You are not logged in.

#1 2012-09-25 11:50:24

henriette
Member
Registered: 2012-09-25
Posts: 2

[Solved] Problem with cryptsetup

Hi there, Arch Forums

I'm trying to install Arch with full disk encryption in a VirtualBox VM.
I get an error when trying to luksFormat with cipher aes-cbc-essiv:sha256.

Running

cryptsetup -c aes-cbc-essiv:sha256 -y -s 512 luksFormat /dev/sda2

results in

[5095.685736] device-mapper: table: 254:3: crypt: Error decoding and setting key
device-mapper: reload ioctl on  failed: Invalid argument
Failed to setup dm-crypt key mapping for device /dev/sda2.
Check that kernel supports aes-cbc-essiv:sha256 cipher (check syslog for more info).
Failed to write to key storage. 

dmesg:

[5095.685736] device-mapper: table: 254:3: crypt: Error decoding and setting key
[5095.687504] device-mapper: ioctl: error adding target to table

Using aes-xts-plain instead of aes-cbc-essiv:sha256 works.
I checked, if the kernel modules were loaded correctly, they were not. Manual modprobe:

root@archiso ~ # lsmod | grep -i -e aes -e cbc -e sha
1 root@archiso ~ # :(
root@archiso ~ # modprobe sha256
root@archiso ~ # modprobe cbc
root@archiso ~ # modprobe aes
ERROR: could not insert 'padlock_aes': No such device
ERROR: could not insert 'aesni_intel': No such device

Google said the errors of "modprobe aes" can be ignored. (Hardware features the VM doesn't have, German Arch wiki: https://wiki.archlinux.de/title/Festpla … lermeldung).
The modules seem to load correctly:

root@archiso ~ # lsmod | grep -i -e aes -e cbc -e sha
sha256_generic         10261  0 
cbc                     2736  0 
aes_x86_64              7508  0 
aes_generic            26138  1 aes_x86_64

luksFormat results in the same error as before modprobing, however.
I checked /proc/crypto: No mention of cbc there. Is cbc the problem?

name         : sha256
driver       : sha256-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 32

name         : sha224
driver       : sha224-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 28

name         : aes
driver       : aes-asm
module       : aes_x86_64
priority     : 200
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : aes
driver       : aes-generic
module       : aes_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : stdrng
driver       : krng
module       : kernel
priority     : 200
refcnt       : 1
selftest     : passed
type         : rng
seedsize     : 0

name         : lzo
driver       : lzo-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : compression

I'm at a loss here. Is aes-cbc-essiv:sha256 simply not supported by Arch or did I do something wrong?

Thanks for you help.
Henriette

Last edited by henriette (2012-09-26 19:14:01)

Offline

#2 2012-09-26 16:06:30

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,429

Re: [Solved] Problem with cryptsetup

Hi Henriette and welcome to the forums,
the cypher you use is the current standard compiled into cryptsetup. You only have to set the key-size option to a matching length "-s 256" and it should work. Usually no need to manually load any aes-modules.

Offline

#3 2012-09-26 19:13:25

henriette
Member
Registered: 2012-09-25
Posts: 2

Re: [Solved] Problem with cryptsetup

Thank you.

Offline

Board footer

Powered by FluxBB