The kernel image provided on the LiveCD does not provide kernel modules for neither adiantum nor hctr2 encryption modes. These modes improve the security of full disk encryption by hiding where in the sector changes were performed, thus providing greater security than modes like XTS usually used for this purpose. Reproducible: Always Steps to Reproduce: 1. modprobe hctr2 Actual Results: modprobe: FATAL: Module hctr2 not found in directory /lib/modules/6.1.38-gentoo-x86_64 Expected Results: No error To achieve the desired results please add the following configuration to your kernel: CONFIG_CRYPTO_ADIANTUM=m CONFIG_CRYPTO_HCTR2=m CONFIG_CRYPTO_CHACHA20=m CONFIG_CRYPTO_NHPOLY1305=m CONFIG_CRYPTO_POLYVAL=m For better performance also add this options on amd64 builds: CONFIG_CRYPTO_CHACHA20_X86_64=m CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_NHPOLY1305_AVX2=m CONFIG_CRYPTO_POLYVAL_CLMUL_NI=m And these on ARM64 builds: CONFIG_CRYPTO_CHACHA20_NEON=m CONFIG_CRYPTO_NHPOLY1305_NEON=m CONFIG_CRYPTO_POLYVAL_ARM64_CE=m
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/releng.git/commit/?id=0033362a136d92fd2c2160ff61606ececd1416e5 commit 0033362a136d92fd2c2160ff61606ececd1416e5 Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2024-02-27 19:41:32 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2024-02-27 19:41:32 +0000 kconfig/amd64: add new encryption modes Bug: https://bugs.gentoo.org/911316 Signed-off-by: Ben Kohler <bkohler@gentoo.org> releases/kconfig/amd64/amd64-6.6.13.config | 6750 ++++++++++++++++++++++++++++ 1 file changed, 6750 insertions(+)
Thanks for the fix Ben! I haven't had much free time lately but I will test this as soon as I can and report back if there are any issues :)
