The officially official Devuan Forum!

You are not logged in.

#1 2019-04-22 16:42:17

d1str0
Member
Registered: 2019-04-22
Posts: 9  

cryptsetup on embedded

Hi,
I just have successfully installed Devuan on a Banana Pi M1, but while trying to open and mount a encrypted hard drive, I get this message:

root@devuan:~# cryptsetup luksOpen /dev/sda5 asdf
Enter passphrase for /dev/sda5: 
device-mapper: reload ioctl on  failed: No such file or directory
Failed to setup dm-crypt key mapping for device /dev/sda5.
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).

Syslog says:

Apr 22 16:30:22 devuan kernel: [ 2650.630456] device-mapper: table: 254:0: crypt: Error allocating crypto tfm
Apr 22 16:30:22 devuan kernel: [ 2650.637462] device-mapper: ioctl: error adding target to table

I'm guessing the kernel doesn't support the encryption scheme. What can I do in this case?
Thanks.

Offline

#2 2019-05-06 23:14:37

emanym
Member
Registered: 2018-04-08
Posts: 35  

Re: cryptsetup on embedded

Hi,

you can check for supported encryption schemes with:

emanym@sybilla:~$ cat /proc/crypto

and get something like:

 ...
  name         : xts(aes)
  driver       : xts(aes-generic)
  module       : xts
  priority     : 100
  refcnt       : 5
  selftest     : passed
  internal     : no
  type         : blkcipher
  blocksize    : 16
  min keysize  : 32
  max keysize  : 64
  ivsize       : 16
  geniv        : <default>
 ...

Also, check whether xts and ecb modules are loaded with:

emanym@sybilla:~$ lsmod | grep "ecb\|xts"
ecb                    16384  0
xts                    16384  4
gf128mul               16384  1 xts

Did you use a devuan sunxi image for the installation?

Regards.

Offline

#3 2019-05-26 18:28:41

d1str0
Member
Registered: 2019-04-22
Posts: 9  

Re: cryptsetup on embedded

emanym wrote:

you can check for supported encryption schemes

cat /proc/crypto shows nothing regarding xts. This is the whole output:

name         : hmac(sha256)
driver       : hmac(sha256-neon)
module       : hmac
priority     : 250
refcnt       : 3
selftest     : passed
internal     : no
type         : shash
blocksize    : 64
digestsize   : 32

name         : sha224
driver       : sha224-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
internal     : no
type         : shash
blocksize    : 64
digestsize   : 28

name         : sha256
driver       : sha256-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
internal     : no
type         : shash
blocksize    : 64
digestsize   : 32

name         : sha224
driver       : sha224-neon
module       : sha256_arm
priority     : 250
refcnt       : 1
selftest     : passed
internal     : no
type         : shash
blocksize    : 64
digestsize   : 28

name         : sha256
driver       : sha256-neon
module       : sha256_arm
priority     : 250
refcnt       : 3
selftest     : passed
internal     : no
type         : shash
blocksize    : 64
digestsize   : 32

name         : sha224
driver       : sha224-asm
module       : sha256_arm
priority     : 150
refcnt       : 1
selftest     : passed
internal     : no
type         : shash
blocksize    : 64
digestsize   : 28

name         : sha256
driver       : sha256-asm
module       : sha256_arm
priority     : 150
refcnt       : 1
selftest     : passed
internal     : no
type         : shash
blocksize    : 64
digestsize   : 32

name         : hmac(sha1)
driver       : hmac(sha1-generic)
module       : hmac
priority     : 0
refcnt       : 3
selftest     : passed
internal     : no
type         : shash
blocksize    : 64
digestsize   : 20

name         : stdrng
driver       : sun4i_ss_rng
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
internal     : no
type         : rng
seedsize     : 24

name         : ecb(des3_ede)
driver       : ecb-des3-sun4i-ss
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
internal     : no
type         : skcipher
async        : no
blocksize    : 8
min keysize  : 24
max keysize  : 24
ivsize       : 8
chunksize    : 8
walksize     : 8

name         : cbc(des3_ede)
driver       : cbc-des3-sun4i-ss
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
internal     : no
type         : skcipher
async        : no
blocksize    : 8
min keysize  : 24
max keysize  : 24
ivsize       : 8
chunksize    : 8
walksize     : 8

name         : ecb(des)
driver       : ecb-des-sun4i-ss
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
internal     : no
type         : skcipher
async        : no
blocksize    : 8
min keysize  : 8
max keysize  : 8
ivsize       : 0
chunksize    : 8
walksize     : 8

name         : cbc(des)
driver       : cbc-des-sun4i-ss
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
internal     : no
type         : skcipher
async        : no
blocksize    : 8
min keysize  : 8
max keysize  : 8
ivsize       : 8
chunksize    : 8
walksize     : 8

