diff options
author | Ondrej Kozina <okozina@redhat.com> | 2023-10-27 13:57:34 +0200 |
---|---|---|
committer | Ondrej Kozina <okozina@redhat.com> | 2023-10-31 11:13:58 +0100 |
commit | 32fbac17b1e9d1d01a1c3ec4a7fed1c89cfc72b1 (patch) | |
tree | 5d3a703f88d2c220ef3c75a77917c5d4c8ced7f5 | |
parent | 4081037bdbb3a60e90689ece1495157d454bcef8 (diff) | |
download | cryptsetup-32fbac17b1e9d1d01a1c3ec4a7fed1c89cfc72b1.tar.gz |
Improve cmd line options man pages related to SED OPAL.
-rw-r--r-- | man/common_options.adoc | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/man/common_options.adoc b/man/common_options.adoc index eac7fa69..25a8dd6c 100644 --- a/man/common_options.adoc +++ b/man/common_options.adoc @@ -700,7 +700,7 @@ endif::[] ifndef::ACTION_BENCHMARK,ACTION_BITLKDUMP[] *--header <device or file storing the LUKS header>*:: -ifndef::ACTION_OPEN[] +ifndef::ACTION_OPEN,ACTION_ERASE[] Use a detached (separated) metadata device or file where the LUKS header is stored. This option allows one to store ciphertext and LUKS header on different devices. @@ -723,7 +723,7 @@ FAQ for header size calculation. The --align-payload option is taken as absolute sector alignment on ciphertext device and can be zero. endif::[] -ifndef::ACTION_LUKSFORMAT,ACTION_OPEN[] +ifndef::ACTION_LUKSFORMAT,ACTION_OPEN,ACTION_ERASE[] For commands that change the LUKS header (e.g. _luksAddKey_), specify the device or file with the LUKS header directly as the LUKS device. @@ -743,6 +743,9 @@ decryption operation continues as if the ordinary detached header was passed. *WARNING:* Never put exported header file in a filesystem on top of device you are about to decrypt! It would cause a deadlock. endif::[] +ifdef::ACTION_ERASE[] +Use to specify detached LUKS2 header when erasing HW OPAL enabled data device. +endif::[] endif::[] ifdef::ACTION_LUKSHEADERBACKUP,ACTION_LUKSHEADERRESTORE[] @@ -750,6 +753,19 @@ ifdef::ACTION_LUKSHEADERBACKUP,ACTION_LUKSHEADERRESTORE[] Specify file with header backup file. endif::[] +ifdef::ACTION_LUKSFORMAT[] +*--hw-opal*:: +Format LUKS2 device with dm-crypt encryption stacked on top HW based encryption configured +on SED OPAL locking range. This option enables both SW and HW based data encryption. +endif::[] + +ifdef::ACTION_LUKSFORMAT[] +*--hw-opal-only*:: +Format LUKS2 device with HW based encryption configured on SED OPAL locking range only. LUKS2 +format only manages locking range unlock key. This option enables HW based data encryption managed +by SED OPAL drive only. +endif::[] + ifdef::ACTION_REENCRYPT[] *--force-offline-reencrypt (LUKS2 only)*:: Bypass active device auto-detection and enforce offline reencryption. |