From 50b762ab94ee3d145a4eaeae3f677c5737b83989 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Thu, 15 May 2025 14:40:45 +0200 Subject: [PATCH] Add note to man page for LUKS convert requirements. --- man/cryptsetup-convert.8.adoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/man/cryptsetup-convert.8.adoc b/man/cryptsetup-convert.8.adoc index dbb4c23c..a518ed85 100644 --- a/man/cryptsetup-convert.8.adoc +++ b/man/cryptsetup-convert.8.adoc @@ -20,6 +20,12 @@ Converts the device between LUKS1 and LUKS2 format (if possible). The conversion will not be performed if there is an additional LUKS2 feature or LUKS1 has unsupported header size. +For conversion from LUKS2 to LUKS1, all active keyslots must use the PBKDF2 +key-derivation function. The PBKDF2 and anti-forensic filter (AF) hash must +be the same as the hash used in the digest. +All keyslot numbers must be lower than 8 (LUKS1 maximum slot number). +There must be at least one active keyslot and no unbound or reencryption keyslots. + Conversion (both directions) must be performed on inactive device. There must not be active dm-crypt mapping established for LUKS header requested for conversion.