Isethi yezinsiza ze-Crypsetup 2.6 ishicilelwe, eklanyelwe ukulungisa ukubethela kwezingxenye zediski ku-Linux kusetshenziswa imojula ye-dm-crypt. Isekela i-dm-crypt, LUKS, LUKS2, BITLK, loop-AES kanye ne-TrueCrypt/VeraCrypt partitions. Iphinde ihlanganise i-veritysetup nezinsiza ze-integritysetup yokulungiselela izilawuli zobuqotho bedatha ngokusekelwe kumamojula we-dm-verity kanye ne-dm-integrity.
Ukuthuthukiswa Okubalulekile:
- Ukwesekwa okwengeziwe kwamadivayisi okugcina abethelwe kusetshenziswa indlela ye-FileVault2 esetshenziselwa ukubethela okugcwele kwediski ku-macOS. I-Crypsetup ihlangene nomshayeli we-hfsplus manje ingavula amadrayivu e-USB abethelwe ngeFileVault2 kumodi yokufunda-ukubhala kumasistimu ane-Linux kernel evamile. Ukufinyelela kumadrayivu ngohlelo lwefayela lwe-HFS+ kanye nezingxenye ze-Core Storage kuyasekelwa (ama-partitions ane-APFS awakasekelwa).
- Ilabhulali ye-libcryptsetup ikhululiwe ekukhiyweni komhlaba wonke kwayo yonke imemori ngocingo lwe-mlockall(), olusetshenziswe ukuvimbela ukuvuza kwedatha eyimfihlo ekuhlukaniseni okushintshwayo. Ngenxa yokweqa umkhawulo kusayizi omkhulu wememori ekhiyiwe uma isebenza ngaphandle kwamalungelo empande, inguqulo entsha isebenza ukukhiya okukhethekile kulezo zindawo zememori lapho okhiye bokubethela bagcinwa khona.
- Okubalulekile kwezinqubo ezenza ukukhiqizwa okubalulekile (i-PBKDF) kunyusiwe.
- Umsebenzi owengeziwe wokwengeza amathokheni e-LUKS2 nokhiye kanambambili ku-LUKS keyslot, ngaphezu kwemisho yokungena esekelwe ngaphambilini namafayela ayinhloko.
- Kungenzeka ukubuyisa ukhiye wokuhlukanisa usebenzisa umushwana wokungena, ifayela elinokhiye, noma ithokheni.
- Kwengezwe inketho ethi "-use-tasklets" yokusetha kabusha ukuze kuthuthukiswe ukusebenza kwamanye amasistimu asebenzisa i-Linux 6.x kernel.
Source: opennet.ru