[dm-crypt] cryptsetup upgrade to 1.6.x unlocking problem in initramfs

Sven Eschenberg sven at whgl.uni-frankfurt.de
Mon Sep 1 23:35:04 CEST 2014


On Mon, September 1, 2014 22:41, Milan Broz wrote:
> On 09/01/2014 10:12 PM, Sven Eschenberg wrote:
>> On Mon, September 1, 2014 22:00, Milan Broz wrote:
>>> Which exact version you are using? Be sure that you have the last 1.6.6
>>> where I fixed some problems related to crypto API interface.
>>
>> Okay, I am using 1.6.4, will upgrade it and check again...
>
> ok, then it is different issue I thought (there was a change
> in 1.6.5 which caused a lot of similar issues), see below.
>
> Anyway, please try 1.6.6. as well - there was some related changes.
>

No difference with 1.6.6.

>>> Can you post output with added --debug of command which fails?
>>>
>>> If you are compiling cryptsetup yourself, which crypto backend are you
>>> using?
>>> (If it is kernel API, then kernel must have required support, AF_ALG
>>> API and all relevant crypto modules.)
>>
>> Always used the kernel backend. I reused the kernel config (just minor
>> upgrade) which worked with the old cryptsetup.
>
> So if you use kernel backend you simply must have kernel with the AF_ALG
> interface.
>
> Also be sure you have SHA1 and hash used in your LUKS (if differs from
> SHA1).
> (SHA1 is mandatory for LUKS support, crypto backend also uses it to check
> that API is working -  I did not find other reliable way...)
>
> Anyway, I would say that it is not problem in cryptsetup but that some
> required
> kernel module is missing (it can be some dependence like cipher mode
> helper
> or cryptomgr...)

Is there any sophisticated way to find out, what could be missing? Except
trial and error maybe ;-)?

Here's the CRYPTO config of the kernel that works with old cryptsetup:

CONFIG_CRYPTO=y
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_BLKCIPHER=y
CONFIG_CRYPTO_BLKCIPHER2=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_PCOMP2=y
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
CONFIG_CRYPTO_GF128MUL=y
CONFIG_CRYPTO_WORKQUEUE=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_XTS=y
CONFIG_CRYPTO_RMD160=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_586=y
-----
What I added to get to the passphrase for current cryptsetup is:
CONFIG_CRYPTO_ANSI_CPRNG=y
CONFIG_CRYPTO_USER_API=y <= AF_ALGO
CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
----

The Volume is AES-XTS-plain and the hashspec sha1

I can't see what might be missing ...

>
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

Regards

-Sven



More information about the dm-crypt mailing list