eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update release notes for 2.7.0-rc1 and LUKS2 doc.

Browse Source
This commit is contained in:
Milan Broz
2023-12-20 11:43:23 +01:00
parent d1b32a3b64
commit b47f423907
2 changed files with 22 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/on-disk-format-luks2.pdf
View File

Binary file not shown.

34
docs/v2.7.0-rc0-ReleaseNotes → docs/v2.7.0-rc1-ReleaseNotes
View File

@@ -1,7 +1,21 @@
Cryptsetup 2.7.0-rc0 Release Notes
Cryptsetup 2.7.0-rc1 Release Notes
==================================
Stable release candidate with new features and bug fixes.
Changes since version 2.7.0-rc0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Used Argon2 PBKDF implementation is now reported in debug mode
in the cryptographic backend version. For native support in
OpenSSL 3.2 or libgcrypt 1.11, "argon2" is displayed.
If libargon2 is used, "cryptsetup libargon2" (for embedded
library) or "external libargon2" is displayed.
* Fix wiping of OPAL key in the kernel on luksSuspend.
* Use metadata lock for OPAL disk manipulation to avoid unexpected
states if two processes manipulate the device.
Changes since version 2.6.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -47,11 +61,10 @@ Changes since version 2.6.1
encryption (--hw-opal option) or without the software layer
(--hw-opal-only option).
You can see the configured segment parameters in the luksDump command.
Note: formal specification of OPAL LUKS2 segment metadata will be added
in the next release candidate. LUKS2 devices with OPAL segments set
a new requirement flag in the LUKS2 header to prevent older cryptsetup
metadata manipulation. Do not use hardware-only encryption if you do
not fully trust your hardware vendor.
LUKS2 devices with OPAL segments set a new requirement flag in
the LUKS2 header to prevent older cryptsetup metadata manipulation.
Do not use hardware-only encryption if you do not fully trust your
hardware vendor.
Compatibility notes:
- Linux kernel SED interface does NOT work through USB external
@@ -185,9 +198,6 @@ Changes since version 2.6.1
These options are intended to be used for integration with other
systems for automation.
Note: the API will slightly change in the next release candidate
(active reencryption will need to setup old and new keys together).
Users can now use the volume key (not passphrase) stored in arbitrary
kernel keyring and directly use it in particular cryptsetup commands
with --volume-key-keyring option. The keyring can use various policies
@@ -304,9 +314,9 @@ Changes since version 2.6.1
* Fix wipe operation that overwrites the whole device if used for LUKS2
header with no keyslot area.
Formatting a LUKS2 device with no defined keyslots area is a very
specific operation, and the code now properly recognizes such
configuration.
Formatting a LUKS2 device with no defined keyslots area is a very
specific operation, and the code now properly recognizes such
configuration.
* Fix luksErase to work with detached LUKS header.