Package: dracut Version: 050+35-4 Severity: important Hi,
with Linux 5.4 and later 5.6 dracut no longer included all modules needed to setup the LUKS volume containing my root partition: +--- | LUKS header information for /dev/sda2 | | Version: 1 | Cipher name: aes | Cipher mode: cbc-essiv:sha256 | Hash spec: sha1 +---[ # cryptsetup luksDump /dev/sda2 ] I had to add add_drivers+=" essiv " for Linux 5.4 and add_drivers+=" aes_generic cbc essiv " later for Linux 5.6 to dracut.conf to get a working system again (not totally sure if the AES module was needed or not). https://bugs.debian.org/948593 seems to be the same/similar issue with initramfs-tools and says some functionality was split out of `dm_crypt` and moved into extra modules in the Linux kernel, sadly breaking userspace by doing so. I also got the "Error allocating crypto tfm" message mentioned there. Newer installations using a more modern setup like: +--- | LUKS header information for /dev/md1 | | Version: 1 | Cipher name: aes | Cipher mode: xts-plain64 | Hash spec: sha1 +---[ # cryptsetup luksDump /dev/md1 ] did not require this and continued to work. It would be nice if the additional modules would be included automatically when including support for LUKS in the initramfs as more old installations might still be around. Ansgar -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (300, 'buildd-unstable'), (300, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-1-amd64 (SMP w/2 CPU cores) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages dracut depends on: ii dracut-core 050+35-4 dracut recommends no packages. Versions of packages dracut suggests: pn dracut-network <none> -- no debconf information
