It seems I cannot open LUKS encrypted devices when running the minimal amd64 install CD. Needed cypher/hash modules seem to be missing. Detailed error message follows when I'm back home... Reproducible: Always Steps to Reproduce: 1. Boot the CD. 2. cryptsetup luksOpen <device> <newname> 3. Enter LUKS passphrase Actual Results: cryptsetup prints an error message (will follow). Expected Results: The device should be opened.
OK, here it comes: livecd root # evms_activate livecd root # cryptsetup luksOpen /dev/evms/root c-root Enter LUKS passphrase: device-mapper: table: 253:38: crypt: Error initializing ESSIV hash device-mapper: ioctl: error adding target to table device-mapper: ioctl: device doesn't appear to be in the dev hash table. Failed to setup dm-crypt key mapping. Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/evms/root contains at least 133 sectors. Failed to read from key storage Command failed: No key available with this passphrase.
And here is /proc/crypto from a system where I can open the device: name : cbc(aes) driver : cbc(aes-asm) module : kernel priority : 200 refcnt : 13 type : givcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 geniv : chainiv name : cbc(aes) driver : cbc(aes-asm) module : kernel priority : 200 refcnt : 13 type : blkcipher blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 geniv : <default> name : arc4 driver : arc4-generic module : kernel priority : 0 refcnt : 1 type : cipher blocksize : 1 min keysize : 1 max keysize : 256 name : aes driver : aes-generic module : kernel priority : 100 refcnt : 1 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : sha256 driver : sha256-generic module : kernel priority : 0 refcnt : 1 type : digest blocksize : 64 digestsize : 32 name : sha224 driver : sha224-generic module : kernel priority : 0 refcnt : 1 type : digest blocksize : 64 digestsize : 28 name : sha1 driver : sha1-generic module : kernel priority : 0 refcnt : 1 type : digest blocksize : 64 digestsize : 20 name : aes driver : aes-asm module : kernel priority : 200 refcnt : 25 type : cipher blocksize : 16 min keysize : 16 max keysize : 32
The same problem appears with xts-plain. The minimal install CD seems to be missing the appropriate crypto algorithms, which makes it kinda useless for crytodevices.
I don't do any sort of encrypted filesystems, so you guys will have to tell me which CONFIG_CRYPTO_* options to enable for the kconfig.
These are mine: CONFIG_CRYPTO CONFIG_CRYPTO_ALGAPI CONFIG_CRYPTO_AEAD CONFIG_CRYPTO_BLKCIPHER CONFIG_CRYPTO_HASH CONFIG_CRYPTO_MANAGER CONFIG_CRYPTO_GF128MUL CONFIG_CRYPTO_CRYPTD CONFIG_CRYPTO_AUTHENC CONFIG_CRYPTO_SEQIV CONFIG_CRYPTO_CBC CONFIG_CRYPTO_CTS CONFIG_CRYPTO_ECB CONFIG_CRYPTO_LRW CONFIG_CRYPTO_HMAC CONFIG_CRYPTO_MD5 CONFIG_CRYPTO_MICHAEL_MIC CONFIG_CRYPTO_SHA1 CONFIG_CRYPTO_SHA256 CONFIG_CRYPTO_TGR192 CONFIG_CRYPTO_WP512 CONFIG_CRYPTO_AES CONFIG_CRYPTO_ARC4 CONFIG_CRYPTO_DES Though I think it would be more reasonable to enable more, if not all of them for a live cd, especially these: CONFIG_CRYPTO_XTS CONFIG_CRYPTO_HW CONFIG_CRYPTO_DEV_PADLOCK Compiled as kernel modules, these should be enough for almost any use case.
I ran into the same problem. Next config is from the systemrescue-cd. Almost everything is enabled so you can use all cipher/mode-combinations (except the seed-cipher, dunno why it is disabled). CONFIG_CRYPTO=y CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_BLKCIPHER=m CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_XCBC=m CONFIG_CRYPTO_NULL=m CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=m CONFIG_CRYPTO_SHA512=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_TGR192=m CONFIG_CRYPTO_GF128MUL=m CONFIG_CRYPTO_ECB=m CONFIG_CRYPTO_CBC=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_LRW=m CONFIG_CRYPTO_XTS=m # CONFIG_CRYPTO_CRYPTD is not set CONFIG_CRYPTO_DES=m CONFIG_CRYPTO_FCRYPT=m CONFIG_CRYPTO_BLOWFISH=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_TWOFISH_COMMON=m CONFIG_CRYPTO_TWOFISH_X86_64=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_AES=m CONFIG_CRYPTO_AES_X86_64=m CONFIG_CRYPTO_CAST5=m CONFIG_CRYPTO_CAST6=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_ARC4=m CONFIG_CRYPTO_KHAZAD=m CONFIG_CRYPTO_ANUBIS=m # CONFIG_CRYPTO_SEED is not set CONFIG_CRYPTO_DEFLATE=m CONFIG_CRYPTO_MICHAEL_MIC=m CONFIG_CRYPTO_CRC32C=y CONFIG_CRYPTO_CAMELLIA=m CONFIG_CRYPTO_TEST=m # CONFIG_CRYPTO_AUTHENC is not set # CONFIG_CRYPTO_MPILIB is not set # CONFIG_CRYPTO_SIGNATURE is not set CONFIG_CRYPTO_HW=y
*** Bug 249721 has been marked as a duplicate of this bug. ***
I have modifed the kconfigs in SVN for x86/amd64 to have all the remaining crypto support enabled as modules. This will show up in the next release.
This should be fixed in the installcd autobuilds.
