1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index df13df3..eb3f625 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -84,6 +84,7 @@ static int opt_disable_keyring = 0;
static const char *opt_priority = NULL; /* normal */
static const char *opt_integrity = NULL; /* none */
static int opt_integrity_nojournal = 0;
+static int opt_integrity_recovery = 0;
static int opt_integrity_no_wipe = 0;
static const char *opt_key_description = NULL;
static int opt_sector_size = 0;
@@ -182,6 +183,8 @@ static void _set_activation_flags(uint32_t *flags)
if (opt_integrity_nojournal)
*flags |= CRYPT_ACTIVATE_NO_JOURNAL;
+ if (opt_integrity_recovery)
+ *flags |= CRYPT_ACTIVATE_RECOVERY;
/* In persistent mode, we use what is set on command line */
if (opt_persistent)
@@ -3409,6 +3412,7 @@ int main(int argc, const char **argv)
{ "disable-keyring", '\0', POPT_ARG_NONE, &opt_disable_keyring, 0, N_("Disable loading volume keys via kernel keyring"), NULL },
{ "integrity", 'I', POPT_ARG_STRING, &opt_integrity, 0, N_("Data integrity algorithm (LUKS2 only)"), NULL },
{ "integrity-no-journal",'\0',POPT_ARG_NONE, &opt_integrity_nojournal, 0, N_("Disable journal for integrity device"), NULL },
+ { "integrity-recovery-mode", 'R', POPT_ARG_NONE, &opt_integrity_recovery, 0, N_("Recovery mode for integrity device (no journal, no tag checking)"), NULL },
{ "integrity-no-wipe", '\0', POPT_ARG_NONE, &opt_integrity_no_wipe, 0, N_("Do not wipe device after format"), NULL },
{ "token-only", '\0', POPT_ARG_NONE, &opt_token_only, 0, N_("Do not ask for passphrase if activation by token fails"), NULL },
{ "token-id", '\0', POPT_ARG_INT, &opt_token, 0, N_("Token number (default: any)"), NULL },
|