eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 10:50:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update 2.4.0 release notes.

Browse Source
This commit is contained in:
Milan Broz
2021-08-18 14:09:32 +02:00
parent 4746717b75
commit 0ee752c42d
1 changed files with 16 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
docs/v2.4.0-rc1-ReleaseNotes → docs/v2.4.0-ReleaseNotes
View File

@@ -1,31 +1,10 @@
Cryptsetup 2.4.0-rc1 Release Notes
==================================
Cryptsetup 2.4.0 Release Notes
==============================
Stable release candidate with new features and bug fixes.
This version introduces support for external libraries
(plugins) for handling LUKS2 token objects.
Changes since version 2.4.0-rc0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Add cryptsetup --token-type parameter.
It restricts token type to the parameter value in case no specific
token-id is selected.
* Do not retry token operations if PIN entry failed.
* Respect keyslot priority with token-based activation.
* veritysetup: add --root-hash-file option
Allow passing the root hash via a file, rather than verbatim on
the command line, for the open, verify, and format actions.
* Add crypt_reencrypt_run superseding now deprecated crypt_reencrypt
API call (fixes API break in rc0 release).
* Respect keyslot priority with token-based activation.
Changes since version 2.3.6
~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -119,6 +98,15 @@ Example (how to activate LUKS2 through remote keyfile):
Please note SSH token is just demonstration of plugin interface API,
it is an EXPERIMENTAL feature.
* Add cryptsetup --token-type parameter.
It restricts token type to the parameter value in case no specific
token-id is selected.
* Do not retry token operations if PIN entry failed.
* Respect keyslot priority with token-based activation.
* Default LUKS2 PBKDF is now Argon2id
Cryptsetup LUKS2 was using Argon2 while there were two versions,
@@ -266,6 +254,10 @@ Example (how to activate LUKS2 through remote keyfile):
Note that it cannot detect unknown algorithm names and similar where
we need call API functions.
* veritysetup: add --root-hash-file option
Allow passing the root hash via a file, rather than verbatim on
the command line, for the open, verify, and format actions.
* libcryptsetup C API extensions (see libcryptsetup.h for details)
- crypt_logf - a printf like log function
@@ -275,7 +267,7 @@ Example (how to activate LUKS2 through remote keyfile):
- crypt_token_external_path - get path for plugins (or NULL)
- crypt_token_external_disable - disable runtime support for plugins
- crypt_activate_by_token_pin - activate by token with additional PIN
- crypt_reencrypt - fixed prototype
- crypt_reencrypt_run - fixed API for deprecated crypt_reencrypt
The token plugin library interface cosists from these versioned
exported symbols (for details see header file and SSH token example):