Bug 660368

Summary: dm-crypt: backport changes to support xts crypto mode
Product: Red Hat Enterprise Linux 5 Reporter: Milan Broz <mbroz>
Component: kernelAssignee: Milan Broz <mbroz>
Status: CLOSED ERRATA QA Contact: Gris Ge <fge>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.4CC: agk, atodorov, bdonahue, coughlan, dfeng, dlehman, dougsland, hdegoede, jstodola, kurt, lwang, mbroz, msnitzer, panormitis, pvrabec, qcai, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel-2.6.18-259.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 553411 Environment:
Last Closed: 2011-07-21 10:21:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 553411    
Bug Blocks: 636208    

Description Milan Broz 2010-12-06 17:09:19 UTC 
+++ This bug was initially created as a clone of Bug #553411 +++
Clone of #636208 - dm-crypt part.

- dm-crypt code need to understand aes-xts-plain and aes-xts-plain64 (xts mode and plain/plain64 IV)

How reproducible:

--- Additional comment from dlehman on 2010-01-11 12:19:01 EST ---

We started using a different cipher in Fedora 11 or 12 (aes-xts-plain). RHEL5 installer runtime environment does not include the kernel modules needed to use this cipher.
Comment 1 RHEL Program Management 2011-02-01 17:06:10 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 10 Jarod Wilson 2011-03-28 18:37:42 UTC 
Patch(es) available in kernel-2.6.18-252.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.
Comment 13 Jarod Wilson 2011-04-08 16:26:04 UTC 
Patch(es) available in kernel-2.6.18-256.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.
Comment 14 Jarod Wilson 2011-04-08 18:23:39 UTC 
(In reply to comment #13)
> Patch(es) available in kernel-2.6.18-256.el5
> You can download this test kernel (or newer) from
> http://people.redhat.com/jwilson/el5
> Detailed testing feedback is always welcomed.

Nb: this patch was at least temporarily reverted, due to a userspace change being required to properly support unlocking encrypted volumes at boot time. Moving bug back to POST.
Comment 16 Jarod Wilson 2011-04-29 17:50:50 UTC 
Patch(es) available in kernel-2.6.18-259.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.
Comment 18 Gris Ge 2011-06-28 05:17:49 UTC 
cryptsetup-luks-1.0.3-8.el5
kernel-2.6.18-269.el5

1. The LUKS partitioned created by RHEL6 (cryptsetup -c aes-xts-plain64 -s 512 luksFormat /dev/sda) successfully opened by RHEL5. md5sum make sure data integrity.

2. LUKS partition created by RHEL5 (aes-xts-plain64) successfully opened by RHEL6. md5sum make sure data integrity.


VERIFIY
Comment 19 errata-xmlrpc 2011-07-21 10:21:31 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-1065.html