Re: [pkg-cryptsetup-devel] Bug#541835: crypto configuration /dependencies broken

From: Jonas Meurer
Date: Mon Aug 31 2009 - 11:52:33 EST


On 30/08/2009 Sebastian Andrzej Siewior wrote:
> * Sebastian Andrzej Siewior | 2009-08-28 10:00:56 [+0200]:
> >>> the problem is not reproducible with a debian/unstable kernel,
> >>> even though it has cbc compiled as module as well. but if I recompile
> >>> the same kernel sources with Celejars kernel .config, the problem
> >>> occurs. thus it must be related to the kernel config in some way.
> >It must be the kernel confing since I run .30.stable and it works. I try
> >to look at it later.
> Your kernel config is fine, the problem is that the initramfs tools do
> not copy all of the required modules into the initramfs. The missing
> modles are:
> - cryptomgr: that one is responsible to load the cbc and aes module and
> bind them to cbc(aes)
> - chainiv: that one creates IVs if the "user" does not specify one.
> dm-crypt probably does not use that one but is required due to the way
> crypto works atm.
> - krng: provides random numbers and is required by chainiv.
> If you add those three to /etc/initramfs/modules than it should work.
> Could someone please look at initramfs to figure out why those three
> modules are not copied in this reduced setup?

the reason is simply that no other crypto modules define depends on the
listed ones:

# modinfo -F depends dm-crypt

# modinfo -F aes_generic sha256_generic cbc

# modinfo -F crypto_blkcipher crypto_hash

and even the new modules don't depend on each other:

# modinfo -F cryptomgr

# modinfo -F chainiv

# modinfo -F krng

so the following depends should be added/changed:

- chainiv should depend o 'krng' instead of 'rng' at least
- maybe cipher modules like aes,serpent,... should depend on 'cryptomgr'
instead of 'crypto_algapi'
- crypto_algapi should depend on chainiv

these changes are pure guesses, i don't know the details. but at least
additional depends need to be defined for crypto modules, don't you
think so?

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at