Debian Bug report logs - #434027
partman-crypto: loop-aes fails with "not supported by kernel"

version graph

Package: partman-crypto; Maintainer for partman-crypto is Debian Install System Team <debian-boot@lists.debian.org>; Source for partman-crypto is src:partman-crypto.

Reported by: "Nemui Ailin" <ailin.nemui@gmail.com>

Date: Sat, 21 Jul 2007 00:45:04 UTC

Severity: important

Fixed in versions partman-crypto/22, partman-crypto/20etch1

Done: Jérémy Bobbio <lunar@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#434027; Package partman-crypto. Full text and rfc822 format available.

Acknowledgement sent to "Nemui Ailin" <ailin.nemui@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Nemui Ailin" <ailin.nemui@gmail.com>
To: submit@bugs.debian.org
Subject: partman-crypto: loop-aes fails with "not supported by kernel"
Date: Sat, 21 Jul 2007 02:39:53 +0200
Package: partman-crypto
Severity: important

Using the daily d-i build with a businesscard image to install lenny,

My desired configuration is as follows:

/boot unencrypted
loop-aes #1 AES256, GPG key
loop-aes #2 AES256, random key

d-i tells me that it is preparing #1 but after generating enough randomness
it fails with "An error has occured while configuring encrypted
volumes."

The syslog shows

partman-crypto: ioctl: LOOP_SET_STATUS: Invalid argument, requested
cipher or key length (256 bits) not supported by kernel.

d-i Kernel: Linux 2.6.21-2-486 #1 Wed Jul 11 03:17:09 UTC 2007 i686 unknown



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#434027; Package partman-crypto. Full text and rfc822 format available.

Acknowledgement sent to "Nemui Ailin" <ailin.nemui@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. Full text and rfc822 format available.

Message #10 received at 434027@bugs.debian.org (full text, mbox):

From: "Nemui Ailin" <ailin.nemui@gmail.com>
To: 434027@bugs.debian.org
Subject: Re: Bug#434027: Acknowledgement (partman-crypto: loop-aes fails with "not supported by kernel")
Date: Sat, 21 Jul 2007 15:30:58 +0200
by the way, the problem with this encryption is that d-i loads the
wrong loop module

I guess such a bug might not be noticed when the installation is not
done from an usb media with an iso image that needs
         to be mounted with loop

it can easily be remedied by unloading the wrong loop module and
manually insmod loop-AES's loop.ko



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#434027; Package partman-crypto. Full text and rfc822 format available.

Acknowledgement sent to 434027@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. Full text and rfc822 format available.

Message #15 received at 434027@bugs.debian.org (full text, mbox):

From: Frans Pop <elendil@planet.nl>
To: "Nemui Ailin" <ailin.nemui@gmail.com>, 434027@bugs.debian.org
Subject: Re: Bug#434027: Acknowledgement (partman-crypto: loop-aes fails with "not supported by kernel")
Date: Sat, 21 Jul 2007 17:44:47 +0200
[Message part 1 (text/plain, inline)]
Well spotted that this is the issue!

On Saturday 21 July 2007 15:30, Nemui Ailin wrote:
> by the way, the problem with this encryption is that d-i loads the
> wrong loop module

Well, at the time iso-scan mounts the CD image, the loop-aes module is not 
yet available, so "wrong" is a relative term here.

> I guess such a bug might not be noticed when the installation is not
> done from an usb media with an iso image that needs to be mounted with
> loop 

Correct. For other installation methods the loop module will not already 
be loaded when partman-crypto is started, so the USB-stick installation 
method is the only one that has this issue.
I'll add an erratum for Etch for this issue.

> it can easily be remedied by unloading the wrong loop module and
> manually insmod loop-AES's loop.ko

The actual name of the module is loop-aes.ko. I've just verified that if 
the regular loop.ko is already loaded, 'modprobe loop-aes' seems to 
succeed, but does not do anything.

# modprobe loop
# lsmod | grep loop
loop		15240  0
# modprobe loop-aes
# echo $?
0
# lsmod | grep loop
loop		15240  0
# modprobe -r loop
# modprobe loop-aes
# lsmod | grep loop
loop		59532  0

As the CD image is mounted at that time (and so in theory could other 
things), I think what we'd need to do when loading loop-aes is:
- test if loop is already loaded
- somehow test if it is the correct variant of the module or not
- if the wrong module is loaded
  - get and save mount info for loop-mounted devices:
        'grep "/dev/loop" /proc/mounts'
  - umount the devices (if one fails: remount others and error)
  - 'modprobe -r loop; modprobe loop-aes'
  - remount the loop-mounted devices using the saved info

If someone can come up with a test that can be used for the second step, 
coding this should be relatively straightforward.

Cheers,
FJP
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#434027; Package partman-crypto. Full text and rfc822 format available.

Acknowledgement sent to 434027@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. Full text and rfc822 format available.

Message #20 received at 434027@bugs.debian.org (full text, mbox):

From: Frans Pop <elendil@planet.nl>
To: 434027@bugs.debian.org
Cc: "Nemui Ailin" <ailin.nemui@gmail.com>
Subject: Bug#434027: partman-crypto: loop-aes fails with "not supported by kernel"
Date: Sat, 21 Jul 2007 18:07:49 +0200
[Message part 1 (text/plain, inline)]
On Saturday 21 July 2007 17:44, Frans Pop wrote:
> The actual name of the module is loop-aes.ko. I've just verified that
> if the regular loop.ko is already loaded, 'modprobe loop-aes' seems to
> succeed, but does not do anything.

modprobe can be made to fail by using the --first-time option:

# modprobe loop
# modprobe --first-time loop-aes || echo $?
FATAL: Module loop already in kernel.
1

> As the CD image is mounted at that time (and so in theory could other
> things), I think what we'd need to do when loading loop-aes is:
> - test if loop is already loaded
> - somehow test if it is the correct variant of the module or not

I think the current code is already smart enough that it will not try 
setting up crypto support more than once. If that is the case that we can 
probably just:
if ! modprobe --first-time loop-aes; then
	# umount loop-mounted devices
	modprobe -r loop 
	modprobe --first-time loop-aes
	# remount loop-mounted devices
fi
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#434027; Package partman-crypto. Full text and rfc822 format available.

Acknowledgement sent to Frans Pop <elendil@planet.nl>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. Full text and rfc822 format available.

Message #25 received at 434027@bugs.debian.org (full text, mbox):

From: Frans Pop <elendil@planet.nl>
To: 434027@bugs.debian.org
Subject: Re: Bug#434027: partman-crypto: loop-aes fails with "not supported by kernel"
Date: Sun, 22 Jul 2007 00:33:21 +0200
[Message part 1 (text/plain, inline)]
On Saturday 21 July 2007 18:07, Frans Pop wrote:
> I think the current code is already smart enough that it will not try
> setting up crypto support more than once.

It looks like "loop" is currently not modprobed separately, but pulled in 
when the loop-$cipher modules are loaded. This makes it a bit more 
complex, especially as the the code is common for dm-crypt and loop-aes, 
and with dm-crypt the module is not needed (and possibly not available).
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#434027; Package partman-crypto. Full text and rfc822 format available.

Acknowledgement sent to Frans Pop <elendil@planet.nl>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. Full text and rfc822 format available.

Message #30 received at 434027@bugs.debian.org (full text, mbox):

From: Frans Pop <elendil@planet.nl>
To: 434027@bugs.debian.org
Subject: Re: Bug#434027: partman-crypto: loop-aes fails with "not supported by kernel"
Date: Sun, 22 Jul 2007 00:41:54 +0200
[Message part 1 (text/plain, inline)]
On Sunday 22 July 2007 00:33, you wrote:
> It looks like "loop" is currently not modprobed separately, but pulled
> in when the loop-$cipher modules are loaded.

Not quite correct. It is listed as a separate module in
/lib/partman/ciphers/$type/$cipher/module files, and thus loaded 
separately. The code keeps track of which modules were already loaded.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#434027; Package partman-crypto. Full text and rfc822 format available.

Acknowledgement sent to Frans Pop <elendil@planet.nl>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. Full text and rfc822 format available.

Message #35 received at 434027@bugs.debian.org (full text, mbox):

From: Frans Pop <elendil@planet.nl>
To: 434027@bugs.debian.org
Cc: "Nemui Ailin" <ailin.nemui@gmail.com>
Subject: Re: Bug#434027: partman-crypto: loop-aes fails with "not supported by kernel"
Date: Sun, 22 Jul 2007 11:29:22 +0200
[Message part 1 (text/plain, inline)]
tags 434027 + pending
thanks

I've hit one snag implementing a fix for this. As losetup is not 
available, we cannot "see" what precisely is loop-mounted on a certain 
loop device, so we cannot loop over all loop-mounted devices and 
unmount/remount them.

I've "solved" this by just assuming that we only use loop-mounting for the 
CD image in hd-media installs. If a CD image is mounted, the image will 
be unmounted, loop replaced by loop-aes, and finally the image will be 
remounted.

I've included some sanity checks, so if something else is using loop, 
partman should now fail in a controlled manner and with proper indication 
in the syslog why it's failing.

Cheers,
FJP
[Message part 2 (application/pgp-signature, inline)]

Tags added: pending Request was from Frans Pop <elendil@planet.nl> to control@bugs.debian.org. (Sun, 22 Jul 2007 09:33:03 GMT) Full text and rfc822 format available.

Reply sent to Max Vozeler <xam@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Nemui Ailin" <ailin.nemui@gmail.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #42 received at 434027-close@bugs.debian.org (full text, mbox):

From: Max Vozeler <xam@debian.org>
To: 434027-close@bugs.debian.org
Subject: Bug#434027: fixed in partman-crypto 22
Date: Sun, 12 Aug 2007 18:47:05 +0000
Source: partman-crypto
Source-Version: 22

We believe that the bug you reported is fixed in the latest version of
partman-crypto, which is due to be installed in the Debian FTP archive:

partman-crypto-dm_22_all.udeb
  to pool/main/p/partman-crypto/partman-crypto-dm_22_all.udeb
partman-crypto-loop_22_all.udeb
  to pool/main/p/partman-crypto/partman-crypto-loop_22_all.udeb
partman-crypto_22.dsc
  to pool/main/p/partman-crypto/partman-crypto_22.dsc
partman-crypto_22.tar.gz
  to pool/main/p/partman-crypto/partman-crypto_22.tar.gz
partman-crypto_22_i386.udeb
  to pool/main/p/partman-crypto/partman-crypto_22_i386.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 434027@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Max Vozeler <xam@debian.org> (supplier of updated partman-crypto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 12 Aug 2007 20:31:48 +0200
Source: partman-crypto
Binary: partman-crypto-dm partman-crypto partman-crypto-loop
Architecture: source all i386
Version: 22
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Max Vozeler <xam@debian.org>
Description: 
 partman-crypto - Add to partman support for block device encryption (udeb)
 partman-crypto-dm - Add to partman support for dm-crypt encryption (udeb)
 partman-crypto-loop - Add to partman support for loop-AES encryption (udeb)
Closes: 434027
Changes: 
 partman-crypto (22) unstable; urgency=low
 .
   [ Frans Pop ]
   * For hd-media installs the module loop will already be loaded, which
     prevents loop-aes from being loaded. Attempt to replace loop with loop-aes
     by unmounting the CD image, replacing the module and remounting the image.
     As losetup is not available, we cannot check what exactly is loop-mounted,
     so we just assume that loop is only used for a CD image.
     Many thanks to Nemui Ailin for identifying the issue. Closes: #434027.
 .
   [ Colin Watson ]
   * Use 'mkdir -p' rather than more awkward test-then-create constructions.
Files: 
 136a3bfd6fba3dd1085368170bbfdcb4 681 debian-installer standard partman-crypto_22.dsc
 15f416de449e94d42178322fd0cd056b 252540 debian-installer standard partman-crypto_22.tar.gz
 8953d4353283292ed01668d4b560bf7d 1390 debian-installer optional partman-crypto-dm_22_all.udeb
 4a82d3d2e28b14f7f6a1d23cd5dbd971 1226 debian-installer optional partman-crypto-loop_22_all.udeb
 b0b648dc4f02c6ec106e3c1c834d04d5 224076 debian-installer standard partman-crypto_22_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGv1J8nVvVEbfNotwRAqnvAKDd+XwXSB2qwNegVjZe/DVEPIXRDwCfQ6sD
gi9JqL90NII5pHCz/zR58nQ=
=7Ar5
-----END PGP SIGNATURE-----




Reply sent to Jérémy Bobbio <lunar@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Nemui Ailin" <ailin.nemui@gmail.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #47 received at 434027-close@bugs.debian.org (full text, mbox):

From: Jérémy Bobbio <lunar@debian.org>
To: 434027-close@bugs.debian.org
Subject: Bug#434027: fixed in partman-crypto 20etch1
Date: Sat, 29 Sep 2007 07:56:16 +0000
Source: partman-crypto
Source-Version: 20etch1

We believe that the bug you reported is fixed in the latest version of
partman-crypto, which is due to be installed in the Debian FTP archive:

partman-crypto-dm_20etch1_all.udeb
  to pool/main/p/partman-crypto/partman-crypto-dm_20etch1_all.udeb
partman-crypto-loop_20etch1_all.udeb
  to pool/main/p/partman-crypto/partman-crypto-loop_20etch1_all.udeb
partman-crypto_20etch1.dsc
  to pool/main/p/partman-crypto/partman-crypto_20etch1.dsc
partman-crypto_20etch1.tar.gz
  to pool/main/p/partman-crypto/partman-crypto_20etch1.tar.gz
partman-crypto_20etch1_amd64.udeb
  to pool/main/p/partman-crypto/partman-crypto_20etch1_amd64.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 434027@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jérémy Bobbio <lunar@debian.org> (supplier of updated partman-crypto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 21 Sep 2007 11:45:11 +0200
Source: partman-crypto
Binary: partman-crypto-dm partman-crypto partman-crypto-loop
Architecture: source all amd64
Version: 20etch1
Distribution: stable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Jérémy Bobbio <lunar@debian.org>
Description: 
 partman-crypto - Add to partman support for block device encryption (udeb)
 partman-crypto-dm - Add to partman support for dm-crypt encryption (udeb)
 partman-crypto-loop - Add to partman support for loop-AES encryption (udeb)
Closes: 434027
Changes: 
 partman-crypto (20etch1) stable; urgency=low
 .
   [ Frans Pop ]
   * For hd-media installs the module loop will already be loaded, which
     prevents loop-aes from being loaded. Attempt to replace loop with loop-aes
     by unmounting the CD image, replacing the module and remounting the image.
     As losetup is not available, we cannot check what exactly is loop-mounted,
     so we just assume that loop is only used for a CD image.
     Many thanks to Nemui Ailin for identifying the issue. Closes: #434027.
Files: 
 08ef17c50c86237dda3b63957e21e492 691 debian-installer standard partman-crypto_20etch1.dsc
 1065e65a56e8e126ee79108c7e7ca186 249248 debian-installer standard partman-crypto_20etch1.tar.gz
 10220059e220179f7a0093e97e21dc71 1398 debian-installer optional partman-crypto-dm_20etch1_all.udeb
 91744f9eefaea7db40e7478efce35da7 1258 debian-installer optional partman-crypto-loop_20etch1_all.udeb
 f840659450eaf404088aa6f8ff37d4b4 223910 debian-installer standard partman-crypto_20etch1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG85d42PUjs9fQ72URAqFrAJ9L2M+IVPgEibM2Q+zJepzmwNkW0ACcDbkW
5WFsZBSJGCVcQ5KK4DQGyTo=
=KPQM
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 22 Jan 2008 07:28:16 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 07:55:56 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.