- Status Closed
- Percent Complete
- Task Type Bug Report
- Category Packages → Packages: Testing
- Assigned To No-one
- Operating System i486
- Severity Low
- Priority Medium
- Reported Version
- Due in Version Undecided
-
Due Date
Undecided
- Votes
- Private
Attached to Project: Arch Linux 32
Opened by Erich Eckner - 28.11.2019
Last edited by Erich Eckner - 04.02.2020
Opened by Erich Eckner - 28.11.2019
Last edited by Erich Eckner - 04.02.2020
FS#98 - swap encryption fails
I tried to get encrypted swap following the guide in the wiki.
However, ultimately,
/usr/lib/systemd/systemd-cryptsetup attach 'swap' '/dev/disk/by-uuid/13b0e159-8573-40f8-a308-b34f1bbf1a6f' '/dev/urandom' 'swap,offset=2048'
fails, which works on upstream archlinux. It gives:
Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/disk/by-uuid/13b0e159-8573-40f8-a308-b34f1bbf1a6f. device-mapper: reload ioctl on failed: No such file or directory Failed to activate with key file '/dev/urandom'. (Key file missing?) Please enter passphrase for disk Ultra_Line (swap): Loading of cryptographic parameters failed: Invalid argument
In the middle, it asks for a passphrase. On archlinux, the output is:
Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/loop0.
are we missing ciphers here somewhere (where?)?
As usual (for my boxes), everything is up-to-date on that machine:
cryptsetup 2.2.2-1.0
linux 5.1.15.arch1-1.0
systemd 243.162-2.0
Cheers,
Erich
steps to reproduce:
(works on pentium4)
attached is a strace of running
on i486
another (related) command, that fails on i486 but works on pentium4:
cryptsetup plainOpen /dev/loop0 swap –key-file=/dev/urandom –offset=2048
straces are attached
pentium4 (20.4 KiB)
might be due to
… changed now to
let's see …
… still fails with
(but at least, the kernel builds again on i486 ;-P)
[ 284.201175] Error allocating fallback algo cbc(aes)
[ 284.201290] device-mapper: table: 254:0: crypt: Error allocating crypto tfm
I have a hunch there are more modules missing.
Also, the Geode is supposed to have AES cyrpto hardware support, which is another set
of modules, I suppose.
we could try to remove as many differences between config.i686 and config.i486 as possible.
abaumann: do you want to do that (my only "i486" is the alix)?
I wanted to get disappointed today and tried this once more (without any modifications - besides fixing a typo in one of my UUIDs): It works now!
Just for the record: I used the instructions from upstream's wiki page