRYPTSETUP luksKillSlot -q $OPAL2_DEV 0 || fail + +# assert LUKS2 does not overwrite existing area with specific keyslot id +AREA_OFFSET_OLD=$($CRYPTSETUP luksDump $OPAL2_DEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') +[ 0$AREA_OFFSET_OLD -gt 0 ] || fail +echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey --key-slot 1 $OPAL2_DEV $FAST_PBKDF_OPT || fail +AREA_OFFSET_NEW=$($CRYPTSETUP luksDump $OPAL2_DEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') +[ 0$AREA_OFFSET_NEW -gt 0 ] || fail +[ $AREA_OFFSET_OLD -ne $AREA_OFFSET_NEW ] || fail "Area offsets remained same: old area $AREA_OFFSET_OLD, new area $AREA_OFFSET_NEW" + +# assert LUKS2 does not overwrite existing area with any sklot +AREA_OFFSET_OLD=$($CRYPTSETUP luksDump $OPAL2_DEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') +[ 0$AREA_OFFSET_OLD -gt 0 ] || fail +echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT || fail +AREA_OFFSET_NEW=$($CRYPTSETUP luksDump $OPAL2_DEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') +[ 0$AREA_OFFSET_NEW -gt 0 ] || fail +[ $AREA_OFFSET_OLD -ne $AREA_OFFSET_NEW ] || fail "Area offsets remained same: old area $AREA_OFFSET_OLD, new area $AREA_OFFSET_NEW" + +prepare "[21] Keyfile limit" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 0 || fail +echo $PWD1 | $CRYPTSETUP luksChangeKey $OPAL2_DEV $KEY1 --new-keyfile-size 13 $FAST_PBKDF_OPT || fail +echo $PWD1 | $CRYPTSETUP open --test-passphrase $OPAL2_DEV -q 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 0 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l -1 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 14 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 1 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset -1 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 13 luksOpen $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP luksClose $DEV_NAME || fail +$CRYPTSETUP luksAddKey $OPAL2_DEV -d $KEY1 $KEY2 2>/dev/null && fail +$CRYPTSETUP luksAddKey $OPAL2_DEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail +$CRYPTSETUP luksAddKey $OPAL2_DEV -d $KEY1 $KEY2 -l -1 2>/dev/null && fail +$CRYPTSETUP luksAddKey $OPAL2_DEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 --new-keyfile-size 12 || fail +$CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY2 2>/dev/null && fail +$CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY2 -l 12 || fail +$CRYPTSETUP luksChangeKey $OPAL2_DEV -d $KEY1 $KEY2 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code" +$CRYPTSETUP luksChangeKey $OPAL2_DEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail +$CRYPTSETUP luksChangeKey $OPAL2_DEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 || fail +# -l is ignored for stdin if _only_ passphrase is used +echo $PWD1 | $CRYPTSETUP luksAddKey $OPAL2_DEV -d $KEY2 $FAST_PBKDF_OPT || fail +# this is stupid, but expected +echo $PWD1 | $CRYPTSETUP luksRemoveKey $OPAL2_DEV -l 11 2>/dev/null && fail +echo $PWDW"0" | $CRYPTSETUP luksRemoveKey $OPAL2_DEV -l 12 2>/dev/null && fail +echo -e "$PWD1\n" | $CRYPTSETUP luksRemoveKey $OPAL2_DEV -d- -l 12 || fail +# offset +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 0 || fail +echo $PWD1 | $CRYPTSETUP luksChangeKey $OPAL2_DEV $KEY1 --new-keyfile-offset 16 --new-keyfile-size 13 $FAST_PBKDF_OPT || fail +$CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 15 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 16 luksOpen $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP luksClose $DEV_NAME || fail +$CRYPTSETUP luksAddKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY1 -l 13 --keyfile-offset 16 $KEY2 --new-keyfile-offset 1 || fail +$CRYPTSETUP --key-file=$KEY2 --keyfile-offset 11 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY2 --keyfile-offset 1 luksOpen $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP luksClose $DEV_NAME || fail +$CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY2 --keyfile-offset 1 $KEY2 --new-keyfile-offset 0 || fail +$CRYPTSETUP luksOpen -d $KEY2 $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP luksClose $DEV_NAME || fail + +prepare "[22] Suspend/Resume" wipe +# OPAL+dm-crypt +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP -q luksOpen $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP luksSuspend $DEV_NAME || fail +$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail +dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail +$CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail +echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksResume should return EPERM exit code" +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail +dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat -c null $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP -q luksOpen $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP luksSuspend $DEV_NAME || fail +$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail +dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail +dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail + +# OPAL only +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP -q luksOpen $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP luksSuspend $DEV_NAME || fail +$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail +dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail +$CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail +echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksResume should return EPERM exit code" +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail +dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail + +prepare "[23] luksOpen/Resume with specified key slot number" wipe +# first, let's try passphrase option +echo -e "$PWD3\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -S 5 --type luks2 --hw-opal $OPAL2_DEV || fail +echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail +echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $OPAL2_DEV $DEV_NAME || fail +check_exists +$CRYPTSETUP luksSuspend $DEV_NAME || fail +echo $PWD3 | $CRYPTSETUP luksResume -S 4 $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail +dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail +echo $PWD3 | $CRYPTSETUP luksResume -S 5 $DEV_NAME || fail +dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail +$CRYPTSETUP luksClose $DEV_NAME || fail +echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 0 $OPAL2_DEV || fail +echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail +echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail +# second, try it with keyfiles +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat -q -S 5 $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail +echo "$PWD1" | $CRYPTSETUP luksChangeKey -q -S 5 $FAST_PBKDF_OPT $OPAL2_DEV $KEY5 || fail +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $OPAL2_DEV $KEY1 || fail +$CRYPTSETUP luksOpen -S 5 -d $KEY5 $OPAL2_DEV $DEV_NAME || fail +check_exists +$CRYPTSETUP luksSuspend $DEV_NAME || fail +dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail +$CRYPTSETUP luksResume -S 1 -d $KEY5 $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail +$CRYPTSETUP luksResume -S 5 -d $KEY5 $DEV_NAME || fail +dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail +$CRYPTSETUP luksClose $DEV_NAME || fail +$CRYPTSETUP luksOpen -S 1 -d $KEY5 $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail +$CRYPTSETUP luksOpen -S 5 -d $KEY1 $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail + +prepare "[24] Detached LUKS header" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG --align-payload 8192 || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG --align-payload 4096 >/dev/null || fail +$CRYPTSETUP luksDump $HEADER_IMG | grep -e "0: hw-opal-crypt" -A1 | grep -qe $((4096*512)) || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG --align-payload 0 --sector-size 512 || fail +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV-missing --header $HEADER_IMG $DEV_NAME 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV --header $HEADER_IMG $DEV_NAME || fail +$CRYPTSETUP -q status $DEV_NAME | grep "type:" | grep -q "n/a" || fail +$CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail +dd if=$OPAL2_DEV of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 && fail +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail +dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail +$CRYPTSETUP luksSuspend $DEV_NAME || fail +dd if=$OPAL2_DEV of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 && fail +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail +dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail +$CRYPTSETUP luksClose $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail +$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" || fail +$CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail +$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail +echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail +rm $HEADER_IMG || fail +# create exactly 16 MiBs LUKS2 header +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG --luks2-keyslots-size 16352k --luks2-metadata-size 16k --offset 131072 >/dev/null || fail +SIZE=$(stat --printf=%s $HEADER_IMG) +test $SIZE -eq 16777216 || fail +$CRYPTSETUP -q luksDump $HEADER_IMG | grep -q "offset: $((512 * 131072)) \[bytes\]" || fail + +prepare "[25] LUKS erase" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail +echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase -q $OPAL2_DEV || fail +$CRYPTSETUP isLuks -q $OPAL2_DEV && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV || fail +echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase -q $OPAL2_DEV || fail +$CRYPTSETUP isLuks -q $OPAL2_DEV && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail +# test psid reset once with valgrind +$CRYPTSETUP luksErase --hw-opal-factory-reset --key-file $OPAL2_PSID_FILE $OPAL2_DEV -q || fail + +prepare "[26] LUKS convert" wipe +# create almost compatible LUKS2 device except OPAL segment +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 -s256 --hw-opal $OPAL2_DEV || fail +$CRYPTSETUP -q convert --type luks1 $OPAL2_DEV >/dev/null 2>&1 && fail +$CRYPTSETUP isLuks --type luks2 $OPAL2_DEV || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 -s256 --hw-opal-only $OPAL2_DEV || fail +$CRYPTSETUP -q convert --type luks1 $OPAL2_DEV >/dev/null 2>&1 && fail +$CRYPTSETUP isLuks --type luks2 $OPAL2_DEV || fail + +if dm_crypt_keyring_support && dm_crypt_keyring_new_kernel; then + prepare "[27] LUKS2 key in keyring" wipe + echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG || fail + + # check keyring support detection works as expected + rmmod dm-crypt >/dev/null 2>&1 || true + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --header $HEADER_IMG $DEV_NAME || fail + $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring" || fail + $CRYPTSETUP close $DEV_NAME || fail + + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --disable-keyring --header $HEADER_IMG $DEV_NAME || fail + $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail + $CRYPTSETUP close $DEV_NAME || fail + + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --disable-keyring --header $HEADER_IMG $DEV_NAME || fail + $CRYPTSETUP luksSuspend $DEV_NAME || fail + echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail + $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring" || fail + $CRYPTSETUP close $DEV_NAME || fail + + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --header $HEADER_IMG $DEV_NAME || fail + $CRYPTSETUP luksSuspend $DEV_NAME || fail + echo $PWD1 | $CRYPTSETUP luksResume --disable-keyring $DEV_NAME --header $HEADER_IMG || fail + $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail + $CRYPTSETUP close $DEV_NAME || fail +fi + +prepare "[28] tokens" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail +if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then + + test_and_prepare_keyring + + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 --token-id 3 || fail + $CRYPTSETUP luksDump $OPAL2_DEV | grep -q -e "3: luks2-keyring" || fail + # keyslot 5 is inactive + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN1 --key-slot 5 2> /dev/null && fail + # key description is not reachable + $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase && fail + # wrong passphrase + load_key user $TEST_TOKEN0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase 2>/dev/null && fail + load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase || fail + $CRYPTSETUP open --token-only $OPAL2_DEV $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME > /dev/null || fail + $CRYPTSETUP luksSuspend $DEV_NAME || fail + $CRYPTSETUP luksResume $DEV_NAME <&- || fail + $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" && fail + $CRYPTSETUP luksSuspend $DEV_NAME || fail + $CRYPTSETUP luksResume $DEV_NAME --token-type luks2-keyring <&- || fail + $CRYPTSETUP close $DEV_NAME || fail + + # check --token-type sort of works (TODO: extend tests when native systemd tokens are available) + echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $OPAL2_DEV --token-id 22 || fail + # this excludes keyring tokens from unlocking device + $CRYPTSETUP open --token-only --token-type some_type $OPAL2_DEV --test-passphrase && fail + $CRYPTSETUP open --token-only --token-type some_type $OPAL2_DEV $DEV_NAME && fail + $CRYPTSETUP status $DEV_NAME > /dev/null && fail + + $CRYPTSETUP token remove --token-id 3 $OPAL2_DEV || fail + $CRYPTSETUP luksDump $OPAL2_DEV | grep -q -e "3: luks2-keyring" && fail + + # test we can remove keyslot with token + echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S4 $FAST_PBKDF_OPT $OPAL2_DEV || fail + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN1 --key-slot 4 --token-id 0 || fail + $CRYPTSETUP -q luksKillSlot $OPAL2_DEV 4 || fail + $CRYPTSETUP token remove --token-id 0 $OPAL2_DEV || fail + + # test we can add unassigned token + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 --unbound --token-id 0 || fail + $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV && fail + $CRYPTSETUP token remove --token-id 0 $OPAL2_DEV || fail + + # test token unassign works + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 -S0 --token-id 0 || fail + $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV || fail + $CRYPTSETUP token unassign --token-id 0 $OPAL2_DEV 2>/dev/null && fail + $CRYPTSETUP token unassign -S0 $OPAL2_DEV 2>/dev/null && fail + $CRYPTSETUP token unassign --token-id 0 -S0 $OPAL2_DEV || fail + $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV && fail + $CRYPTSETUP token unassign --token-id 0 -S0 $OPAL2_DEV 2>/dev/null && fail + $CRYPTSETUP token unassign --token-id 0 -S44 $OPAL2_DEV 2>/dev/null && fail + $CRYPTSETUP token unassign --token-id 44 -S0 $OPAL2_DEV 2>/dev/null && fail +fi +echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $OPAL2_DEV --token-id 10 || fail +echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $OPAL2_DEV --token-id 11 --json-file - || fail +echo -n "$IMPORT_TOKEN" > $TOKEN_FILE0 +$CRYPTSETUP token import $OPAL2_DEV --token-id 12 --json-file $TOKEN_FILE0 || fail +$CRYPTSETUP token import $OPAL2_DEV --token-id 12 --json-file $TOKEN_FILE0 2>/dev/null && fail +$CRYPTSETUP token export $OPAL2_DEV --token-id 10 >$TOKEN_FILE1 || fail +diff $TOKEN_FILE0 $TOKEN_FILE1 || fail +$CRYPTSETUP token export $OPAL2_DEV --token-id 11 >$TOKEN_FILE1 || fail +diff $TOKEN_FILE0 $TOKEN_FILE1 || fail +$CRYPTSETUP token export $OPAL2_DEV --token-id 12 >$TOKEN_FILE1 || fail +diff $TOKEN_FILE0 $TOKEN_FILE1 || fail +$CRYPTSETUP token export $OPAL2_DEV --token-id 12 --json-file $TOKEN_FILE1 || fail +diff $TOKEN_FILE0 $TOKEN_FILE1 || fail +$CRYPTSETUP token export $OPAL2_DEV --token-id 12 > $TOKEN_FILE1 || fail +diff $TOKEN_FILE0 $TOKEN_FILE1 || fail + +prepare "[29] LUKS keyslot priority" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -S 1 || fail +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q $OPAL2_DEV $FAST_PBKDF_OPT -S 5 || fail +$CRYPTSETUP config $OPAL2_DEV -S 0 --priority prefer && fail +$CRYPTSETUP config $OPAL2_DEV -S 1 --priority bla >/dev/null 2>&1 && fail +$CRYPTSETUP config $OPAL2_DEV -S 1 --priority ignore || fail +echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --test-passphrase 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --test-passphrase -S 1 || fail +echo $PWD2 | $CRYPTSETUP open $OPAL2_DEV --test-passphrase || fail +$CRYPTSETUP config $OPAL2_DEV -S 1 --priority normal || fail +echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --test-passphrase || fail +$CRYPTSETUP config $OPAL2_DEV -S 1 --priority ignore || fail +echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --test-passphrase 2>/dev/null && fail + +prepare "[30] LUKS label and subsystem" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Subsystem:" | grep -q "HW-OPAL" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Label:" | grep -q "(no label)" || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --subsystem SatelliteTwo --label TheLabel || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Subsystem:" | grep -q "SatelliteTwo" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Label:" | grep -q "TheLabel" || fail +$CRYPTSETUP config $OPAL2_DEV --subsystem SatelliteThree +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Subsystem:" | grep -q "SatelliteThree" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Label:" | grep -q "(no label)" || fail +$CRYPTSETUP config $OPAL2_DEV --subsystem SatelliteThree --label TheLabel +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Subsystem:" | grep -q "SatelliteThree" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Label:" | grep -q "TheLabel" || fail + +prepare "[31] LUKS PBKDF setting" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 --hw-opal --pbkdf bla $OPAL2_DEV >/dev/null 2>&1 && fail +# Force setting, no benchmark. PBKDF2 has 1000 iterations as a minimum +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" |$CRYPTSETUP luksFormat --type luks2 --hw-opal --pbkdf pbkdf2 --pbkdf-force-iterations 999 $OPAL2_DEV 2>/dev/null && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf pbkdf2 --pbkdf-force-iterations 1234 $OPAL2_DEV || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Iterations:" | grep -q "1234" || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf argon2id --pbkdf-force-iterations 3 $OPAL2_DEV 2>/dev/null && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf argon2id --pbkdf-force-iterations 4 --pbkdf-memory 100000 $OPAL2_DEV || can_fail_fips +$CRYPTSETUP luksDump $OPAL2_DEV | grep "PBKDF:" | grep -q "argon2id" || can_fail_fips +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf argon2i --pbkdf-force-iterations 4 \ + --pbkdf-memory 1234 --pbkdf-parallel 1 $OPAL2_DEV || can_fail_fips +$CRYPTSETUP luksDump $OPAL2_DEV | grep "PBKDF:" | grep -q "argon2i" || can_fail_fips +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Time cost:" | grep -q "4" || can_fail_fips +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Memory:" | grep -q "1234" || can_fail_fips +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Threads:" | grep -q "1" || can_fail_fips +# Benchmark +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf argon2i -i 500 --pbkdf-memory 1234 --pbkdf-parallel 1 $OPAL2_DEV || can_fail_fips +[ 0"$($CRYPTSETUP luksDump $OPAL2_DEV | grep "Time cost:" | cut -d: -f 2 | sed -e 's/\ //g')" -gt 0 ] || can_fail_fips +[ 0"$($CRYPTSETUP luksDump $OPAL2_DEV | grep "Memory:" | cut -d: -f 2 | sed -e 's/\ //g')" -gt 0 ] || can_fail_fips +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf pbkdf2 -i 500 $OPAL2_DEV || fail +[ 0"$($CRYPTSETUP luksDump $OPAL2_DEV | grep -m1 "Iterations:" | cut -d' ' -f 2 | sed -e 's/\ //g')" -gt 1000 ] || fail + +prepare "[32] LUKS Keyslot convert" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 0 || fail +echo "$PWD1" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S0 --new-key-slot 5 $OPAL2_DEV $KEY5 || fail +$CRYPTSETUP -q luksKillSlot $OPAL2_DEV 0 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "5: luks2" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "PBKDF:" | grep -q "pbkdf2" || fail +$CRYPTSETUP -q luksConvertKey $OPAL2_DEV -S 5 --key-file $KEY5 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "5: luks2" || can_fail_fips +echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV -S 1 --key-file $KEY5 || fail +$CRYPTSETUP -q luksKillSlot $OPAL2_DEV 5 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "1: luks2" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "PBKDF:" | grep -q "pbkdf2" || fail +echo $PWD1 | $CRYPTSETUP -q luksConvertKey $OPAL2_DEV -S 1 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "1: luks2" || can_fail_fips +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 21 --unbound -s 72 $OPAL2_DEV || fail +echo $PWD3 | $CRYPTSETUP luksConvertKey --pbkdf-force-iterations 1001 --pbkdf pbkdf2 -S 21 $OPAL2_DEV || fail + +prepare "[33] luksAddKey unbound tests" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 5 || fail +# unbound key may have arbitrary size +echo $PWD1 | $CRYPTSETUP luksChangeKey -q $OPAL2_DEV $FAST_PBKDF_OPT -S5 $KEY5 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 72 $OPAL2_DEV || fail +echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --unbound -s 72 -S 2 $OPAL2_DEV || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2 (unbound)" || fail +dd if=/dev/urandom of=$KEY_FILE0 bs=64 count=1 > /dev/null 2>&1 || fail +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --unbound -s 512 -S 3 --volume-key-file $KEY_FILE0 $OPAL2_DEV || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2 (unbound)" || fail +# unbound key size is required +echo $PWD1 | $CRYPTSETUP -q luksAddKey --unbound $OPAL2_DEV 2>/dev/null && fail +echo $PWD3 | $CRYPTSETUP -q luksAddKey --unbound --volume-key-file /dev/urandom $OPAL2_DEV 2> /dev/null && fail +# do not allow one to replace keyslot by unbound slot +echo $PWD1 | $CRYPTSETUP -q luksAddKey -S5 --unbound -s 32 $OPAL2_DEV 2>/dev/null && fail +echo $PWD2 | $CRYPTSETUP -q open $OPAL2_DEV $DEV_NAME 2> /dev/null && fail +echo $PWD2 | $CRYPTSETUP -q open -S2 $OPAL2_DEV $DEV_NAME 2> /dev/null && fail +echo $PWD2 | $CRYPTSETUP -q open -S2 $OPAL2_DEV --test-passphrase || fail +echo $PWD1 | $CRYPTSETUP -q open $OPAL2_DEV $DEV_NAME 2> /dev/null && fail +# check we're able to change passphrase for unbound keyslot +echo -e "$PWD2\n$PWD3" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT -S 2 $OPAL2_DEV || fail +echo $PWD3 | $CRYPTSETUP open --test-passphrase -S 2 $OPAL2_DEV || fail +echo $PWD3 | $CRYPTSETUP -q open -S 2 $OPAL2_DEV $DEV_NAME 2> /dev/null && fail +# do not allow adding keyslot by unbound keyslot +echo -e "$PWD3\n$PWD1" | $CRYPTSETUP -q luksAddKey $OPAL2_DEV 2> /dev/null && fail +# check adding keyslot works when there's unbound keyslot +echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV --key-file $KEY5 -S8 || fail +echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME || fail +$CRYPTSETUP close $DEV_NAME || fail +$CRYPTSETUP luksKillSlot -q $OPAL2_DEV 2 +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2 (unbound)" && fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 $OPAL2_DEV 2> /dev/null && fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound 2> /dev/null $OPAL2_DEV 2> /dev/null && fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $OPAL2_DEV > /dev/null || fail +diff $KEY_FILE0 $KEY_FILE1 || fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $OPAL2_DEV 2> /dev/null && fail +diff $KEY_FILE0 $KEY_FILE1 || fail +rm $KEY_FILE1 || fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $OPAL2_DEV | grep -q "Unbound Key:" && fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound -S3 $OPAL2_DEV | grep -q "Unbound Key:" || fail +$CRYPTSETUP luksKillSlot -q $OPAL2_DEV 3 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2 (unbound)" && fail + +prepare "[34] LUKS2 metadata areas" wipe +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV 2> /dev/null || fail +DEFAULT_OFFSET=$($CRYPTSETUP luksDump $OPAL2_DEV | grep "offset: " | cut -f 2 -d ' ') +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --key-size 256 --luks2-metadata-size=128k --luks2-keyslots-size=127k 2> /dev/null && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --key-size 256 --luks2-metadata-size=127k --luks2-keyslots-size=128k 2> /dev/null && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --key-size 256 --luks2-metadata-size=128k --luks2-keyslots-size=128M >/dev/null 2>&1 && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --key-size 256 --luks2-metadata-size=128k --luks2-keyslots-size=128k >/dev/null || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Metadata area:" | grep -q "131072 \[bytes\]" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Keyslots area:" | grep -q "131072 \[bytes\]" || fail +echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-size 256 --luks2-metadata-size=128k || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Metadata area:" | grep -q "131072 \[bytes\]" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Keyslots area:" | grep -q "$((DEFAULT_OFFSET-2*131072)) \[bytes\]" || fail +echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --key-size 256 --luks2-keyslots-size=128k >/dev/null || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Metadata area:" | grep -q "16384 \[bytes\]" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Keyslots area:" | grep -q "131072 \[bytes\]" || fail +echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --key-size 256 --offset 16384 || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Metadata area:" | grep -q "16384 \[bytes\]" || fail +$CRYPTSETUP luksDump $OPAL2_DEV | grep "Keyslots area:" | grep -q "8355840 \[bytes\]" || fail +echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail +# data offset vs area size +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --key-size 256 --offset 64 --luks2-keyslots-size=8192 >/dev/null 2>&1 && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --key-size 256 --offset $((256+56)) >/dev/null 2>&1 && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --key-size 256 --offset $((256+64)) >/dev/null || fail + +prepare "[35] Per-keyslot encryption parameters" wipe +KEYSLOT_CIPHER="aes-cbc-plain64" +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal-only $OPAL2_DEV $FAST_PBKDF_OPT --key-slot 0 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail +echo $PWD1 | $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT --key-slot 0 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $KEY1 || fail +[ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "0: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail +[ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "0: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail +$CRYPTSETUP luksAddKey -q $OPAL2_DEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 1 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail +[ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "1: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail +[ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "1: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail +$CRYPTSETUP luksAddKey -q $OPAL2_DEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 2 || fail +$CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 2 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail +[ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "2: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail +[ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "2: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail +# unbound keyslot +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --key-slot 21 --unbound -s 72 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $OPAL2_DEV || fail +[ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "21: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail +[ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "21: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail +echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --key-slot 22 --unbound -s 72 $OPAL2_DEV || fail +echo $PWD3 | $CRYPTSETUP luksConvertKey --key-slot 22 $OPAL2_DEV --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $OPAL2_DEV || fail +[ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "22: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail +[ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "22: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail + +prepare "[36] Some encryption compatibility mode tests" wipe +CIPHERS="aes-ecb aes-cbc-null aes-cbc-plain64 aes-cbc-essiv:sha256 aes-xts-plain64" +key_size=256 +for cipher in $CIPHERS ; do + echo -n "[$cipher/$key_size]" + echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal $OPAL2_DEV $FAST_PBKDF_OPT --cipher $cipher --key-size $key_size || fail +done +echo + +prepare "[37] New luksAddKey options." wipe +rm -f $VK_FILE +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat -q --type luks2 --hw-opal-only $FAST_PBKDF_OPT $OPAL2_DEV || fail +echo $PWD1 | $CRYPTSETUP luksDump -q $OPAL2_DEV --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail + +# pass pass +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S1 $FAST_PBKDF_OPT $OPAL2_DEV || fail +echo $PWD2 | $CRYPTSETUP open -q --test-passphrase -S1 $OPAL2_DEV || fail + +# pass file +echo "$PWD2" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S1 --new-key-slot 2 $OPAL2_DEV $KEY1 || fail +$CRYPTSETUP open --test-passphrase -q -S2 -d $KEY1 $OPAL2_DEV || fail + +# file pass +echo "$PWD3" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 -d $KEY1 --new-key-slot 3 $OPAL2_DEV || fail +echo $PWD3 | $CRYPTSETUP open -q --test-passphrase -S3 $OPAL2_DEV || fail + +# file file +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 4 -d $KEY1 --new-keyfile $KEY2 $OPAL2_DEV || fail +$CRYPTSETUP open --test-passphrase -q -S4 -d $KEY2 $OPAL2_DEV || fail + +# vk pass +echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S5 --volume-key-file $VK_FILE $OPAL2_DEV || fail +echo $PWD4 | $CRYPTSETUP open -q --test-passphrase -S5 $OPAL2_DEV || fail + +# vk file +$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S6 --volume-key-file $VK_FILE --new-keyfile $KEY5 $OPAL2_DEV || fail +$CRYPTSETUP open --test-passphrase -q -S6 -d $KEY5 $OPAL2_DEV || fail + +if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then + test_and_prepare_keyring + load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + load_key user $TEST_TOKEN1 $PWDW "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 --token-id 0 -S0 || fail + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN1 --token-id 1 --unbound || fail + + # pass token + echo -e "$PWD1" | $CRYPTSETUP luksAddKey -q -S7 --new-token-id 1 $FAST_PBKDF_OPT $OPAL2_DEV || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 7 || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV && fail + + # file token + $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 7 --new-token-id 1 -d $KEY1 $OPAL2_DEV || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 7 || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV && fail + + # vk token + $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S7 --volume-key-file $VK_FILE --new-token-id 1 $OPAL2_DEV || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 7 || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV && fail + + # token pass + echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S7 --token-id 0 $OPAL2_DEV || fail + echo $PWD4 | $CRYPTSETUP open -q --test-passphrase -S7 $OPAL2_DEV || fail + + # token file + echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S8 --token-id 0 $OPAL2_DEV $KEY2 || fail + $CRYPTSETUP open -q --test-passphrase -S8 --key-file $KEY2 $OPAL2_DEV || fail + + # token token + $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S9 --token-id 0 --new-token-id 1 $OPAL2_DEV || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 9 || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV && fail + + # reuse same token + $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S0 --new-key-slot 9 --token-id 0 --new-token-id 0 $OPAL2_DEV || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $OPAL2_DEV || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 9 || fail + + # reuse same token + $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --token-id 0 --new-token-id 0 $OPAL2_DEV || fail + echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 9 || fail + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $OPAL2_DEV || fail +fi + +if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then + prepare "[38] Link VK to a keyring and use custom VK type." wipe + + echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $OPAL2_DEV 2> /dev/null || fail + KEY_NAME="cryptsetup:test_volume_key_id" + test_and_prepare_keyring + KID=$(echo -n test | keyctl padd user my_token @s) + keyctl unlink $KID >/dev/null 2>&1 @s && SESSION_KEYRING_WORKS=1 + KID=$(echo -n test | keyctl padd user my_token @us) + keyctl unlink $KID >/dev/null 2>&1 @us && USER_SESSION_KEYRING_WORKS=1 + + test_vk_link $KEY_NAME "@u" + test_vk_link $KEY_NAME "@u" "user" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" "logon" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" "user" + test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" + test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" "user" + test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" "logon" + # explicitly specify keyring key type + test_vk_link $KEY_NAME "%keyring:$TEST_KEYRING_NAME" + + test_vk_link_and_reactivate $KEY_NAME "@u" "user" + test_vk_link_and_reactivate $KEY_NAME "@u" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link_and_reactivate $KEY_NAME "@s" "user" + test_vk_link_and_reactivate $KEY_NAME "%:$TEST_KEYRING_NAME" "user" + # explicitly specify keyring key type + test_vk_link_and_reactivate $KEY_NAME "%keyring:$TEST_KEYRING_NAME" "user" + test_vk_link_and_reactivate $KEY_NAME "%keyring:$TEST_KEYRING_NAME" + + # test numeric keyring name -5 is user session (@us) keyring + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring -5::%logon:$KEY_NAME || fail + keyctl search @us logon $KEY_NAME > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + $CRYPTSETUP close $DEV_NAME + keyctl search @us logon $KEY_NAME > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." + keyctl unlink "%logon:$KEY_NAME" @us || fail + + # test malformed keyring descriptions and key types + # missing key description + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "%$TEST_KEYRING_NAME::" > /dev/null 2>&1 && fail + # malformed keyring description + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring ":$TEST_KEYRING_NAME::$KEY_NAME" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "@uuu::$KEY_NAME" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "@usu::$KEY_NAME" > /dev/null 2>&1 && fail + + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "$TEST_KEYRING_NAME::%user" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "$TEST_KEYRING_NAME::%user:" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "%user:$KEY_NAME" > /dev/null 2>&1 && fail + + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "@t::%0:$KEY_NAME" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "@t::%blah:$KEY_NAME" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "@t::%userlogon:$KEY_NAME" > /dev/null 2>&1 && fail + +fi + +if ! fips_mode; then +prepare "[39] LUKS2 reencryption/decryption blocked" wipe + +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal $OPAL2_DEV || fail +test_reencryption_does_not_init + +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal-only $OPAL2_DEV || fail +test_reencryption_does_not_init + +prepare "[40] LUKS2 reencryption/decryption blocked (detached header)" wipe + +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --header $HEADER_IMG --type luks2 -s256 --hw-opal $OPAL2_DEV || fail +test_reencryption_does_not_init $HEADER_IMG + +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --header $HEADER_IMG --type luks2 -s256 --hw-opal-only $OPAL2_DEV || fail +test_reencryption_does_not_init $HEADER_IMG + +prepare "[41] LUKS2 encryption blocked" wipe + +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal $OPAL2_DEV 2>/dev/null && fail +$CRYPTSETUP isLuks $OPAL2_DEV && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP isLuks $OPAL2_DEV && fail +test -b $DEV_NAME && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal $OPAL2_DEV 2>/dev/null && fail +$CRYPTSETUP isLuks $OPAL2_DEV && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal-only $OPAL2_DEV 2>/dev/null && fail +$CRYPTSETUP isLuks $OPAL2_DEV && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal-only $OPAL2_DEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP isLuks $OPAL2_DEV && fail +test -b $DEV_NAME && fail +echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal-only $OPAL2_DEV 2>/dev/null && fail +$CRYPTSETUP isLuks $OPAL2_DEV && fail +fi + +prepare "[42] OPAL2 HW only test." wipe +test_device --hw-opal-only + +prepare "[43] OPAL2 + dmcrypt test." wipe +test_device --hw-opal + +prepare "[44] OPAL2 + auth encryption" wipe +test_device --hw-opal "-c aes-gcm-random --integrity aead" --integrity-no-wipe +test_device --hw-opal "-s 280 -c aes-ccm-random --integrity aead" --integrity-no-wipe + +prepare "[45] OPAL2 HW only test (detached header)" wipe +test_device_detached_header $HEADER_IMG --hw-opal-only + +prepare "[46] OPAL2 + dmcrypt test (detached header)" wipe +test_device_detached_header $HEADER_IMG --hw-opal + +prepare "[47] OPAL2 + auth encryption test (detached header)" wipe +test_device_detached_header $HEADER_IMG --hw-opal "-c aes-gcm-random --integrity aead" --integrity-no-wipe +test_device_detached_header $HEADER_IMG --hw-opal "-s 280 -c aes-ccm-random --integrity aead" --integrity-no-wipe + +# FIXME: Add partition based tests + +remove_mapping +reset_device_psid_nofail +exit 0 diff --git a/tests/compat-test2 b/tests/compat-test2 index c54dc7e..bc86563 100755 --- a/tests/compat-test2 +++ b/tests/compat-test2 @@ -3,9 +3,14 @@ PS4='$LINENO:' [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup +CRYPTSETUP_RAW=$CRYPTSETUP -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi DEV_NAME=dummy DEV_NAME2=dummy2 @@ -16,6 +21,7 @@ IMG10=luks-test-v10 HEADER_IMG=luks-header HEADER_KEYU=luks2_keyslot_unassigned.img HEADER_LUKS2_PV=blkid-luks2-pv.img +HEADER_LUKS2_INV=luks2_invalid_cipher.img KEY1=key1 KEY2=key2 KEY5=key5 @@ -50,7 +56,9 @@ function remove_mapping() [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME losetup -d $LOOPDEV >/dev/null 2>&1 - rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $HEADER_KEYU $VK_FILE $HEADER_LUKS2_PV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_* $KEY_FILE0 $KEY_FILE1 >/dev/null 2>&1 + rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $HEADER_KEYU $VK_FILE \ + $HEADER_LUKS2_PV $HEADER_LUKS2_INV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_* \ + $KEY_FILE0 $KEY_FILE1 >/dev/null 2>&1 # unlink whole test keyring [ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null @@ -154,7 +162,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -164,6 +175,8 @@ function valgrind_run() function dm_crypt_keyring_support() { + $CRYPTSETUP --version | grep -q KEYRING || return 1 + VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." @@ -284,6 +297,171 @@ function add_scsi_device() { [ -b $DEV ] || fail "Cannot find $DEV." } +# $1 key name +# $2 keyring to link VK to +# $3 key type (optional) +test_vk_link() { + KEY_TYPE=${3:-user} + if [ -z "$3" ]; then + KEY_DESC=$1 + else + KEY_DESC="%$3:$1" + fi + + KEYCTL_KEY_NAME="%$KEY_TYPE:$1" + + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$2"::"$KEY_DESC" || fail + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + $CRYPTSETUP close $DEV_NAME + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." + keyctl unlink "$KEYCTL_KEY_NAME" "$2" || fail + + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME || fail + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 && fail "VK is linked to the specified keyring before resume with linking." + $CRYPTSETUP luksSuspend $DEV_NAME || fail + echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --link-vk-to-keyring "$2"::"$KEY_DESC" || fail + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + $CRYPTSETUP close $DEV_NAME + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." + keyctl unlink "$KEYCTL_KEY_NAME" "$2" || fail +} + +# $1 key name +# $2 keyring to link VK to +# $3 key type (optional) +test_vk_link_and_reactivate() { + KEY_TYPE=${3:-user} + if [ -z "$3" ]; then + KEY_DESC=$1 + else + KEY_DESC="%$3:$1" + fi + + KEYCTL_KEY_NAME="%$KEY_TYPE:$1" + + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$2"::"$KEY_DESC" || fail + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + $CRYPTSETUP close $DEV_NAME || fail + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." + $CRYPTSETUP open $LOOPDEV $DEV_NAME --volume-key-keyring $KEY_DESC <&-|| fail "Failed to unlock volume via a VK in keyring." + $CRYPTSETUP luksSuspend $DEV_NAME || fail "Failed to suspend device." + $CRYPTSETUP luksResume $DEV_NAME --volume-key-keyring $KEY_DESC <&- || fail "Failed to resume via a VK in keyring." + + echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null || fail + echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail + echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-keyring $KEY_DESC $LOOPDEV --new-key-slot 1 || fail "Failed to add passphrase by VK in keyring." + echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null || fail + $CRYPTSETUP luksKillSlot -q $LOOPDEV 1 2>/dev/null || fail + + $CRYPTSETUP close $DEV_NAME || fail + # zero-out the key in keyring + keyctl pipe $KEYCTL_KEY_NAME | tr -c '\0' '\0' | keyctl pupdate $KEYCTL_KEY_NAME + $CRYPTSETUP open $LOOPDEV $DEV_NAME --volume-key-keyring $KEY_DESC <&- > /dev/null 2>&1 && fail "Unlocked volume via a bad VK in keyring." + keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after bad activation." + keyctl unlink $KEYCTL_KEY_NAME "$2" || fail +} + +# $1 first key name +# $2 second key name +# $3 keyring to link VK to +# $4 key type (optional) +test_reencrypt_vk_link() { + KEY_TYPE=${4:-user} + if [ -z "$4" ]; then + KEY_DESC=$1 + else + KEY_DESC="%$4:$1" + fi + if [ -z "$4" ]; then + KEY_DESC2=$2 + else + KEY_DESC2="%$4:$2" + fi + + KEYCTL_KEY_NAME="%$KEY_TYPE:$1" + KEYCTL_KEY_NAME2="%$KEY_TYPE:$2" + + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$3"::"$KEY_DESC" --link-vk-to-keyring "$3"::"$KEY_DESC2" || fail + keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + + keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + keyctl search "$3" $KEY_TYPE $2 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + $CRYPTSETUP close $DEV_NAME || fail + keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." + keyctl search "$3" $KEY_TYPE $2 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." + + keyctl unlink $KEYCTL_KEY_NAME "$3" || fail + keyctl unlink $KEYCTL_KEY_NAME2 "$3" || fail +} + +# $1 first key name +# $2 second key name +# $3 keyring to link VK to +# $4 key type (optional) +test_reencrypt_vk_link_and_reactivate() { + KEY_TYPE=${4:-user} + if [ -z "$4" ]; then + KEY_DESC=$1 + else + KEY_DESC="%$4:$1" + fi + if [ -z "$4" ]; then + KEY_DESC2=$2 + else + KEY_DESC2="%$4:$2" + fi + + KEYCTL_KEY_NAME="%$KEY_TYPE:$1" + KEYCTL_KEY_NAME2="%$KEY_TYPE:$2" + + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$3"::"$KEY_DESC" --link-vk-to-keyring "$3"::"$KEY_DESC2" || fail + keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + + keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + keyctl search "$3" $KEY_TYPE $2 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + $CRYPTSETUP close $DEV_NAME || fail + keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." + keyctl search "$3" $KEY_TYPE $2 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." + + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --volume-key-keyring "$KEY_DESC" --volume-key-keyring "$KEY_DESC2" || fail + $CRYPTSETUP close $DEV_NAME || fail + + keyctl unlink $KEYCTL_KEY_NAME "$3" || fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --volume-key-keyring "$KEY_DESC" --volume-key-keyring "$KEY_DESC2" > /dev/null 2>&1 && fail + keyctl unlink $KEYCTL_KEY_NAME2 "$3" || fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --volume-key-keyring "$KEY_DESC" --volume-key-keyring "$KEY_DESC2" > /dev/null 2>&1 && fail +} + +function expect_run() +{ + export INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" + expect "$@" +} + +# expected unlocked keyslot id +# command arguments +function expect_unlocked_keyslot() +{ + command -v expect >/dev/null || { + echo "WARNING: expect tool missing, interactive test will be skipped." + return 0 + } + + EXPECT_TIMEOUT=60 + EXPECT_KEY=$1 + + expect_run - >/dev/null <<EOF +proc abort {} { send_error "Timeout. "; exit 2 } +set timeout $EXPECT_TIMEOUT +eval spawn $CRYPTSETUP_RAW $2 +expect timeout abort "Key slot $EXPECT_KEY unlocked." +expect timeout abort "Command successful." +expect timeout abort eof +exit +EOF + [ $? -eq 0 ] || return 1 +} + export LANG=C [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." @@ -569,7 +747,7 @@ test $OLD_SIZE -eq $NEW_SIZE || fail $CRYPTSETUP close $DEV_NAME || fail prepare "[20] Disallow open/create if already mapped." wipe -$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail +$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --cipher aes-cbc-essiv:sha256 --key-size 256 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP remove $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail @@ -626,6 +804,24 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null && fail +# make a free space in keyslot area +echo $PWD1 | $CRYPTSETUP luksKillSlot -q $LOOPDEV 0 || fail + +# assert LUKS2 does not overwrite existing area with specific keyslot id +AREA_OFFSET_OLD=$($CRYPTSETUP luksDump $LOOPDEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') +[ 0$AREA_OFFSET_OLD -gt 0 ] || fail +echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey --key-slot 1 $LOOPDEV $FAST_PBKDF_OPT +AREA_OFFSET_NEW=$($CRYPTSETUP luksDump $LOOPDEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') +[ 0$AREA_OFFSET_NEW -gt 0 ] || fail +[ $AREA_OFFSET_OLD -ne $AREA_OFFSET_NEW ] || fail "Area offsets remained same: old area $AREA_OFFSET_OLD, new area $AREA_OFFSET_NEW" + +# assert LUKS2 does not overwrite existing area with any sklot +AREA_OFFSET_OLD=$($CRYPTSETUP luksDump $LOOPDEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') +[ 0$AREA_OFFSET_OLD -gt 0 ] || fail +echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT +AREA_OFFSET_NEW=$($CRYPTSETUP luksDump $LOOPDEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') +[ 0$AREA_OFFSET_NEW -gt 0 ] || fail +[ $AREA_OFFSET_OLD -ne $AREA_OFFSET_NEW ] || fail "Area offsets remained same: old area $AREA_OFFSET_OLD, new area $AREA_OFFSET_NEW" prepare "[24] Keyfile limit" wipe $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail @@ -924,6 +1120,40 @@ if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then $CRYPTSETUP token unassign --token-id 0 -S0 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP token unassign --token-id 0 -S44 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP token unassign --token-id 44 -S0 $LOOPDEV 2>/dev/null && fail + + $CRYPTSETUP token remove $LOOPDEV --token-id 0 || fail + $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN0 -S0 --token-id 0 || fail + + # token 8 assigned to keyslot 0 and 5. Unlocks only 5 + echo "$PWD2" | $CRYPTSETUP luksAddKey -q -S5 $FAST_PBKDF_OPT --token-id 0 $LOOPDEV || fail + echo -n "{\"type\":\"luks2-keyring\",\"keyslots\":[\"0\",\"5\"],\"key_description\":\"$TEST_TOKEN1\"}" | $CRYPTSETUP token import $LOOPDEV --token-id 8 || fail + load_key user $TEST_TOKEN1 "$PWD2" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + + # token 3 assigned to keyslot 1 (wrong passphrase) + echo "$PWD3" | $CRYPTSETUP luksAddKey -q -S1 $FAST_PBKDF_OPT --token-id 0 $LOOPDEV || fail + $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN2 -S1 --token-id 3 || fail + load_key user $TEST_TOKEN2 "$PWDW" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + + # specific token, specific keyslot + $CRYPTSETUP open --test-passphrase --token-id 0 -S0 $LOOPDEV --token-only <&- || fail + # specific keyslot unlocked by any token + $CRYPTSETUP open --test-passphrase -S0 $LOOPDEV --token-only <&- || fail + + # token 0 unusable for keyslot 5 + $CRYPTSETUP open --test-passphrase --token-id 0 -S5 $LOOPDEV --token-only <&- >/dev/null && fail + # backup interactive prompt should work + echo $PWD2 | $CRYPTSETUP open --test-passphrase --token-id 0 -S5 $LOOPDEV || fail + + $CRYPTSETUP open --test-passphrase -S5 --token-id 8 $LOOPDEV <&- || fail + $CRYPTSETUP open --test-passphrase -S5 $LOOPDEV <&- || fail + + expect_unlocked_keyslot 5 "open -v --test-passphrase --token-id 8 -S5 $LOOPDEV" || fail + expect_unlocked_keyslot 5 "open -v --test-passphrase --token-id 8 $LOOPDEV" || fail + + $CRYPTSETUP open --test-passphrase -S0 --token-id 8 $LOOPDEV --token-only >/dev/null && fail + [ $? -ne 2 ] && fail "open should return EPERM exit code." + $CRYPTSETUP open --test-passphrase -S1 $LOOPDEV --token-only && fail + [ $? -ne 2 ] && fail "open should return EPERM exit code." fi echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 10 || fail echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 11 --json-file - || fail @@ -1200,5 +1430,135 @@ if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $IMG || fail fi +prepare "[44] LUKS2 invalid cipher (kernel cipher driver name)" wipe +xz -dk $HEADER_LUKS2_INV.xz +dd if=$HEADER_LUKS2_INV of=$IMG conv=notrunc >/dev/null 2>&1 +$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "capi:xts(ecb(aes-generic))-plain64" || fail +echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail +echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME 2>&1 | grep -q "No known cipher specification pattern" || fail +echo $PWD1 | $CRYPTSETUP reencrypt $LOOPDEV >/dev/null 2>&1 && fail +dmsetup create $DEV_NAME --uuid CRYPT-LUKS2-3d20686f551748cb89911ad32379821b-test --table \ + "0 8 crypt capi:xts(ecb(aes-generic))-plain64 edaa40709797973715e572bf7d86fcbb9cfe2051083c33c28d58fe4e1e7ff642 0 $LOOPDEV 32768" +$CRYPTSETUP status $DEV_NAME | grep -q "n/a" || fail +$CRYPTSETUP close $DEV_NAME ||fail + +if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then + prepare "[45] Link VK to a keyring and use custom VK type." wipe + + echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV 2> /dev/null || fail + KEY_NAME="cryptsetup:test_volume_key_id" + KEY_NAME2="cryptsetup:test_volume_key_id2" + KEY_NAME3="cryptsetup:test_volume_key_id3" + test_and_prepare_keyring + KID=$(echo -n test | keyctl padd user my_token @s) + keyctl unlink $KID >/dev/null 2>&1 @s && SESSION_KEYRING_WORKS=1 + KID=$(echo -n test | keyctl padd user my_token @us) + keyctl unlink $KID >/dev/null 2>&1 @us && USER_SESSION_KEYRING_WORKS=1 + + test_vk_link $KEY_NAME "@u" + test_vk_link $KEY_NAME "@u" "user" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" "logon" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" "user" + test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" + test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" "user" + test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" "logon" + # explicitly specify keyring key type + test_vk_link $KEY_NAME "%keyring:$TEST_KEYRING_NAME" + + test_vk_link_and_reactivate $KEY_NAME "@u" "user" + test_vk_link_and_reactivate $KEY_NAME "@u" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link_and_reactivate $KEY_NAME "@s" "user" + test_vk_link_and_reactivate $KEY_NAME "%:$TEST_KEYRING_NAME" "user" + # explicitly specify keyring key type + test_vk_link_and_reactivate $KEY_NAME "%keyring:$TEST_KEYRING_NAME" "user" + test_vk_link_and_reactivate $KEY_NAME "%keyring:$TEST_KEYRING_NAME" + + # test numeric keyring name -5 is user session (@us) keyring + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring -5::%logon:$KEY_NAME || fail + keyctl search @us logon $KEY_NAME > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." + $CRYPTSETUP close $DEV_NAME + keyctl search @us logon $KEY_NAME > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." + keyctl unlink "%logon:$KEY_NAME" @us || fail + + # test malformed keyring descriptions and key types + # missing key description + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "%$TEST_KEYRING_NAME::" > /dev/null 2>&1 && fail + # malformed keyring description + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring ":$TEST_KEYRING_NAME::$KEY_NAME" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@uuu::$KEY_NAME" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@usu::$KEY_NAME" > /dev/null 2>&1 && fail + + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$TEST_KEYRING_NAME::%user" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$TEST_KEYRING_NAME::%user:" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "%user:$KEY_NAME" > /dev/null 2>&1 && fail + + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@t::%0:$KEY_NAME" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@t::%blah:$KEY_NAME" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@t::%userlogon:$KEY_NAME" > /dev/null 2>&1 && fail + + # test that only one VK name is used, when the device is not in reencryption + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@u::%user:$KEY_NAME" --link-vk-to-keyring "@u::%user:$KEY_NAME2" > /dev/null 2>&1 || fail + keyctl unlink "%user:$KEY_NAME" @u || fail + keyctl unlink "%user:$KEY_NAME2" @u > /dev/null 2>&1 && fail + $CRYPTSETUP close $DEV_NAME || fail + + # test linkning multiple VKs during reencryption + echo $PWD1 | $CRYPTSETUP -q reencrypt $LOOPDEV --init-only + + test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "@u" + test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "@u" "user" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "@s" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "@s" "logon" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "@s" "user" + test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "%:$TEST_KEYRING_NAME" + test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "%:$TEST_KEYRING_NAME" "user" + test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "%:$TEST_KEYRING_NAME" "logon" + # explicitly specify keyring key type + test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "%keyring:$TEST_KEYRING_NAME" + + test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "@u" + test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "@u" "user" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "@s" + [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "@s" "user" + test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "%:$TEST_KEYRING_NAME" + test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "%:$TEST_KEYRING_NAME" "user" + + # explicitly specify keyring key type + test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "%keyring:$TEST_KEYRING_NAME" + + # the keyring and key type have to be the same for both keys + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@s::%user:$KEY_NAME" --link-vk-to-keyring "@u::%user:$KEY_NAME2" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@u::%logon:$KEY_NAME" --link-vk-to-keyring "@u::%user:$KEY_NAME2" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@s::%logon:$KEY_NAME" --link-vk-to-keyring "@u::%user:$KEY_NAME2" > /dev/null 2>&1 && fail + + # supply one/three key name(s) when two names are required + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@s::%logon:$KEY_NAME" > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@s::%logon:$KEY_NAME" --link-vk-to-keyring "@s::%logon:$KEY_NAME2" --link-vk-to-keyring "@s::%logon:$KEY_NAME3" > /dev/null 2>&1 && fail +fi + +prepare "[45] Blkid disable check" wipe +if [ "$HAVE_BLKID" -gt 0 ]; then + xz -dkf $HEADER_LUKS2_PV.xz + # batch mode disables blkid print, use --debug to check it + echo $PWD1 | $CRYPTSETUP -q --debug luksFormat $FAST_PBKDF_OPT --type luks2 $HEADER_LUKS2_PV 2>&1 | grep -q "LVM2_member" || fail + xz -dkf $HEADER_LUKS2_PV.xz + echo $PWD1 | $CRYPTSETUP -q --debug --disable-blkid luksFormat $FAST_PBKDF_OPT --type luks2 $HEADER_LUKS2_PV 2>&1 | grep -q "LVM2_member" && fail +fi + +prepare "[46] Init from suspended device" wipe +dmsetup create $DEV_NAME --table "0 39998 linear $LOOPDEV 2" || fail +echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 --header $HEADER_IMG /dev/mapper/$DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP -q luksOpen --header $HEADER_IMG /dev/mapper/$DEV_NAME $DEV_NAME2 || fail +# underlying device now returns error but node is still present +dmsetup load $DEV_NAME --table "0 40000 error" || fail +dmsetup resume $DEV_NAME || fail +dmsetup suspend $DEV_NAME || fail +# status must print data even if data device is suspended +$CRYPTSETUP -q status --debug --header $HEADER_IMG $DEV_NAME2 | grep "type:" | grep -q "LUKS2" || fail +dmsetup resume $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME2 || fail +dmsetup remove --retry $DEV_NAME || fail + remove_mapping exit 0 diff --git a/tests/crypto-vectors.c b/tests/crypto-vectors.c index ae8dd68..02e6be3 100644 --- a/tests/crypto-vectors.c +++ b/tests/crypto-vectors.c @@ -1,7 +1,7 @@ /* * cryptsetup crypto backend test vectors * - * Copyright (C) 2018-2023 Milan Broz + * Copyright (C) 2018-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -74,12 +74,9 @@ struct kdf_test_vector { unsigned int password_length; const char *salt; unsigned int salt_length; -// const char *key; -// unsigned int key_length; -// const char *ad; -// unsigned int ad_length; const char *output; unsigned int output_length; + bool can_fail_fips; /* violates minimal length check */ }; static struct kdf_test_vector kdf_test_vectors[] = { @@ -92,17 +89,11 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\x01\x01\x01\x01\x01\x01\x01\x01", 32, "\x02\x02\x02\x02\x02\x02\x02\x02" "\x02\x02\x02\x02\x02\x02\x02\x02", 16, -// "\x03\x03\x03\x03\x03\x03\x03\x03", 8, -// "\x04\x04\x04\x04\x04\x04\x04\x04" -// "\x04\x04\x04\x04", 12, "\xa9\xa7\x51\x0e\x6d\xb4\xd5\x88" "\xba\x34\x14\xcd\x0e\x09\x4d\x48" "\x0d\x68\x3f\x97\xb9\xcc\xb6\x12" - "\xa5\x44\xfe\x8e\xf6\x5b\xa8\xe0", 32 -// "\xc8\x14\xd9\xd1\xdc\x7f\x37\xaa" -// "\x13\xf0\xd7\x7f\x24\x94\xbd\xa1" -// "\xc8\xde\x6b\x01\x6d\xd3\x88\xd2" -// "\x99\x52\xa4\xc4\x67\x2b\x6c\xe8", 32 + "\xa5\x44\xfe\x8e\xf6\x5b\xa8\xe0", 32, + true }, { "argon2id", NULL, 0, 3, 32, 4, @@ -112,17 +103,11 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\x01\x01\x01\x01\x01\x01\x01\x01", 32, "\x02\x02\x02\x02\x02\x02\x02\x02" "\x02\x02\x02\x02\x02\x02\x02\x02", 16, -// "\x03\x03\x03\x03\x03\x03\x03\x03", 8, -// "\x04\x04\x04\x04\x04\x04\x04\x04" -// "\x04\x04\x04\x04", 12, "\x03\xaa\xb9\x65\xc1\x20\x01\xc9" "\xd7\xd0\xd2\xde\x33\x19\x2c\x04" "\x94\xb6\x84\xbb\x14\x81\x96\xd7" - "\x3c\x1d\xf1\xac\xaf\x6d\x0c\x2e", 32 -// "\x0d\x64\x0d\xf5\x8d\x78\x76\x6c" -// "\x08\xc0\x37\xa3\x4a\x8b\x53\xc9" -// "\xd0\x1e\xf0\x45\x2d\x75\xb6\x5e" -// "\xb5\x25\x20\xe9\x6b\x01\xe6\x59", 32 + "\x3c\x1d\xf1\xac\xaf\x6d\x0c\x2e", 32, + true }, /* empty password */ { @@ -133,7 +118,8 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\xbb\x1f\xf2\xb9\x9f\xd4\x4a\xd9" "\xdf\x7f\xb9\x54\x55\x9e\xb8\xeb" "\xb5\x9d\xab\xce\x2e\x62\x9f\x9b" - "\x89\x09\xfe\xde\x57\xcc\x63\x86", 32 + "\x89\x09\xfe\xde\x57\xcc\x63\x86", 32, + true }, { "argon2id", NULL, 0, 3, 128, 1, @@ -143,7 +129,8 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\x09\x2f\x38\x35\xac\xb2\x43\x92" "\x93\xeb\xcd\xe8\x04\x16\x6a\x31" "\xce\x14\xd4\x55\xdb\xd8\xf7\xe6" - "\xb4\xf5\x9d\x64\x8e\xd0\x3a\xdb", 32 + "\xb4\xf5\x9d\x64\x8e\xd0\x3a\xdb", 32, + true }, /* RFC 3962 */ { @@ -153,7 +140,8 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01" "\x56\x5a\x11\x22\xb2\x56\x35\x15" "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3" - "\x33\xec\xc0\xe2\xe1\xf7\x08\x37", 32 + "\x33\xec\xc0\xe2\xe1\xf7\x08\x37", 32, + true }, { "pbkdf2", "sha1", 64, 2, 0, 0, "password", 8, @@ -161,7 +149,8 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e" "\x98\x8b\x62\xc7\x3c\xda\x93\x5d" "\xa0\x53\x78\xb9\x32\x44\xec\x8f" - "\x48\xa9\x9e\x61\xad\x79\x9d\x86", 32 + "\x48\xa9\x9e\x61\xad\x79\x9d\x86", 32, + true }, { "pbkdf2", "sha1", 64, 1200, 0, 0, "password", 8, @@ -169,7 +158,8 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e" "\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b" "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f" - "\x70\x8a\x31\xe2\xe6\x2b\x1e\x13", 32 + "\x70\x8a\x31\xe2\xe6\x2b\x1e\x13", 32, + false }, { "pbkdf2", "sha1", 64, 5, 0, 0, "password", 8, @@ -177,7 +167,8 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\xd1\xda\xa7\x86\x15\xf2\x87\xe6" "\xa1\xc8\xb1\x20\xd7\x06\x2a\x49" "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6" - "\xad\xf4\xfa\x57\x4b\x6e\x64\xee", 32 + "\xad\xf4\xfa\x57\x4b\x6e\x64\xee", 32, + true }, { "pbkdf2", "sha1", 64, 1200, 0, 0, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" @@ -186,7 +177,8 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b" "\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9" "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc" - "\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1", 32 + "\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1", 32, + false }, { "pbkdf2", "sha1", 64, 1200, 0, 0, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" @@ -195,7 +187,8 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5" "\x1b\x10\xe6\xa6\x87\x21\xbe\x61" "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b" - "\x36\xbe\x92\x46\x91\x5e\xc8\x2a", 32 + "\x36\xbe\x92\x46\x91\x5e\xc8\x2a", 32, + false }, { "pbkdf2", "sha1", 64, 50, 0, 0, "\360\235\204\236", 4, // g-clef ("\xf09d849e) @@ -203,52 +196,60 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43" "\xa5\xb8\xbb\x27\x6a\x40\x3b\x39" "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2" - "\x81\xff\x30\x69\xe1\xe9\x4f\x52", 32 + "\x81\xff\x30\x69\xe1\xe9\x4f\x52", 32, + true }, { /* RFC-6070 */ "pbkdf2", "sha1", 64, 1, 0, 0, "password", 8, "salt", 4, "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9" - "\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6", 20 + "\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6", 20, + true }, { "pbkdf2", "sha1", 64, 2, 0, 0, "password", 8, "salt", 4, "\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e" - "\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57", 20 + "\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57", 20, + true }, { "pbkdf2", "sha1", 64, 4096, 0, 0, "password", 8, "salt", 4, "\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad" - "\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1", 20 + "\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1", 20, + true }, { "pbkdf2", "sha1", 64, 16777216, 0, 0, "password", 8, "salt", 4, "\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94" - "\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84", 20 + "\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84", 20, + true }, { "pbkdf2", "sha1", 64, 4096, 0, 0, "passwordPASSWORDpassword", 24, "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8" "\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96" - "\x4c\xf2\xf0\x70\x38", 25 + "\x4c\xf2\xf0\x70\x38", 25, + false }, { "pbkdf2", "sha1", 64, 4096, 0, 0, "pass\0word", 9, "sa\0lt", 5, "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37" - "\xd7\xf0\x34\x25\xe0\xc3", 16 + "\xd7\xf0\x34\x25\xe0\xc3", 16, + true }, { /* empty password test */ "pbkdf2", "sha1", 64, 2, 0, 0, "", 0, "salt", 4, "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2" - "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97", 20 + "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97", 20, + true }, { /* Password exceeds block size test */ "pbkdf2", "sha256", 64, 1200, 0, 0, @@ -258,7 +259,8 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\x22\x34\x4b\xc4\xb6\xe3\x26\x75" "\xa8\x09\x0f\x3e\xa8\x0b\xe0\x1d" "\x5f\x95\x12\x6a\x2c\xdd\xc3\xfa" - "\xcc\x4a\x5e\x6d\xca\x04\xec\x58", 32 + "\xcc\x4a\x5e\x6d\xca\x04\xec\x58", 32, + false }, { "pbkdf2", "sha512", 128, 1200, 0, 0, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" @@ -269,7 +271,8 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\x0f\xb2\xed\x2c\x0e\x6e\xfb\x7d" "\x7d\x8e\xdd\x58\x01\xb4\x59\x72" "\x99\x92\x16\x30\x5e\xa4\x36\x8d" - "\x76\x14\x80\xf3\xe3\x7a\x22\xb9", 32 + "\x76\x14\x80\xf3\xe3\x7a\x22\xb9", 32, + false }, { "pbkdf2", "whirlpool", 64, 1200, 0, 0, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" @@ -278,7 +281,8 @@ static struct kdf_test_vector kdf_test_vectors[] = { "\x9c\x1c\x74\xf5\x88\x26\xe7\x6a" "\x53\x58\xf4\x0c\x39\xe7\x80\x89" "\x07\xc0\x31\x19\x9a\x50\xa2\x48" - "\xf1\xd9\xfe\x78\x64\xe5\x84\x50", 32 + "\xf1\xd9\xfe\x78\x64\xe5\x84\x50", 32, + true } }; @@ -1024,23 +1028,38 @@ static int pbkdf_test_vectors(void) { char result[256]; unsigned int i; + struct crypt_hash *h; const struct kdf_test_vector *vec; for (i = 0; i < ARRAY_SIZE(kdf_test_vectors); i++) { crypt_backend_memzero(result, sizeof(result)); vec = &kdf_test_vectors[i]; - printf("PBKDF vector %02d %s ", i, vec->type); + if (vec->hash) + printf("PBKDF vector %02d %s-%s ", i, vec->type, vec->hash); + else + printf("PBKDF vector %02d %s ", i, vec->type); if (vec->hash && crypt_hmac_size(vec->hash) < 0) { printf("[%s N/A]\n", vec->hash); continue; } + if (vec->hash) { + if (crypt_hash_init(&h, vec->hash) < 0) { + printf("[%s N/A (init)]\n", vec->hash); + continue; + } + crypt_hash_destroy(h); + } if (crypt_pbkdf(vec->type, vec->hash, vec->password, vec->password_length, vec->salt, vec->salt_length, result, vec->output_length, vec->iterations, vec->memory, vec->parallelism) < 0) { - printf("[%s-%s N/A]\n", vec->type, vec->hash); - continue; + if (vec->can_fail_fips && fips_mode()) { + printf("[API FAILED, IGNORED (FIPS mode)]\n"); + continue; + } + printf("[API FAILED]\n"); + return EXIT_FAILURE; } if (memcmp(result, vec->output, vec->output_length)) { printf("[FAILED]\n"); diff --git a/tests/device-test b/tests/device-test index c8b53bb..9aaf03c 100755 --- a/tests/device-test +++ b/tests/device-test @@ -8,10 +8,15 @@ DEV_NAME2="ymmud" PWD1="93R4P4pIqAH8" PWD2="mymJeD8ivEhE" FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" +PLAIN_OPT="--type plain --cipher aes-cbc-essiv:sha256 --key-size 256 --hash sha256" SKIP_COUNT=0 -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi cleanup() { [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME @@ -43,7 +48,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -100,21 +108,6 @@ function dm_crypt_features() DM_PERF_NO_WORKQUEUE=1 } -function dm_crypt_keyring_support() -{ - VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) - [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." - - VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) - VER_MIN=$(echo $VER_STR | cut -f 2 -d.) - - # run the test with dm-crypt v1.15.0+ on purpose - # the fix is in dm-crypt v1.18.1+ - [ $VER_MAJ -gt 1 ] && return 0 - [ $VER_MAJ -lt 1 ] && return 1 - [ $VER_MIN -ge 15 ] -} - format() # format { add_image @@ -165,33 +158,33 @@ if [ -z "$DM_PERF_CPU" ]; then SKIP_COUNT=$((SKIP_COUNT+1)) else echo -n "PLAIN: same_cpu_crypt submit_from_cpus " - echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail + echo -e "$PWD1" | $CRYPTSETUP open -q $PLAIN_OPT $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail check_io $CRYPTSETUP close $DEV_NAME || fail echo -n "allow_discards " - echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail + echo -e "$PWD1" | $CRYPTSETUP open -q $PLAIN_OPT $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail $CRYPTSETUP status $DEV_NAME | grep -q discards || fail check_io $CRYPTSETUP close $DEV_NAME || fail - echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME || fail - echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail + echo -e "$PWD1" | $CRYPTSETUP open -q $PLAIN_OPT $DEV $DEV_NAME || fail + echo -e "$PWD1" | $CRYPTSETUP refresh $PLAIN_OPT -q $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail # Hash affects volume key for plain device. Check we can detect it - echo -e "$PWD1" | $CRYPTSETUP refresh -q $DEV_NAME --hash sha512 --perf-same_cpu_crypt --allow-discards 2>/dev/null && fail + echo -e "$PWD1" | $CRYPTSETUP refresh -q $DEV_NAME --cipher aes-cbc-essiv:sha256 --key-size 256 --hash sha512 --perf-same_cpu_crypt --allow-discards 2>/dev/null && fail $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail $CRYPTSETUP status $DEV_NAME | grep -q discards || fail - echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --allow-discards || fail + echo -e "$PWD1" | $CRYPTSETUP refresh $PLAIN_OPT -q $DEV_NAME --allow-discards || fail $CRYPTSETUP status $DEV_NAME | grep -q discards || fail $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail - echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME || fail + echo -e "$PWD1" | $CRYPTSETUP refresh $PLAIN_OPT -q $DEV_NAME || fail $CRYPTSETUP status $DEV_NAME | grep -q discards && fail $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail - echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 $DEV $DEV_NAME2 2>/dev/null && fail + echo -e "$PWD1" | $CRYPTSETUP refresh $PLAIN_OPT $DEV $DEV_NAME2 2>/dev/null && fail if [ -n "$DM_PERF_NO_WORKQUEUE" ]; then echo -n "no_read_workqueue no_write_workqueue" - echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-no_read_workqueue --perf-no_write_workqueue || fail + echo -e "$PWD1" | $CRYPTSETUP refresh $PLAIN_OPT -q $DEV_NAME --perf-no_read_workqueue --perf-no_write_workqueue || fail $CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail $CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail check_io @@ -279,9 +272,12 @@ else echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --disable-keyring || fail $CRYPTSETUP status $DEV_NAME | grep -q keyring && fail if [ -n "$DM_KEYRING" ]; then - echo -n "keyring " - echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME || fail - $CRYPTSETUP status $DEV_NAME | grep -q keyring || fail + $CRYPTSETUP --version | grep -q KEYRING + if [ $? -eq 0 ]; then + echo -n "keyring " + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME | grep -q keyring || fail + fi fi if [ -n "$DM_PERF_NO_WORKQUEUE" ]; then echo -n "no_read_workqueue no_write_workqueue" @@ -299,7 +295,7 @@ else fi echo "[3] Kernel dmcrypt sector size options" -echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --sector-size 4096 >/dev/null 2>&1 +echo -e "$PWD1" | $CRYPTSETUP open $PLAIN_OPT $DEV $DEV_NAME --sector-size 4096 >/dev/null 2>&1 ret=$? [ -z "$DM_SECTOR_SIZE" -a $ret -eq 0 ] && fail "cryptsetup activated device with --sector-size option on incompatible kernel!" if [ $ret -ne 0 ] ; then @@ -312,18 +308,18 @@ else $CRYPTSETUP close $DEV_NAME || fail echo -n "PLAIN sector size:" - echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --sector-size 1234 >/dev/null 2>&1 && fail + echo -e "$PWD1" | $CRYPTSETUP open $PLAIN_OPT $DEV $DEV_NAME --sector-size 1234 >/dev/null 2>&1 && fail for S in 512 1024 2048 4096; do echo -n "[$S]" - echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --sector-size $S || fail + echo -e "$PWD1" | $CRYPTSETUP open -q $PLAIN_OPT $DEV $DEV_NAME --sector-size $S || fail check_sector_size $S $CRYPTSETUP close $DEV_NAME || fail done - echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --iv-large-sectors >/dev/null 2>&1 && fail + echo -e "$PWD1" | $CRYPTSETUP open $PLAIN_OPT $DEV $DEV_NAME --iv-large-sectors >/dev/null 2>&1 && fail for S in 1024 2048 4096; do echo -n "[$S/IV]" - echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --sector-size $S --iv-large-sectors || fail + echo -e "$PWD1" | $CRYPTSETUP open -q $PLAIN_OPT $DEV $DEV_NAME --sector-size $S --iv-large-sectors || fail check_sector_size $S dmsetup table $DEV_NAME | grep -q "iv_large_sectors" || fail $CRYPTSETUP close $DEV_NAME || fail diff --git a/tests/differ.c b/tests/differ.c index 95da8e5..0045b04 100644 --- a/tests/differ.c +++ b/tests/differ.c @@ -1,7 +1,7 @@ /* * cryptsetup file differ check (rewritten Clemens' fileDiffer in Python) * - * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/discards-test b/tests/discards-test index 870f74d..27e5a5b 100755 --- a/tests/discards-test +++ b/tests/discards-test @@ -6,14 +6,18 @@ DEV_NAME="discard-t3st" DEV="" PWD1="93R4P4pIqAH8" -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi cleanup() { [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME udevadm settle >/dev/null 2>&1 rmmod scsi_debug >/dev/null 2>&1 - sleep 2 + sleep 1 } fail() @@ -34,7 +38,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -54,7 +61,7 @@ add_device() { exit 77 fi - sleep 2 + sleep 1 DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) DEV="/dev/$DEV" @@ -103,7 +110,7 @@ dmsetup table $DEV_NAME | grep allow_discards >/dev/null || fail $CRYPTSETUP luksClose $DEV_NAME || fail echo "[2] Allowing discards for plain device" -echo $PWD1 | $CRYPTSETUP create -q $DEV_NAME $DEV --hash sha256 --allow-discards || fail +echo $PWD1 | $CRYPTSETUP create -q $DEV_NAME $DEV --cipher aes-cbc-essiv:sha256 --key-size 256 --hash sha256 --allow-discards || fail $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail $CRYPTSETUP resize $DEV_NAME --size 100 || fail $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail diff --git a/tests/fake_systemd_tpm_path.c b/tests/fake_systemd_tpm_path.c index 6d82989..3dff718 100644 --- a/tests/fake_systemd_tpm_path.c +++ b/tests/fake_systemd_tpm_path.c @@ -2,9 +2,9 @@ #include <stdlib.h> /* systemd tpm2-util.h */ -int tpm2_find_device_auto(int log_level, char **ret); +int tpm2_find_device_auto(char **ret); -extern int tpm2_find_device_auto(int log_level __attribute__((unused)), char **ret) +extern int tpm2_find_device_auto(char **ret) { const char *path = getenv("TPM_PATH"); diff --git a/tests/fake_token_path.c b/tests/fake_token_path.c deleted file mode 100644 index 7b2bad3..0000000 --- a/tests/fake_token_path.c +++ /dev/null @@ -1,6 +0,0 @@ -#include <libcryptsetup.h> - -const char *crypt_token_external_path(void) -{ - return BUILD_DIR; -} diff --git a/tests/fuzz/LUKS2.proto b/tests/fuzz/LUKS2.proto index 3a0f287..f54ed6b 100644 --- a/tests/fuzz/LUKS2.proto +++ b/tests/fuzz/LUKS2.proto @@ -1,8 +1,8 @@ /* * cryptsetup LUKS2 custom mutator * - * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -229,7 +229,7 @@ enum keyslot_af_type { KEYSLOT_AF_TYPE_LUKS1 = 1; } -// The af (anti-forensic splitter) object contains this madatory field: +// The af (anti-forensic splitter) object contains this mandatory field: // - type [string] the anti-forensic function type. // AF type luks1 (compatible with LUKS1 [1]) contains these additional fields: // - stripes [integer] the number of stripes, for historical reasons only the 4000 value is supported. diff --git a/tests/fuzz/LUKS2_plain_JSON.proto b/tests/fuzz/LUKS2_plain_JSON.proto index 59096b7..da8ea00 100644 --- a/tests/fuzz/LUKS2_plain_JSON.proto +++ b/tests/fuzz/LUKS2_plain_JSON.proto @@ -1,8 +1,8 @@ /* * cryptsetup LUKS2 custom mutator * - * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/fuzz/crypt2_load_fuzz.cc b/tests/fuzz/crypt2_load_fuzz.cc index 1251d72..2195b40 100644 --- a/tests/fuzz/crypt2_load_fuzz.cc +++ b/tests/fuzz/crypt2_load_fuzz.cc @@ -1,8 +1,8 @@ /* * cryptsetup LUKS2 fuzz target * - * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -22,91 +22,88 @@ extern "C" { #define FILESIZE (16777216) #include "src/cryptsetup.h" -#include <err.h> #include "luks2/luks2.h" #include "crypto_backend/crypto_backend.h" #include "FuzzerInterface.h" -static int calculate_checksum(const uint8_t* data, size_t size) { - struct crypt_hash *hd = NULL; - struct luks2_hdr_disk *hdr = NULL; - int hash_size; - uint64_t hdr_size1, hdr_size2; - int r = 0; - - /* primary header */ - if (sizeof(struct luks2_hdr_disk) > size) - return 0; - hdr = CONST_CAST(struct luks2_hdr_disk *) data; - - hdr_size1 = be64_to_cpu(hdr->hdr_size); - if (hdr_size1 > size) - return 0; - memset(&hdr->csum, 0, LUKS2_CHECKSUM_L); - if ((r = crypt_hash_init(&hd, "sha256"))) - goto out; - if ((r = crypt_hash_write(hd, CONST_CAST(char*) data, hdr_size1))) - goto out; - hash_size = crypt_hash_size("sha256"); - if (hash_size <= 0) { - r = 1; - goto out; - } - if ((r = crypt_hash_final(hd, (char*)&hdr->csum, (size_t)hash_size))) - goto out; - crypt_hash_destroy(hd); +#define CHKSUM_ALG "sha256" +#define CHKSUM_SIZE 32 - /* secondary header */ - if (hdr_size1 < sizeof(struct luks2_hdr_disk)) - hdr_size1 = sizeof(struct luks2_hdr_disk); +static bool fix_checksum_hdr(struct luks2_hdr_disk *hdr, const char *data, size_t len) +{ + char *csum = (char *)&hdr->csum; + struct crypt_hash *hd = NULL; + bool r = false; - if (hdr_size1 + sizeof(struct luks2_hdr_disk) > size) - return 0; - hdr = CONST_CAST(struct luks2_hdr_disk *) (data + hdr_size1); + if (crypt_hash_init(&hd, CHKSUM_ALG)) + return false; - hdr_size2 = be64_to_cpu(hdr->hdr_size); - if (hdr_size2 > size || (hdr_size1 + hdr_size2) > size) - return 0; + memset(csum, 0, LUKS2_CHECKSUM_L); - memset(&hdr->csum, 0, LUKS2_CHECKSUM_L); - if ((r = crypt_hash_init(&hd, "sha256"))) - goto out; - if ((r = crypt_hash_write(hd, (char*) hdr, hdr_size2))) - goto out; - if ((r = crypt_hash_final(hd, (char*)&hdr->csum, (size_t)hash_size))) - goto out; + if (!crypt_hash_write(hd, data, len) && + !crypt_hash_final(hd, csum, CHKSUM_SIZE)) + r = true; -out: - if (hd) - crypt_hash_destroy(hd); + crypt_hash_destroy(hd); return r; } -int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - int fd; +static bool calculate_checksum(const char *data, size_t size, struct luks2_hdr_disk *hdr_rw) +{ + uint64_t hdr_size; + + /* Primary header cannot fit in data */ + if (sizeof(*hdr_rw) > size) + return false; + + hdr_size = be64_to_cpu(((struct luks2_hdr_disk *)data)->hdr_size); + if (hdr_size > size || hdr_size <= sizeof(*hdr_rw)) + return false; + + /* Calculate checksum for primary header */ + memcpy(hdr_rw, data, sizeof(*hdr_rw)); + return fix_checksum_hdr(hdr_rw, data, (size_t)hdr_size); +} + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + int fd, r = EXIT_FAILURE; struct crypt_device *cd = NULL; char name[] = "/tmp/test-script-fuzz.XXXXXX"; + struct luks2_hdr_disk hdr_rw; + size_t modified_data_size; - if (calculate_checksum(data, size)) - return 0; + /* if csum calculation fails, keep fuzzer running on original input */ + if (size >= sizeof(hdr_rw) && calculate_checksum((const char *)data, size, &hdr_rw)) + modified_data_size = sizeof(hdr_rw); + else + modified_data_size = 0; + /* create file with LUKS header for libcryptsetup */ fd = mkostemp(name, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC); if (fd == -1) - err(EXIT_FAILURE, "mkostemp() failed"); + return r; /* enlarge header */ if (ftruncate(fd, FILESIZE) == -1) goto out; - if (write_buffer(fd, data, size) != (ssize_t)size) + if (modified_data_size && + write_buffer(fd, &hdr_rw, modified_data_size) != (ssize_t)modified_data_size) + goto out; + + if (write_buffer(fd, data + modified_data_size, size - modified_data_size) != (ssize_t)size) goto out; + /* Actual fuzzing */ if (crypt_init(&cd, name) == 0) (void)crypt_load(cd, CRYPT_LUKS2, NULL); crypt_free(cd); + r = 0; out: close(fd); unlink(name); - return 0; + + return r; } } diff --git a/tests/fuzz/crypt2_load_proto_fuzz.cc b/tests/fuzz/crypt2_load_proto_fuzz.cc index 498c006..aaabfe8 100644 --- a/tests/fuzz/crypt2_load_proto_fuzz.cc +++ b/tests/fuzz/crypt2_load_proto_fuzz.cc @@ -1,8 +1,8 @@ /* * cryptsetup LUKS2 custom mutator fuzz target * - * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/fuzz/crypt2_load_proto_plain_json_fuzz.cc b/tests/fuzz/crypt2_load_proto_plain_json_fuzz.cc index f3565ab..227c49a 100644 --- a/tests/fuzz/crypt2_load_proto_plain_json_fuzz.cc +++ b/tests/fuzz/crypt2_load_proto_plain_json_fuzz.cc @@ -1,8 +1,8 @@ /* * cryptsetup LUKS2 custom mutator fuzz target * - * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/fuzz/meson.build b/tests/fuzz/meson.build new file mode 100644 index 0000000..95ea382 --- /dev/null +++ b/tests/fuzz/meson.build @@ -0,0 +1,127 @@ +if get_option('fuzz-targets') + crypt2_load_fuzz = executable('crypt2_load_fuzz', + [ + 'crypt2_load_fuzz.cc', + ], + dependencies: [ + devmapper, + fuzzing_engine, + ], + link_with: [ + libcryptsetup, + libcrypto_backend, + libutils_io, + ], + link_args: [ + link_args, + ], + include_directories: includes_tools) + + crypt2_load_ondisk_fuzz = executable('crypt2_load_ondisk_fuzz', + [ + 'crypt2_load_ondisk_fuzz.cc', + ], + dependencies: [ + devmapper, + fuzzing_engine, + ], + link_with: [ + libcryptsetup, + libcrypto_backend, + libutils_io, + ], + link_args: [ + link_args, + ], + include_directories: includes_tools) + + luks2_generated = protoc_generator.process('LUKS2.proto') + crypt2_load_proto_fuzz = executable('crypt2_load_proto_fuzz', + [ + 'crypt2_load_proto_fuzz.cc', + 'proto_to_luks2_converter.cc', + luks2_generated, + ], + dependencies: [ + devmapper, + protobuf, + libprotobuf_mutator, + fuzzing_engine, + ], + link_with: [ + libcryptsetup, + libcrypto_backend, + libutils_io, + ], + link_args: [ + link_args, + ], + include_directories: includes_tools) + + luks2_plain_json_generated = protoc_generator.process('LUKS2_plain_JSON.proto') + crypt2_load_proto_plain_fuzz = executable('crypt2_load_proto_plain_fuzz', + [ + 'crypt2_load_proto_plain_json_fuzz.cc', + 'json_proto_converter.cc', + 'plain_json_proto_to_luks2_converter.cc', + luks2_plain_json_generated, + ], + dependencies: [ + devmapper, + protobuf, + libprotobuf_mutator, + fuzzing_engine, + ], + link_with: [ + libcryptsetup, + libcrypto_backend, + libutils_io, + ], + link_args: [ + link_args, + ], + include_directories: includes_tools) + + proto_to_luks2 = executable('proto_to_luks2', + [ + 'proto_to_luks2.cc', + 'proto_to_luks2_converter.cc', + luks2_generated, + ], + dependencies: [ + devmapper, + protobuf, + libprotobuf_mutator, + ], + link_with: [ + libcryptsetup, + libcrypto_backend, + libutils_io, + ], + link_args: [ + link_args, + ], + include_directories: includes_tools) + + plain_json_proto_to_luks2 = executable('plain_json_proto_to_luks2', + [ + 'plain_json_proto_to_luks2.cc', + 'plain_json_proto_to_luks2_converter.cc', + 'json_proto_converter.cc', + luks2_plain_json_generated, + ], + dependencies: [ + devmapper, + protobuf, + libprotobuf_mutator, + ], + link_with: [ + libcryptsetup, + libcrypto_backend, + libutils_io, + ], + link_args: [ + link_args, + ], + include_directories: includes_tools) +endif diff --git a/tests/fuzz/oss-fuzz-build.sh b/tests/fuzz/oss-fuzz-build.sh index b2f643f..cf0cfde 100755 --- a/tests/fuzz/oss-fuzz-build.sh +++ b/tests/fuzz/oss-fuzz-build.sh @@ -42,14 +42,16 @@ in_oss_fuzz && LIBFUZZER_PATCH="$PWD/cryptsetup/tests/fuzz/unpoison-mutated-buff in_oss_fuzz && apt-get update && apt-get install -y \ make autoconf automake autopoint libtool pkg-config \ sharutils gettext expect keyutils ninja-build \ - bison + bison flex [ ! -d zlib ] && git clone --depth 1 https://github.com/madler/zlib.git [ ! -d xz ] && git clone https://git.tukaani.org/xz.git [ ! -d json-c ] && git clone --depth 1 https://github.com/json-c/json-c.git -[ ! -d lvm2 ] && git clone --depth 1 https://sourceware.org/git/lvm2.git +[ ! -d lvm2 ] && git clone --depth 1 https://gitlab.com/lvmteam/lvm2 [ ! -d popt ] && git clone --depth 1 https://github.com/rpm-software-management/popt.git -[ ! -d libprotobuf-mutator ] && git clone --depth 1 https://github.com/google/libprotobuf-mutator.git \ +# FIXME: temporary fix until libprotobuf stops shuffling C++ requirements +# [ ! -d libprotobuf-mutator ] && git clone --depth 1 https://github.com/google/libprotobuf-mutator.git \ +[ ! -d libprotobuf-mutator ] && git clone --depth 1 --branch v1.1 https://github.com/google/libprotobuf-mutator.git \ && [ "$SANITIZER" == "memory" ] && ( cd libprotobuf-mutator; patch -p1 < $LIBFUZZER_PATCH ) [ ! -d openssl ] && git clone --depth 1 https://github.com/openssl/openssl [ ! -d util-linux ] && git clone --depth 1 https://github.com/util-linux/util-linux @@ -76,8 +78,8 @@ make install cd .. cd xz -./autogen.sh --no-po4a -./configure --prefix="$DEPS_PATH" --enable-static --disable-shared +./autogen.sh --no-po4a --no-doxygen +./configure --prefix="$DEPS_PATH" --enable-static --disable-shared --disable-ifunc --disable-sandbox make -j make install cd .. @@ -94,16 +96,14 @@ cd ../.. cd lvm2 ./configure --prefix="$DEPS_PATH" --enable-static_link --disable-udev_sync --enable-pkgconfig --disable-selinux make -j libdm.device-mapper -# build of dmsetup.static is broken -# make install_device-mapper -cp ./libdm/ioctl/libdevmapper.a "$DEPS_PATH"/lib/ -cp ./libdm/libdevmapper.h "$DEPS_PATH"/include/ -cp ./libdm/libdevmapper.pc "$PKG_CONFIG_PATH" +make -C libdm install_static install_pkgconfig install_include cd .. cd popt # --no-undefined is incompatible with sanitizers sed -i -e 's/-Wl,--no-undefined //' src/CMakeLists.txt +# force static build of popt +sed -i 's/add_library(popt SHARED/add_library(popt STATIC/' src/CMakeLists.txt mkdir -p build rm -fr build/* cd build diff --git a/tests/fuzz/plain_json_proto_to_luks2.cc b/tests/fuzz/plain_json_proto_to_luks2.cc index 8c56c15..a0f02c5 100644 --- a/tests/fuzz/plain_json_proto_to_luks2.cc +++ b/tests/fuzz/plain_json_proto_to_luks2.cc @@ -1,8 +1,8 @@ /* * cryptsetup LUKS2 protobuf to image converter * - * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/fuzz/plain_json_proto_to_luks2_converter.cc b/tests/fuzz/plain_json_proto_to_luks2_converter.cc index 823c0c5..6f756a9 100644 --- a/tests/fuzz/plain_json_proto_to_luks2_converter.cc +++ b/tests/fuzz/plain_json_proto_to_luks2_converter.cc @@ -1,8 +1,8 @@ /* * cryptsetup LUKS2 custom mutator fuzz target * - * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -32,6 +32,8 @@ namespace json_proto { void LUKS2ProtoConverter::emit_luks2_binary_header(const LUKS2_header &header_proto, int fd, uint64_t offset, uint64_t seqid, const std::string &json_text) { struct luks2_hdr_disk hdr = {}; + size_t hdr_json_area_len, write_size; + uint8_t csum[LUKS2_CHECKSUM_L]; int r; if (hd) @@ -63,7 +65,6 @@ void LUKS2ProtoConverter::emit_luks2_binary_header(const LUKS2_header &header_pr strncpy(hdr.uuid, "af7f64ea-3233-4581-946b-6187d812841e", LUKS2_UUID_L); memset(hdr.salt, 1, LUKS2_SALT_L); - if (header_proto.has_selected_offset()) hdr.hdr_offset = cpu_to_be64(header_proto.selected_offset()); else @@ -74,10 +75,13 @@ void LUKS2ProtoConverter::emit_luks2_binary_header(const LUKS2_header &header_pr if (crypt_hash_write(hd, (char*)&hdr, LUKS2_HDR_BIN_LEN)) err(EXIT_FAILURE, "crypt_hash_write failed"); - size_t hdr_json_area_len = header_proto.hdr_size() - LUKS2_HDR_BIN_LEN; - uint8_t csum[LUKS2_CHECKSUM_L]; + if (header_proto.hdr_size() <= LUKS2_HDR_BIN_LEN || + header_proto.hdr_size() > LUKS2_DEFAULT_HDR_SIZE) + hdr_json_area_len = LUKS2_DEFAULT_HDR_SIZE - LUKS2_HDR_BIN_LEN; + else + hdr_json_area_len = header_proto.hdr_size() - LUKS2_HDR_BIN_LEN; - size_t write_size = json_text.length() > hdr_json_area_len - 1 ? hdr_json_area_len - 1 : json_text.length(); + write_size = json_text.length() > hdr_json_area_len - 1 ? hdr_json_area_len - 1 : json_text.length(); if (write_buffer(fd, json_text.c_str(), write_size) != (ssize_t)write_size) err(EXIT_FAILURE, "write_buffer failed"); if (crypt_hash_write(hd, json_text.c_str(), write_size)) @@ -113,6 +117,9 @@ void LUKS2ProtoConverter::convert(const LUKS2_both_headers &headers, int fd) { size_t out_size = headers.primary_header().hdr_size() + headers.secondary_header().hdr_size(); + if (out_size < 4096 || out_size > 2 * LUKS2_DEFAULT_HDR_SIZE) + out_size = LUKS2_DEFAULT_HDR_SIZE; + if (!write_headers_only) out_size += KEYSLOTS_SIZE + DATA_SIZE; diff --git a/tests/fuzz/plain_json_proto_to_luks2_converter.h b/tests/fuzz/plain_json_proto_to_luks2_converter.h index 7decf9f..aa1b594 100644 --- a/tests/fuzz/plain_json_proto_to_luks2_converter.h +++ b/tests/fuzz/plain_json_proto_to_luks2_converter.h @@ -1,8 +1,8 @@ /* * cryptsetup LUKS2 custom mutator fuzz target * - * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/fuzz/proto_to_luks2.cc b/tests/fuzz/proto_to_luks2.cc index 4a27cad..720d25b 100644 --- a/tests/fuzz/proto_to_luks2.cc +++ b/tests/fuzz/proto_to_luks2.cc @@ -1,8 +1,8 @@ /* * cryptsetup LUKS2 protobuf to image converter * - * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/fuzz/proto_to_luks2_converter.cc b/tests/fuzz/proto_to_luks2_converter.cc index 96a70b7..10f2b83 100644 --- a/tests/fuzz/proto_to_luks2_converter.cc +++ b/tests/fuzz/proto_to_luks2_converter.cc @@ -1,8 +1,8 @@ /* * cryptsetup LUKS2 custom mutator fuzz target * - * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/fuzz/proto_to_luks2_converter.h b/tests/fuzz/proto_to_luks2_converter.h index 9f926d0..5547ca7 100644 --- a/tests/fuzz/proto_to_luks2_converter.h +++ b/tests/fuzz/proto_to_luks2_converter.h @@ -1,8 +1,8 @@ /* * cryptsetup LUKS2 custom mutator fuzz target * - * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com> - * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2022-2024 Daniel Zatovic <daniel.zatovic@gmail.com> + * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/fvault2-compat-test b/tests/fvault2-compat-test index 45022d2..047798a 100755 --- a/tests/fvault2-compat-test +++ b/tests/fvault2-compat-test @@ -5,8 +5,12 @@ CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup MAP=fvault2test TST_DIR=fvault2-images -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi [ -z "$srcdir" ] && srcdir="." @@ -83,7 +87,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() diff --git a/tests/integrity-compat-test b/tests/integrity-compat-test index 208eafb..a2aae8d 100755 --- a/tests/integrity-compat-test +++ b/tests/integrity-compat-test @@ -5,8 +5,12 @@ [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." INTSETUP=$CRYPTSETUP_PATH/integritysetup -INTSETUP_VALGRIND=../.libs/integritysetup -INTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + INTSETUP_VALGRIND=$INTSETUP +else + INTSETUP_VALGRIND=../.libs/integritysetup + INTSETUP_LIB_VALGRIND=../.libs +fi DEV_NAME=dmc_test DEV_NAME2=dmc_fake @@ -115,7 +119,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $INTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$INTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$INTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() diff --git a/tests/keyring-compat-test b/tests/keyring-compat-test index ea88c21..dc4787d 100755 --- a/tests/keyring-compat-test +++ b/tests/keyring-compat-test @@ -26,8 +26,12 @@ PWD="aaablabl" [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) @@ -54,7 +58,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -123,7 +130,7 @@ add_device() { exit 77 fi - sleep 2 + sleep 1 DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) DEV="/dev/$DEV" diff --git a/tests/loopaes-test b/tests/loopaes-test index fdb4cd3..62fe772 100755 --- a/tests/loopaes-test +++ b/tests/loopaes-test @@ -3,8 +3,12 @@ [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi # try to validate using loop-AES losetup/kernel if available LOSETUP_AES=/losetup-aes.old @@ -49,7 +53,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() diff --git a/tests/luks1-compat-test b/tests/luks1-compat-test index 18afcd5..c0de983 100755 --- a/tests/luks1-compat-test +++ b/tests/luks1-compat-test @@ -6,8 +6,12 @@ TST_DIR=luks1-images MAP=luks1tst KEYFILE=keyfile1 -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi [ -z "$srcdir" ] && srcdir="." @@ -38,7 +42,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() diff --git a/tests/luks2-integrity-test b/tests/luks2-integrity-test index a8082f8..ff41ebf 100755 --- a/tests/luks2-integrity-test +++ b/tests/luks2-integrity-test @@ -11,8 +11,12 @@ PWD1=nHjJHjI23JK KEY_FILE=key.img FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi dmremove() { # device udevadm settle >/dev/null 2>&1 @@ -45,7 +49,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -60,6 +67,11 @@ add_device() { sync } +set_LO_DEV() { # file + # support both /dev/loopX and /dev/loop/X + LO_DEV=$(losetup -l -O NAME -n -j $1 2>/dev/null | sed -e 's/loop\//loop/') +} + status_check() # name value [detached] { if [ -n "$3" ]; then @@ -122,10 +134,12 @@ intformat() # alg integrity integrity_out key_size int_key_size sector_size csum dump_check "Key:" $(($4 + $5)) echo -n "[ACTIVATE]" $CRYPTSETUP open -d $KEY_FILE $DEV $DEV_NAME || fail "Cannot activate device." + set_LO_DEV $DEV status_check "cipher" $1 status_check "sector size" $6 status_check "integrity:" $3 status_check "keysize:" $(($4 + $5)) + [ -n "$LO_DEV" ] && status_check "device:" $LO_DEV [ $5 -gt 0 ] && status_check "integrity keysize:" $5 int_check_sum $1 $7 echo -n "[REMOVE]" @@ -137,12 +151,21 @@ intformat() # alg integrity integrity_out key_size int_key_size sector_size csum $CRYPTSETUP luksHeaderBackup -q --header-backup-file $HEADER_IMG $DEV || fail wipefs -a $DEV >/dev/null 2>&1 || fail $CRYPTSETUP open --header $HEADER_IMG -d $KEY_FILE $DEV $DEV_NAME || fail "Cannot activate device." + set_LO_DEV $DEV status_check "cipher" $1 1 status_check "sector size" $6 1 status_check "integrity:" $3 1 status_check "keysize:" $(($4 + $5)) 1 + [ -n "$LO_DEV" ] && status_check "device:" $LO_DEV 1 [ $5 -gt 0 ] && status_check "integrity keysize:" $5 1 int_check_sum $1 $7 + # check status returns values even if no --header is set + status_check "cipher" $1 + status_check "sector size" $6 + status_check "integrity:" $3 + status_check "keysize:" $(($4 + $5)) + [ -n "$LO_DEV" ] && status_check "device:" $LO_DEV + [ $5 -gt 0 ] && status_check "integrity keysize:" $5 $CRYPTSETUP close $DEV_NAME || fail "Cannot deactivate device." $CRYPTSETUP luksHeaderRestore -q --header-backup-file $HEADER_IMG $DEV || fail rm -f $HEADER_IMG @@ -169,6 +192,7 @@ intformat aes-xts-plain64 hmac-sha256 hmac\(sha256\) 512 256 512 ee501705a intformat aes-xts-random hmac-sha256 hmac\(sha256\) 512 256 512 492c2d1cc9e222a850c399bfef4ed5a86bf5afc59e54f0f0c7ba8e2a64548323 intformat aes-cbc-essiv:sha256 hmac-sha256 hmac\(sha256\) 128 256 4096 358d6beceddf593aff6b22c31684e0df9c226330aff5812e060950215217d21b intformat aes-xts-plain64 hmac-sha256 hmac\(sha256\) 256 256 4096 358d6beceddf593aff6b22c31684e0df9c226330aff5812e060950215217d21b +intformat aes-xts-plain64 hmac-sha256 hmac\(sha256\) 256 256 4096 358d6beceddf593aff6b22c31684e0df9c226330aff5812e060950215217d21b 1 intformat aes-xts-random hmac-sha256 hmac\(sha256\) 256 256 4096 8c0463f5ac09613674bdf40b0ff6f985edbc3de04e51fdc688873cb333ef3cda intformat aes-cbc-essiv:sha256 hmac-sha256 hmac\(sha256\) 256 256 4096 358d6beceddf593aff6b22c31684e0df9c226330aff5812e060950215217d21b intformat aes-xts-plain64 hmac-sha256 hmac\(sha256\) 512 256 4096 358d6beceddf593aff6b22c31684e0df9c226330aff5812e060950215217d21b diff --git a/tests/luks2-reencryption-mangle-test b/tests/luks2-reencryption-mangle-test index 5aa62e4..79b813d 100755 --- a/tests/luks2-reencryption-mangle-test +++ b/tests/luks2-reencryption-mangle-test @@ -5,8 +5,12 @@ PS4='$LINENO:' CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup CRYPTSETUP_RAW=$CRYPTSETUP -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi IMG=reenc-mangle-data IMG_HDR=$IMG.hdr IMG_HDR_BCP=$IMG_HDR.bcp @@ -210,7 +214,10 @@ function valgrind_setup() { bin_check valgrind [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi CRYPTSETUP=valgrind_run CRYPTSETUP_RAW="./valg.sh ${CRYPTSETUP_VALGRIND}" } diff --git a/tests/luks2-reencryption-test b/tests/luks2-reencryption-test index a647a8c..57acae0 100755 --- a/tests/luks2-reencryption-test +++ b/tests/luks2-reencryption-test @@ -4,8 +4,12 @@ [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi FAST_PBKDF2="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" FAST_PBKDF_ARGON="--pbkdf-force-iterations 4 --pbkdf-memory 32 --pbkdf-parallel 1" @@ -26,6 +30,13 @@ PWD1="93R4P4pIqAH8" PWD2="1cND4319812f" PWD3="1-9Qu5Ejfnqv" DEV_LINK="reenc-test-link" +KEYRING="luks2_reencryption_test_kr" +KEY_TYPE="user" +KEY_NAME1="luks2-reencryption-test1" +KEY_NAME2="luks2-reencryption-test2" +KEY_SPEC1="${KEYRING}::%${KEY_TYPE}:${KEY_NAME1}" +KEY_SPEC2="${KEYRING}::%${KEY_TYPE}:${KEY_NAME2}" +HAVE_KEYRING=0 FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) @@ -105,6 +116,13 @@ function remove_mapping() scsi_debug_teardown $DEV } +function cleanup_keyring() +{ + if [ $HAVE_KEYRING -eq 1 ]; then + keyctl unlink %:$KEYRING "@s" >/dev/null 2>&1 || echo "Failed to unlink test keyring." + fi +} + function fail() { local frame=0 @@ -112,6 +130,7 @@ function fail() echo "FAILED backtrace:" while caller $frame; do ((frame++)); done remove_mapping + cleanup_keyring exit 2 } @@ -119,6 +138,7 @@ function skip() { [ -n "$1" ] && echo "$1" remove_mapping + cleanup_keyring exit 77 } @@ -362,6 +382,38 @@ function reencrypt_recover_online() { # $1 sector size, $2 resilience, $3 digest echo "[OK]" } +function reencrypt_recover_online_vk() { # $1 sector size, $2 resilience, $3 digest, [$4 header] + echo -n "resilience mode: $2 ..." + local _hdr="" + test -z "$4" || _hdr="--header $4" + + echo $PWD1 | $CRYPTSETUP open $DEV $_hdr $DEV_NAME || fail + echo $PWD1 | $CRYPTSETUP reencrypt --active-name $DEV_NAME $_hdr --hotzone-size 1M --resilience $2 --sector-size $1 -q $FAST_PBKDF_ARGON --init-only >/dev/null 2>&1 || fail + $CRYPTSETUP close $DEV_NAME || fail + + echo $PWD1 | $CRYPTSETUP open --link-vk-to-keyring $KEY_SPEC1 --link-vk-to-keyring $KEY_SPEC2 $DEV $_hdr $DEV_NAME || fail + + error_writes $OVRDEV $OLD_DEV $ERROFFSET $ERRLENGTH + echo $PWD1 | $CRYPTSETUP reencrypt --active-name $DEV_NAME $_hdr --hotzone-size 1M --resilience $2 --sector-size $1 -q $FAST_PBKDF_ARGON >/dev/null 2>&1 && fail + $CRYPTSETUP status $DEV_NAME $_hdr | grep -q "reencryption: in-progress" || fail + $CRYPTSETUP close $DEV_NAME || fail + fix_writes $OVRDEV $OLD_DEV + + # recovery during activation + $CRYPTSETUP open --volume-key-keyring $KEY_NAME1 --volume-key-keyring $KEY_NAME2 $DEV $_hdr $DEV_NAME || fail + check_hash_dev /dev/mapper/$DEV_NAME $3 + + $CRYPTSETUP luksDump ${4:-$DEV} | grep -q "online-reencrypt" + if [ $? -eq 0 ]; then + $CRYPTSETUP status $DEV_NAME $_hdr | grep -q "reencryption: in-progress" || fail + echo $PWD1 | $CRYPTSETUP reencrypt --active-name $DEV_NAME $_hdr --resilience $2 --resume-only -q || fail + check_hash_dev /dev/mapper/$DEV_NAME $3 + fi + + $CRYPTSETUP close $DEV_NAME || fail + echo "[OK]" +} + function encrypt_recover() { # $1 sector size, $2 reduce size, $3 digest, $4 device size in sectors, $5 origin digest wipe_dev $DEV check_hash_dev $DEV $5 @@ -787,14 +839,27 @@ function reencrypt_online_fixed_size() { [ -n "$7" -a -f "$7" ] && rm -f $7 } +function prepare_vk_keyring() +{ + local s_desc=$(keyctl rdescribe @s | cut -d';' -f5) + local us_desc=$(keyctl rdescribe @us | cut -d';' -f5) + + if [ "$s_desc" = "$us_desc" -a -n "$s_desc" ]; then + echo "Session keyring is missing. Giving new one to parent process..." + keyctl new_session > /dev/null || fail + fi + + keyctl newring $KEYRING "@s" >/dev/null || fail "Failed to setup test keyring environment" + keyctl search "@s" keyring $KEYRING >/dev/null 2>&1 || fail "Could not find test keyring in a session keyring." +} + function setup_luks2_env() { echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c aes-xts-plain64 $FAST_PBKDF_ARGON $DEV || fail echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail - HAVE_KEYRING=$($CRYPTSETUP status $DEV_NAME | grep "key location: keyring") - if [ -n "$HAVE_KEYRING" ]; then + local check_keyring=$($CRYPTSETUP status $DEV_NAME | grep "key location: keyring") + if [ -n "$check_keyring" ]; then HAVE_KEYRING=1 - else - HAVE_KEYRING=0 + prepare_vk_keyring fi DEF_XTS_KEY=$($CRYPTSETUP status $DEV_NAME | grep "keysize:" | sed 's/\( keysize: \)\([0-9]\+\)\(.*\)/\2/') [ -n "$DEF_XTS_KEY" ] || fail "Failed to parse xts mode key size." @@ -819,7 +884,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -1254,6 +1322,42 @@ if [ -n "$DM_SECTOR_SIZE" ]; then reencrypt_recover_online 4096 journal $HASH1 fi +if [ $HAVE_KEYRING -eq 1 ]; then + echo "sector size 512->512 (recovery by VK)" + + get_error_offsets 32 $OFFSET + echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail + wipe $PWD1 + + echo "ERR writes to sectors (recovery by VK) [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]" + reencrypt_recover_online_vk 512 checksum $HASH1 + reencrypt_recover_online_vk 512 journal $HASH1 + + if [ -n "$DM_SECTOR_SIZE" ]; then + echo "sector size 512->4096" + + get_error_offsets 32 $OFFSET 4096 + echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail + wipe $PWD1 + + echo "ERR writes to sectors (recovery by VK) [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]" + reencrypt_recover_online_vk 4096 checksum $HASH1 + echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail + wipe $PWD1 + reencrypt_recover_online_vk 4096 journal $HASH1 + + echo "sector size 4096->4096" + + get_error_offsets 32 $OFFSET 4096 + echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 --sector-size 4096 -c aes-cbc-essiv:sha256 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail + wipe $PWD1 + + echo "ERR writes to sectors (recovery by VK) [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]" + reencrypt_recover_online_vk 4096 checksum $HASH1 + reencrypt_recover_online_vk 4096 journal $HASH1 + fi +fi + echo "[8] Reencryption with detached header recovery" prepare_linear_dev 31 opt_blks=64 $OPT_XFERLEN_EXP @@ -2204,4 +2308,5 @@ echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --header $IMG_HDR $DEV -q || fail check_hash_dev_head $DEV 2048 $HASH2 remove_mapping +cleanup_keyring exit 0 diff --git a/tests/luks2-validation-test b/tests/luks2-validation-test index cd9f0a6..545c38e 100755 --- a/tests/luks2-validation-test +++ b/tests/luks2-validation-test @@ -6,8 +6,12 @@ PS4='$LINENO:' [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi START_DIR=$(pwd) @@ -106,7 +110,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() diff --git a/tests/luks2_invalid_cipher.img.xz b/tests/luks2_invalid_cipher.img.xz Binary files differnew file mode 100644 index 0000000..52ce436 --- /dev/null +++ b/tests/luks2_invalid_cipher.img.xz diff --git a/tests/meson.build b/tests/meson.build new file mode 100644 index 0000000..43fff9a --- /dev/null +++ b/tests/meson.build @@ -0,0 +1,482 @@ +fs = import('fs') + +# copy images and generators to build directory from where tests run +test_files_to_copy = [ + 