From 664eff9e76e90702137268116873cbfc8719568e Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Wed, 9 Jan 2013 13:09:41 +0100 Subject: [PATCH] Prepare 1.6.0 release. --- configure.ac | 2 +- docs/v1.6.0-ReleaseNotes | 52 ++++++++++++++++++++++++++++++++++++++---------- man/cryptsetup.8 | 13 ++++++++---- 3 files changed, 52 insertions(+), 15 deletions(-) diff --git a/configure.ac b/configure.ac index d07a04a..1286cf9 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.67]) -AC_INIT([cryptsetup],[1.6.0-rc1]) +AC_INIT([cryptsetup],[1.6.0]) dnl library version from ..[-] LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-) diff --git a/docs/v1.6.0-ReleaseNotes b/docs/v1.6.0-ReleaseNotes index 2ddd8b3..fe8770d 100644 --- a/docs/v1.6.0-ReleaseNotes +++ b/docs/v1.6.0-ReleaseNotes @@ -1,5 +1,31 @@ -Cryptsetup 1.6.0 Release Notes (RC1) -==================================== +Cryptsetup 1.6.0 Release Notes +============================== + +Changes since version 1.6.0-rc1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + * Change LUKS default cipher to to use XTS encryption mode, + aes-xts-plain64 (i.e. using AES128-XTS). + + XTS mode becomes standard in hard disk encryption. + + You can still use any old mode: + - compile cryptsetup with old default: + configure --with-luks1-cipher=aes --with-luks1-mode=cbc-essiv:sha256 --with-luks1-keybits=256 + - format LUKS device with old default: + cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 + + + * Skip tests and fix error messages if running on old systems (or with old kernel). + + * Rename configure.in to configure.ac and fix issues with new automake and pkgconfig + and --disable-kernel_crypto option to allow compilation with old kernel headers. + + * Allow repair of 512 bits key header. + + * Fix status of device if path argument is used and fix double path prefix + for non-existent device path. + Changes since version 1.5.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -48,14 +74,17 @@ Important changes without need to install 3rd party software. For native Linux installations LUKS is the preferred format. - WARNING: TCRYPT extension requires kernel userspace crypto API to be available - (kernel af_alg and algif_skcipher modules, introduced in Linux kernel 2.6.38). + WARNING: TCRYPT extension requires kernel userspace crypto API to be + available (introduced in Linux kernel 2.6.38). + If you are configuring kernel yourself, enable "User-space interface + for symmetric key cipher algorithms" in "Cryptographic API" section + (CRYPTO_USER_API_SKCIPHER .config option). Because TCRYPT header is encrypted, you have to always provide valid passphrase and keyfiles. Keyfiles are handled exactly the same as in original format (basically, first 1MB of every keyfile is mixed using CRC32 into pool). - Cryptsetup should recognize all TCRYPT header variants ever released, except + Cryptsetup should recognize all TCRYPT header variants ever released, except legacy cipher chains using LRW encryption mode with 64 bits encryption block (namely Blowfish in LRW mode is not recognized, this is limitation of kernel crypto API). @@ -91,10 +120,10 @@ Important changes * Activation of this container - # cryptsetup tcryptOpen tst tcrypt_dev + # cryptsetup tcryptOpen tst tcrypt_dev Enter passphrase: (Chain of dmcrypt devices is activated as /dev/mapper/tcrypt_dev.) - + * See status of active TCRYPT device # cryptsetup status tcrypt_dev @@ -113,7 +142,7 @@ Important changes * And plaintext filesystem now ready to mount # blkid /dev/mapper/tcrypt_dev - /dev/mapper/tcrypt_dev: SEC_TYPE="msdos" UUID="9F33-2954" TYPE="vfat" + /dev/mapper/tcrypt_dev: SEC_TYPE="msdos" UUID="9F33-2954" TYPE="vfat" * Add (optional) support for lipwquality for new LUKS passwords. @@ -144,8 +173,11 @@ Important changes See man page for detailed description. - WARNING: benchmark requires kernel userspace crypto API to be available - (kernel af_alg and algif_skcipher modules, introduced in Linux kernel 2.6.38). + WARNING: benchmark command requires kernel userspace crypto API to be + available (introduced in Linux kernel 2.6.38). + If you are configuring kernel yourself, enable "User-space interface + for symmetric key cipher algorithms" in "Cryptographic API" section + (CRYPTO_USER_API_SKCIPHER .config option). EXAMPLE: # cryptsetup benchmark diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index 854e5c6..df3cadc 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -392,8 +392,11 @@ using a native Linux kernel API. Header formatting and TCRYPT header change is not supported, cryptsetup never changes TCRYPT header on-device. -TCRYPT extension requires kernel userspace crypto API to be available -(kernel af_alg and algif_skcipher modules, introduced in Linux kernel 2.6.38). +TCRYPT extension requires kernel userspace +crypto API to be available (introduced in Linux kernel 2.6.38). +If you are configuring kernel yourself, enable +"User-space interface for symmetric key cipher algorithms" in +"Cryptographic API" section (CRYPTO_USER_API_SKCIPHER .config option). Because TCRYPT header is encrypted, you have to always provide valid passphrase and keyfiles. @@ -478,8 +481,10 @@ and \fB\-\-key-size\fR options or \fB\-\-hash\fR for KDF test. You cannot directly predict real storage encryption speed from it. For testing block ciphers, this benchmark requires kernel userspace -crypto API to be available (kernel af_alg and algif_skcipher modules, -introduced in Linux kernel 2.6.38). +crypto API to be available (introduced in Linux kernel 2.6.38). +If you are configuring kernel yourself, enable +"User-space interface for symmetric key cipher algorithms" in +"Cryptographic API" section (CRYPTO_USER_API_SKCIPHER .config option). \fB\fR can be [\-\-cipher, \-\-key-size, \-\-hash]. .SH OPTIONS -- 2.7.4