re: [4.0] cryptsetup fails

Wed, 04 Mar 2015 11:26:16 -0800 

>Subject:    [4.0] cryptsetup fails
>From:       Thomas Meyer <thomas () m3y3r ! de>
>Date:       2015-03-04 12:12:47
>Hi,

>I wanted to give the new kernel a try, but the cryptsetup fails with:
>[    8.747114] localhost.localdomain systemd-cryptsetup[280]: Set cipher aes, 
>mode xts-plain64, key size 256 bits for device /dev/disk/[...]
>[    9.265258] localhost.localdomain kernel: device-mapper: table: 254:0: 
>crypt: Error allocating crypto tfm
>[    9.265265] localhost.localdomain kernel: device-mapper: ioctl: error 
>adding target to table
>[    9.280993] localhost.localdomain systemd-cryptsetup[280]: Failed to 
>activate: Input/output error

>the error seems to get produced in drivers/md/dm-crypt.c:

>5ebaee6d2       (Milan Broz     2010-08-12 04:14:07 +0100       1619)   /* 
>Allocate cipher */
>fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1620)  
> ret = crypt_alloc_tfms(cc, cipher_api);
>fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1621)  
> if (ret < 0) {
>fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1622)  
>         ti->error = "Error allocating crypto tfm";
>fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1623)  
>         goto bad;

>$ grep AES /boot/config-4.0.0-rc1-23421-g023a600 
># CONFIG_SND_MAESTRO3 is not set
>CONFIG_CRYPTO_AES=y
>CONFIG_CRYPTO_AES_X86_64=m
>CONFIG_CRYPTO_AES_NI_INTEL=m
>CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
>CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m

>any ideas what did change here? what am i missing?

>with kind regards
>thomas

I submitted a patch to the crypto mailing list that fixed the AESNI module so 
it handles 256 bit keys 
properly, I am not sure it was included on the 4.0 kernel (it was submitted for 
the 3.20 kernel).

Previously, if you specified a 256 bit key, it would set the key properly, but 
the AESNI (both SSE & AVX versions)
module would only do 10 rounds (instead of 14 like it is supposed to).  

You would get the same failure as above if you didn't load the AESNI module 
with an older kernel.

You may need to decrypt your disk with an older kernel, then re-encrypt it.

        - Tim

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to