diff --git a/man/common_options.adoc b/man/common_options.adoc index 3c315798..02561bdb 100644 --- a/man/common_options.adoc +++ b/man/common_options.adoc @@ -377,7 +377,7 @@ ifdef::ACTION_LUKSFORMAT[] *--integrity-legacy-padding*:: Use inefficient legacy padding. + -*WARNING*: Do not use this option until you need compatibility with a specific old kernel. +Do not use this option until you need compatibility with a specific old kernel. endif::[] ifdef::ACTION_REFRESH[] @@ -464,7 +464,7 @@ ifndef::ACTION_REENCRYPT[] See section _NOTES ON PASSPHRASE PROCESSING_ in *cryptsetup*(8) for more information. endif::[] ifdef::ACTION_REENCRYPT[] -*WARNING:* --key-file option can be used only if there is only one active keyslot, or alternatively, also if --key-slot option is specified (then all other keyslots will be disabled in the new LUKS device). +The --key-file option can be used only if there is only one active keyslot, or alternatively, also if --key-slot option is specified (then all other keyslots will be disabled in the new LUKS device). + If this option is not used, cryptsetup will ask for all active keyslot passphrases. endif::[] diff --git a/man/cryptsetup-reencrypt.8.adoc b/man/cryptsetup-reencrypt.8.adoc index 4f4bfc65..83fac42c 100644 --- a/man/cryptsetup-reencrypt.8.adoc +++ b/man/cryptsetup-reencrypt.8.adoc @@ -31,7 +31,7 @@ The _reencrypt_ action reencrypts data on the LUKS device in-place. You can regenerate *volume key* (the real key used in on-disk encryption unlocked by passphrase), *cipher*, *cipher mode* or *encryption sector size* (LUKS2 only). -*WARNING:* If you need to use both luksChangeKey and reencrypt (e.g., to recover from a leak), you need to use them in that order to avoid leaking the new volume key. +If you need to use both luksChangeKey and reencrypt (e.g., to recover from a leak), you need to use them in that order to avoid leaking the new volume key. The reencryption process may be safely interrupted by a user via SIGINT signal (ctrl+c). The same applies to the SIGTERM signal (i.e., issued by systemd during system shutdown). diff --git a/man/cryptsetup.8.adoc b/man/cryptsetup.8.adoc index 2717cb2e..3ae40736 100644 --- a/man/cryptsetup.8.adoc +++ b/man/cryptsetup.8.adoc @@ -563,7 +563,7 @@ Albeit Linux kernel 5.7 added TRIM support for standalone dm-integrity devices, Some integrity modes require two independent keys (a key for encryption and authentication). Both these keys are stored in one LUKS keyslot. -*WARNING:* All support for authenticated modes is experimental, and only some modes are available now. +Support for authenticated modes is experimental, and only some modes are available now. Note that very few authenticated encryption algorithms are suitable for disk encryption. You also cannot use CRC32 or other non-cryptographic checksums (other than the special integrity mode "none"). If, for some reason, you want to have integrity control without using authentication mode, then you should separately configure dm-integrity independently of LUKS2. diff --git a/man/integritysetup.8.adoc b/man/integritysetup.8.adoc index f7fc8677..a4c7ddd4 100644 --- a/man/integritysetup.8.adoc +++ b/man/integritysetup.8.adoc @@ -248,7 +248,6 @@ If this flag is not set, checksums will be calculated for previously stored data == LEGACY COMPATIBILITY OPTIONS -*WARNING:*:: Do not use these options until you need compatibility with a specific old kernel. *--integrity-legacy-padding*:: diff --git a/man/veritysetup.8.adoc b/man/veritysetup.8.adoc index 7c760cb6..dd290d62 100644 --- a/man/veritysetup.8.adoc +++ b/man/veritysetup.8.adoc @@ -180,12 +180,12 @@ With --ignore-corruption option, the corruption is only logged. With --restart-on-corruption or --panic-on-corruption, the kernel is restarted (panicked) immediately. (You have to provide a way to avoid restart loops.) + -*WARNING:* Use these options only for very specific cases. +Use these options only for very specific cases. *--ignore-zero-blocks*:: Instruct the kernel not to verify blocks expected to contain zeroes and always directly return zeroes instead. + -*WARNING:* Use this option only in very specific cases. +Use this option only in very specific cases. *--no-superblock*:: Create or use dm-verity without a permanent on-disk superblock.