Issue Cryptsetup 2.6 with support for FileVault2 encryption mechanism

published Set of Utles CRYPTSETUP 2.6 designed to adjust the encryption of disk sections in Linux using the DM-Crypt module. Working with sections DM-CRYPT, LUKS, LUKS2, BITLK, LOOP-AES and TrueCrypt/Voracrypt is supported. The composition also includes VeritySetup and IntegritySetup utility to configure data control tools based on DM-Verity and DM-InteGRITY modules.

Key Improvements :

  • Support for storage devices encrypted using the Filevault2 mechanism used for full -disc encoding in MacOS. Cryptsetup, in combination with the HFSPlus driver, can now open encrypted using Filevault2 USB drives in reading and recording systems with a regular Linux core. Access to drives with the HFS+ file system and sections core storage are supported (sections with APFS are not yet supported).
  • Libcryptsetup library is spent on the global blocking of all memory through a call mlockall () used to prevent the leakage of confidential data in the swing section. Due to the excess of restrictions on the maximum size of the blocked memory at launch without Root rights, the new version uses selective blocking of only those memory areas in which encryption keys are stored.
  • The priority of the processes performing the formation of the key (PBKDF).
  • Added functions for adding LUKS (KEYSLOT) tokens LUKS2 tokens and binary keys, in addition to previously supported password phrases and files with keys.
  • Provided to extract the partition key using a password phrase, a key with a key or token.
  • The VeritySetup has been added “–use-Tasklets”, which allows to achieve performance on some systems with the Linux 6.x.
  • nucleus.

/Media reports cited above.