• Milan Broz's avatar
    Wipe full header areas (including unused) during LUKS format. · c2bce3e9
    Milan Broz authored
    All previous version of cryptsetup wiped only first 4k for LUKS1
    and both JSON areas for LUKS2 (first 32k) and the allocated
    keyslot area (as it contained the generated key).
    
    Remaining areas (unused keyslots, padding, and alignment) were
    not wiped and could contain some previous data.
    
    Since this commit, the whole area up to the data offset is zeroed,
    and subsequently, all keyslots areas are wiped with random data.
    
    Only exceptions are
     - padding/alignment areas for detached header
       if the data offset is set to 0
     - bogus LUKS1 keyslot areas (upstream code never
       created such keyslots but someone could use that).
    
    This operation could slow down luksFormat on some devices, but
    it guarantees that after this operation LUKS header does not
    contain any foreign data.
    c2bce3e9
Name
Last commit
Last update
..
crypto_backend Loading commit data...
integrity Loading commit data...
loopaes Loading commit data...
luks1 Loading commit data...
luks2 Loading commit data...
tcrypt Loading commit data...
verity Loading commit data...
Makemodule.am Loading commit data...
base64.c Loading commit data...
base64.h Loading commit data...
bitops.h Loading commit data...
crypt_plain.c Loading commit data...
internal.h Loading commit data...
libcryptsetup.h Loading commit data...
libcryptsetup.pc.in Loading commit data...
libcryptsetup.sym Loading commit data...
libdevmapper.c Loading commit data...
nls.h Loading commit data...
random.c Loading commit data...
setup.c Loading commit data...
utils.c Loading commit data...
utils_benchmark.c Loading commit data...
utils_blkid.c Loading commit data...
utils_blkid.h Loading commit data...
utils_crypt.c Loading commit data...
utils_crypt.h Loading commit data...
utils_device.c Loading commit data...
utils_device_locking.c Loading commit data...
utils_device_locking.h Loading commit data...
utils_devpath.c Loading commit data...
utils_dm.h Loading commit data...
utils_fips.c Loading commit data...
utils_fips.h Loading commit data...
utils_io.c Loading commit data...
utils_io.h Loading commit data...
utils_keyring.c Loading commit data...
utils_keyring.h Loading commit data...
utils_loop.c Loading commit data...
utils_loop.h Loading commit data...
utils_pbkdf.c Loading commit data...
utils_wipe.c Loading commit data...
volumekey.c Loading commit data...