On 11/26/2017 09:53 AM, Karel wrote: > Hello, > > in linux kernel, there is this option: CONFIG_KEYS > > "Security options" -> "Enable access key retention support" > > from the description it is not clear to me whether this has any > relevance to cryptsetup. > > Does cryptsetup use this facility ? Hi, new cryptsetup (version 2) will use kernel keyring (for dm-crypt volume key and also for activation by so-called token in LUKS2). But it will be optional, and cryptsetup should still work even without it. If you are using LUKS version 1 (almost every device today), kernel keyring is not used. But keyring can be used for LUKS by some other services (systemd cache passphrase this way already). So I would suggest to enable it in your kernel, despite it is not yet necessary to use in cryptsetup. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
