Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Normal
Fix Version/s: None
Component/s: None
Labels:
- encryption
- luks
- package

Reproduction Steps:

Hide
Follow the documentation located on the wiki https://www.funtoo.org/Encrypted_Root, https://www.funtoo.org/Rootfs_over_encrypted_lvm_over_raid-1_on_GPT, or https://www.funtoo.org/Rootfs_over_encrypted_lvm [though there may be other install instructions I didn't find as well].

Show
Follow the documentation located on the wiki https://www.funtoo.org/Encrypted_Root, https://www.funtoo.org/Rootfs_over_encrypted_lvm_over_raid-1_on_GPT, or https://www.funtoo.org/Rootfs_over_encrypted_lvm [though there may be other install instructions I didn't find as well].

Presumptive Root Cause:

Hide
The primary cause of failure is that the kernel modules af_alg.ko and algif_skcipher.ko do not get included in initrd either via the funtoo build system or by genkernel. These modules are necessary for cryptsetup to unlock LUKS2 volumes.

Secondary to this, is the aforementioned kernel bug. While this only affects users with long passphrases, it is still something that should be properly documented so that users are aware.

Show
The primary cause of failure is that the kernel modules af_alg.ko and algif_skcipher.ko do not get included in initrd either via the funtoo build system or by genkernel. These modules are necessary for cryptsetup to unlock LUKS2 volumes. Secondary to this, is the aforementioned kernel bug. While this only affects users with long passphrases, it is still something that should be properly documented so that users are aware.
Facts:

Hide
1. Current debian-sources kernel contains a bug which breaks cryptsetup open when passphrases are 64+ characters in length.
2. Default behavior of cryptsetup is to create LUKS2 volumes.
3. sys-kernel/genkernel fails to include the proper kernel modules to support LUKS2 in initramfs.
4. Initrd supplied in current stage3 tarballs is missing the appropriate kernel modules to support LUKS2 encryption.
5. I have documented the process of working around these issues and installing a working LUKS2 encrypted rootfs at the following link https://gesis.pw/encrypted-rootfs-on-funtoo-linux-1-4/

Show
1. Current debian-sources kernel contains a bug which breaks cryptsetup open when passphrases are 64+ characters in length. 2. Default behavior of cryptsetup is to create LUKS2 volumes. 3. sys-kernel/genkernel fails to include the proper kernel modules to support LUKS2 in initramfs. 4. Initrd supplied in current stage3 tarballs is missing the appropriate kernel modules to support LUKS2 encryption. 5. I have documented the process of working around these issues and installing a working LUKS2 encrypted rootfs at the following link https://gesis.pw/encrypted-rootfs-on-funtoo-linux-1-4/

To keep it simple; despite documentation updates, LUKS encrypted root filesystems are still broken in Funtoo. I have, however found the fix[es].

relates to

FL-10620 sys-fs/cryptsetup-2.5.0 fails to link

Closed

Assignee:: coffnix

Reporter:: gesis

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 20/Apr/21 8:46 PM

Updated:: 11/Jan/23 7:49 AM

Resolved:: 11/Jan/23 7:49 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates