Iseti ye-Crypsetup 2.7 eziluncedo ipapashelwe ukuqwalasela uguqulelo oluntsonkothileyo lwezahlulo zediski kwi-Linux kusetyenziswa imodyuli ye-dm-crypt. Sebenza nge-dm-crypt, LUKS, LUKS2, BITLK, loop-AES kunye nezahlulo ze-TrueCrypt / VeraCrypt zixhaswa. Ikwabandakanya i-veritysetup kunye ne-integritysetup utility ukuqwalasela ulawulo lwengqibelelo yedatha ngokusekelwe kwi-dm-verrity kunye ne-dm-integrity modules.
Uphuculo oluphambili:
- Kuyenzeka ukusebenzisa indlela ye-OPAL hardware disk encryption mechanism, exhaswa kwi-SED (Self-Encrypting Drives) SATA kunye ne-NVMe iqhuba nge-OPAL2 TCG ujongano, apho isixhobo soguqulelo lwe-hardware sakhiwe ngqo kumlawuli. Ngakolunye uhlangothi, i-OPAL encryption ibophelelwe kwi-hardware yobunikazi kwaye ayifumaneki kuphicotho-zincwadi lukawonkewonke, kodwa, kwelinye icala, ingasetyenziselwa njengenqanaba elongezelelweyo lokukhusela kwi-encryption yesofthiwe, engakhokeli ekunciphiseni ukusebenza. kwaye ayidali umthwalo kwi-CPU.
Ukusebenzisa i-OPAL kwi-LUKS2 kufuna ukwakha i-Linux kernel ngokhetho lweCONFIG_BLK_SED_OPAL kwaye luyenze kwiCrypsetup (inkxaso yeOPAL ivaliwe ngokungagqibekanga). Ukumisela i-LUKS2 OPAL iqhutywa ngendlela efanayo kwi-software encryption - imetadata igcinwe kwi-header ye-LUKS2. Isitshixo sahlulwe saba sisitshixo sokwahlula kuguqulelo oluntsonkothileyo lwesoftware (dm-crypt) kunye neqhosha lokuvula le-OPAL. I-OPAL ingasetyenziswa kunye nesoftware encryption (cryptsetup luksFormat --hw-opal ), kwaye ngokwahlukeneyo (cryptsetup luksFormat -hw-opal-only ). I-OPAL iyasebenza kwaye ivaliwe ngendlela efanayo (vula, vala, luksSuspend, luksResume) njengezixhobo ze-LUKS2.
- Kwimowudi ecacileyo, apho isitshixo esiyintloko kunye neheader zingagcinwanga kwidiski, i cipher engagqibekanga yi aes-xts-plain64 kunye ne hashing algorithm sha256 (XTS isetyenziswa endaweni ye CBC indlela, eneengxaki zokusebenza, kwaye sha160 iyasetyenziswa. endaweni ye-ripemd256 hash yakudala ).
- Imiyalelo evulekileyo kunye ne-luksResume ivumela isitshixo sesahlulelo ukuba sigcinwe kwindawo ekhethiweyo yekernel keyring (keyring). Ukufikelela kumgca wesitshixo, β--volume-key-keyringβ ukhetho longezwe kwimiyalelo emininzi ye-cryptsetup (umzekelo 'cryptsetup open. --link-vk-to-keyring "@s::% user:testkey" tst').
- Kwiinkqubo ngaphandle kolwahlulo lokutshintsha, ukwenza ifomathi okanye ukwenza i-slot engundoqo ye-PBKDF Argon2 ngoku isebenzisa kuphela isiqingatha sememori ekhululekile, eyisombulula ingxaki yokuphelelwa yimemori ekhoyo kwiinkqubo ezinexabiso elincinci le-RAM.
- Kongezwe "--yangaphandle-imiqondiso-umendo" ukhetho ukukhankanya ulawulo lwangaphandle LUKS2 iziphatho uphawu (plugins).
- I-tcrypt yongeze inkxaso yeBlake2 hashing algorithm yeVeraCrypt.
- Inkxaso eyongeziweyo ye-Aria block cipher.
- Inkxaso eyongeziweyo ye-Argon2 kwi-OpenSSL 3.2 kunye nokuphunyezwa kwe-libgcrypt, ukuphelisa imfuno ye-libargon.
umthombo: opennet.ru