1 |
On Sat, 18 Apr 2015 12:27:15 +0200 |
2 |
Marko Weber | 8000 <weber@×××××××.de> wrote: |
3 |
|
4 |
> |
5 |
> hello list, |
6 |
> |
7 |
> i try to crypt a partition with cryptsetup. |
8 |
> Yes, in Kernel i had all need things i think. |
9 |
> |
10 |
> CONFIG_CRYPTO=y |
11 |
... |
12 |
> # CONFIG_CRYPTO_HW is not set |
13 |
> |
14 |
> |
15 |
> but when i try to use cryptsetup i get this: |
16 |
> |
17 |
> # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat |
18 |
> /dev/mapper/VolGroup01-media2 |
19 |
> |
20 |
> WARNING! |
21 |
> ======== |
22 |
> This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably. |
23 |
> |
24 |
> Are you sure? (Type uppercase yes): YES |
25 |
> Enter passphrase: |
26 |
> Verify passphrase: |
27 |
> device-mapper: reload ioctl on failed: Invalid argument |
28 |
> Failed to setup dm-crypt key mapping for device |
29 |
> /dev/mapper/VolGroup01-media2. |
30 |
> Check that kernel supports aes-xts:plain64 cipher (check syslog for |
31 |
> more info). |
32 |
> |
33 |
> |
34 |
> |
35 |
> Any ideas? |
36 |
> |
37 |
> i built cryptsetup with this useflags: |
38 |
> |
39 |
> nls openssl python udev urandom |
40 |
> |
41 |
> |
42 |
> |
43 |
> cryptsetup --help shows me i am able to use the options |
44 |
> |
45 |
> Default compiled-in device cipher parameters: |
46 |
> loop-AES: aes, Key 256 bits |
47 |
> plain: aes-cbc-essiv:sha256, Key: 256 bits, Password |
48 |
> hashing: ripemd160 |
49 |
> LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: |
50 |
> sha1, RNG: /dev/random |
51 |
> |
52 |
> |
53 |
> any help / ideas or knowledge welcome. |
54 |
> |
55 |
> best regards |
56 |
> |
57 |
> marko |
58 |
> |
59 |
> |
60 |
> |
61 |
> |
62 |
> |
63 |
|
64 |
I read the whole tread, but will reply here. |
65 |
|
66 |
I use this mode on some devices, and for me works fine (gentoo |
67 |
systems), I have it enabled in kernel, also I have cryptsetup with |
68 |
sys-fs/cryptsetup-1.6.5 (gcrypt nls python_single_target_python2_7 |
69 |
python_targets_python2_7 python_targets_python3_3 udev) |
70 |
You can probably ignore python*, 'gcrypt' is probably important USE |
71 |
flag. |
72 |
|
73 |
Also something which maybe unrelated to you but is important about |
74 |
CONFIG_CRYPTO_XTS is |
75 |
"XTS: IEEE1619/D16 narrow block cipher use with |
76 |
aes-xts-plain, key size 256, 384 or 512 bits. This implementation |
77 |
currently can't handle a sectorsize which is not a multiple of 16 |
78 |
bytes." |