Quick summary: on i386, 4 modules are aliased to 'aes': padlock-aes, geode-aes,
aes-i586, and aes_generic. I need at least one of those to decrypt my root
filesystem. In kernel 2.6.25-rc1 padlock-aes now returns an error when you
attempt to insert it, so modprobe gives up on the other 3, leaving me without
AES (and thus unable to boot).
The long version:
My rawhide machine - which is using a LUKS encrypted LVM PV for its root - is
unbootable with any 2.6.25 kernel. It requests the key and then fails to unlock
device-mapper: table: 253:0: crypt: Error allocating crypto tfm
device-mapper: ioctl: error adding target to table
device-mapper: ioctl: device doesn't appear to be in the dev hash table.
Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify
that /dev/sda2 contains at least 133 sectors.
So it would seem we've failed to load the cipher module(s). Scrolling back up, I
padlock: VIA PadLock not detected.
WARNING: Error inserting padlock_aes ($modpath/padlock-aes.ko): No such device
padlock: VIA PadLock Hash Engine not detected.
WARNING: Error inserting padlock_sha ($modpath/padlock-sha.ko): No such device
With kernel 126.96.36.199-31 and 2.6.24-2 (which work), these error messages don't
appear, and the system boots normally.
LUKS needs at least one AES module to decrypt my root filesystem. 'modprobe
aes', in the 2.6.24 kernels, installs all the modules which are aliased to
'aes': padlock-aes, geode-aes, aes-i586, aes_generic.
In 2.6.24 kernels they all probe successfully. With 2.6.25-rc1, inserting the
padlock-aes module now returns an error if you don't have that hardware. I'm
guessing that modprobe gives up at that point, and that's why the message
indicating missing support for aes-cbc-essiv:sha256 appears - no AES modules
I'll look at it :)
Is this the same problem as 432813?
Looks the same to me. Check the scrollback for error messages loading
Until this is fixed, we'll need a workaround to get 2.6.25 kernels booting -
either stop building padlock-aes, remove it from the initrd, or modify it so it
fails silently rather than causing errors.
*** Bug 432813 has been marked as a duplicate of this bug. ***
Blarg! I fail at debugging!
I rebuilt my initrd with no padlock-aes, and it still doesn't boot. For
confirmation of my wrongness, I went to a non-LUKS system and did:
Which attempted to insert all 4 AES modules, even after giving me the error
message about padlock_aes. In short: modprobe is fine, something in the kernel
is busted, and I'm a dope.
*** This bug has been marked as a duplicate of 432813 ***