[dm-crypt] [ANNOUNCE] cryptsetup 1.6.7
mail at wintonian.org.uk
Mon Mar 23 19:15:53 CET 2015
I hope you won't mind me mentioning, but the following sections in the
FAQ (on Gitlab) still link back to Google Code; 1.1, 1.6 and 9.
In the case of section 1.1 this informs the reader where the latest
version can be found - I assume Gitlab will now be the up-to-date version?
My apologies if you have already planned to make the amendments.
p.s. Many thanks for all your hard work in providing this important utility.
On 23/03/15 17:54, Milan Broz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> The stable cryptsetup 1.6.7 release is available at
> Please note that release packages are located on kernel.org
> Feedback and bug reports are welcomed.
> Cryptsetup 1.6.7 Release Notes
> Changes since version 1.6.6
> * Cryptsetup git and wiki are now hosted on GitLab.
> Repository of stable releases remains on kernel.org site
> For more info please see README file.
> * Cryptsetup TCRYPT mode now supports VeraCrypt devices (TrueCrypt extension).
> The VeraCrypt extension only increases iteration count for the key
> derivation function (on-disk format is the same as TrueCrypt format).
> Note that unlocking of a VeraCrypt device can take very long time if used
> on slow machines.
> To use this extension, add --veracrypt option, for example
> cryptsetup open --type tcrypt --veracrypt <container> <name>
> For use through libcryptsetup, just add CRYPT_TCRYPT_VERA_MODES flag.
> * Support keyfile-offset and keyfile-size options even for plain volumes.
> * Support keyfile option for luksAddKey if the master key is specified.
> * For historic reasons, hashing in the plain mode is not used
> if keyfile is specified (with exception of --key-file=-).
> Print a warning if these parameters are ignored.
> * Support permanent device decryption for cryptsetup-reencrypt.
> To remove LUKS encryption from a device, you can now use --decrypt option.
> * Allow to use --header option in all LUKS commands.
> The --header always takes precedence over positional device argument.
> * Allow luksSuspend without need to specify a detached header.
> * Detect if O_DIRECT is usable on a device allocation.
> There are some strange storage stack configurations which wrongly allows
> to open devices with direct-io but fails on all IO operations later.
> Cryptsetup now tries to read the device first sector to ensure it can use
> * Add low-level performance options tuning for dmcrypt (for Linux 4.0 and later).
> Linux kernel 4.0 contains rewritten dmcrypt code which tries to better utilize
> encryption on parallel CPU cores.
> While tests show that this change increases performance on most configurations,
> dmcrypt now provides some switches to change its new behavior.
> You can use them (per-device) with these cryptsetup switches:
> Please use these only in the case of serious performance problems.
> Refer to the cryptsetup man page and dm-crypt documentation
> (for same_cpu_crypt and submit_from_crypt_cpus options).
> * Get rid of libfipscheck library.
> (Note that this option was used only for Red Hat and derived distributions.)
> With recent FIPS changes we do not need to link to this FIPS monster anymore.
> Also drop some no longer needed FIPS mode checks.
> * Many fixes and clarifications to man pages.
> * Prevent compiler to optimize-out zeroing of buffers for on-stack variables.
> * Fix a crash if non-GNU strerror_r is used.
> Cryptsetup API NOTE:
> The direct terminal handling for passphrase entry will be removed from
> libcryptsetup in next major version (application should handle it itself).
> It means that you have to always either provide password in buffer or set
> your own password callback function through crypt_set_password_callback().
> See API documentation (or libcryptsetup.h) for more info.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> -----END PGP SIGNATURE-----
> dm-crypt mailing list
> dm-crypt at saout.de
More information about the dm-crypt