On 19.08.2020 15:16, Ondrej Kozina wrote: > On 8/17/20 5:17 PM, Ingo Franzki wrote: >> On 17.08.2020 13:44, Ingo Franzki wrote: >>> Hi, >>> >>> I just played a little bit with the LUKS2 online reencryption feature (using code from current master). >>> Works great (as far as I can tell) for clear key (i.e. AES cipher), but it fails for the wrapped key cipher PAES. >>> >>> It fails because it always generates a new volume key by random, regardless which cipher is used. >>> For the PAES cipher, a key generated by random wont work, such a key must be generated by the HSM. >>> (...) > Hi Ingo, > > thank you for testing and the patch! I've staged slightly modified version with few additional tests for it here: https://gitlab.com/cryptsetup/cryptsetup/-/tree/wip-luks2. Unfortunately I won't be able to test it properly due to missing access to HW. So I've added test for general use case w/ --master-key-file only. Can you please verify I didn't break it for you? Thanks for the taking the patch! I have tested with the code from wip-luks2 and it still works. > > Thank you O. > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > https://www.saout.de/mailman/listinfo/dm-crypt Thanks! -- Ingo Franzki eMail: ifranzki@xxxxxxxxxxxxx Tel: ++49 (0)7031-16-4648 Fax: ++49 (0)7031-16-3456 Linux on IBM Z Development, Schoenaicher Str. 220, 71032 Boeblingen, Germany IBM Deutschland Research & Development GmbH / Vorsitzender des Aufsichtsrats: Matthias Hartmann Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294 IBM DATA Privacy Statement: https://www.ibm.com/privacy/us/en/ _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
