sorry to ask, I'm interested in this issue, RickDeckard:
In your first post you had problems while using 4.18.7.
Now you downgraded to 4.18.5 and this solved the issue ?
Or did you modify your mkinitcpio.conf and then 4.18.7 was fine too ?Thanks !
I modified the contents of my /etc/modules-load.d directory because StrongSwan wanted to load in the SHA512 module and it helped me work with module loading disabled, but that's largely correct on both counts.
Kernel bpfilter module wasn't used for anything, it was added by mistake and it's now gone: https://bugs.archlinux.org/task/59833. I hope your system isn't forcefully trying to load it in some place
It was part of modules-load.d when I realized it had to load, as per the bug you linked, otherwise iptables wouldn't function. I've taken it out since upgrading to 4.18.7 and regenerated the initramfs which caused that warning to disappear.
]]>In your first post you had problems while using 4.18.7.
Now you downgraded to 4.18.5 and this solved the issue ?
Or did you modify your mkinitcpio.conf and then 4.18.7 was fine too ?
Thanks !
]]>You have some misconfiguration on your system - are you trying to load sha512 module in initramfs?
I thought that might have been it after you asked, so I went to mkinitcpio.conf and found this:
MODULES=(btrfs ecryptfs encrypted_keys vfat fat nls_cp437 nls_iso8859-1)
As you can see it's not there, but then I went to /etc/modules-load.d/strongswan.conf (I use both computers to connect to the work VPN) and found this:
xt_policy
xfrm_user
authenc
echainiv
xfrm6_mode_tunnel
xfrm4_mode_tunnel
ccm
xfrm_user
xfrm4_tunnel
sha512_ssse3
***sha512_generic***
tunnel4
ipcomp
xfrm_ipcomp
esp4
ah4
af_key
xfrm_algo
I'll try to remove that line, upgrade kernels again, and then report back.
]]>Normal linux kernel will also have sha512 build-in instead of module in next update so I recommend fix your system asap or you will be locked out.
]]>CONFIG_CRYPTO_SHA512=y
so the code is built in rather than as a seperate module.
linux uses
CONFIG_CRYPTO_SHA512=m
and sha512_generic.ko.xz is still provided by linux 4.18.7.arch1-1
Edit:
You should can check the availability of sha512 on linux-hardened using
cat /proc/crypto
The main laptop, which was using 4.18.6, had the sha512_generic module available. The 4.18.7 did not and instead only had sha3_generic. Updating initramfs as well as reinstalling both 4.18.7 and .6 via Pacman did not solve the issue. Only a downgrade back to 4.18.5 through the ALA did and now both computers are functioning again.
Is SHA512 being phased out in favor of SHA3 or something? I ask because the file list on packages.archlinux.org doesn't happen to include sha512_generic.ko.xz. I hope I don't have to delete and remake my whole /home partitions either in light of this because I have too much and too important stuff on the main laptop to lose.
]]>