| Cryptsetup 1.7.1 Release Notes |
| ============================== |
| |
| Changes since version 1.7.0 |
| |
| * Code now uses kernel crypto API backend according to new |
| changes introduced in mainline kernel |
| |
| While mainline kernel should contain backward compatible |
| changes, some stable series kernels do not contain fully |
| backported compatibility patches. |
| Without these patches most of cryptsetup operations |
| (like unlocking device) fail. |
| |
| This change in cryptsetup ensures that all operations using |
| kernel crypto API works even on these kernels. |
| |
| * The cryptsetup-reencrypt utility now properly detects removal |
| of underlying link to block device and does not remove |
| ongoing re-encryption log. |
| This allows proper recovery (resume) of reencrypt operation later. |
| |
| NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility, |
| this link disappears once the device metadata is temporarily |
| removed from device. |
| |
| * Cryptsetup now allows special "-" (standard input) keyfile handling |
| even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices. |
| |
| * Cryptsetup now fails if there are more keyfiles specified |
| for non-TCRYPT device. |
| |
| * The luksKillSlot command now does not suppress provided password |
| in batch mode (if password is wrong slot is not destroyed). |
| Note that not providing password in batch mode means that keyslot |
| is destroyed unconditionally. |