Control: retitle -1 cryptsetup-initramfs: Can't open aes-cbc-essiv:sha256 dm-crypt targets with a 5.4 kernel and an initramfs built with MODULES=dep Control: found -1 2:1.6.6-5 Control: tag -1 pending
Hi, On Mon, 13 Jan 2020 at 08:47:43 +0100, Didier 'OdyX' Raboud wrote: >> Devices formatted since 2:1.6.1-1 (June 2013) use XTS by default and >> AFAICT aren't affected. For other devices and when the initramfs is built >> with MODULES!="most" I guess we should change populate_CRYPTO_MODULES() so >> the ivmode is appended too, not only cipher+chainmode+ivopts. > > https://sources.debian.org/src/cryptsetup/2:2.2.2-1/debian/initramfs/hooks/cryptroot/?hl=318#L318 > > That'd be useful yes! This should fix it: https://salsa.debian.org/cryptsetup-team/cryptsetup/commit/6b75e4bda81ec63f42c46368e7b078c827ef0aad . AFAICT all versions of the initramfs hook are affected since 2006 (but only on 5.4 kernels and for initramfs images built with MODULES=dep). Kernel modules named after the IV generator are now added to the initramfs image when found under /kernel/crypto/. If there is no matching modules (for instance with aes-cbc-essiv:sha256 on older kernels, or with aes-xts-plain64 on any kernel) the initramfs image should be identical. Cheers, -- Guilhem.
signature.asc
Description: PGP signature
