[Pkg-cryptsetup-devel] Bug#464673: Bug#464673: cryptsetup seems to try to load some padlock modules

Jonas Meurer jonas at freesources.org
Mon Feb 18 17:06:45 UTC 2008

On 10/02/2008 David Härdeman wrote:
> As to why they are included in the initramfs image in the first place,  
> the cryptsetup initramfs hook uses the initramfs-tools function  
> manual_add_modules to add modules to the initramfs image.
> manual_add_modules checks module dependencies with modprobe, so if the  
> cryptsetup hook calls "manual_add_modules aes", the following is  
> executed by that function (this example is for the Debian 2.6.24  
> kernel):
> modprobe --set-version="2.6.24-1-686" --ignore-install --show-depends aes
> which gives this output:
> insmod /lib/modules/2.6.24-1-686/kernel/crypto/aes_generic.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/crypto/blkcipher.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/drivers/crypto/geode-aes.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/crypto/blkcipher.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/drivers/crypto/padlock-aes.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/arch/x86/crypto/aes-i586.ko 
> And all of those modules are added as a result.
> I think the next step would be to get some feedback from Maximilian.

I discussed the issue with maks and waldi on irc today, and finally
waldi told me that the aes module where renamed to aes_generic in kernel
2.6.24. The same goes for des, sha1 and sha256 modules.
All aes* modules do have an alias for aes, thus modprobe from
manual_add_modules() produces the list above.

The proposed fix for this is to check for kernel version in the
initramfs cryptroot hook, and substitute aes/des/sha256 by <cipher>_generic
if necessary. I don't like that idea though, as that bloats the script even
more and doesn't provide a general solution for the future. How shall we
know when yet another cipher module is renamed? and i fear that we will
end up with something like

case "$k_vers" in
		modules=$(sed -e 's/aes/aes_generic' \
				-e 's/des/des_generic' [...])
		modules=$(sed -e 's/<cipher>/<cipher>_generic' \

which in my eyes is a nightmare to maintain.


More information about the Pkg-cryptsetup-devel mailing list