A set of utilities called cryptsetup 2.8 has been published, aimed at adjusting disk encryption in Linux using the DM-Crypt module. These utilities support working with sections DM-CRYPT, LUKS, LUKS2, BITLK, LOOP-AES, and TrueCrypt/VeraCrypt. The package also includes VeritySetup and IntegritySetup utilities for configuring data integrity control based on DM-Verity and DM-INTEGRITY.
Key improvements in this release include:
- Support for Inline-mode, allowing the use of expanded sectors with additional space for storing metadata integrity control. This feature is particularly useful for NVMe drives that place metadata alongside data in sectors, eliminating the need for a separate integrity journal.
- Enhanced API Keyslot Context for manipulation with key slots, expanding functionality and capabilities for existing commands and functions.
- Added options “–key-description” and “-new-key-description” in Cryptsetup utility to attach descriptions to keys.
- Ability to resume a suspended re-encryption operation using tokens and section collapse.
- Improved Repair command for checking damage to regions with LUKS key slots.
- Additional functionality in the VeritySetup tool with options to handle errors as data corruption, enabling configuration for reboot or transition to Panic state.
- Optional use of MBED-TLS library as a crypto backend (enabled by compiling with “–with-crypto_backend=MBEDTLS” option).
/Reports, release notes, official announcements.