mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-11 10:50:01 +01:00
0cc686af59
TrueCrypt/VeraCrypt supports full system encryption (only a partition table is not encrypted) or system partition encryption (only a system partition is encrypted). The metadata header then contains the offset and size of the encrypted area. Cryptsetup needs to know the specific partition offset to calculate encryption parameters. To properly map a partition, you must specify a real partition device so cryptsetup can calculate this offset. As user can specify various combination, we need to determine the proper IV and data offsets. The logic for CRYPT_TCRYPT_SYSTEM_HEADER flag should be (in this order): - if data device is a real partition, calculate offset from it. - if --header is a real partition , calculate offset from it. - if device is a real disk, try to search for partition using decrypted offset and size (works only for system partition-only encryption). - if data and metadata (header) device is the same, map whole encrypted area (this is the ost confusing for user) - if data and metadata (header) divice differs, expect data image contains only partition (setting offset to 0, but using IV offset from header). There are still situation that can end with wrong mapping, but user now has the option to setup it properly. Also this patch fixes use of stored encryption size in header, so we do not map larger area. Fixes:#889