[dm-crypt] cryptsetup problem on Raspberry Pi 2 w 512bit key-size (works on Raspberry Pi 1, x86_64, 256bit)

Johannes Ernst johannes.ernst at gmail.com
Sun Feb 22 20:36:10 CET 2015


Transcript. Note that adding the —debug flag successfully opens on the *second* attempt entering the password. Without —debug, no such luck.

> dd if=/dev/zero of=./test.img count=8 bs=1M
> cryptsetup --hash sha512 --key-size 512 -v luksFormat ./test.img

used password ‘asdf’ (no quotes)

> cryptsetup open test.img test
Enter passphrase for test.img: 
No key available with this passphrase.
Enter passphrase for test.img: 
No key available with this passphrase.
^C
Enter passphrase for test.img: Error reading passphrase from terminal.

> cryptsetup open --debug test.img test
# cryptsetup 1.6.6 processing "cryptsetup open --debug test.img test"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device test.img context.
# Trying to open and read device test.img.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device test.img.
# Crypto backend (gcrypt 1.6.2) initialized.
# Detected kernel Linux 3.18.7-5-ARCH armv7l.
# Reading LUKS header of size 1024 from device test.img
# Key length 64, device size 16384 sectors, header size 4036 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 1000 miliseconds.
# Activating volume test [keyslot -1] using [none] passphrase.
# dm version   OF   [16384] (*1)
# dm versions   OF   [16384] (*1)
# Detected dm-crypt version 1.13.0, dm-ioctl version 4.28.0.
# Device-mapper backend running with UDEV support enabled.
# dm status test  OF   [16384] (*1)
# Interactive passphrase entry requested.
Enter passphrase for test.img: 
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].
# Trying to open key slot 2 [INACTIVE].
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
No key available with this passphrase.
# Interactive passphrase entry requested.
Enter passphrase for test.img: 
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
Key slot 0 unlocked.
# Allocating a free loop device.
# Trying to open and read device /dev/loop1.
# Calculated device size is 12288 sectors (RW), offset 4096.
# DM-UUID is CRYPT-LUKS1-81fb41f7c33c4c0aa9af442ed6230f5f-test
# Udev cookie 0xd4db383 (semid 2785282) created
# Udev cookie 0xd4db383 (semid 2785282) incremented to 1
# Udev cookie 0xd4db383 (semid 2785282) incremented to 2
# Udev cookie 0xd4db383 (semid 2785282) assigned to CREATE task(0) with flags         (0x0)
# dm create test CRYPT-LUKS1-81fb41f7c33c4c0aa9af442ed6230f5f-test OF   [16384] (*1)
# dm reload test  OFW    [16384] (*1)
# dm resume test  OFW    [16384] (*1)
# test: Stacking NODE_ADD (253,1) 0:0 0600 [verify_udev]
# test: Stacking NODE_READ_AHEAD 256 (flags=1)
# Udev cookie 0xd4db383 (semid 2785282) decremented to 1
# Udev cookie 0xd4db383 (semid 2785282) waiting for zero
# Udev cookie 0xd4db383 (semid 2785282) destroyed
# test: Processing NODE_ADD (253,1) 0:0 0600 [verify_udev]
# test: Processing NODE_READ_AHEAD 256 (flags=1)
# test (253:1): read ahead is 256
# test: retaining kernel read ahead of 256 (requested 256)
# Releasing crypt device test.img context.
# Releasing device-mapper backend.
# Closed loop /dev/loop1 (test.img).
# Unlocking memory.
Command successful.

This is Arch Linux ARM for the Raspberry Pi 2:
> uname -a
Linux rpi2 3.18.7-5-ARCH #1 SMP PREEMPT Wed Feb 18 20:56:17 MST 2015 armv7l GNU/Linux

Packages involved (tell me what else you need):
> pacman -Qi cryptsetup
Name           : cryptsetup
Version        : 1.6.6-1

> pacman -Qi libgcrypt
Name           : libgcrypt
Version        : 1.6.2-1




More information about the dm-crypt mailing list