[Bug 1000507] New: cannot boot encrypted disk installed on one PC on another
http://bugzilla.suse.com/show_bug.cgi?id=1000507 Bug ID: 1000507 Summary: cannot boot encrypted disk installed on one PC on another Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: msuchanek@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 693700 --> http://bugzilla.suse.com/attachment.cgi?id=693700&action=edit initrd log I installed a system with disk encryption in one PC. Tried to move it to another PC and it would not boot. It asks for the passphrase, waits a long time, and then prints Failed to start Cryptography Setup for cr_ata_<disk manufacturer and model>_part2. I suspect it may be trying to use a crypto accelerator that does not exist. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1000507 Arvin Schnell <aschnell@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aschnell@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1000507 http://bugzilla.suse.com/show_bug.cgi?id=1000507#c3 --- Comment #3 from Michal Suchanek <msuchanek@suse.com> --- I guess the problem is this: lib/modules/4.7.5-1-default lib/modules/4.7.5-1-default/kernel -lib/modules/4.7.5-1-default/kernel/arch -lib/modules/4.7.5-1-default/kernel/arch/x86 -lib/modules/4.7.5-1-default/kernel/arch/x86/crypto -lib/modules/4.7.5-1-default/kernel/arch/x86/crypto/aesni-intel.ko -lib/modules/4.7.5-1-default/kernel/arch/x86/crypto/aes-x86_64.ko -lib/modules/4.7.5-1-default/kernel/arch/x86/crypto/crc32c-intel.ko -lib/modules/4.7.5-1-default/kernel/arch/x86/crypto/crc32-pclmul.ko -lib/modules/4.7.5-1-default/kernel/arch/x86/crypto/crct10dif-pclmul.ko -lib/modules/4.7.5-1-default/kernel/arch/x86/crypto/ghash-clmulni-intel.ko -lib/modules/4.7.5-1-default/kernel/arch/x86/crypto/glue_helper.ko lib/modules/4.7.5-1-default/kernel/crypto -lib/modules/4.7.5-1-default/kernel/crypto/ablk_helper.ko -lib/modules/4.7.5-1-default/kernel/crypto/ansi_cprng.ko +lib/modules/4.7.5-1-default/kernel/crypto/af_alg.ko +lib/modules/4.7.5-1-default/kernel/crypto/algif_skcipher.ko lib/modules/4.7.5-1-default/kernel/crypto/arc4.ko lib/modules/4.7.5-1-default/kernel/crypto/ccm.ko -lib/modules/4.7.5-1-default/kernel/crypto/cryptd.ko lib/modules/4.7.5-1-default/kernel/crypto/ctr.ko lib/modules/4.7.5-1-default/kernel/crypto/drbg.ko lib/modules/4.7.5-1-default/kernel/crypto/gf128mul.ko -lib/modules/4.7.5-1-default/kernel/crypto/jitterentropy_rng.ko -lib/modules/4.7.5-1-default/kernel/crypto/lrw.ko -lib/modules/4.7.5-1-default/kernel/crypto/xor.ko +lib/modules/4.7.5-1-default/kernel/crypto/xts.ko It's fine to have Intel-accelerated crypto available on Intel CPUs that support it but it's not fine to not have the fallback modules so you can decrypt your disk on CPUs that are missing the acceleration. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1000507 Chenzi Cao <chcao@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bnc-team-screening@forge.pr |lnussel@suse.com |ovo.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1000507 http://bugzilla.suse.com/show_bug.cgi?id=1000507#c6 --- Comment #6 from Michal Suchanek <msuchanek@suse.com> --- On the system in question booting from removable medium or network makes the harddisk inaccessible because the BIOS switches the AHCI port from ATA to dummy. It's possible to work around by copying the installer kernel and initrd to the boot partition. That said, making system boot depend on obscure CPU features does not sound that awesome. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1000507 Daniel Molkentin <daniel.molkentin@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |daniel.molkentin@suse.com Assignee|trenn@suse.com |daniel.molkentin@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1000507 Daniel Molkentin <daniel.molkentin@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|daniel.molkentin@suse.com |dracut-maintainers@suse.de -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1000507 http://bugzilla.suse.com/show_bug.cgi?id=1000507#c7 Daniel Molkentin <daniel.molkentin@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #7 from Daniel Molkentin <daniel.molkentin@suse.com> --- Revisiting this as part of dracut bug cleanups. The kernel currently provides no unified way of telling us what a "generic" version of a given optimized module is (we can only learn about aliases). So if you feel we should pursue that, we need some metadata from the kernel first. I will close this issue for now, but I am happy to work on this as part of a feature. -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com