[dm-crypt] [ANNOUNCE] cryptsetup 1.7.2

Milan Broz gmazyland at gmail.com
Sat Jun 4 14:28:01 CEST 2016

The stable cryptsetup 1.7.2 release is available at


Please note that release packages are located on kernel.org


Feedback and bug reports are welcomed.

Cryptsetup 1.7.2 Release Notes

Changes since version 1.7.1

* Update LUKS documentation format.
  Clarify fixed sector size and keyslots alignment.

* Support activation options for error handling modes in Linux kernel
  dm-verity module:

  --ignore-corruption - dm-verity just logs detected corruption

  --restart-on-corruption - dm-verity restarts the kernel if corruption is detected

  If the options above are not specified, default behavior for dm-verity remains.
  Default is that I/O operation fails with I/O error if corrupted block is detected.

  --ignore-zero-blocks - Instructs dm-verity to not verify blocks that are expected
  to contain zeroes and always return zeroes directly instead.

  NOTE that these options could have security or functional impacts,
  do not use them without assessing the risks!

* Fix help text for cipher benchmark specification (mention --cipher option).

* Fix off-by-one error in maximum keyfile size.
  Allow keyfiles up to compiled-in default and not that value minus one.

* Support resume of interrupted decryption in cryptsetup-reencrypt utility.
  To resume decryption, LUKS device UUID (--uuid) option must be used.

* Do not use direct-io for LUKS header with unaligned keyslots.
  Such headers were used only by the first cryptsetup-luks-1.0.0 release (2005).

* Fix device block size detection to properly work on particular file-based
  containers over underlying devices with 4k sectors.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20160604/901260a9/attachment.asc>

More information about the dm-crypt mailing list