cryptsetup API
Public cryptsetup API
|
Data Structures | |
struct | crypt_active_device |
Functions | |
int | crypt_get_active_device (struct crypt_device *cd, const char *name, struct crypt_active_device *cad) |
uint64_t | crypt_get_active_integrity_failures (struct crypt_device *cd, const char *name) |
Activation flags
#define CRYPT_ACTIVATE_ALLOW_DISCARDS (1 << 3) |
enable discards aka TRIM
#define CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY (1 << 16) |
allow activation check including unbound keyslots (keyslots without segments)
#define CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE (1 << 15) |
dm-verity: check_at_most_once - check data blocks only the first time
#define CRYPT_ACTIVATE_CORRUPTED (1 << 5) |
corruption detected (verity), output only
#define CRYPT_ACTIVATE_IGNORE_CORRUPTION (1 << 8) |
dm-verity: ignore_corruption flag - ignore corruption, log it only
#define CRYPT_ACTIVATE_IGNORE_PERSISTENT (1 << 14) |
ignore persistently stored flags
#define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (1 << 10) |
dm-verity: ignore_zero_blocks - do not verify zero blocks
#define CRYPT_ACTIVATE_IV_LARGE_SECTORS (1 << 22) |
use IV sector counted in sector_size instead of default 512 bytes sectors
#define CRYPT_ACTIVATE_KEYRING_KEY (1 << 11) |
key loaded in kernel keyring instead directly in dm-crypt
#define CRYPT_ACTIVATE_NO_JOURNAL (1 << 12) |
dm-integrity: direct writes, do not use journal
#define CRYPT_ACTIVATE_NO_JOURNAL_BITMAP (1 << 20) |
dm-integrity: direct writes, use bitmap to track dirty sectors
#define CRYPT_ACTIVATE_NO_READ_WORKQUEUE (1 << 24) |
dm-crypt: bypass internal workqueue and process read requests synchronously.
#define CRYPT_ACTIVATE_NO_UUID (1 << 1) |
only reported for device without uuid
#define CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE (1 << 25) |
dm-crypt: bypass internal workqueue and process write requests synchronously.
#define CRYPT_ACTIVATE_PANIC_ON_CORRUPTION (1 << 23) |
dm-verity: panic_on_corruption flag - panic kernel on corruption
#define CRYPT_ACTIVATE_PRIVATE (1 << 4) |
skip global udev rules in activation ("private device"), input only
#define CRYPT_ACTIVATE_READONLY (1 << 0) |
device is read only
#define CRYPT_ACTIVATE_RECALCULATE (1 << 17) |
dm-integrity: activate automatic recalculation
#define CRYPT_ACTIVATE_RECALCULATE_RESET (1 << 26) |
dm-integrity: reset automatic recalculation
#define CRYPT_ACTIVATE_RECOVERY (1 << 13) |
dm-integrity: recovery mode - no journal, no integrity checks
#define CRYPT_ACTIVATE_REFRESH (1 << 18) |
reactivate existing and update flags, input only
#define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (1 << 9) |
dm-verity: restart_on_corruption flag - restart kernel on corruption
#define CRYPT_ACTIVATE_SAME_CPU_CRYPT (1 << 6) |
use same_cpu_crypt option for dm-crypt
#define CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF (1 << 19) |
Use global lock to serialize memory hard KDF on activation (OOM workaround)
#define CRYPT_ACTIVATE_SHARED (1 << 2) |
activate even if cannot grant exclusive access (DANGEROUS)
#define CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS (1 << 7) |
use submit_from_crypt_cpus for dm-crypt
#define CRYPT_ACTIVATE_SUSPENDED (1 << 21) |
device is suspended (key should be wiped from memory), output only
int crypt_get_active_device | ( | struct crypt_device * | cd, |
const char * | name, | ||
struct crypt_active_device * | cad | ||
) |
Receive runtime attributes of active crypt device.
cd | crypt device handle (can be NULL) |
name | name of active device |
cad | preallocated active device attributes to fill |
uint64_t crypt_get_active_integrity_failures | ( | struct crypt_device * | cd, |
const char * | name | ||
) |
Get detected number of integrity failures.
cd | crypt device handle (can be NULL) |
name | name of active device |