The progress function remained silent unless the speed was higher
than minimal delta for double type in MiB/s. That could confuse
users that progress got stucked, but it in fact it was only slow.
Now wipe and reencryption progess functions can report speeds
in B/s up to GiB/s.
When resuming reencryption operation (both LUKS2 and legacy offline
code) speeds were incorectly calculated from whole progress including
range already reencrypted in previous runs. Now we track speed only
for currently running session.
It also fixes minor regression where we return backing file
for partition on top of loop device when prompting for passphrase.
Partition on loop has different major number so it should not be
considered loop device at all.
It may be useful to activate device right after LUKS2 encryption
is initialized:
device is ready to use immediately even if data encryption runs in
the background for a long time
It simplifies encryption initialization during reboot.
This regression was introduced in cryptsetup 2.0.0 release
with refactoring "Enter passphrase for (dev)" prompt.
With cryptsetup 1.7.5, "cryptsetup open /dev/loop0" printed
following prompt:
"Enter passphrase for /path/to/loop/backing_file:"
Whereas cryptsetup 2.0.0 and on printed following one:
"Enter passphrase for /dev/loop:"
Reported in https://bugzilla.redhat.com/show_bug.cgi?id=1726287
Fixes: 39698fa6b7 ("Remove terminal input from libcryptsetup API calls.")
Fixes: c80acbe4c8 ("Add back "Passphrase for (dev):" prompt.")
Fixes: 5171f65c05 ("tests only: Return back password retry support for luksOpen.")
If all keyslots are removed, LUKS2 has no longer information about
the volume key size (there is only key digest present).
If user wants to open or add new keyslot, it must get information
about key size externally.
We do not want to guess key size from the file size (it does not
work for block devices for example), so require explicit --keyfil
option in these cases.
Fixes#470.
It's possible to retain all keyslots (passphrases) when
performing LUKS2 reencryption provided there's enough
space in LUKS2 json metadata.
When specific keyslot is selected all other keyslots
bound to old volume key get deleted after reencryption
is finished.
Existing tokens are assigned to new keyslots.
Currently it's used only in LUKS2 reencryption code
for reencrypting initial part of data device only.
It may be used to encrypt/reencrypt only initial part
of data device if user is aware that rest of the device
is empty.
