Pedro Monreal Gonzalez
766e121282
* Full release notes in:
- https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/v2.8.0-ReleaseNotes
* Introduce support for inline mode (use HW sectors with additional hardware
metadata space).
* Finalize use of keyslot context API.
* Make all keyslot context types fully self-contained.
* Add --key-description and --new-key-description cryptsetup options.
* Support more precise keyslot selection in reencryption initialization.
* Allow reencryption to resume using token and volume keys.
* Cryptsetup repair command now tries to check LUKS keyslot areas for corruption.
* Opal2 SED: PSID keyfile is now expected to be 32 alphanumeric characters.
* Opal2: Avoid the Erase method and use Secure Erase for locking range.
* Opal2: Fix some error description (in debug only).
* Opal2: Do not allow deferred deactivation.
* Allow --reduce-device-size and --device-size combination for reencryption
(encrypt) action.
* Fix the userspace storage backend to support kernel "capi:" cipher specification format.
* Disallow conversion from LUKS2 to LUKS1 if kernel "capi:" cipher specification is used.
* Explicitly disallow kernel "capi:" cipher specification format for LUKS2
keyslot encryption.
* Do not allow conversion of LUKS2 to LUKS1 if an unbound keyslot is present.
* cryptsetup: Adjust the XTS key size for kernel "capi:" cipher specification.
* Remove keyslot warning about possible failure due to low memory.
* Do not limit Argon2 KDF memory cost on systems with more than 4GB of available memory.
* Properly report out of memory error for cryptographic backends implementing Argon2.
* Avoid KDF2 memory cost overflow on 32-bit platforms.
* Do not use page size as a fallback for device block size.
* veritysetup: Check hash device size in advance.
* Print a better error message for unsupported LUKS2 AEAD device resize.
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=213