[dm-crypt] cryptsetup upgrade to 1.6.x unlocking problem in initramfs

Sven Eschenberg sven at whgl.uni-frankfurt.de
Fri Sep 5 00:54:34 CEST 2014


Hi Milan,

still looking at an strace output flood (PDBKF2 I guess), but it looks
like the change from modular to builtin for HMAC did the trick. Thank you
so much for your effort.

For me two major questions remain though:
1.) Why did an older version of cryptsetup work without these modules?
2.) Why is HMAC needed? It is not obvious and if some other kernel module
needs it, why is the dependecy missing?
4.) if HMAC dependecy is owed to cryptsetup specificly, is that documented
already?

With best Regards

A delighted and happy user

-Sven

On Thu, September 4, 2014 09:24, Milan Broz wrote:
> On 09/03/2014 11:03 PM, Sven Eschenberg wrote:
>> Will mail that in a bit directly to you. I looked at the strace again
>> and
>> realized the following:
>> the call to initialize the backend with the fixed values in sockaddr_alg
>> (AF_ALG,"hash","sha1") obviously succeeds, the one after entering the
>> passphrase, which is filled with AF_ALG, "hash", and the hashname, which
>> should be sha1 again, seems to fail.
>
> I tried your config (just added hw drivers so it boots on my VM)
> and for my non-initram i386 system it works.
>
> The only module it requires to load (all other are compiled in) is hmac,
> so try CONFIG_CRYPTO_HMAC=y or check it is in initramfs.
>
> And obviously, removing this module so kernel cannot find it causes
> ...
> socket(PF_ALG, SOCK_SEQPACKET, 0)       = 6
> bind(6, {sa_family=AF_ALG, sa_data="hash\0\0\0\0\0\0\0\0\0\0"}, 88) = -1
> ENOENT (No such file or directory)
>                                 = 0
> I will probably try to add some better debug messages here
> (but you did not send me --debug output anyway :-)
>
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>




More information about the dm-crypt mailing list