- Update to 2.7.0:
* Full changelog in:
mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
* Introduce support for hardware OPAL disk encryption.
* plain mode: Set default cipher to aes-xts-plain64 and password hashing
to sha256.
* Allow activation (open), luksResume, and luksAddKey to use the volume
key stored in a keyring.
* Allow to store volume key to a user-specified keyring in open and
luksResume commands.
* Do not flush IO operations if resize grows the device.
This can help performance in specific cases where the encrypted device
is extended automatically while running many IO operations.
* Use only half of detected free memory for Argon2 PBKDF on systems
without swap (for LUKS2 new keyslot or format operations).
* Add the possibility to specify a directory for external LUKS2 token
handlers (plugins).
* Do not allow reencryption/decryption on LUKS2 devices with
authenticated encryption or hardware (OPAL) encryption.
* Do not fail LUKS format if the operation was interrupted on subsequent
device wipe.
* Fix the LUKS2 keyslot option to be used while activating the device
by a token.
* Properly report if the dm-verity device cannot be activated due to
the inability to verify the signed root hash (ENOKEY).
* Fix to check passphrase for selected keyslot only when adding
new keyslot.
* Fix to not wipe the keyslot area before in-place overwrite.
* bitlk: Fix segfaults when attempting to verify the volume key.
* Add --disable-blkid command line option to avoid blkid device check.