[opensuse] Failure to encrypt a big disk - missing kernel module?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I get: Isengard:~ # time cryptsetup luksFormat /dev/sdc2 WARNING! ======== This will overwrite data on /dev/sdc2 irrevocably. Are you sure? (Type uppercase yes): YES Enter passphrase: Verify passphrase: Failed to setup dm-crypt key mapping for device /dev/sdc2. Check that kernel supports aes-xts-plain64 cipher (check syslog for more info). real 0m39.182s user 0m0.006s sys 0m0.016s Isengard:~ # file -s /dev/sdc2 /dev/sdc2: SGI XFS filesystem data (blksz 4096, inosz 256, v2 dirs) Isengard:~ # zgrep CONFIG_CRYPTO_XTS /proc/config.gz CONFIG_CRYPTO_XTS=m Isengard:~ # I don't know if the kernel supports aes-xts-plain64 cipher. Syslog says: <10.6> 2017-04-14T14:00:03.319567+02:00 Isengard CRON 28100 - - pam_unix(crond:session): session closed for user root <0.3> 2017-04-14T14:03:20.773777+02:00 Isengard kernel - - - [601377.447317] device-mapper: table: 254:2: crypt: Device lookup failed <0.4> 2017-04-14T14:03:20.773809+02:00 Isengard kernel - - - [601377.447324] device-mapper: ioctl: error adding target to table I don't know how to interpret that. Telcontar:~ # cat /proc/crypto | grep xts name : xts(aes) driver : xts(aes-generic) module : xts Telcontar:~ # I don't see aes-xts-plain64 there. Telcontar:~ # cryptsetup --help ... Default compiled-in device cipher parameters: loop-AES: aes, Key 256 bits plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160 LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: sha1, RNG: /dev/urandom Telcontar:~ # aes-xts-plain64 is required because the disk is big (4TB). - -- Cheers Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAljwviYACgkQtTMYHG2NR9XENwCff8xxeHvD2c8KIiAoViPMTqB8 AEoAoJdEJls7pQjLIE7e7jPmQ9eysJEb =y+hq -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).
You're not the only one with this issue - https://serverfault.com/questions/753918/cryptsetup-luks-check-that-kernel-s... Try googling the paragraph I quoted above, there are quite a few hits. No solutions that I could see though. -- Per Jessen, Zürich (14.6°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-04-14 14:47, Per Jessen wrote:
Carlos E. R. wrote:
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).
You're not the only one with this issue -
https://serverfault.com/questions/753918/cryptsetup-luks-check-that-kernel-s...
Try googling the paragraph I quoted above, there are quite a few hits. No solutions that I could see though.
I googled. I fact, the contents of my post show output that were asked for in posts I found on google. The one you post above is for an already created crypto system, attempting to mount it. Apparently kernel and cryptsetup must match. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
On 2017-04-14 15:18, Carlos E. R. wrote:
On 2017-04-14 14:47, Per Jessen wrote:
Carlos E. R. wrote:
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).
You're not the only one with this issue -
https://serverfault.com/questions/753918/cryptsetup-luks-check-that-kernel-s...
Try googling the paragraph I quoted above, there are quite a few hits. No solutions that I could see though.
I googled. I fact, the contents of my post show output that were asked for in posts I found on google.
The one you post above is for an already created crypto system, attempting to mount it. Apparently kernel and cryptsetup must match.
I posted to the dm-crypt mail list and we found the problem: systemd had automatically mounted the partition! I created a mount point, mounted it, wrote a file (to verify that we could write to the partition), got lsblk output, then umounted, and just by chance I thought of doing lsblk again. There it was! └─sdc2 8:34 0 3,7T 0 part /run/media/cer/WaterHoardR I removed that mount, and then cryptsetup succeeded. I got told that "(device-mapper ioctl error reporting is limited, we can usually just guess what is wrong, so the userspace message is here perhaps misleading)". -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
On 2017-04-14 19:11, Carlos E. R. wrote:
On 2017-04-14 15:18, Carlos E. R. wrote:
On 2017-04-14 14:47, Per Jessen wrote:
I posted to the dm-crypt mail list and we found the problem: systemd had automatically mounted the partition!
Well, no, turns out it wasn't systemd, but XFCE desktop doing it. Action disabled now. Still it is a mystery why 'cryptsetup' did not detect the situation and report it properly. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
participants (3)
-
Carlos E. R. -
Carlos E. R. -
Per Jessen