[dm-crypt] cryptsetup problem on Raspberry Pi 2 w 512bit key-size (works on Raspberry Pi 1, x86_64, 256bit)

Johannes Ernst johannes.ernst at gmail.com
Sun Feb 22 20:29:34 CET 2015


I originally posted this to the Arch Linux ARM forum here: http://archlinuxarm.org/forum/viewtopic.php?f=60&t=8489 <http://archlinuxarm.org/forum/viewtopic.php?f=60&t=8489>
where since, somebody else reported seeing something (almost) identical: taking his external drive from an Raspberry Pi 1 to a Raspberry Pi 2 where it failed to open.

He says, however, that cryptsetup open succeeds on the second (!) attempt putting in his password. However, this does not work for me. This is beginning to smell like some kind of memory initialization problem.

—debug output coming in just a sec.


> On Feb 20, 2015, at 22:53, Milan Broz <gmazyland at gmail.com> wrote:
> 
> On 02/20/2015 11:59 PM, Johannes Ernst wrote:
>> It’s not the keyboard layout: I interact with both Pi’s through ssh and terminal on OSX. And it even happens with extremely simple pass phrases such as ‘asdf’.
> 
> Hi,
> 
> it is very unlikely cryptsetup problem but I would guess some kernel crypt or library ARM glitch.
> (Cryptsetup is tested even on new ARM64 and there is not many platform dependent code.)
> 
> Whatever, please send me full output from that command with added --debug.
> I always need exact versions of kernel, crypto libraries a obviously cryptsetup.
> 
> (If us use other hash it works even on Pi? Try sha1 and sha256 at least.)
> 
> Thanks,
> Milan
> 
>> 
>> 
>>> On Feb 20, 2015, at 14:25, Lars Winterfeld <lars.winterfeld at tu-ilmenau.de> wrote:
>>> 
>>> Hi.
>>> 
>>> You could add another keyslot with a keyfile and open the device with
>>> that to be absolutely sure you did not just miss-type the password
>>> (because of a different keyboard layout on the Raspberry Pi 2 etc.)
>>> 
>>> 
>>> 
>>> On 20.02.2015 22:37, Johannes Ernst wrote:
>>>> TL;DR: 
>>>>   cryptsetup --hash sha512 --key-size 512 -v luksFormat ./test.img
>>>> cannot be opened again on the new Raspberry Pi 2. Shorter key-size, and other platforms work.
>>>> 
>>>> This is a bit a puzzler to me …
>>>> 
>>>> This is what I do:
>>>>   # Create 8M image
>>>>   dd if=/dev/zero of=./test.img count=8 bs=1M
>>>>   # Set up encryption -- enter a suitable password when asked
>>>>   cryptsetup --hash sha512 --key-size 512 -v luksFormat ./test.img
>>>>   # Now attempt to open it, entering the same password
>>>>   cryptsetup open test.img test
>>>> 
>>>> and indeed it works for me on x86_64, the Raspberry PI 1, and the BeagleBone Black. However, it fails on the Raspberry Pi 2 with:
>>>> 	"No key available with this passphrase."
>>>> 
>>>> If I create the encrypted image on the Raspberry Pi 2, I can open it on other platforms. However, I cannot open any image with these parameters on the Raspberry Pi 2, regardless where it was created.
>>>> 
>>>> If I set the key-size to 256 bit, it works on all platforms.
>>>> 
>>>> The Raspberry Pi 2 is an ARM v7 processor, unlike the Raspberry Pi 1. But then, the BeagleBone Black is Arm V7, too.
>>>> 
>>>> Puzzled ...
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Johannes.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20150222/6c121241/attachment.html>


More information about the dm-crypt mailing list