name         : ecb(aes)
driver       : ecb-aes-sun4i-ss
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
internal     : no
type         : skcipher
async        : no
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
chunksize    : 16
walksize     : 16

name         : cbc(aes)
driver       : cbc-aes-sun4i-ss
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
internal     : no
type         : skcipher
async        : no
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
chunksize    : 16
walksize     : 16

name         : sha1
driver       : sha1-sun4i-ss
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
internal     : no
type         : ahash
async        : no
blocksize    : 64
digestsize   : 20

name         : md5
driver       : md5-sun4i-ss
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
internal     : no
type         : ahash
async        : no
blocksize    : 64
digestsize   : 16

name         : crc32
driver       : crc32-generic
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
internal     : no
type         : shash
blocksize    : 1
digestsize   : 4

name         : crc32c
driver       : crc32c-generic
module       : kernel
priority     : 100
refcnt       : 6
selftest     : passed
internal     : no
type         : shash
blocksize    : 1
digestsize   : 4

name         : aes
driver       : aes-generic
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
internal     : no
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : des3_ede
driver       : des3_ede-generic
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
internal     : no
type         : cipher
blocksize    : 8
min keysize  : 24
max keysize  : 24

name         : des
driver       : des-generic
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
internal     : no
type         : cipher
blocksize    : 8
min keysize  : 8
max keysize  : 8

name         : sha1
driver       : sha1-generic
module       : kernel
priority     : 0
refcnt       : 3
selftest     : passed
internal     : no
type         : shash
blocksize    : 64
digestsize   : 20

name         : md5
driver       : md5-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
internal     : no
type         : shash
blocksize    : 64
digestsize   : 16

name         : digest_null
driver       : digest_null-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
internal     : no
type         : shash
blocksize    : 1
digestsize   : 0

name         : compress_null
driver       : compress_null-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
internal     : no
type         : compression

name         : ecb(cipher_null)
driver       : ecb-cipher_null
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
internal     : no
type         : blkcipher
blocksize    : 1
min keysize  : 0
max keysize  : 0
ivsize       : 0
geniv        : <default>

name         : cipher_null
driver       : cipher_null-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
internal     : no
type         : cipher
blocksize    : 1
min keysize  : 0
max keysize  : 0

name         : rsa
driver       : rsa-generic
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
internal     : no
type         : akcipher
emanym wrote:

Also, check whether xts and ecb modules are loaded

Before running cryptsetup luksOpen neither is loaded. After that, only xts is loaded. I can load ecb with modprobe, but cryptsetup gives me the same error.

emanym wrote:

Did you use a devuan sunxi image for the installation?

Yes I did.
Thanks for your help.

Offline

#4 2019-05-27 23:28:39

emanym
Member
Registered: 2018-04-08
Posts: 35  

Re: cryptsetup on embedded

d1str0 wrote:

Before running cryptsetup luksOpen neither is loaded. After that, only xts is loaded. I can load ecb with modprobe, but cryptsetup gives me the same error.

No changes in /proc/crypto after loading those modules?

Offline

#5 2019-05-28 23:53:03

d1str0
Member
Registered: 2019-04-22
Posts: 9  

Re: cryptsetup on embedded

emanym wrote:

No changes in /proc/crypto after loading those modules?

No major difference.
This is what is new:

< name         : aes
< driver       : aes-arm
< module       : aes_arm
< priority     : 200
< refcnt       : 1
< selftest     : passed
< internal     : no
< type         : cipher
< blocksize    : 16
< min keysize  : 16
< max keysize  : 32

Offline

#6 2019-05-30 23:00:48

emanym
Member
Registered: 2018-04-08
Posts: 35  

Re: cryptsetup on embedded

d1str0 wrote:

No major difference.
This is what is new:

< name         : aes
< driver       : aes-arm
< module       : aes_arm

So aes-xts is still unsupported, even with those modules loaded...

I noticed on my desktop pc (amd64) that the xts module also uses or needs the gf128mul module.

Is that loaded on your banana pi?
Could also be compiled in the kernel, you can check for CONFIG_CRYPTO_GF128MUL= in /boot/config-<kernel-version> if that exists on your system or alternatively in /proc/config.gz (may be missing as well on your system).

Offline

#7 2019-06-04 19:05:40

d1str0
Member
Registered: 2019-04-22
Posts: 9  

Re: cryptsetup on embedded

Sorry mate.
I really had to have this system up and running so I accepted the "D" (for now) and flashed a SD card with Armbian. I would have to set some time aside for this in the future, or maybe buy another Banana Pi M1 to test it out.
I will update this thread when I have it working.
Thanks for your help.

Offline

Board footer