Since Linux kernel version 4.12 dm-crypt supports authenticated
disk encryption.
Normal disk encryption modes are length-preserving (plaintext
sector is of the same size as a ciphertext sector) and can
provide only confidentiality protection, but not
cryptographically sound data integrity protection.
Authenticated modes require additional space per-sector for
authentication tag and use Authenticated Encryption with
Additional Data (AEAD) algorithms.
If you configure LUKS2 device with data integrity protection,
there will be an underlying dm-integrity device, which provides
additional per-sector metadata space and also provide data
journal protection to ensure atomicity of data and metadata
update. Because there must be additional space for metadata and
journal, the available space for the device will be smaller than
for length-preserving modes.
The dm-crypt device then resides on top of such a dm-integrity
device. All activation and deactivation of this device stack is
performed by cryptsetup, there is no difference in using luksOpen
for integrity protected devices. If you want to format LUKS2
device with data integrity protection, use --integrity option.
Since dm-integrity doesn't support discards (TRIM), dm-crypt
device on top of it inherits this, so integrity protection mode
doesn't support discards either.
Some integrity modes requires two independent keys (key for
encryption and for authentication). Both these keys are stored in
one LUKS keyslot.
WARNING:
All support for authenticated modes is experimental and
there are only some modes available for now. Note that there are
a very few authenticated encryption algorithms that are suitable
for disk encryption. You also cannot use CRC32 or any other non-
cryptographic checksums (other than the special integrity mode
"none"). If for some reason you want to have integrity control
without using authentication mode, then you should separately
configure dm-integrity independently of LUKS2.