On Thu, Oct 19, 2006 at 05:04:19PM +0200, Andreas Jellinghaus (aj@xxxxxxxxxxxxxxx) wrote: > Hi, > > I finally got around testing 2.6.18.1 + acrypto. > but it "does not work" - I usualy boot, enter my > passphrases for rsa key / openssl decrypts some random > bytes with them, and a hex version of those random bytes > is used with dm-setup to initialize a dm-crypt mapping > which again is used for mounting root and swap (or > resume in case it has a suspend image on them). > > but with the acrypto patched kernel the system freezes > without any response. the script in the initramfs is not > "set +x" so I'm not sure which command causes the freeze, > so I guess it is either the dm-setup, the resume trigger > (echo to a file in /sys/) or the mount for root or the > swapon. > > >As I answered in your first e-mail, yes, you just need to patch 2.6.18 > >tree and load one of the crypto provider. > > what exactly would be "load one of the crypto providers"? > +# Asynchronous crypto layer > +# > +CONFIG_ACRYPTO=y > +CONFIG_ASYNC_PROVIDER=y > +# CONFIG_CONSUMER is not set > +# CONFIG_ASYNC2OCF_BRIDGE is not set > + > +# > this change to .config should be enough > (ok, 2.6.18.1 also enabled CONFIG_CONNECTOR and CONFIG_PROC_EVENTS). Both are not required. > I documented the setup of my laptop with encryption here: > https://help.ubuntu.com/community/EncryptedFilesystemHowto4 > > and I can post kernel config etc. if it helps. there was no > kernel message when the machine froze (or more like waiting > for something forever - ctrl-alt-del still worked fine). > > note: kernel 2.6.18 was working fine, I didn't try 2.6.18.1 > without acrypto changes, but I guess that isn't the issues. > still if you think otherwise, I can give it a try. if there > is some boot option to disable acrypto so dm-crypt will work > as if compiled without acrypto, I would try that too. > is there such an option? If acrypto fails it should automatically switch to sw synchronous mode. Could you enable debug mode in include/linux/acrypto.h:54 - uncommend //#define DEBUG recompile the kernel and give it a try, so I could check where it stops. Btw, async provider only supports AES-128 in CBC mode, so if you try different ciphers, there can be some problems. Thank you. > Thanks, Andreas -- Evgeniy Polyakov - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
