Commit
5d0cc93cdf69491543c48568abf66dfb40572a3e
by blucaAdd support for OPAL encryption via cryptsetup and LUKS2
cryptsetup 2.7.0 added support for OPAL as a backend alternative to
dm-crypt that uses hardware capabilities of NVME drives, driven by
a new kernel driver. Add support for this encryption mode.
Two alternatives are provided, which mirror what cryptsetup offers:
dm-crypt + opal, for a nested double-encryption layer, and
opal-only without dm-crypt (dm-linear will be used to open the
volumes). The former is a toggle in the existing dm-crypt setup,
and the latter is a new separate crypto mode.
These will be visible to users only if cryptsetup supports the new
options, and if the selected disk supports the feature (and by
reflection the kernel, which is used by the feature). If any of
these requirements are not met, the new options will not be shown
to users.
Also offer the option to factory reset the OPAL drive using the
PSID - a device-specific code that is printed on the label.
Closes: #1060422
![[Jenkins]](/static/ca03f6a7/images/svgs/logo.svg){kind=logo}
