You are not logged in.

#1 2015-04-25 17:01:35

belette
Guest

cryptsetup issue : cipher kernel support

Hi,

I am trying to encrypt a partition but received this error  :

cryptsetup -c aes-xts-plain64:sha512 -y -s 512 -h sha512 luksFormat /dev/sda3

device-mapper: reload ioctl on  failed: Invalid argument
Failed to setup dm-crypt key mapping for device /dev/sda3.
Check that kernel supports aes-xts-plain64:sha512 cipher (check syslog for more info).

I already checked that the modules are loaded

journalctl

systemd[1]: Device dev-disk-by\x2dpartlabel-primary.device appeared twice with different sysfs paths /sys/devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda1 and /sys/devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda3
kernel: device-mapper: table: 251:0: crypt: Device lookup failed

I have already used the same command and pretty sure I was working, here the server is hosted in OVH
Thanks if you have any idea..

belette

#2 2015-04-25 17:10:47

teateawhy
Member
From: GER
Registered: 2012-03-05
Posts: 1,138
Website

Re: cryptsetup issue : cipher kernel support

belette wrote:

Hi,

I am trying to encrypt a partition but received this error  :

cryptsetup -c aes-xts-plain64:sha512 -y -s 512 -h sha512 luksFormat /dev/sda3

device-mapper: reload ioctl on  failed: Invalid argument
Failed to setup dm-crypt key mapping for device /dev/sda3.
Check that kernel supports aes-xts-plain64:sha512 cipher (check syslog for more info).

Use aes-xts-plain64 instead of aes-xts-plain64:sha512 for the cipher. Plain means that there is nothing to be specified with the : character.

If  a  hash  is  part of the cipher spefification, then it is used as part of the IV generation. For example, ESSIV needs a hash function, while "plain64" does not and hence none is specified.

Offline

#3 2015-04-25 17:16:19

belette
Guest

Re: cryptsetup issue : cipher kernel support

Thanks for your reply.
Just try and same error :

cryptsetup -c aes-xts-plain64 -y -s 512 -h sha512 luksFormat /dev/sda3

WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase: 
Verify passphrase: 
device-mapper: reload ioctl on  failed: Invalid argument
Failed to setup dm-crypt key mapping for device /dev/sda3.
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).

Even all default gives me the same error..

cryptsetup luksFormat /dev/sda3

WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase: 
Verify passphrase: 
device-mapper: reload ioctl on  failed: Invalid argument
Failed to setup dm-crypt key mapping for device /dev/sda3.
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).

Last edited by belette (2015-04-25 17:21:02)

#4 2015-04-26 23:02:07

belette
Guest

Re: cryptsetup issue : cipher kernel support

Quick update :
I noticed I am under a grsec custom kernel.. this should be the reason why the modules are not loaded into the kernel..

uname -a
Linux 3.14.32-xxxx-grs-ipv6-64 #1 SMP Sat Feb 7 11:35:27 CET 2015 x86_64 GNU/Linux

Is there a way to move to the stock kernel when I am into a grsec kernel? I tried to just pacman -S linux but I get lot of issue and pacman doesn't allow me to do it.

Last edited by belette (2015-04-26 23:02:21)

Board footer

Powered by FluxBB