ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Tso tawm Cryptsetup 2.7 nrog kev txhawb nqa rau OPAL hardware disk encryption

Tso tawm Cryptsetup 2.7 nrog kev txhawb nqa rau OPAL hardware disk encryption

Ib txheej ntawm Cryptsetup 2.7 cov khoom siv hluav taws xob tau raug luam tawm, tsim los txhim kho encryption ntawm disk partitions hauv Linux siv dm-crypt module. Txhawb dm-crypt, LUKS, LUKS2, BITLK, voj-AES thiab TrueCrypt/VeraCrypt partitions. Nws kuj suav nrog veritysetup thiab integritysetup cov khoom siv rau kev teeb tsa cov ntaub ntawv kev ncaj ncees tswj raws li dm-verity thiab dm-kev ncaj ncees modules.

Kev txhim kho tseem ceeb:

  • Nws tuaj yeem siv OPAL hardware disk encryption mechanism, txhawb nqa ntawm SED (Self-Encrypting Drives) SATA thiab NVMe drives nrog OPAL2 TCG interface, uas cov cuab yeej kho vajtse encryption tau tsim ncaj qha rau hauv tus maub los. Ntawm qhov tod tes, OPAL encryption yog khi rau cov cuab yeej cuab tam thiab tsis muaj rau kev tshawb xyuas pej xeem, tab sis, ntawm qhov tod tes, nws tuaj yeem siv los ua qib ntxiv ntawm kev tiv thaiv software encryption, uas tsis ua rau txo qis hauv kev ua haujlwm. thiab tsis tsim ib qho load ntawm CPU.

    Siv OPAL hauv LUKS2 yuav tsum tau tsim lub Linux ntsiav nrog CONFIG_BLK_SED_OPAL kev xaiv thiab ua kom nws nyob rau hauv Cryptsetup (OPAL kev them nyiaj yug yog neeg xiam los ntawm lub neej ntawd). Kev teeb tsa LUKS2 OPAL yog ua raws li txoj hauv kev zoo li software encryption - metadata yog khaws cia hauv LUKS2 header. Tus yuam sij tau muab faib ua tus yuam sij muab faib rau software encryption (dm-crypt) thiab tus yuam sij qhib rau OPAL. OPAL tuaj yeem siv ua ke nrog software encryption (cryptsetup luksFormat --hw-opal ), thiab nyias (cryptsetup luksFormat β€”hw-opal-tsuas ). OPAL yog qhib thiab deactivated tib txoj kev (qhib, kaw, luksSuspend, luksResume) li rau LUKS2 li.

  • Nyob rau hauv hom dawb, nyob rau hauv uas tus tswv yuam sij thiab header tsis khaws cia rau hauv disk, lub neej ntawd cipher yog aes-xts-plain64 thiab hashing algorithm sha256 (XTS yog siv los hloov CBC hom, uas muaj teeb meem kev ua tau zoo, thiab sha160 yog siv. es tsis txhob ntawm qhov outdated ripemd256 hash).
  • Cov lus qhib thiab luksResume cov lus txib tso cai rau muab faib ua tus yuam sij khaws cia rau hauv cov neeg siv xaiv cov pob keyring (keyring). Txhawm rau nkag mus rau lub keyring, qhov "--volume-key-keyring" xaiv tau ntxiv rau ntau cov lus txib cryptsetup (piv txwv li 'cryptsetup qhib --link-vk-to-keyring "@s::%user:testkey" tst').
  • Ntawm cov tshuab tsis muaj kev sib pauv pauv, ua ib hom ntawv lossis tsim qhov tseem ceeb rau PBKDF Argon2 tam sim no tsuas yog siv ib nrab ntawm lub cim xeeb dawb, uas daws qhov teeb meem ntawm kev khiav tawm ntawm lub cim xeeb ntawm cov tshuab nrog me me ntawm RAM.
  • Ntxiv "--external-tokens-path" kev xaiv los qhia cov npe rau sab nraud LUKS2 token handlers (plugins).
  • tcrypt tau ntxiv kev txhawb nqa rau Blake2 hashing algorithm rau VeraCrypt.
  • Ntxiv kev txhawb nqa rau Aria block cipher.
  • Ntxiv kev txhawb nqa rau Argon2 hauv OpenSSL 3.2 thiab kev siv libgcrypt, tshem tawm qhov xav tau libargon.

Tau qhov twg los: opennet.ru

Ntxiv ib saib