diff --git a/lib/setup.c b/lib/setup.c index f68bdb39..c7013aae 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -657,7 +657,7 @@ int crypt_set_data_device(struct crypt_device *cd, const char *device) log_dbg(cd, "Setting ciphertext data device to %s.", device ?: "(none)"); if (!isLUKS1(cd->type) && !isLUKS2(cd->type) && !isVERITY(cd->type) && - !isINTEGRITY(cd->type)) { + !isINTEGRITY(cd->type) && !isTCRYPT(cd->type)) { log_err(cd, _("This operation is not supported for this device type.")); return -EINVAL; } @@ -845,11 +845,6 @@ static int _crypt_load_tcrypt(struct crypt_device *cd, struct crypt_params_tcryp if (!params) return -EINVAL; - if (cd->metadata_device) { - log_err(cd, _("Detached metadata device is not supported for this crypt type.")); - return -EINVAL; - } - r = init_crypto(cd); if (r < 0) return r; diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index 1107e284..5c9ca5c4 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -717,7 +717,8 @@ a mapping . \fB\fR can be [\-\-key\-file, \-\-tcrypt\-hidden, \-\-tcrypt\-system, \-\-tcrypt\-backup, \-\-readonly, \-\-test\-passphrase, -\-\-allow-discards, \-\-veracrypt, \-\-veracrypt\-pim, \-\-veracrypt\-query\-pim]. +\-\-allow-discards, \-\-veracrypt, \-\-veracrypt\-pim, \-\-veracrypt\-query\-pim, +\-\-header]. The keyfile parameter allows a combination of file content with the passphrase and can be repeated. Note that using keyfiles is compatible diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 8d439096..655c15da 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -544,7 +544,8 @@ static int action_open_tcrypt(void) activated_name = opt_test_passphrase ? NULL : action_argv[1]; - if ((r = crypt_init(&cd, action_argv[0]))) + r = crypt_init_data_device(&cd, opt_header_device ?: action_argv[0], action_argv[0]); + if (r < 0) goto out; r = tcrypt_load(cd, ¶ms); @@ -657,8 +658,8 @@ static int action_tcryptDump(void) .veracrypt_pim = (opt_veracrypt_pim > 0) ? opt_veracrypt_pim : 0, }; int r; - - if ((r = crypt_init(&cd, action_argv[0]))) + r = crypt_init_data_device(&cd, opt_header_device ?: action_argv[0], action_argv[0]); + if (r < 0) goto out; r = tcrypt_load(cd, ¶ms);