option implies <option>tcrypt</option>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>tcrypt-veracrypt</option></term>
+
+ <listitem><para>Check for a VeraCrypt volume. VeraCrypt is a fork of
+ TrueCrypt that is mostly compatible, but uses different, stronger key
+ derivation algorithms that cannot be detected without this flag.
+ Enabling this option could substantially slow down unlocking, because
+ VeraCrypt's key derivation takes much longer than TrueCrypt's. This
+ option implies <option>tcrypt</option>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>timeout=</option></term>
static bool arg_discards = false;
static bool arg_tcrypt_hidden = false;
static bool arg_tcrypt_system = false;
+static bool arg_tcrypt_veracrypt = false;
static char **arg_tcrypt_keyfiles = NULL;
static uint64_t arg_offset = 0;
static uint64_t arg_skip = 0;
} else if (streq(option, "tcrypt-system")) {
arg_type = CRYPT_TCRYPT;
arg_tcrypt_system = true;
+ } else if (streq(option, "tcrypt-veracrypt")) {
+#ifdef CRYPT_TCRYPT_VERA_MODES
+ arg_type = CRYPT_TCRYPT;
+ arg_tcrypt_veracrypt = true;
+#else
+ log_error("This version of cryptsetup does not support tcrypt-veracrypt; refusing.");
+ return -EINVAL;
+#endif
} else if (STR_IN_SET(option, "plain", "swap", "tmp"))
arg_type = CRYPT_PLAIN;
else if (startswith(option, "timeout=")) {
if (arg_tcrypt_system)
params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER;
+#ifdef CRYPT_TCRYPT_VERA_MODES
+ if (arg_tcrypt_veracrypt)
+ params.flags |= CRYPT_TCRYPT_VERA_MODES;
+#endif
+
if (key_file) {
r = read_one_line_file(key_file, &passphrase);
if (r < 0) {
projects / thirdparty / systemd.git / commitdiff