'bitlk-images.tar.xz', + 'blkid-luks2-pv.img.xz', + 'compatimage.img.xz', + 'compatimage2.img.xz', + 'compatv10image.img.xz', + 'conversion_imgs.tar.xz', + 'evil_hdr-keyslot_overlap.xz', + 'evil_hdr-luks_hdr_damage.xz', + 'evil_hdr-payload_overwrite.xz', + 'evil_hdr-small_luks_device.xz', + 'evil_hdr-stripes_payload_dmg.xz', + 'fvault2-images.tar.xz', + 'generators/generate-luks2-area-in-json-hdr-space-json0.img.sh', + 'img_fs_ext4.img.xz', + 'luks1-images.tar.xz', + 'luks2_header_requirements.tar.xz', + 'luks2_keyslot_unassigned.img.xz', + 'luks2_mda_images.tar.xz', + 'luks2_valid_hdr.img.xz', + 'luks2_invalid_cipher.img.xz', + 'tcrypt-images.tar.xz', + 'valid_header_file.xz', + 'xfs_512_block_size.img.xz', + 'valg.sh', + 'cryptsetup-valg-supps', +] + +foreach file : test_files_to_copy + fs.copyfile(file) +endforeach + +api_test = executable('api-test', + [ + 'api-test.c', + 'test_utils.c', + ], + dependencies: devmapper, + link_with: libcryptsetup, + c_args: ['-DNO_CRYPTSETUP_PATH'], + include_directories: includes_lib) + +api_test_2 = executable('api-test-2', + [ + 'api-test-2.c', + 'test_utils.c', + ], + dependencies: devmapper, + link_with: libcryptsetup, + c_args: [ + '-DNO_CRYPTSETUP_PATH', + ], + include_directories: includes_lib) + +vectors_test = executable('vectors-test', + [ + 'crypto-vectors.c', + ], + link_with: libcrypto_backend, + c_args: [ + '-DNO_CRYPTSETUP_PATH', + ], + include_directories: includes_lib) + +differ = executable('differ', + [ + 'differ.c', + ], + c_args: [ + '-Wall', + '-O2', + ]) + +unit_utils_io = executable('unit-utils-io', + [ + 'unit-utils-io.c', + ], + link_with: libutils_io, + c_args: [ + '-DNO_CRYPTSETUP_PATH', + ], + include_directories: includes_lib) + +unit_utils_crypt_test = files('unit-utils-crypt.c',) + lib_utils_crypt_files +unit_utils_crypt_test = executable('unit-utils-crypt-test-test', + unit_utils_crypt_test, + link_with: libcryptsetup, + c_args: [ + '-DNO_CRYPTSETUP_PATH', + ], + include_directories: includes_lib) + +unit_wipe = executable('unit-wipe', + [ + 'unit-wipe.c', + ], + link_with: libcryptsetup, + c_args: [ + '-DNO_CRYPTSETUP_PATH', + ], + include_directories: includes_lib) + +generate_symbols_list = find_program('generate-symbols-list') +test_symbols_list_h = custom_target('test-symbols-list.h', + output: 'test-symbols-list.h', + input: [ + libcryptsetup_sym_path, + ], + # the scripts writes the output to stdout, capture and write to output file + capture: true, + command: [ + generate_symbols_list, + '@INPUT@', + ]) +all_symbols_test = executable('all-symbols-test', + [ + 'all-symbols-test.c', + test_symbols_list_h, + ], + dependencies: dl, + link_with: libcryptsetup, + c_args: [ + '-DNO_CRYPTSETUP_PATH', + ], + include_directories: includes_lib) + +fake_systemd_tpm_path = shared_library('fake_systemd_tpm_path', + [ + 'fake_systemd_tpm_path.c', + ], + name_prefix: '', + build_by_default: not enable_static) + +tests_env = environment() +tests_env.set('CRYPTSETUP_PATH', src_build_dir) +tests_env.set('LIBCRYPTSETUP_DIR', lib_build_dir) +tests_env.set('srcdir', meson.current_source_dir()) +tests_env.set('SSH_BUILD_DIR', tokens_ssh_build_dir) +tests_env.set('CRYPTSETUP_TESTS_RUN_IN_MESON', '1') + +valgrind_tests_env = tests_env +valgrind_tests_env.set('VALG', '1') + +add_test_setup('default', + is_default: true, + env: tests_env, + exclude_suites: [ 'valgrind-only' ] +) + +add_test_setup('valgrind', + env: valgrind_tests_env, + exclude_suites: [ 'not-in-valgrind' ] +) + +test('00modules-test', + find_program('./00modules-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + suite: 'not-in-valgrind', + priority: 9999) +test('api-test', + api_test, + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + suite: 'not-in-valgrind') +test('valg-api-test', + find_program('./valg-api.sh'), + args: [ './api-test'], + depends: [ api_test ], + workdir: meson.current_build_dir(), + env: 'INFOSTRING=api-test-000', + timeout: 14400, + is_parallel: false, + suite: 'valgrind-only') +test('api-test-2', + api_test_2, + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + suite: 'not-in-valgrind') +test('valg-api-test-2', + find_program('./valg-api.sh'), + args: [ './api-test-2'], + depends: [ api_test_2 ], + workdir: meson.current_build_dir(), + env: 'INFOSTRING=api-test-002', + timeout: 14400, + is_parallel: false, + suite: 'valgrind-only') +test('blockwise-compat-test', + find_program('./blockwise-compat-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + suite: 'not-in-valgrind', + depends: [ + unit_utils_io, + ]) +test('keyring-test', + find_program('./keyring-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + suite: 'not-in-valgrind') +test('vectors-test', + vectors_test, + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + suite: 'not-in-valgrind') +test('valg-vectors-test', + find_program('./valg-api.sh'), + args: [ './vectors-test' ], + depends: [ vectors_test ], + workdir: meson.current_build_dir(), + env: 'INFOSTRING=vectors-test', + timeout: 14400, + is_parallel: false, + suite: 'valgrind-only') +test('unit-wipe-test', + find_program('./unit-wipe-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + suite: 'not-in-valgrind', + depends: [ + unit_wipe, + ]) +test('unit-utils-crypt-test', + unit_utils_crypt_test, + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + suite: 'not-in-valgrind') +test('valg-unit-utils-crypt-test', + find_program('./valg-api.sh'), + args: [ './unit-utils-crypt-test' ], + depends: [ unit_utils_crypt_test ], + workdir: meson.current_build_dir(), + env: 'INFOSTRING=unit-utils-crypt-test', + timeout: 14400, + is_parallel: false, + suite: 'valgrind-only') + +if not enable_static + test('run-all-symbols', + find_program('./run-all-symbols'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + suite: 'not-in-valgrind', + depends: [ + all_symbols_test, + libcryptsetup, + ]) +endif + +if get_option('cryptsetup') + test('compat-args-test', + find_program('./compat-args-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + test_symbols_list_h, + ]) + test('compat-test', + find_program('./compat-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + differ, + ]) + test('compat-test2', + find_program('./compat-test2'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('compat-test-opal', + find_program('./compat-test-opal'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('loopaes-test', + find_program('./loopaes-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('align-test', + find_program('./align-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('align-test2', + find_program('./align-test2'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('discards-test', + find_program('./discards-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('mode-test', + find_program('./mode-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('password-hash-test', + find_program('./password-hash-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('tcrypt-compat-test', + find_program('./tcrypt-compat-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('luks1-compat-test', + find_program('./luks1-compat-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('device-test', + find_program('./device-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('keyring-compat-test', + find_program('./keyring-compat-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('luks2-validation-test', + find_program('./luks2-validation-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('luks2-integrity-test', + find_program('./luks2-integrity-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('bitlk-compat-test', + find_program('./bitlk-compat-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('fvault2-compat-test', + find_program('./fvault2-compat-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('reencryption-compat-test', + find_program('./reencryption-compat-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('luks2-reencryption-test', + find_program('./luks2-reencryption-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) + test('luks2-reencryption-mangle-test', + find_program('./luks2-reencryption-mangle-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup, + ]) +endif + +if get_option('veritysetup') + test('verity-compat-test', + find_program('verity-compat-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + veritysetup, + ]) +endif + +if get_option('integritysetup') + test('integrity-compat-test', + find_program('integrity-compat-test'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + integritysetup, + ]) +endif + +if get_option('ssh-token') and not enable_static + test('ssh-test-plugin', + find_program('ssh-test-plugin'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + depends: [ + cryptsetup_ssh, + libcryptsetup_token_ssh, + ]) +endif + +if get_option('external-tokens') and not enable_static + test('systemd-test-plugin', + find_program('systemd-test-plugin'), + workdir: meson.current_build_dir(), + timeout: 14400, + is_parallel: false, + suite: 'not-in-valgrind', + depends: [ + fake_systemd_tpm_path, + ]) +endif + +subdir('fuzz') diff --git a/tests/mode-test b/tests/mode-test index 82171fb..81780cd 100755 --- a/tests/mode-test +++ b/tests/mode-test @@ -8,6 +8,7 @@ DEV_NAME=dmc_test HEADER_IMG=mode-test.img PASSWORD=3xrododenron PASSWORD1=$PASSWORD +KEY="7c0dc5dfd0c9191381d92e6ebb3b29e7f0dba53b0de132ae23f5726727173540" FAST_PBKDF2="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" # cipher-chainmode-ivopts:ivmode @@ -17,8 +18,12 @@ IVMODES="null benbi plain plain64 essiv:sha256" LOOPDEV=$(losetup -f 2>/dev/null) -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi dmremove() { # device udevadm settle >/dev/null 2>&1 @@ -51,7 +56,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -184,4 +192,13 @@ done dmcrypt xchacha12,aes-adiantum-plain64 dmcrypt xchacha20,aes-adiantum-plain64 +echo -n "CAPI format:" +echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME || fail +$CRYPTSETUP close "$DEV_NAME"_tstdev || fail +echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(ecb(aes-generic))-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME 2>/dev/null && fail +dmsetup create "$DEV_NAME"_tstdev --table "0 8 crypt capi:xts(ecb(aes-generic))-plain64 $KEY 0 /dev/mapper/$DEV_NAME 0" || fail +$CRYPTSETUP status "$DEV_NAME"_tstdev 2>/dev/null | grep "type:" | grep -q "n/a" || fail +$CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null || fail +echo [OK] + cleanup diff --git a/tests/password-hash-test b/tests/password-hash-test index 6e3c78c..e777390 100755 --- a/tests/password-hash-test +++ b/tests/password-hash-test @@ -9,8 +9,12 @@ KEY_FILE=keyfile DEV2=$DEV_NAME"_x" -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi dmremove() { # device udevadm settle >/dev/null 2>&1 @@ -42,7 +46,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() diff --git a/tests/reencryption-compat-test b/tests/reencryption-compat-test index 453831d..68a8c1f 100755 --- a/tests/reencryption-compat-test +++ b/tests/reencryption-compat-test @@ -6,8 +6,12 @@ REENC_BIN=$CRYPTSETUP REENC="$REENC_BIN reencrypt" FAST_PBKDF="--pbkdf-force-iterations 1000 --pbkdf pbkdf2" -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi DEV_NAME=reenc9768 DEV_NAME2=reenc1273 @@ -33,7 +37,7 @@ function fips_mode() function del_scsi_device() { rmmod scsi_debug >/dev/null 2>&1 - sleep 2 + sleep 1 } function remove_mapping() @@ -68,7 +72,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -88,7 +95,7 @@ function add_scsi_device() { exit 77 fi - sleep 2 + sleep 1 SCSI_DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) [ -b $SCSI_DEV ] || fail "Cannot find $SCSI_DEV." } diff --git a/tests/run-all-symbols b/tests/run-all-symbols index 775d5bb..58a1ba6 100755 --- a/tests/run-all-symbols +++ b/tests/run-all-symbols @@ -1,7 +1,7 @@ #!/bin/bash -DIR=../.libs -FILE=$DIR/libcryptsetup.so +[ -z "$LIBCRYPTSETUP_DIR" ] && LIBCRYPTSETUP_DIR=../.libs +FILE=$LIBCRYPTSETUP_DIR/libcryptsetup.so function fail() { @@ -15,7 +15,7 @@ function skip() exit 77 } -test -d $DIR || fail "Directory $DIR is missing." +test -d $LIBCRYPTSETUP_DIR || fail "Directory $LIBCRYPTSETUP_DIR is missing." test -f $FILE || skip "WARNING: Shared $FILE is missing, test skipped." ./all-symbols-test $FILE $@ diff --git a/tests/ssh-test-plugin b/tests/ssh-test-plugin index 5b3966e..2475034 100755 --- a/tests/ssh-test-plugin +++ b/tests/ssh-test-plugin @@ -1,10 +1,10 @@ #!/bin/bash [ -z "$CRYPTSETUP_PATH" ] && { - TOKEN_PATH="./fake_token_path.so" - [ ! -f $TOKEN_PATH ] && { echo "Please compile $TOKEN_PATH."; exit 77; } - export LD_PRELOAD=$TOKEN_PATH CRYPTSETUP_PATH=".." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + SSH_BUILD_DIR="$PWD/../.libs" + fi } CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup CRYPTSETUP_SSH=$CRYPTSETUP_PATH/cryptsetup-ssh @@ -21,12 +21,24 @@ SSH_KEY_PATH="$HOME/sshtest-key" FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_SSH_VALGRIND=../.libs/cryptsetup-ssh -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup + CRYPTSETUP_VALGRIND=$CRYPTSETUP + CRYPTSETUP_SSH=$CRYPTSETUP_PATH/../tokens/ssh/cryptsetup-ssh + CRYPTSETUP_SSH_VALGRIND=$CRYPTSETUP_SSH +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_SSH_VALGRIND=../.libs/cryptsetup-ssh + CRYPTSETUP_LIB_VALGRIND=../.libs +fi [ -z "$srcdir" ] && srcdir="." +[ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ] || { + # test runs on meson build + CRYPTSETUP_SSH="$CRYPTSETUP_PATH/../tokens/ssh/cryptsetup-ssh" +} + function remove_mapping() { [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP @@ -104,7 +116,9 @@ function valgrind_setup() command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." [ ! -f $CRYPTSETUP_SSH_VALGRIND ] && fail "Unable to get location of cryptsetup-ssh executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() @@ -152,6 +166,9 @@ check_dump() [ "$keyslot_dump" = "$keyslot" ] || fail " keyslot check from dump failed." } +if [ -n "$SSH_BUILD_DIR" ]; then + CUSTOM_TOKENS_PATH="--external-tokens-path $SSH_BUILD_DIR" +fi [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." [ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run && CRYPTSETUP_SSH=valgrind_run_ssh [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." @@ -174,17 +191,17 @@ ssh_check create_user ssh_setup -$CRYPTSETUP_SSH add $IMG --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH +$CRYPTSETUP_SSH add $IMG --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH $CUSTOM_TOKENS_PATH [ $? -ne 0 ] && fail "Failed to add SSH token to $IMG" -out=$($CRYPTSETUP luksDump $IMG) +out=$($CRYPTSETUP luksDump $CUSTOM_TOKENS_PATH $IMG) check_dump "$out" 0 echo "[OK]" echo -n "Activating using SSH token: " $CRYPTSETUP luksOpen --token-only --disable-external-tokens -r $IMG $MAP && fail "Tokens should be disabled" -$CRYPTSETUP luksOpen -r $IMG $MAP -q >/dev/null 2>&1 <&- +$CRYPTSETUP luksOpen $CUSTOM_TOKENS_PATH -r $IMG $MAP -q >/dev/null 2>&1 <&- [ $? -ne 0 ] && fail "Failed to open $IMG using SSH token" echo "[OK]" @@ -193,10 +210,10 @@ $CRYPTSETUP token remove --token-id 0 $IMG || fail "Failed to remove token" echo -n "Adding SSH token with --key-slot: " -$CRYPTSETUP_SSH add $IMG --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH --key-slot 1 +$CRYPTSETUP_SSH add $IMG --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH --key-slot 1 $CUSTOM_TOKENS_PATH [ $? -ne 0 ] && fail "Failed to add SSH token to $IMG" -out=$($CRYPTSETUP luksDump $IMG) +out=$($CRYPTSETUP luksDump $CUSTOM_TOKENS_PATH $IMG) check_dump "$out" 1 echo "[OK]" diff --git a/tests/systemd-test-plugin b/tests/systemd-test-plugin index 5f37324..7515f76 100755 --- a/tests/systemd-test-plugin +++ b/tests/systemd-test-plugin @@ -61,14 +61,51 @@ CRYPTENROLL_LD_PRELOAD="" # if CRYPTSETUP_PATH is defined, we run against installed binaries, # otherwise we compile systemd tokens from source +[ ! -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ] && { + bin_check git + bin_check meson + bin_check ninja + bin_check pkgconf + + INSTALL_PATH=$CRYPTSETUP_PATH/../external-tokens/install + mkdir -p $INSTALL_PATH + DESTDIR=$INSTALL_PATH meson install -C .. + PC_FILE="$(find $INSTALL_PATH -name 'libcryptsetup.pc')" + echo "INSTALL_PATH $INSTALL_PATH" + echo "PC_FILE $PC_FILE" + sed -i "s/^prefix=/prefix=${INSTALL_PATH//\//\\\/}/g" "$PC_FILE" + export PKG_CONFIG_PATH=$(dirname $PC_FILE) + + # systemd build system misses libcryptsetup.h if it is installed in non-default path + export CFLAGS="${CFLAGS:-} $(pkgconf --cflags libcryptsetup)" + + SYSTEMD_PATH=$CRYPTSETUP_PATH/../external-tokens/systemd + SYSTEMD_CRYPTENROLL=$SYSTEMD_PATH/build/systemd-cryptenroll + + mkdir -p $SYSTEMD_PATH + [ -d $SYSTEMD_PATH/.git ] || git clone --depth=1 https://github.com/systemd/systemd.git $SYSTEMD_PATH + cd $SYSTEMD_PATH + meson setup build/ -D tpm2=true -D libcryptsetup=true -D libcryptsetup-plugins=true || skip "Failed to configure systemd via meson, some dependencies are probably missing." + ninja -C build/ systemd-cryptenroll libcryptsetup-token-systemd-tpm2.so || skip "Failed to build systemd." + + CRYPTSETUP_TOKENS_PATH=$CRYPTSETUP_PATH/../tokens/ssh + + cd $CRYPTSETUP_PATH/../tests + cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so $CRYPTSETUP_TOKENS_PATH + cp $SYSTEMD_PATH/build/src/shared/*.so $CRYPTSETUP_TOKENS_PATH + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$CRYPTSETUP_PATH/../tests" + + CRYPTENROLL_LD_PRELOAD="$CRYPTSETUP_PATH/../lib/libcryptsetup.so" + + echo "CRYPTENROLL_LD_PRELOAD $CRYPTENROLL_LD_PRELOAD" +} + [ -z "$CRYPTSETUP_PATH" ] && { bin_check git bin_check meson bin_check ninja bin_check pkgconf - TOKEN_PATH=fake_token_path.so - [ -f $TOKEN_PATH ] || skip "Please compile $TOKEN_PATH." INSTALL_PATH=$(pwd)/external-tokens/install make -C .. install DESTDIR=$INSTALL_PATH PC_FILE="$(find $INSTALL_PATH -name 'libcryptsetup.pc')" @@ -83,16 +120,17 @@ CRYPTENROLL_LD_PRELOAD="" SYSTEMD_CRYPTENROLL=$SYSTEMD_PATH/build/systemd-cryptenroll mkdir -p $SYSTEMD_PATH - [ "$(ls -A $SYSTEMD_PATH)" ] || git clone --depth=1 https://github.com/systemd/systemd.git $SYSTEMD_PATH + [ -d $SYSTEMD_PATH/.git ] || git clone --depth=1 https://github.com/systemd/systemd.git $SYSTEMD_PATH cd $SYSTEMD_PATH - meson -D tpm2=true -D libcryptsetup=true -D libcryptsetup-plugins=true build/ || skip "Failed to configure systemd via meson, some dependencies are probably missing." + meson setup build/ -D tpm2=true -D libcryptsetup=true -D libcryptsetup-plugins=true || skip "Failed to configure systemd via meson, some dependencies are probably missing." ninja -C build/ systemd-cryptenroll libcryptsetup-token-systemd-tpm2.so || skip "Failed to build systemd." + CRYPTSETUP_TOKENS_PATH=$CRYPTSETUP_PATH/.libs + cd $CRYPTSETUP_PATH/tests - cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so ../.libs/ - cp $SYSTEMD_PATH/build/src/shared/*.so ../.libs/ + cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so $CRYPTSETUP_TOKENS_PATH + cp $SYSTEMD_PATH/build/src/shared/*.so $CRYPTSETUP_TOKENS_PATH - export LD_PRELOAD="${LD_PRELOAD-}:$CRYPTSETUP_PATH/tests/$TOKEN_PATH" CRYPTENROLL_LD_PRELOAD="$CRYPTSETUP_PATH/.libs/libcryptsetup.so" } CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup @@ -115,7 +153,11 @@ CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup echo "Virtual TPM set up at $TPM_PATH" } +if [ -n "$SSH_BUILD_DIR" ]; then + CUSTOM_TOKENS_PATH="--external-tokens-path $SSH_BUILD_DIR" +fi FAKE_TPM_PATH="$(pwd)/fake_systemd_tpm_path.so" +[ ! -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ] && FAKE_TPM_PATH="$CRYPTSETUP_PATH/../tests/fake_systemd_tpm_path.so" [ -f $FAKE_TPM_PATH ] || skip "Please compile $FAKE_TPM_PATH." export LD_PRELOAD="$LD_PRELOAD:$FAKE_TPM_PATH" @@ -128,23 +170,23 @@ echo $PASSWD | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $IMG --force- echo "Enrolling the device to TPM 2 using systemd-cryptenroll.." LD_PRELOAD="$LD_PRELOAD:$CRYPTENROLL_LD_PRELOAD" PASSWORD="$PASSWD" $SYSTEMD_CRYPTENROLL $IMG --tpm2-device=$TPM_PATH >/dev/null 2>&1 -$CRYPTSETUP luksDump $IMG | grep -q "tpm2-blob" || fail "Failed to dump $IMG using systemd_tpm2 token (no tpm2-blob in output)." +$CRYPTSETUP luksDump --external-tokens-path $CRYPTSETUP_TOKENS_PATH $IMG | grep -q "tpm2-blob" || fail "Failed to dump $IMG using systemd_tpm2 token (no tpm2-blob in output)." echo "Activating the device via TPM2 external token.." -$CRYPTSETUP open --token-only $IMG $MAP >/dev/null 2>&1 || fail "Failed to open $IMG using systemd_tpm2 token." +$CRYPTSETUP open --external-tokens-path $CRYPTSETUP_TOKENS_PATH --token-only $IMG $MAP >/dev/null 2>&1 || fail "Failed to open $IMG using systemd_tpm2 token." $CRYPTSETUP close $MAP >/dev/null 2>&1 || fail "Failed to close $MAP." echo "Adding passphrase via TPM2 token.." -echo $PASSWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $IMG --force-password -q --token-only >/dev/null 2>&1 || fail "Failed to add passphrase by tpm2 token." +echo $PASSWD2 | $CRYPTSETUP luksAddKey --external-tokens-path $CRYPTSETUP_TOKENS_PATH $FAST_PBKDF_OPT $IMG --force-password -q --token-only >/dev/null 2>&1 || fail "Failed to add passphrase by tpm2 token." echo $PASSWD2 | $CRYPTSETUP open $IMG --test-passphrase --disable-external-tokens >/dev/null 2>&1 || fail "Failed to test passphrase added by tpm2 token." echo "Exporting and removing TPM2 token.." EXPORTED_TOKEN=$($CRYPTSETUP token export $IMG --token-id 0) $CRYPTSETUP token remove $IMG --token-id 0 -$CRYPTSETUP open $IMG --test-passphrase --token-only >/dev/null 2>&1 && fail "Activating without passphrase should fail after TPM2 token removal." +$CRYPTSETUP open --external-tokens-path $CRYPTSETUP_TOKENS_PATH $IMG --test-passphrase --token-only >/dev/null 2>&1 && fail "Activating without passphrase should fail after TPM2 token removal." echo "Re-importing TPM2 token.." echo $EXPORTED_TOKEN | $CRYPTSETUP token import $IMG --token-id 0 || fail "Failed to re-import deleted token." -$CRYPTSETUP open $IMG --test-passphrase --token-only >/dev/null 2>&1 || fail "Failed to activate after re-importing deleted token." +$CRYPTSETUP open --external-tokens-path $CRYPTSETUP_TOKENS_PATH $IMG --test-passphrase --token-only >/dev/null 2>&1 || fail "Failed to activate after re-importing deleted token." cleanup exit 0 diff --git a/tests/tcrypt-compat-test b/tests/tcrypt-compat-test index c0fc50a..0708b32 100755 --- a/tests/tcrypt-compat-test +++ b/tests/tcrypt-compat-test @@ -11,8 +11,12 @@ PASSWORD_HIDDEN="bbbbbbbbbbbb" PASSWORD_72C="aaaaaaaaaaaabbbbbbbbbbbbccccccccccccddddddddddddeeeeeeeeeeeeffffffffffff" PIM=1234 -CRYPTSETUP_VALGRIND=../.libs/cryptsetup -CRYPTSETUP_LIB_VALGRIND=../.libs +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + CRYPTSETUP_VALGRIND=$CRYPTSETUP +else + CRYPTSETUP_VALGRIND=../.libs/cryptsetup + CRYPTSETUP_LIB_VALGRIND=../.libs +fi [ -z "$srcdir" ] && srcdir="." @@ -54,12 +58,12 @@ function test_one() # cipher mode keysize rm_pattern fi } -function test_kdf() # hash +function test_kdf() # hash img_hash { $CRYPTSETUP benchmark -h "$1" >/dev/null 2>&1 if [ $? -ne 0 ] ; then echo "pbkdf2-$1 [N/A]" - IMGS=$(ls $TST_DIR/[tv]c* | grep "$1") + IMGS=$(ls $TST_DIR/[tv]c* | grep "$2") [ -n "$IMGS" ] && rm $IMGS else echo "pbkdf2-$1 [OK]" @@ -78,11 +82,12 @@ function test_required() command -v blkid >/dev/null || skip "blkid tool required, test skipped." echo "REQUIRED KDF TEST" - test_kdf sha256 - test_kdf sha512 - test_kdf ripemd160 - test_kdf whirlpool - test_kdf stribog512 + test_kdf sha256 sha256 + test_kdf sha512 sha512 + test_kdf blake2s-256 blake2 + test_kdf ripemd160 ripemd160 + test_kdf whirlpool whirlpool + test_kdf stribog512 stribog echo "REQUIRED CIPHERS TEST" test_one aes cbc 256 cbc-aes @@ -114,7 +119,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." - export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() diff --git a/tests/tcrypt-images.tar.xz b/tests/tcrypt-images.tar.xz Binary files differindex 1841870..5ccef08 100644 --- a/tests/tcrypt-images.tar.xz +++ b/tests/tcrypt-images.tar.xz diff --git a/tests/test_utils.c b/tests/test_utils.c index 97c62a0..d06e738 100644 --- a/tests/test_utils.c +++ b/tests/test_utils.c @@ -1,8 +1,8 @@ /* * cryptsetup library API test utilities * - * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2023 Milan Broz + * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -201,25 +201,39 @@ int fips_mode(void) */ int create_dmdevice_over_loop(const char *dm_name, const uint64_t size) { + int r; + + r = create_dmdevice_over_device(dm_name, THE_LOOP_DEV, size, t_dev_offset); + if (r != 0) + return r; + + t_dev_offset += size; + + return r; +} + +/* + * Creates dm-linear target over the desired block device. + */ +int create_dmdevice_over_device(const char *dm_name, const char *device, uint64_t size, uint64_t offset) +{ char cmd[128]; int r; uint64_t r_size; - if (t_device_size(THE_LOOP_DEV, &r_size) < 0 || r_size <= t_dev_offset || !size) + if (!device || t_device_size(device, &r_size) < 0 || r_size <= offset || !size) return -1; - if ((r_size - t_dev_offset) < size) { - printf("No enough space on backing loop device\n."); + if ((r_size - offset) < size) { + printf("No enough space on device %s\n.", device); return -2; } r = snprintf(cmd, sizeof(cmd), "dmsetup create %s --table \"0 %" PRIu64 " linear %s %" PRIu64 "\"", - dm_name, size, THE_LOOP_DEV, t_dev_offset); + dm_name, size, device, offset); if (r < 0 || (size_t)r >= sizeof(cmd)) return -3; - if (!(r = _system(cmd, 1))) - t_dev_offset += size; - return r; + return _system(cmd, 1); } __attribute__((format(printf, 3, 4))) @@ -450,12 +464,12 @@ void global_log_callback(int level, const char *msg, void *usrptr __attribute__( len = strlen(global_log); - if (len + strlen(msg) > sizeof(global_log)) { + if (len + strlen(msg) >= sizeof(global_log)) { printf("Log buffer is too small, fix the test.\n"); return; } - strncat(global_log, msg, sizeof(global_log) - len); + strncat(global_log, msg, sizeof(global_log) - len - 1); global_lines++; if (level == CRYPT_LOG_ERROR) { len = strlen(msg); diff --git a/tests/unit-utils-crypt.c b/tests/unit-utils-crypt.c index 4ab3c96..22b8788 100644 --- a/tests/unit-utils-crypt.c +++ b/tests/unit-utils-crypt.c @@ -1,7 +1,7 @@ /* * cryptsetup crypto name and hex conversion helper test vectors * - * Copyright (C) 2022-2023 Milan Broz + * Copyright (C) 2022-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/unit-utils-io.c b/tests/unit-utils-io.c index 3bfc762..642f778 100644 --- a/tests/unit-utils-io.c +++ b/tests/unit-utils-io.c @@ -1,7 +1,7 @@ /* * simple unit test for utils_io.c (blockwise low level functions) * - * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2024 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/unit-wipe-test b/tests/unit-wipe-test index 4d0a078..a898354 100755 --- a/tests/unit-wipe-test +++ b/tests/unit-wipe-test @@ -41,7 +41,7 @@ function add_device() if [ $? -ne 0 ] ; then skip "This kernel seems to not support proper scsi_debug module." fi - grep -q scsi_debug /sys/block/*/device/model || sleep 2 + sleep 1 DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) DEV="/dev/$DEV" [ -b $DEV ] || fail "Cannot find $DEV." diff --git a/tests/unit-wipe.c b/tests/unit-wipe.c index c3019c7..d381a83 100644 --- a/tests/unit-wipe.c +++ b/tests/unit-wipe.c @@ -1,7 +1,7 @@ /* * unit test helper for crypt_wipe API call * - * Copyright (C) 2022-2023 Milan Broz + * Copyright (C) 2022-2024 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/tests/verity-compat-test b/tests/verity-compat-test index 8a28a12..82c49d3 100755 --- a/tests/verity-compat-test +++ b/tests/verity-compat-test @@ -2,8 +2,13 @@ [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." VERITYSETUP=$CRYPTSETUP_PATH/veritysetup -VERITYSETUP_VALGRIND=../.libs/veritysetup -VERITYSETUP_LIB_VALGRIND=../.libs + +if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + VERITYSETUP_VALGRIND=$VERITYSETUP +else + VERITYSETUP_VALGRIND=../.libs/veritysetup + VERITYSETUP_LIB_VALGRIND=../.libs +fi DEV_NAME=verity3273 DEV_NAME2=verity3273x @@ -304,7 +309,10 @@ function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $VERITYSETUP_VALGRIND ] && fail "Unable to get location of veritysetup executable." - export LD_LIBRARY_PATH="$VERITYSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + export LD_LIBRARY_PATH="$VERITYSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" + fi } function valgrind_run() diff --git a/tokens/meson.build b/tokens/meson.build new file mode 100644 index 0000000..a772a11 --- /dev/null +++ b/tokens/meson.build @@ -0,0 +1,8 @@ +libcryptsetup_token_sym_path = join_paths(meson.current_source_dir(), 'libcryptsetup-token.sym') + +token_link_args = [ + '-Wl,--version-script=' + + libcryptsetup_token_sym_path, +] + +subdir('ssh') diff --git a/tokens/ssh/cryptsetup-ssh.c b/tokens/ssh/cryptsetup-ssh.c index 7c0bf02..68a414b 100644 --- a/tokens/ssh/cryptsetup-ssh.c +++ b/tokens/ssh/cryptsetup-ssh.c @@ -1,8 +1,8 @@ /* * Example of LUKS2 token storing third party metadata (EXPERIMENTAL EXAMPLE) * - * Copyright (C) 2016-2023 Milan Broz - * Copyright (C) 2021-2023 Vojtech Trefny + * Copyright (C) 2016-2024 Milan Broz + * Copyright (C) 2021-2024 Vojtech Trefny * * Use: * - generate ssh example token @@ -47,6 +47,7 @@ #define OPT_DEBUG 5 #define OPT_DEBUG_JSON 6 #define OPT_KEY_SLOT 7 +#define OPT_TOKENS_PATH 8 void tools_cleanup(void) { @@ -59,6 +60,7 @@ static int token_add( const char *user, const char *path, const char *keypath, + const char *plugin_path, int keyslot) { @@ -68,6 +70,12 @@ static int token_add( const char *string_token; int r, token; + if (plugin_path) { + r = crypt_token_set_external_path(plugin_path); + if (r < 0) + return r; + } + r = crypt_init(&cd, device); if (r) return r; @@ -78,15 +86,20 @@ static int token_add( goto out; } - r = -EINVAL; jobj = json_object_new_object(); - if (!jobj) + if (!jobj) { + r = -ENOMEM; goto out; + } /* type is mandatory field in all tokens and must match handler name member */ json_object_object_add(jobj, "type", json_object_new_string(TOKEN_NAME)); jobj_keyslots = json_object_new_array(); + if (!jobj_keyslots) { + r = -ENOMEM; + goto out; + } /* mandatory array field (may be empty and assigned later */ json_object_object_add(jobj, "keyslots", jobj_keyslots); @@ -143,6 +156,8 @@ static struct argp_option options[] = { {"ssh-user", OPT_SSH_USER, "STRING", 0, N_("Username used for the remote server")}, {"ssh-path", OPT_SSH_PATH, "STRING", 0, N_("Path to the key file on the remote server")}, {"ssh-keypath", OPT_KEY_PATH, "STRING", 0, N_("Path to the SSH key for connecting to the remote server")}, + {"external-tokens-path", + OPT_TOKENS_PATH,"STRING", 0, N_("Path to directory containinig libcryptsetup external tokens")}, {"key-slot", OPT_KEY_SLOT, "NUM", 0, N_("Keyslot to assign the token to. If not specified, token will "\ "be assigned to the first keyslot matching provided passphrase.")}, {0, 0, 0, 0, N_("Generic options:")}, @@ -159,6 +174,7 @@ struct arguments { char *ssh_user; char *ssh_path; char *ssh_keypath; + char *ssh_plugin_path; int keyslot; int verbose; int debug; @@ -182,6 +198,9 @@ parse_opt (int key, char *arg, struct argp_state *state) { case OPT_KEY_PATH: arguments->ssh_keypath = arg; break; + case OPT_TOKENS_PATH: + arguments->ssh_plugin_path = arg; + break; case OPT_KEY_SLOT: arguments->keyslot = atoi(arg); break; @@ -408,6 +427,7 @@ int main(int argc, char *argv[]) arguments.ssh_user, arguments.ssh_path, arguments.ssh_keypath, + arguments.ssh_plugin_path, arguments.keyslot); if (ret < 0) return EXIT_FAILURE; diff --git a/tokens/ssh/libcryptsetup-token-ssh.c b/tokens/ssh/libcryptsetup-token-ssh.c index 639b25d..ac85f89 100644 --- a/tokens/ssh/libcryptsetup-token-ssh.c +++ b/tokens/ssh/libcryptsetup-token-ssh.c @@ -1,8 +1,8 @@ /* * Example of LUKS2 ssh token handler (EXPERIMENTAL) * - * Copyright (C) 2016-2023 Milan Broz - * Copyright (C) 2020-2023 Vojtech Trefny + * Copyright (C) 2016-2024 Milan Broz + * Copyright (C) 2020-2024 Vojtech Trefny * * Use: * - generate LUKS device diff --git a/tokens/ssh/meson.build b/tokens/ssh/meson.build new file mode 100644 index 0000000..dba1d76 --- /dev/null +++ b/tokens/ssh/meson.build @@ -0,0 +1,39 @@ +tokens_ssh_build_dir = meson.current_build_dir() + +if get_option('ssh-token') + if not enable_static + libcryptsetup_token_ssh = shared_library( + 'cryptsetup-token-ssh', + [ + 'libcryptsetup-token-ssh.c', + 'ssh-utils.c', + ], + dependencies: [ + jsonc, + libssh, + ], + link_with: libcryptsetup, + link_args: token_link_args, + include_directories: includes_tools + ['..']) + endif + + cryptsetup_ssh_files = files( + 'cryptsetup-ssh.c', + 'ssh-utils.c', + ) + cryptsetup_ssh_files += lib_ssh_token_files + cryptsetup_ssh_files += src_ssh_token_files + + cryptsetup_ssh = executable('cryptsetup-ssh', + cryptsetup_ssh_files, + dependencies: [ + argp, + jsonc, + libssh, + passwdqc, + popt, + pwquality, + ], + link_with: libcryptsetup, + include_directories: includes_tools + ['..']) +endif diff --git a/tokens/ssh/ssh-utils.c b/tokens/ssh/ssh-utils.c index 564d858..07638ba 100644 --- a/tokens/ssh/ssh-utils.c +++ b/tokens/ssh/ssh-utils.c @@ -1,8 +1,8 @@ /* * ssh plugin utilities * - * Copyright (C) 2016-2023 Milan Broz - * Copyright (C) 2020-2023 Vojtech Trefny + * Copyright (C) 2016-2024 Milan Broz + * Copyright (C) 2020-2024 Vojtech Trefny * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/tokens/ssh/ssh-utils.h b/tokens/ssh/ssh-utils.h index a491275..19fe61e 100644 --- a/tokens/ssh/ssh-utils.h +++ b/tokens/ssh/ssh-utils.h @@ -1,8 +1,8 @@ /* * ssh plugin utilities * - * Copyright (C) 2016-2023 Milan Broz - * Copyright (C) 2020-2023 Vojtech Trefny + * Copyright (C) 2016-2024 Milan Broz + * Copyright (C) 2020-2024 Vojtech Trefny * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -19,6 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#ifndef SSH_UTILS_H +#define SSH_UTILS_H + #include <libssh/libssh.h> #include <libssh/sftp.h> #include <libcryptsetup.h> @@ -27,3 +30,5 @@ int sshplugin_download_password(struct crypt_device *cd, ssh_session ssh, const char *path, char **password, size_t *password_len); ssh_session sshplugin_session_init(struct crypt_device *cd, const char *host, const char *user); int sshplugin_public_key_auth(struct crypt_device *cd, ssh_session ssh, const ssh_key pkey); + +#endif /* SSH_UTILS_H */ |