RE: re: [4.0] cryptsetup fails
From: McCaffrey, Timothy M
Date: Wed Mar 04 2015 - 14:24:22 EST
> -----Original Message-----
> From: McCaffrey, Timothy M
> Sent: Wednesday, March 04, 2015 2:14 PM
> To: 'linux-kernel@xxxxxxxxxxxxxxx'
> Subject: re: [4.0] cryptsetup fails
>
> >Subject: [4.0] cryptsetup fails
> >From: Thomas Meyer <thomas () m3y3r ! de>
> >Date: 2015-03-04 12:12:47
> >Hi,
>
> >I wanted to give the new kernel a try, but the cryptsetup fails with:
> >[ 8.747114] localhost.localdomain systemd-cryptsetup[280]: Set cipher aes,
> mode xts-plain64, key size 256 bits for device /dev/disk/[...]
> >[ 9.265258] localhost.localdomain kernel: device-mapper: table: 254:0:
> crypt: Error allocating crypto tfm
> >[ 9.265265] localhost.localdomain kernel: device-mapper: ioctl: error
> adding target to table
> >[ 9.280993] localhost.localdomain systemd-cryptsetup[280]: Failed to
> activate: Input/output error
>
> >the error seems to get produced in drivers/md/dm-crypt.c:
>
> >5ebaee6d2 (Milan Broz 2010-08-12 04:14:07 +0100 1619) /* Allocate
> cipher */
> >fd2d231fa (Mikulas Patocka 2012-07-27 15:08:05 +0100 1620) ret =
> crypt_alloc_tfms(cc, cipher_api);
> >fd2d231fa (Mikulas Patocka 2012-07-27 15:08:05 +0100 1621) if
> (ret < 0) {
> >fd2d231fa (Mikulas Patocka 2012-07-27 15:08:05 +0100 1622)
> ti->error = "Error allocating crypto tfm";
> >fd2d231fa (Mikulas Patocka 2012-07-27 15:08:05 +0100 1623)
> goto bad;
>
> >$ grep AES /boot/config-4.0.0-rc1-23421-g023a600
> ># CONFIG_SND_MAESTRO3 is not set
> >CONFIG_CRYPTO_AES=y
> >CONFIG_CRYPTO_AES_X86_64=m
> >CONFIG_CRYPTO_AES_NI_INTEL=m
> >CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
> >CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m
>
> >any ideas what did change here? what am i missing?
>
> >with kind regards
> >thomas
>
> I submitted a patch to the crypto mailing list that fixed the AESNI module so it
> handles 256 bit keys
> properly, I am not sure it was included on the 4.0 kernel (it was submitted for
> the 3.20 kernel).
>
> Previously, if you specified a 256 bit key, it would set the key properly, but
> the AESNI (both SSE & AVX versions)
> module would only do 10 rounds (instead of 14 like it is supposed to).
>
> You would get the same failure as above if you didn't load the AESNI module
> with an older kernel.
>
> You may need to decrypt your disk with an older kernel, then re-encrypt it.
>
> - Tim
I should also note these changes were for AES/GCM only, they may not apply to AES/TXT.
- Tim
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/