The new flag is supposed to refresh (reload) active dm-crypt
mapping with new set of activation flags. CRYPT_ACTIVATE_READONLY
can not be switched for already active device.
The flag is silently ignored for tcrypt, verity and integrity
devices. LUKS2 with authenticated encryption support is added in
later commit.
Since the kernel 4.18 there is a possibility to speficy external
data device for dm-integrity that stores all integrity tags.
The new option --data-device in integritysetup uses this feature.
Linux kernel since version 4.18 supports automatic background
recalculation of integrity tags for dm-integrity.
This patch adds new integritysetup --integrity-recalculate options
that uses this option.
The kernel 4.17 will include a new dm-verity flag that
instructs kernel to verify data blocks only once.
This patch adds support for it to libcryptsetup and veritysetup.
This flag can be dangerous; if you can control underlying device
(you can change its content after it was verified) it will no longer
prevent reading tampered data and also it does not prevent to silent
data corrruptions that appears after the block was once read.
Upstream dm-crypt v1.15.0 through v1.18.0 contains
serious bug in kernel key processing that may cause
data corruption for ciphers using essiv, tcw and lmk IVs.
Patch adds patch number processing to DM version checks.
crypt_deactivate_* fail earlier without noisy dm retries
when other device holders detected. The early detection
works if:
a) other device-mapper device has a hold reference on the
device
- or -
b) mounted fs is detected on the device
Any deactivation flag CRYPT_DEACTIVATE_FORCE or
CRYPT_DEACTIVATE_DEFERRED will disable this detection
This patch adds support for using keyring for volume key
and support for new integrity fields for dm-crypt.
Also helpers for searching disk by id.
To be used later.
Code is written by Ondrej Kozina.
This patch adds ability to store volume key in kernel keyring
(feature available in recent kernels) and avoid setting
key through dm-ioctl and avoiding key in table mapping.
Will be used in LUKS2.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
This call is required for deferred removal of device.
Morever, if the system reports that udev is running, we should not
try to "fix" problems by creating or removing nodes directly through libdevmapper.
(Non-udev case should still work.)
Because there are already 3 targets used, the current detection
based only on dm-crypt is not sufficient.
Add new definition of dm_flags that allows separate target version detect.
Note: we do not want to load targets explicitly; instead, we repeats
detection after operation that could trigger target load.
If dm_flags() call fails, then the target is not yet loaded.
The dm-integrity target is intended to be used for authenticated
encryption through LUKS and dm-crypt.
It can be used in standalone as well; for this use case there
is a simple configuration utility called integritysetup
(similar to veritysetup to dm-verity).
