[pkg-cryptsetup-devel] Bug#901884: [cryptsetup-initramfs] Unbootable system with MODULES=dep

Guilhem Moulin guilhem at debian.org
Tue Jun 19 23:21:36 BST 2018


On Tue, 19 Jun 2018 at 23:52:45 +0200, Guilhem Moulin wrote:
> Sorry, I meant between your backup initrd.img (presumably also compiled
> with MODULES=dep) and the new, broken one.

Alternatively, if you don't have this initrd around anymore, are you able
to boot if you add the ‘xts’ module to the broken one?

    echo xts >>/etc/initramfs-tools/modules
    update-initramfs -u
    systemctl reboot

I'm now able to reproduce this in a test environment where the cipher
mode (xts is your case) is provided by a separate module.  We didn't
catch that earlier because our test VMs run using their host's CPU
model, which have AES-NI.  Indeed, running qemu with `-cpu host,-aes`
yields an unbootable system if the root FS is encrypted using AES-XTS
and the initrd is compiled with MODULES=dep.

(That's a lot of “ifs” and most systems won't be affected as default is
MODULES=most and these days AES-NI is common enough, so I'm not sure
‘severity: critical’ is appropriate, but but it's definitely RC anyway.)

-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20180620/32e87d6f/attachment.sig>


More information about the pkg-cryptsetup-devel mailing list