admin-guide/device-mapper/dm-crypt.rst

2 dm-crypt
5 Device-Mapper's "crypt" target provides transparent encryption of block devices
21        cipher[:keycount]-chainmode-ivmode[:ivopts]
25        aes-cbc-essiv:sha256
26        aes-xts-plain64
27        serpent-xts-plain64
36         capi:cipher_api_spec-ivmode[:ivopts]
40         capi:cbc(aes)-essiv:sha256
41         capi:xts(aes)-plain64
45         capi:gcm(aes)-random
46         capi:authenc(hmac(sha256),xts(aes))-random
47         capi:rfc7539(chacha20,poly1305)-random
66     The encryption key size in bytes. The kernel key payload size must match
77     Multi-key compatibility mode. You can define <keycount> keys and
125     Bypass dm-crypt internal workqueue and process read requests synchronously.
128     Bypass dm-crypt internal workqueue and process write requests synchronously.
129     This option is automatically enabled for host-managed zoned block devices
130     (e.g. host-managed SMR hard-disks).
132 integrity:<bytes>:<type>
133     The device requires additional <bytes> metadata per-sector stored
134     in per-bio integrity structure. This metadata must by provided
135     by underlying dm-integrity target.
144 sector_size:<bytes>
145     Use <bytes> as the encryption unit instead of 512 bytes sectors.
146     This option can be in range 512 - 4096 bytes and must be power of two.
151    instead of default 512 bytes sectors.
153    For example, if <sector_size> is 4096 bytes, plain64 IV for the second
155    The <iv_offset> must be multiple of <sector_size> (in 512 bytes units)
161 encryption with dm-crypt using the 'cryptsetup' utility, see
168 …dmsetup create crypt1 --table "0 `blockdev --getsz $1` crypt aes-cbc-essiv:sha256 babebabebabebabe…
174 …dmsetup create crypt2 --table "0 `blockdev --getsize $1` crypt aes-cbc-essiv:sha256 :32:logon:my_p…