kernel-packages team mailing list archive
Mailing list archive
[Bug 1558079] Re: cryptsetup tcryptOpen doesn't work anymore
No further logs are needed, the cause and several solution are known.
The error is caused by the fact that newer Kernels do not allow to
modify the cryptographic interface "kernel<->userspace" via
bind/setkey/... after accept(2) has been called. But the old cryptsetup
in trusty tahr is doing definitely that: calling accept(2) first and
then setkey to the file descriptor.
There are various possible solutions to the problem.
The simple one:
I've created a ppa. Use cryptsetup from there:
(btw: I've created some packages in the past but these were unsigned and
I've incremented the version number a little awkward. So I created some
new packages with cleaner versioning for the ppa)
Other possible solutions:
- Manually patching cryptsetup. The patch I've added (see above) changes
the order of accept/setkey.
- Using some newer cryptsetup - the one in ubuntu trusty (14.04) is
outdated - newer versions from newer ubuntu or debian releases (using
compiled .deb) should work.
- Manually Reverting back the corresponding patch to the Kernel: [crypto: af_alg - Disallow bind/setkey/... after accept(2)]
* added to [linux (3.19.0-52.58) vivid; urgency=low] with [ Upstream Kernel Changes ]
* added to [linux (3.13.0-80.124) trusty; urgency=low] with [ Upstream Kernel Changes ]
(i.e. manually unpatching those patches within the linux sources)
- installing some older kernel versions <3.19.0-52.58 / <3.13.0-80.124
- wait for the original ubuntu cryptsetup maintainer to fix his package
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
cryptsetup tcryptOpen doesn't work anymore
Status in cryptsetup package in Ubuntu:
Status in linux package in Ubuntu:
I'm using cryptsetup to open TrueCrypt encrypted NTFS filesystems:
cryptsetup tcryptOpen /dev/sdf2 tcrypt
At least until linux-image-3.13.0-79-generic this work fine.
Booting linux-image-3.13.0-83-generic and running cryptsetup results in:
Required kernel crypto interface not available.
Ensure you have algif_skcipher kernel module loaded.
The module algif_skcipher is loaded, so the tenor of the error message
is wrong, but cryptsetup cannot open the container, so at least there
_is_ some error. Probably it's related to some unsupported instruction
set. With linux-image-3.13.0-83 there are errors in dmesg which are
not present with linux-image-3.13.0-79:
AVX instructions are not detected
OS: Ubuntu 14.04.4 LTS
CPU: Phenom II X6
TCRYPT header information for /dev/sdf2
Driver req.: 7
Sector size: 512
MK offset: 131072
PBKDF2 hash: ripemd160
Cipher chain: aes
Cipher mode: xts-plain64
MK bits: 512
To manage notifications about this bug go to: