diff --git a/lib/setup.c b/lib/setup.c index dfc08724..348d560a 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -657,7 +657,7 @@ int crypt_set_data_device(struct crypt_device *cd, const char *device) log_dbg(cd, "Setting ciphertext data device to %s.", device ?: "(none)"); if (!isLUKS1(cd->type) && !isLUKS2(cd->type) && !isVERITY(cd->type) && - !isINTEGRITY(cd->type)) { + !isINTEGRITY(cd->type) && !isTCRYPT(cd->type)) { log_err(cd, _("This operation is not supported for this device type.")); return -EINVAL; } @@ -845,11 +845,6 @@ static int _crypt_load_tcrypt(struct crypt_device *cd, struct crypt_params_tcryp if (!params) return -EINVAL; - if (cd->metadata_device) { - log_err(cd, _("Detached metadata device is not supported for this crypt type.")); - return -EINVAL; - } - r = init_crypto(cd); if (r < 0) return r; diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index 643012d4..45f793c5 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -715,7 +715,8 @@ a mapping . \fB\fR can be [\-\-key\-file, \-\-tcrypt\-hidden, \-\-tcrypt\-system, \-\-tcrypt\-backup, \-\-readonly, \-\-test\-passphrase, -\-\-allow-discards, \-\-veracrypt, \-\-veracrypt\-pim, \-\-veracrypt\-query\-pim]. +\-\-allow-discards, \-\-veracrypt, \-\-veracrypt\-pim, \-\-veracrypt\-query\-pim, +\-\-header]. The keyfile parameter allows a combination of file content with the passphrase and can be repeated. Note that using keyfiles is compatible diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 06b93c0d..4e014b8f 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -458,7 +458,8 @@ static int action_open_tcrypt(void) activated_name = ARG_SET(OPT_TEST_PASSPHRASE_ID) ? NULL : action_argv[1]; - if ((r = crypt_init(&cd, action_argv[0]))) + r = crypt_init_data_device(&cd, ARG_STR(OPT_HEADER_ID) ?: action_argv[0], action_argv[0]); + if (r < 0) goto out; r = tcrypt_load(cd, ¶ms); @@ -571,8 +572,8 @@ static int action_tcryptDump(void) .veracrypt_pim = ARG_UINT32(OPT_VERACRYPT_PIM_ID) }; int r; - - if ((r = crypt_init(&cd, action_argv[0]))) + r = crypt_init_data_device(&cd, ARG_STR(OPT_HEADER_ID) ?: action_argv[0], action_argv[0]); + if (r < 0) goto out; r = tcrypt_load(cd, ¶ms);