[pkg-cryptsetup-devel] Bug#541835: Bug#541835: crypto configuration / dependencies broken

Jonas Meurer jonas at freesources.org
Thu Aug 27 18:35:01 UTC 2009


hey,

On 27/08/2009 Randy Dunlap wrote:
> On Tue, 25 Aug 2009 19:58:52 -0400 Celejar wrote:
> 
> > I'm having a pretty bizarre problem with my kernel crypto
> > configuration.  I need support for a bog standard LUKS (aes /
> > cbc-essiv:sha256) / cryptsetup installation, but even after I enable
> > virtually everything in the crypto section of the kernel configs, cbc
> > fails to load.  All the relevant modules are exist (dm-mod, dm-crypt,
> > crypto_blkcipher, crypto_algapi, crypto_hash, aes_generic,
> > sha256_generic), but even after modprobing / insmoding
> > everything, /proc/crypto shows that aes and sha is there, but not cbc.
> > 
> > The problem has been reproduced (using my kernel config) by Jonas
> > Meurer, the Debian cryptsetup maintainer, so it's not just me ;).
> > We've tried numerous different kernel versions in the .30 / .31 range.
> > 
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541835
> > 
> > Does this mean that something else somewhere in the kernel needs to be
> > configured but isn't, and the necessary dependency isn't properly
> > declared?
> > 
> > My config is at:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=45;filename=config-2.6.31-rc6-lizzie-00042-gb2add73;att=1;bug=541835
> > 
> > [I'm not subscribed to lkml; please cc me on responses]
> 
> 
> You could try/test a patch that was just posted:
>   http://lkml.org/lkml/2009/8/27/249

that patch seems to be for ecryptfs only, while Celejar uses dm-crypt.
second, the patch just ensures that CRYPTO_ECB and CRYPTO_CBC are
selected along with ECRYPT_FS. but Celejar does have both CRYPTO_ECB and
CRYPTO_CBC selected.

the problem rather is that loading the cbc blockcipher module simply
does nothing. the module is listed in /proc/modules, but the blockcipher
is still missing from /proc/crypto.

the problem is not reproducible with a debian/unstable 2.6.30.6 kernel,
even though it has cbc compiled as module as well. but if I recompile
the same kernel sources with Celejars kernel .config, the problem
occurs. thus it must be related to the kernel config in some way.

greetings,
 jonas


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20090827/0c77bb10/attachment.pgp>


More information about the pkg-cryptsetup-devel mailing list