eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-13 20:00:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update release notes for 2.7.0-rc1 and LUKS2 doc.

Browse Source
This commit is contained in:
Milan Broz
2023-12-20 11:43:23 +01:00
parent d1b32a3b64
commit b47f423907
2 changed files with 22 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/on-disk-format-luks2.pdf
View File

Binary file not shown.

28
docs/v2.7.0-rc0-ReleaseNotes → docs/v2.7.0-rc1-ReleaseNotes
View File

@@ -1,7 +1,21 @@
Cryptsetup 2.7.0-rc0 Release Notes Cryptsetup 2.7.0-rc1 Release Notes
================================== ==================================
Stable release candidate with new features and bug fixes. Stable release candidate with new features and bug fixes.
Changes since version 2.7.0-rc0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Used Argon2 PBKDF implementation is now reported in debug mode
in the cryptographic backend version. For native support in
OpenSSL 3.2 or libgcrypt 1.11, "argon2" is displayed.
If libargon2 is used, "cryptsetup libargon2" (for embedded
library) or "external libargon2" is displayed.
* Fix wiping of OPAL key in the kernel on luksSuspend.
* Use metadata lock for OPAL disk manipulation to avoid unexpected
states if two processes manipulate the device.
Changes since version 2.6.1 Changes since version 2.6.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -47,11 +61,10 @@ Changes since version 2.6.1
encryption (--hw-opal option) or without the software layer encryption (--hw-opal option) or without the software layer
(--hw-opal-only option). (--hw-opal-only option).
You can see the configured segment parameters in the luksDump command. You can see the configured segment parameters in the luksDump command.
Note: formal specification of OPAL LUKS2 segment metadata will be added LUKS2 devices with OPAL segments set a new requirement flag in
in the next release candidate. LUKS2 devices with OPAL segments set the LUKS2 header to prevent older cryptsetup metadata manipulation.
a new requirement flag in the LUKS2 header to prevent older cryptsetup Do not use hardware-only encryption if you do not fully trust your
metadata manipulation. Do not use hardware-only encryption if you do hardware vendor.
not fully trust your hardware vendor.
Compatibility notes: Compatibility notes:
- Linux kernel SED interface does NOT work through USB external - Linux kernel SED interface does NOT work through USB external
@@ -185,9 +198,6 @@ Changes since version 2.6.1
These options are intended to be used for integration with other These options are intended to be used for integration with other
systems for automation. systems for automation.
Note: the API will slightly change in the next release candidate
(active reencryption will need to setup old and new keys together).
Users can now use the volume key (not passphrase) stored in arbitrary Users can now use the volume key (not passphrase) stored in arbitrary
kernel keyring and directly use it in particular cryptsetup commands kernel keyring and directly use it in particular cryptsetup commands
with --volume-key-keyring option. The keyring can use various policies with --volume-key-keyring option. The keyring can use various policies