--- /dev/null
+Cryptsetup 1.6.2 Release Notes
+==============================
+
+Changes since version 1.6.1
+
+* Print error and fail if more device arguments are present for isLuks command.
+
+* Fix cipher specification string parsing (found by gcc -fsanitize=address option).
+
+* Try to map TCRYPT system encryption through partition
+ (allows to activate mapping when other partition on the same device is mounted).
+
+* Print a warning if system encryption is used and device is a partition.
+ (TCRYPT system encryption uses whole device argument.)
+
+* Disallow explicit small payload offset for LUKS detached header.
+ LUKS detached header only allows data payload 0 (whole data device is used)
+ or explicit offset larger than header + keyslots size.
+
+* Fix boundary condition for verity device that caused failure for certain device sizes.
+
+* Various fixes to documentation, including update FAQ, default modes
+ and TCRYPT description.
+
+* Workaround for some recent changes in automake (serial-tests).
To use hidden header (and map hidden device, if available),
use \fB\-\-tcrypt\-hidden\fR option.
-\fBNote:\fR There is no protection for a hidden volume if
-the outer volume is mounted. The reason is that if there
+\fBNOTE:\fR There is no protection for a hidden volume if
+the outer volume is mounted. The reason is that if there
were any protection, it would require some metadata describing
-what to protect in the outer volume and the hidden volume would
-become detectable. This is not a cryptsetup limitation, it is
-a limitation of how hidden volumes are implemented in TrueCrypt.
-The way to deal with this is not to mount the outer volume after
-a hidden volume has been created in it.
-This, in turn, causes the problem that after a while all
-time-stamps in the outer volume become old and it becomes obvious
-that it is unused. This may cause suspicion in itself.
-An alternative is to protect the area of the hidden volume
-from write access using the Device Mapper, e.g. by mapping it
-to the zero or error target. This corresponds to the protection
-mechanism present in TrueCrypt, but can cause filesystem
-annomalies and error messages in the system logs that reveal
-the presence of the hidden volume. For that reason, TrueCrypt
-sets both outer and hidden volume to read-only once a write
-that would have damaged the hidden volume is intercepted.
-They claim this preserves plausible deniability, but that
-claim seems doubtful, because it also limits possible
-changes to the outer volume and may result in truncated
-and damaged files.
+what to protect in the outer volume and the hidden volume would
+become detectable.
.PP
\fIopen\fR \-\-type tcrypt <device> <name>