On 8/17/20 5:17 PM, Ingo Franzki wrote:
On 17.08.2020 13:44, Ingo Franzki wrote:
Hi,
I just played a little bit with the LUKS2 online reencryption feature (using code from current master).
Works great (as far as I can tell) for clear key (i.e. AES cipher), but it fails for the wrapped key cipher PAES.
It fails because it always generates a new volume key by random, regardless which cipher is used.
For the PAES cipher, a key generated by random wont work, such a key must be generated by the HSM.
(...)
Hi Ingo,
thank you for testing and the patch! I've staged slightly modified
version with few additional tests for it here:
https://gitlab.com/cryptsetup/cryptsetup/-/tree/wip-luks2. Unfortunately
I won't be able to test it properly due to missing access to HW. So I've
added test for general use case w/ --master-key-file only. Can you
please verify I didn't break it for you?
Thank you O.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt
