Source: partman-crypto Tags: patch Dear Maintainer(s), cryptsetup 2.7.0, currently in experimental, added support for self encrypting drives using the OPAL functionality as the encryption layer (managed by the kernel, not by the TCG utilities), both in standalone mode and with a nested dm-crypt layer. Key management is done using LUKS2, just like with dm-crypt, so that all existing functionality works out of the box (tokens, passphrases, keyfiles, etc). A standard LUKS2 header is used, which sits unencrypted on the disk as with dm- crypt, and the nested range is then encrypted using OPAL's functionality. I have added support for these new options in partman-crypto, MR on Salsa is open: https://salsa.debian.org/installer-team/partman-crypto/-/merge_requests/7 The new options are shown only in the manual partitioning mode, and only if the kernel, cryptsetup and the device all support this functionality, otherwise they are hidden. A factory reset option for the disk is also exposed. A small utility to call the required ioctl to check for support on a given disk is added too. I have tested this with a Kingston drive and it seems to work as expected. -- Kind regards, Luca Boccassi
Attachment:
signature.asc
Description: This is a digitally signed message part