On 19/10/2019 13:44, Fourhundred Thecat wrote: > On 19/10/2019 12.10, Milan Broz wrote: >> >> Could you please try current cryptsetup git version? Or as least released cryptsetup 2.2.1? > > it will take me some time to try the current git version > >> I think we will need much more info and reproducer. Is it some distro kernel, or you >> are compiling it yourself? (There are some kernel features not compiled-in apparently.) > > it is custom kernel > >> Any more kernel patches applied (looks like grsecurity?) > > yes, with grsecurity patches > >>> # Checking if cipher aes-xts-plain64 is usable. >>> # Userspace crypto wrapper cannot use aes-xts-plain64 (-95). > > sorry, what exactly is missing ? > >> This is the first problem - why you do not have kernel userspace crypto API enabled? > > What is the name of the CONFIG_ option of the kernel userspace crypto API ? Exact config options changed in recent kernel versions, but it should be CONFIG_CRYPTO_USER or in older kernels also CRYPTO_USER_API_SKCIPHER. And I think I see the problem now - for LUKS2 (similar to Truecrypt compatibility in cryptsetup) you have to enable these kernel options. Alternative is to compile (configure option) cryptsetup with --disable-kernel_crypto. For your use case it would be simpler to enable that kernel option. We should detect (and use fallback to older keyslot processing) better though... Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
