X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=man%2Fcryptsetup.8;h=df3cadc3d49bb6de37fb4da4d2b7805d2762d006;hb=664eff9e76e90702137268116873cbfc8719568e;hp=202c0dea9d9c64fb9a41563eec40cb8863cf7c17;hpb=e4c4049741b12a3283af4c87de1ffccc0f7c36fe;p=platform%2Fupstream%2Fcryptsetup.git diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index 202c0de..df3cadc 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -48,6 +48,17 @@ Damaging the LUKS header is something people manage to do with surprising frequency. This risk is the result of a trade-off between security and safety, as LUKS is designed for fast and secure wiping by just overwriting header and key-slot area. + +\fBPreviously used partitions:\fR If a partition was previously used, +it is a very good idea to wipe filesystem signatures, data, etc. before +creating a LUKS or plain dm-crypt container on it. +For a quick removal of filesystem signatures, use "wipefs". Take care +though that this may not remove everything. In particular md (RAID) +signatures at the end of a device may survive. It also does not +remove data. For a full wipe, overwrite the whole partition before +container creation. If you do not know how to to that, the +cryptsetup FAQ describes several options. + .SH BASIC COMMANDS The following are valid actions for all supported device types. @@ -381,8 +392,11 @@ using a native Linux kernel API. Header formatting and TCRYPT header change is not supported, cryptsetup never changes TCRYPT header on-device. -TCRYPT extension requires kernel userspace crypto API to be available -(kernel af_alg and algif_skcipher modules, introduced in Linux kernel 2.6.38). +TCRYPT extension requires kernel userspace +crypto API to be available (introduced in Linux kernel 2.6.38). +If you are configuring kernel yourself, enable +"User-space interface for symmetric key cipher algorithms" in +"Cryptographic API" section (CRYPTO_USER_API_SKCIPHER .config option). Because TCRYPT header is encrypted, you have to always provide valid passphrase and keyfiles. @@ -467,8 +481,10 @@ and \fB\-\-key-size\fR options or \fB\-\-hash\fR for KDF test. You cannot directly predict real storage encryption speed from it. For testing block ciphers, this benchmark requires kernel userspace -crypto API to be available (kernel af_alg and algif_skcipher modules, -introduced in Linux kernel 2.6.38). +crypto API to be available (introduced in Linux kernel 2.6.38). +If you are configuring kernel yourself, enable +"User-space interface for symmetric key cipher algorithms" in +"Cryptographic API" section (CRYPTO_USER_API_SKCIPHER .config option). \fB\fR can be [\-\-cipher, \-\-key-size, \-\-hash]. .SH OPTIONS