Ho hatisitsoe lisebelisoa tsa Crypsetup 2.7, tse etselitsoeng ho hlophisa encryption ea likarolo tsa disk ho Linux ho sebelisa dm-crypt module. E tšehetsa likarolo tsa dm-crypt, LUKS, LUKS2, BITLK, loop-AES le TrueCrypt/VeraCrypt. E boetse e kenyelletsa lisebelisuoa tsa veritysetup le integritysetup bakeng sa ho lokisa litsamaiso tsa botšepehi ba data ho latela li-module tsa dm-verity le dm-integrity.
Lintlafatso tsa mantlha:
- Hoa khoneha ho sebelisa mochine oa OPAL hardware disk encryption, o tšehetsoeng ho SED (Self-Encrypting Drives) SATA le NVMe drives ka sebopeho sa OPAL2 TCG, moo sesebelisoa sa encryption sa hardware se hahiloeng ka ho toba ho molaoli. Ka lehlakoreng le leng, OPAL encryption e tlameletsoe ho hardware ea thepa 'me ha e fumanehe bakeng sa tlhahlobo ea sechaba, empa, ka lehlakoreng le leng, e ka sebelisoa e le boemo bo eketsehileng ba tšireletso holim'a encryption ea software, e sa lebiseng ho fokotseha ha ts'ebetso. 'me ha e hlahise mojaro ho CPU.
Ho sebelisa OPAL ho LUKS2 ho hloka ho aha kernel ea Linux ka khetho ea CONFIG_BLK_SED_OPAL le ho e nolofalletsa ho Crypsetup (Tsehetso ea OPAL e emisitsoe ka ho sa feleng). Ho theha LUKS2 OPAL ho etsoa ka tsela e ts'oanang le encryption ea software - metadata e bolokiloe hloohong ea LUKS2. Senotlolo se arotsoe ka senotlolo sa karohano bakeng sa encryption ea software (dm-crypt) le senotlolo sa ho notlolla bakeng sa OPAL. OPAL e ka sebelisoa hammoho le encryption ea software (cryptsetup luksFormat --hw-opal ), le ka thoko (cryptsetup luksFormat —hw-opal-only ). OPAL e kentsoe tšebetsong le ho tima ka mokhoa o ts'oanang (o butsoe, koala, luksSuspend, luksResume) joalo ka lisebelisoa tsa LUKS2.
- Ka mokhoa o hlakileng, moo senotlolo sa sehlooho le hlooho li sa bolokoang ho disk, cipher ea kamehla ke aes-xts-plain64 le hashing algorithm sha256 (XTS e sebelisoa ho e-na le mokhoa oa CBC, o nang le mathata a tshebetso, mme sha160 e sebelisoa. sebakeng sa khale ripemd256 hash ).
- Litaelo tse bulehileng le tsa luksResume li lumella senotlolo sa karohano ho bolokoa ka har'a kernel keyring e khethiloeng ke mosebelisi (keyring). Ho fihlella senotlolo, khetho ea "--volume-key-keyring" e kentsoe litaelong tse ngata tsa cryptsetup (mohlala 'cryptsetup open. --link-vk-to-keyring "@s::% user:testkey" tst').
- Ho litsamaiso ntle le karohano ea ho fapanyetsana, ho etsa sebopeho kapa ho theha sekotjana sa senotlolo bakeng sa PBKDF Argon2 hona joale e sebelisa halofo ea memori ea mahala, e rarollang bothata ba ho felloa ke mohopolo o fumanehang litsamaisong tse nang le RAM e nyane.
- E kenyellelitsoe "--external-tokens-path" khetho ea ho hlakisa bukana bakeng sa li-tokens tsa LUKS2 tsa kantle (li-plugins).
- tcrypt e ekelitse tšehetso bakeng sa algorithm ea hashing ea Blake2 bakeng sa VeraCrypt.
- Tšehetso e ekelitsoeng bakeng sa Aria block cipher.
- Ts'ehetso e ekelitsoeng bakeng sa Argon2 ho OpenSSL 3.2 le ts'ebetsong ea libgcrypt, e felisang tlhoko ea libargon.
Source: opennet.ru