ProHoster > Блог > ozi ịntanetị > Mwepụta nke Cryptsetup 2.7 na nkwado maka izo ya ezo diski ngwaike OPAL

Mwepụta nke Cryptsetup 2.7 na nkwado maka izo ya ezo diski ngwaike OPAL

Ebipụtala ihe ọrụ Cryptsetup 2.7, emebere iji hazie izo ya ezo nke akụkụ diski na Linux site na iji modul dm-crypt. Na-akwado dm-crypt, LUKS, LUKS2, BITLK, loop-AES na TrueCrypt/VeraCrypt partitions. Ọ gụnyekwara veritysetup na ngwa ntọala ntọala maka ịhazi njikwa iguzosi ike n'ezi ihe data dabere na dm-verity na modul dm-integrity.

Nkwalite isi:

  • Ọ ga-ekwe omume iji usoro nzuzo nzuzo OPAL ngwaike diski, na-akwado na SED (Self-encrypting Drives) SATA na NVMe draịva na OPAL2 TCG interface, nke etinyere ngwa ngwa izo ya ezo ozugbo n'ime njikwa. N'aka nke ọzọ, OPAL ezoro ezo na-ejikọta ya na ngwaike nke nwe ya ma ọ dịghị maka nyocha ọha, ma, n'aka nke ọzọ, enwere ike iji ya dị ka ihe nchebe ọzọ maka izo ya ezo software, nke na-adịghị eduga n'ibelata arụmọrụ. na anaghị emepụta ibu na CPU.

    Iji OPAL na LUKS2 chọrọ iwulite kernel Linux site na iji nhọrọ CONFIG_BLK_SED_OPAL wee mee ya na Cryptsetup (nkwado OPAL nwere nkwarụ na ndabara). A na-eme nhazi LUKS2 OPAL n'otu ụzọ ahụ na nzuzo nzuzo software - echekwara metadata na nkụnye eji isi mee LUKS2. E kewara igodo ahụ n'ime igodo nkebi maka izo ya ezo software (dm-crypt) yana igodo mkpọghe maka OPAL. Enwere ike iji OPAL yana izo ya ezo software (cryptsetup luksFormat --hw-opal ), na iche (cryptsetup luksFormat —hw-opal-naanị ). A na-arụ ọrụ OPAL ma gbanyụọ ya n'otu ụzọ ahụ (emeghe, nso, luksSuspend, luksResume) dịka maka ngwaọrụ LUKS2.

  • N'ọnọdụ dị larịị, nke anaghị echekwa isi igodo na nkụnye eji isi mee na diski, cipher ndabara bụ aes-xts-plain64 yana hashing algọridim sha256 (a na-eji XTS kama ọnọdụ CBC, nke nwere nsogbu arụmọrụ, yana sha160 na-eji. kama nke ochie ripemd256 hash).
  • Iwu mepere emepe na luksResume na-enye ohere ka echekwara igodo nkebi na igodo kernel ahọpụtara (keyring). Iji nweta igodo, agbakwunyere nhọrọ “-volume-key-keyring” na ọtụtụ iwu cryptsetup (dịka ọmụmaatụ 'cryptsetup mepere emepe). --link-vk-to-keyring "@s::% onye ọrụ: testkey" tst').
  • Na sistemụ na-enweghị nkebi swap, na-eme usoro ma ọ bụ mepụta oghere igodo maka PBKDF Argon2 ugbu a na-eji ọkara nke ebe nchekwa efu, nke na-edozi nsogbu nke ịgbapụ ebe nchekwa dị na sistemụ nwere obere RAM.
  • agbakwunyere nhọrọ "-external-tokens-path" iji kọwapụta ndekọ aha maka ndị na-ahụ maka akara ngosi LUKS2 dịpụrụ adịpụ (plugins).
  • tcrypt agbakwunyela nkwado maka Blake2 hashing algọridim maka VeraCrypt.
  • Nkwado agbakwunyere maka cipher ngọngọ Aria.
  • Nkwado agbakwunyere maka Argon2 na OpenSSL 3.2 na mmejuputa libgcrypt, na-ewepụ mkpa libargon.

isi: opennet.ru

Tinye a comment