Jump to content

Crypto kernel modules missing for aes-xts-plain64 cipher


getreu

Recommended Posts

Luks encrypted devices need this cipher:  aes-xts-plain64

 

I get these error messages:

 

>   Check that kernel supports aes-xts-plain64 cipher

>   device-mapper: table: 254:0: crypt: Error allocating crypto tfm

 

It seems that at least the following modules are needed:  xts, aes-x86_64

 

They are misising in all armbian debian kernals for rockchip.
Could you please add them?

Link to comment
Share on other sites

I am afraid I am not competent for suggesting pull requrests for these config files.

 

Knowing that my Odroid C2 Armbian default configuration can mount luks encrypted partitions out of the box, I compared this configuration with the rockchip configuration. As you can see from the attached file linux-rockchip-default.config--linux-odroidc2-default.config.diff they differ in many ways:

 

My best guess is to change

# CONFIG_CRYPTO_XTS is not set

to 

CONFIG_CRYPTO_XTS=m

This might not be enough though.

The second file  lsmod.txt shows all loaded modules in my Odroid C2. It has an luks encrypted Raid1 volume mounted. I hope it helps someone.

 

Link to comment
Share on other sites

1 hour ago, getreu said:

I am afraid I am not competent for suggesting pull requrests for these config files.

you can do it. :thumbup: See:

X2LYZj01CTqZxM8OVE4aqoqf0.png

 

obviously, before you send the PR you've to test your new kernelconfig and it would make sense to provide at least 'sudo armbianmonitor -u' within your PR.

 

interesting parts:

00:00 - 02:30

08:30 - 12:10

24:00 - end

 

btw @TonyMac32 kconfig is messed up once again, see 08:30 - 12:10 and https://github.com/chwe17/build/commit/2c77824cb7ac8e9f88ac32d4c113a59fdf4e9312

 

 

 

Link to comment
Share on other sites

Thank you for your video! I managed to compile the kernel using docker with
 

./compile.sh docker KERNEL_ONLY=yes  BOARD=tinkerboard BRANCH=next KERNEL_CONFIGURE=yes

BTW `menuconfig` works only when compiled for the first time. then it crashes!

Like the Odroid people I compiled all crypt related stuff as modules, see linux-rockchip-next.config.

The crypto modules are so tiny that they does not make the image bigger.

 

When I unlock my luks device with

 

cryptsetup open --type luks $(ls /dev/md*|head -n 1) dm-name-md1-crypt

it loads the `xts` module.

There is still one problem remaining: OpenMediaVault 4 does not recognize `/dev/mapper/dm-name-md1-crypt` as a device. Strangely under `Armbian Odroid C2` it does!

See my question here: http://forum.openmediavault.org/index.php/Thread/24375-OVM-does-not-recognize-dev-mapper-md127-as-device/

Any ideas what kernel module could be missing?

Link to comment
Share on other sites

5 hours ago, getreu said:

Any ideas what kernel module could be missing?

No idea.. ;) That's what development makes time consuming.. :P figure out which bits are missing to get *random feature* working.. :) 

 

5 hours ago, getreu said:

Like the Odroid people I compiled all crypt related stuff as modules, see linux-rockchip-next.config.

The crypto modules tiny so it does not make the image bigger.

If you compile them all as modules so it doesn't hurt performance for those who don't use it, I assume chances are hight that the new kernelconfig will be merged into Armbian and everyone can benefit from your work (except speck cipher - nobody likes speck :lol: but as far as I saw, you didn't turn it on..).

 

5 hours ago, getreu said:

BTW `menuconfig` works only when compiled for the first time. then it crashes!

it might make sense to open an issue on github (that's were buildscript related questions are normally discussed) just to ensure this information doesn't get lost. :) 

Link to comment
Share on other sites

>    it might make sense to open an issue on github (that's were buildscript related questions are normally discussed) just to ensure this information doesn't get lost.  

 

[`menuconfig` in docker build crashes when compiled for the second time · Issue #1122 · armbian/build](https://github.com/armbian/build/issues/1122)
 

Link to comment
Share on other sites

>   I assume chances are hight that the new kernelconfig will be merged into Armbian and everyone can benefit from your work

 

I pushed this pull request:   https://github.com/armbian/build/pull/1123

 

>    There is still one problem remaining: OpenMediaVault 4 does not recognize `/dev/mapper/dm-name-md1-crypt` as a device.

The problem solved itself! No idea how and why. Maybe it needed just a reboot.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines