From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pd0-x235.google.com (mail-pd0-x235.google.com [IPv6:2607:f8b0:400e:c02::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Mon, 23 Feb 2015 19:45:04 +0100 (CET) Received: by pdno5 with SMTP id o5so27365494pdn.8 for ; Mon, 23 Feb 2015 10:45:01 -0800 (PST) From: Johannes Ernst Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) In-Reply-To: <54EA39FA.7010408@gmail.com> Date: Mon, 23 Feb 2015 10:44:58 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <707C4FCB-0182-44E3-946A-19434F32BEAB@gmail.com> References: <2E68FEAA-A69B-4E25-84F9-F30B2E7DFB69@gmail.com> <54E7B46D.8060805@tu-ilmenau.de> <54E82B80.8000607@gmail.com> <54EA39FA.7010408@gmail.com> Subject: Re: [dm-crypt] cryptsetup problem on Raspberry Pi 2 w 512bit key-size (works on Raspberry Pi 1, x86_64, 256bit) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Milan Broz Cc: dm-crypt@saout.de, Lars Winterfeld 1. There was a (cryptic, to me) comment by one of the core Arch Linux = ARM developers on my post. He said "Something on my mind about kernel = mode neon on imx6, can't find it now=E2=80=9D = (http://archlinuxarm.org/forum/viewtopic.php?f=3D60&t=3D8489&p=3D45395#p45= 364) I have little idea what this could mean, but I figure I pass it on = in case somebody here does. 2. I disabled the mentioned kernel modules: blacklist af_alg blacklist algif_skcipher and, magic happens, it behaves as intended: cryptsetup opens file on = first try. 3. When the kernel modules get added again, with the image file created = in step #2, I=E2=80=99m back to "No key available with this = passphrase.=E2=80=9D. 4. This seems to be a Raspberry PI 2 (ARMv7)-only issue, it seems to = work on Raspberry PI 1 (ARMv6) and on BeagleBone Black (ARMv7).=20 5. If you send me an ssh public key, I'd be happy to set you up with a = shell on my Raspberry PI 2, if there is a chance that it might help in = any way.=20 > On Feb 22, 2015, at 12:20, Milan Broz wrote: >=20 > On 02/22/2015 08:40 PM, Johannes Ernst wrote: >>> (If us use other hash it works even on Pi? Try sha1 and sha256 at = least.) >>=20 >> It appears independent of the hash involved: I tried sha1, sha256 in = addition to the original sha256. The behavior is the same: >> 1. cryptsetup open =E2=80=A6 does not open >> 2. cryptsetup open =E2=80=94debug opens on the second attempt to put = the password in. >=20 > ok, this is really strange. >=20 >=20 > One (random) guess from the log: >=20 >> # Using userspace crypto wrapper to access keyslot area. >=20 > it means that code is using kernel userspace crypto > (and cryptsetup already revealed at least two problems there...) >=20 > Could you try it without it? (Code should fallback to old dmcrypt = temporary devices mode). >=20 > You can do it either by >=20 > - disabling/blacklisting kernel modules which provides it: af_alg.ko = and algif_skcipher.ko > (or disable CRYPTO_USER_API, CRYPTO_USER_API_SKCIPHER when compiling = kernel) >=20 > - try to run older cryptsetup (at least 1.6.4 or older) >=20 > I am afraid I cannot help more here without reproducing it... > (Is it RPI2 only issue or anyone see it on other ARM device?) >=20 > Milan