[dm-crypt] cryptsetup upgrade to 1.6.x unlocking problem in initramfs

Sven Eschenberg sven at whgl.uni-frankfurt.de
Mon Sep 1 22:12:52 CEST 2014


On Mon, September 1, 2014 22:00, Milan Broz wrote:
> On 09/01/2014 09:32 PM, Sven Eschenberg wrote:
>> I recently upgraded one of my systems and after cryptsetup was updated,
>> included into my initramfs it fails to open the LUKS container.
>>
>> In the very beginning I ended up with a 'Cannot initialize crypto
>> backend'
>> error. After some debugging I managed to add the missing kernel modules
>> to
>> get AF_ALGO. Now I am getting to a password prompt, enter my passphrase
>> and get a failure. I cannot recall the exact error msg, I remember
>> though
>> it said something about a missing option.
>>
>> Anyway, I traced the whole thing, and I think it's the following call
>> that
>> creates the fatal error:
>> bind(<FD>,{sa_family=AF_ALG,SA_data=hash\0,88})=ENOENT)
>>
>> First I had a failure on the socket() call, which I managed to get rid
>> off, now the actual bind() fails. I can see the problem is hash related,
>> but further assistance is appreciated.
>
> Hi,
>
> the dependence on AF_ALG (for LUKS) is optional and there is fallback
> to old way. So in your described scenario it should still work.
> (The ENOENT error above is not fatal error, it is indication that some
> function
> is not available and code should simple use old way how to decrypt
> keyslot.)

I see, well, the trace does some close() after the failed bind(), munmap()
munlockall(), setpriority() and the exit_group() and I see an exited with
1 message, anyway, let'S check the other stuff ..

>
> Which exact version you are using? Be sure that you have the last 1.6.6
> where I fixed some problems related to crypto API interface.

Okay, I am using 1.6.4, will upgrade it and check again...

>
> Can you post output with added --debug of command which fails?
>
> If you are compiling cryptsetup yourself, which crypto backend are you
> using?
> (If it is kernel API, then kernel must have required support, AF_ALG
> API and all relevant crypto modules.)

Always used the kernel backend. I reused the kernel config (just minor
upgrade) which worked with the old cryptsetup.

>
> Thanks,
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

Regards

-Sven




More information about the dm-crypt mailing list