Qalab adeegsi oo la yiraahdo Cryptsetup 2.6 ayaa la daabacay, kaas oo loogu talagalay in lagu habeeyo sirta qaybaha diskka ee ku jira Linux Adeegsiga module-ka dm-crypt. Waxay taageertaa qaybaha dm-crypt, LUKS, LUKS2, BITLK, loop-AES, iyo TrueCrypt/VeraCrypt. Xirmada waxaa sidoo kale ku jira adeegyada veritysetup iyo integritysetup si loo habeeyo kontaroolada integrity data iyadoo lagu saleynayo modules-ka dm-verity iyo dm-integrity.
Horumarinta muhiimka ah:
- Waxaa lagu daray taageero loogu talagalay aaladaha kaydinta ee lagu qariyay iyadoo la adeegsanayo farsamada FileVault2 ee loo isticmaalo sir-gelinta diskka oo dhan macOSCryptsetup, oo ay weheliso darawalka hfsplus, hadda waxay furi kartaa darawallada USB-ga ee FileVault2-encrypted ee qaabka akhriska/qorista nidaamyada leh kernel caadi ah. LinuxHelitaanka darawallada leh nidaamka faylka HFS+ iyo qaybaha kaydinta aasaasiga ah waa la taageeraa (qaybaha leh APFS weli lama taageerin).
- Maktabadda libcryptsetup waa laga xoreeyay qufulka caalamiga ah ee dhammaan xusuusta iyada oo loo marayo wacitaanka mlockall(), kaas oo loo isticmaalay si looga hortago in xogta sirta ah loo daayo qaybta isdhaafsiga. Sababtoo ah ka-dhaafitaanka xadka cabbirka ugu badan ee xusuusta qufulan marka la shaqeynayo iyada oo aan lahayn xuquuqaha xididka, nooca cusub wuxuu khuseeyaa quful xulashada kaliya meelaha xusuusta ee furayaasha sirta ah lagu kaydiyo.
- Mudnaanta hababka fulinaya jiilka muhiimka ah (PBKDF) waa la kordhiyay.
- Waxqabadyada lagu daray si loogu daro calaamadaha LUKS2 iyo furayaasha binary ee furayaasha LUKS, marka lagu daro erayo sir ah oo hore loo taageeray iyo faylalka muhiimka ah.
- Waa suurtogal in la soo ceshado furaha qaybinta iyada oo la adeegsanayo erayga sirta ah, fayl fure leh, ama calaamad.
- Waxaa lagu daray ikhtiyaarka "--use-tasklets" veritysetup si loo hagaajiyo waxqabadka nidaamyada kernel-ka qaarkood. Linux 6.x
Source: opennet.ru
