Cryptsetup 2.7 Supports OPAL Hardware Encryption

Set of utilities designed to adjust the encryption of disk sections in Linux using the DM-Crypt module has been published. This set of utilities, called Cryptsetup, supports various sections including DM-CRYPT, LUKS, LUKS2, BITLK, LOOP-AES, and TrueCrypt/VeraCrypt. It also includes VeritySetup and IntegritySetup utilities to configure data integrity controls based on DM-Verity and DM-InteGRITY modules.

Key improvements in this release include:

  • The possibility of using the hardware mechanism of encryption of discs opal. This is supported on the compasses (SED – SELF-ENCRYPTING DRIVES) NVME with the OPAL2 TCG interface, where the hardware encryption device is built directly into the controller. OPAL encryption provides an additional level of protection over software encryption without affecting productivity or CPU load. It should be noted that OPAL encryption is tied to proprietary equipment and is not available for public audit.
  • In Plain mode, the Aes-XTS-Plain64 cipher and the SHA256 hash-shifting algorithm are used instead of the CBC mode and outdated hash Ripemd160. This improves the performance and security of encryption.
  • The Open and Luksresume commands now allow storing the collapse of the section in the user-chosen keys in the nucleus (Keyring). The option “–volume-key-keyring” has been added to many Cryptsetup commands to facilitate communication with Keyring.
  • The use of PBKDF Argon2 for systems without a section of pumping has been optimized to only use half of the free memory. This solves the problem of memory exhaustion on systems with limited RAM.
  • An option “-External-Tokens-Path” has been added to specify the catalog for external LUKS2 tokens (plugins).
  • Tcrypt now supports the Blake2 hashchikal algorithm for Veracrypt.
  • Support for the Aria block cipher has been added.
  • Support for Argon2 has been implemented in Opensl 3.2 and Libgcrypt, eliminating the need for the use of Libargon.

For more details and to download the latest version of Cryptsetup, visit the official repository.

/Reports, release notes, official announcements.