Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
kernel level dm-crypt does not work?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Sat Oct 31, 2015 10:36 am    Post subject: kernel level dm-crypt does not work? Reply with quote

I've installed cryptsetup with kernel USE. The kernel configuration --

http://pastebin.com/Y5CFMnq3

Cryptsetup complaints 'Cannot initialize crypto backend'

dm-crypt is present, aes modules are loaded, urandom is there.

lsmod
Module Size Used by
algif_skcipher 4984 0
ablk_helper 1336 0
cryptd 4864 1 ablk_helper
xts 2296 0
gf128mul 4664 1 xts
ecb 1336 0
cbc 2040 0
aes_x86_64 6904 0
crypto_null 2040 0
algif_hash 2552 0
af_alg 3712 2 algif_hash,algif_skcipher
loop 15048 1
dm_crypt 13696 0
dm_mod 61312 1 dm_crypt
sr_mod 12548 0
cdrom 23039 1 sr_mod
desktopminer linux-3.17.1-gentoo # cryptsetup --debug -c aes-cbc-null
--key-size 256 create burn /dev/loop0
# cryptsetup 1.6.5 processing "cryptsetup --debug -c aes-cbc-null
--key-size 256 create burn /dev/loop0"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/loop0 context.
# Trying to open and read device /dev/loop0.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Formatting device /dev/loop0 as type PLAIN.
Cannot initialize crypto backend.
# Crypto backend () initialized.
# Releasing crypt device /dev/loop0 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 22: Cannot initialize crypto backend.

Thanks for any help!
_________________
My blog
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13970

PostPosted: Sat Oct 31, 2015 3:05 pm    Post subject: Reply with quote

Your problem is not with "kernel level" dm-crypt, since dm-crypt is always done at kernel level. Your problem is that cryptsetup cannot access the kernel-provided cryptography that can be exported to user space. Your configuration shows you built the user cryptographic APIs as modules, but your lsmod says they are not loaded. Your hostname is desktopminer, which makes me think this is not an embedded system. Note the warning in the cryptsetup ebuild:
Code:
        ewarn "Note that kernel backend is very slow for this type of operation"
        ewarn "and is provided mainly for embedded systems wanting to avoid"
        ewarn "userspace crypto libraries."
If you are using a full featured desktop, you would be better off using one of the other crypto backends.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2971
Location: Germany

PostPosted: Sat Oct 31, 2015 3:23 pm    Post subject: Reply with quote

Not sure why it says kernel backend is slow. The default gcrypt backend is actually the slowest, on my Haswell box.

http://www.metamorpher.de/files/cryptsetup-benchmark.html

Nettle is the fastest. It does not support whirlpool though.

For kernel backend to work, you must also enable sha1 in the kernel even if you're using sha512 for LUKS. sha1 is used for some initialization or other, so it won't work without... if in doubt, enable everything crypto in the kernel.
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Sun Nov 01, 2015 6:25 am    Post subject: Reply with quote

Hu wrote:
Your problem is not with "kernel level" dm-crypt, since dm-crypt is always done at kernel level. Your problem is that cryptsetup cannot access the kernel-provided cryptography that can be exported to user space. Your configuration shows you built the user cryptographic APIs as modules, but your lsmod says they are not loaded. Your hostname is desktopminer, which makes me think this is not an embedded system. Note the warning in the cryptsetup ebuild:
Code:
        ewarn "Note that kernel backend is very slow for this type of operation"
        ewarn "and is provided mainly for embedded systems wanting to avoid"
        ewarn "userspace crypto libraries."
If you are using a full featured desktop, you would be better off using one of the other crypto backends.


I suggest the warning be removed. That is not true.

@frostschutz

Yes, sha1 modules and USER_API_HASH

Thanks!
_________________
My blog
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum