diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index b8e306a3..15fe1dd7 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -458,11 +458,18 @@ Opens the TCRYPT (a TrueCrypt-compatible) and sets up a mapping . \fB\fR can be [\-\-key\-file, \-\-tcrypt\-hidden, -\-\-tcrypt\-system, \-\-tcrypt\-backup, \-\-readonly, \-\-test\-passphrase]. +\-\-tcrypt\-system, \-\-tcrypt\-backup, \-\-readonly, \-\-test\-passphrase, +\-\-allow-discards]. The keyfile parameter allows combination of file content with the passphrase and can be repeated. Note that using keyfiles is compatible with TCRYPT and is different from LUKS keyfile logic. + +\fBWARNING:\fR Option \fB\-\-allow\-discards\fR cannot be combined with +option \fB\-\-tcrypt\-hidden\fR. For normal mapping it can cause +\fBdestruction of hidden volume\fR (hidden volume appears as unused space +for outer volume so this space can be discarded). + .PP \fItcryptDump\fR .IP diff --git a/src/cryptsetup.c b/src/cryptsetup.c index abdd117d..4ef34cb5 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -251,6 +251,9 @@ static int action_open_tcrypt(void) if (opt_readonly) flags |= CRYPT_ACTIVATE_READONLY; + if (opt_allow_discards) + flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; + if (activated_name) r = crypt_activate_by_volume_key(cd, activated_name, NULL, 0, flags); out: @@ -1628,6 +1631,11 @@ int main(int argc, const char **argv) _("Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"), poptGetInvocationName(popt_context)); + if (opt_tcrypt_hidden && opt_allow_discards) + usage(popt_context, EXIT_FAILURE, + _("Option --tcrypt-hidden cannot be combined with --allow-discards.\n"), + poptGetInvocationName(popt_context)); + if (opt_debug) { opt_verbose = 1; crypt_set_debug_level(-1);