The new flag is supposed to refresh (reload) active dm-crypt
mapping with new set of activation flags. CRYPT_ACTIVATE_READONLY
can not be switched for already active device.
The flag is silently ignored for tcrypt, verity and integrity
devices. LUKS2 with authenticated encryption support is added in
later commit.
If any argument is null return false (with higher
priority than trivial identity check).
Also device_path can't return null if device struct gets
allocated succesfully.
Also print these area sizes in dump command.
NOTE: since now, the metadata area size in dump command contains
mandatory 4k binary section (to be aligned with API definition).
The crypt_set_data_offset sets the data offset for LUKS and LUKS2 devices
to specified value in 512-byte sectors.
This value should replace alignment calculation in LUKS param structures.
Since the kernel 4.18 there is a possibility to speficy external
data device for dm-integrity that stores all integrity tags.
The new option --data-device in integritysetup uses this feature.
Linux kernel since version 4.18 supports automatic background
recalculation of integrity tags for dm-integrity.
This patch adds new integritysetup --integrity-recalculate options
that uses this option.
Due to previous fix it's no longer needed to add
all keyslot area lengths and check if result sum
is lower than keyslots_size.
(We already check lower limit, upper limit and
overlapping areas)
This commit fixes two problems:
a) Replace hardcoded 16KiB metadata variant as lower limit
for keyslot area offset with current value set in config
section (already validated).
b) Replace segment offset (if not zero) as upper limit for
keyslot area offset + size with value calculated as
2 * metadata size + keyslots_size as acquired from
config section (also already validated)
Swap config and keyslot areas validation code order.
Also split original keyslots_size validation code in
between config and keyslot areas routines for furhter
changes in the code later. This commit has no funtional
impact.
Keyslot areas were validated from each keyslot
validation routine and later one more time
in general header validation routine. The call
from header validation routine is good enough.
Test archive contains images with all supported
LUKS2 metadata size configurations. There's
one active keyslot 0 in every image that can be
unlocked with following passphrase (ignore
quotation marks): "Qx3qn46vq0v"
Test both primary and secondary header validation tests
with non-default LUKS2 json area size.
Check validation rejects config.keyslots_size with zero value.
Check validation rejects mismatching values for metadata size
set in binary header and in config json section.
