Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   cryptsetup    ( 8 )

управлять обычными dm-crypt и зашифрованными томами LUKS (manage plain dm-crypt and LUKS encrypted volumes)
  Name  |  Synopsis  |  Description  |  Plain dm-crypt or luks?  |  Warning  |  Basic actions  |  Plain mode  |  Luks extension  |  Loop-aes extension  |  Tcrypt (truecrypt-compatible and veracrypt) extension  |  Bitlk (windows bitlocker-compatible) extension (experimental)  |  Miscellaneous  |  Options  |  Examples  |  Return value  |  Notes on passphrase processing for plain mode  |  Notes on passphrase processing for luks  |  Incoherent behavior for invalid passphrases/keys  |  Notes on supported ciphers, modes, hashes and key sizes  |  Notes on passphrases  |  Notes on random number generators  |  Authenticated disk encryption (experimental)  |  Notes on loopback device use  |    Luks2 header locking    |  Deprecated actions  |  Reporting bugs  |

LUKS2 header locking

The LUKS2 on-disk metadata is updated in several steps and to achieve proper atomic update, there is a locking mechanism. For an image in file, code uses flock(2) system call. For a block device, lock is performed over a special file stored in a locking directory (by default /run/lock/cryptsetup). The locking directory should be created with the proper security context by the distribution during the boot-up phase. Only LUKS2 uses locks, other formats do not use this mechanism.