[dm-crypt] cryptsetup upgrade to 1.6.x unlocking problem in initramfs
sven at whgl.uni-frankfurt.de
Mon Sep 1 23:35:04 CEST 2014
On Mon, September 1, 2014 22:41, Milan Broz wrote:
> On 09/01/2014 10:12 PM, Sven Eschenberg wrote:
>> On Mon, September 1, 2014 22:00, Milan Broz wrote:
>>> Which exact version you are using? Be sure that you have the last 1.6.6
>>> where I fixed some problems related to crypto API interface.
>> Okay, I am using 1.6.4, will upgrade it and check again...
> ok, then it is different issue I thought (there was a change
> in 1.6.5 which caused a lot of similar issues), see below.
> Anyway, please try 1.6.6. as well - there was some related changes.
No difference with 1.6.6.
>>> Can you post output with added --debug of command which fails?
>>> If you are compiling cryptsetup yourself, which crypto backend are you
>>> (If it is kernel API, then kernel must have required support, AF_ALG
>>> API and all relevant crypto modules.)
>> Always used the kernel backend. I reused the kernel config (just minor
>> upgrade) which worked with the old cryptsetup.
> So if you use kernel backend you simply must have kernel with the AF_ALG
> Also be sure you have SHA1 and hash used in your LUKS (if differs from
> (SHA1 is mandatory for LUKS support, crypto backend also uses it to check
> that API is working - I did not find other reliable way...)
> Anyway, I would say that it is not problem in cryptsetup but that some
> kernel module is missing (it can be some dependence like cipher mode
> or cryptomgr...)
Is there any sophisticated way to find out, what could be missing? Except
trial and error maybe ;-)?
Here's the CRYPTO config of the kernel that works with old cryptsetup:
What I added to get to the passphrase for current cryptsetup is:
CONFIG_CRYPTO_USER_API=y <= AF_ALGO
The Volume is AES-XTS-plain and the hashspec sha1
I can't see what might be missing ...
> dm-crypt mailing list
> dm-crypt at saout.de
More information about the dm-crypt