Zoned block device support can be disabled (as in RHEL8),
skip particular test if scsi_Debug does not create device.
(Modprobe does not return any error code, just kernel message
as parameter is actually supported, but block layer lack
support for zoned device.)
Once OPAL tests run, the whole pipeline gets marked as uninterruptible
(because of the uninterruptible OPAL job). Therefore a duplicate
pipeline gets started on e.g. MR change. Move OPAL jobs to test-opal
stage which runs at the end.
Zoned device cannot be written with direct-io
and cannot be used for LUKS header logic without
significant changes. Do not allow to use them for LUKS header
but allow it for data device, as dm-crypt supports it.
Fixes: #877
This function is used with block size, where 0 does
not make sense, so failing the check is the simple way
to avoid sividion by zero.
In reality, this should never happen, but it was seen
in (unreproducible) fuzzing input.
With email approval from Arno Wagner dated March 29, 2024:
From: Arno Wagner
To: Milan Broz
Subject: Re: cryuptsetup FAQ license
Hi Milan,
fine for me. You can change it directly.
Arno
On Wed, Mar 27, 2024 at 13:38:36 CET, Milan Broz wrote:
> Hi Arno,
>
> the FAQ in cryptsetup is licensed under CC-BY-SA-3.0 that is no longer a recent version - https://creativecommons.org/licenses/by-sa/3.0/
>
> I use CC-BY-SA-4.0 (https://creativecommons.org/licenses/by-sa/4.0/deed.en) for LUKS2 docs and think it is the best option for docs.
>
> Do you agree with updating the license to CC-BY-SA-4.0 for the FAQ.md file? (I, as coauthor, obviously agree :-)
>
> Thanks,
> Milan
hw-opal segment does not receive volume key for data
encryption, unlike crypt segment or hw-opal-crypt segment.
It gets key encryption key that is passed to device fw which
later unlocks the locking range key sealed in the device.
The assert may be skipped while volume key is not set.
Fixes: #875.
While properly calculated data segment needed compensation due to
misaligned partition (locking range had to be truncated),
we passed wrong value (original partition size) to LUKS2 metadata.
It has to use calculated locking range length in bytes.
Fixes: #873.
The opal_range_check_attributes_fd function expected both
offset and length parameters of a LR to be passed in sectors (512B).
During format we passed it wrongly in OPAL blocks which caused
bogus check provided OPAL block size was not 512B.
Fixes: #871.
With removal of cryptsetup-reencrypt there was
a bug introduced that broke resuming interrupted
LUKS1 decryption operation. LUKS2 code was not
affected.
