[dm-crypt] cryptsetup problem on Raspberry Pi 2 w 512bit key-size (works on Raspberry Pi 1, x86_64, 256bit)
johannes.ernst at gmail.com
Mon Feb 23 19:44:58 CET 2015
1. There was a (cryptic, to me) comment by one of the core Arch Linux ARM developers on my post. He said "Something on my mind about kernel mode neon on imx6, can't find it now” (http://archlinuxarm.org/forum/viewtopic.php?f=60&t=8489&p=45395#p45364) I have little idea what this could mean, but I figure I pass it on in case somebody here does.
2. I disabled the mentioned kernel modules:
and, magic happens, it behaves as intended: cryptsetup opens file on first try.
3. When the kernel modules get added again, with the image file created in step #2, I’m back to "No key available with this passphrase.”.
4. This seems to be a Raspberry PI 2 (ARMv7)-only issue, it seems to work on Raspberry PI 1 (ARMv6) and on BeagleBone Black (ARMv7).
5. If you send me an ssh public key, I'd be happy to set you up with a shell on my Raspberry PI 2, if there is a chance that it might help in any way.
> On Feb 22, 2015, at 12:20, Milan Broz <gmazyland at gmail.com> wrote:
> On 02/22/2015 08:40 PM, Johannes Ernst wrote:
>>> (If us use other hash it works even on Pi? Try sha1 and sha256 at least.)
>> It appears independent of the hash involved: I tried sha1, sha256 in addition to the original sha256. The behavior is the same:
>> 1. cryptsetup open … does not open
>> 2. cryptsetup open —debug opens on the second attempt to put the password in.
> ok, this is really strange.
> One (random) guess from the log:
>> # Using userspace crypto wrapper to access keyslot area.
> it means that code is using kernel userspace crypto
> (and cryptsetup already revealed at least two problems there...)
> Could you try it without it? (Code should fallback to old dmcrypt temporary devices mode).
> You can do it either by
> - disabling/blacklisting kernel modules which provides it: af_alg.ko and algif_skcipher.ko
> (or disable CRYPTO_USER_API, CRYPTO_USER_API_SKCIPHER when compiling kernel)
> - try to run older cryptsetup (at least 1.6.4 or older)
> I am afraid I cannot help more here without reproducing it...
> (Is it RPI2 only issue or anyone see it on other ARM device?)
More information about the dm-crypt