Bug 433078 - modprobe gives up loading modules if one fails --> 2.6.25 won't boot from LUKS root
modprobe gives up loading modules if one fails --> 2.6.25 won't boot from LUK...
Status: CLOSED DUPLICATE of bug 432813
Product: Fedora
Classification: Fedora
Component: module-init-tools (Show other bugs)
rawhide
All Linux
low Severity high
: ---
: ---
Assigned To: Jon Masters
Fedora Extras Quality Assurance
hotissue
:
Depends On:
Blocks: F9Beta
  Show dependency treegraph
 
Reported: 2008-02-15 18:37 EST by Will Woods
Modified: 2008-02-18 17:54 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-18 17:54:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Will Woods 2008-02-15 18:37:19 EST
Quick summary: on i386, 4 modules are aliased to 'aes': padlock-aes, geode-aes,
aes-i586, and aes_generic. I need at least one of those to decrypt my root
filesystem. In kernel 2.6.25-rc1 padlock-aes now returns an error when you
attempt to insert it, so modprobe gives up on the other 3, leaving me without
AES (and thus unable to boot).

The long version:

My rawhide machine - which is using a LUKS encrypted LVM PV for its root - is
unbootable with any 2.6.25 kernel. It requests the key and then fails to unlock
the device:

device-mapper: table: 253:0: crypt: Error allocating crypto tfm
device-mapper: ioctl: error adding target to table
device-mapper: ioctl: device doesn't appear to be in the dev hash table.
Failed to setup dm-crypt key mapping. 
Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify
that /dev/sda2 contains at least 133 sectors.

So it would seem we've failed to load the cipher module(s). Scrolling back up, I
see:
padlock: VIA PadLock not detected.
WARNING: Error inserting padlock_aes ($modpath/padlock-aes.ko): No such device
padlock: VIA PadLock Hash Engine not detected.
WARNING: Error inserting padlock_sha ($modpath/padlock-sha.ko): No such device

With kernel 2.6.24.1-31 and  2.6.24-2 (which work), these error messages don't
appear, and the system boots normally. 

LUKS needs at least one AES module to decrypt my root filesystem. 'modprobe
aes', in the 2.6.24 kernels, installs all the modules which are aliased to
'aes': padlock-aes, geode-aes, aes-i586, aes_generic. 

In 2.6.24 kernels they all probe successfully. With 2.6.25-rc1, inserting the
padlock-aes module now returns an error if you don't have that hardware. I'm
guessing that modprobe gives up at that point, and that's why the message
indicating missing support for aes-cbc-essiv:sha256 appears - no AES modules
were loaded
Comment 1 Jon Masters 2008-02-18 15:24:06 EST
I'll look at it :)
Comment 2 Jeffrey C. Ollie 2008-02-18 16:59:43 EST
Is this the same problem as 432813?
Comment 3 Will Woods 2008-02-18 17:22:47 EST
Looks the same to me. Check the scrollback for error messages loading
padlock-{aes,sha}. 

Until this is fixed, we'll need a workaround to get 2.6.25 kernels booting -
either stop building padlock-aes, remove it from the initrd, or modify it so it
fails silently rather than causing errors.
Comment 4 Jeffrey C. Ollie 2008-02-18 17:37:28 EST
*** Bug 432813 has been marked as a duplicate of this bug. ***
Comment 5 Will Woods 2008-02-18 17:54:53 EST
Blarg! I fail at debugging! 

I rebuilt my initrd with no padlock-aes, and it still doesn't boot. For
confirmation of my wrongness, I went to a non-LUKS system and did:

  modprobe aes

Which attempted to insert all 4 AES modules, even after giving me the error
message about padlock_aes. In short: modprobe is fine, something in the kernel
is busted, and I'm a dope.

*** This bug has been marked as a duplicate of 432813 ***

Note You need to log in before you can comment on or make changes to this bug.