Re: [Pkg-cryptsetup-devel] Bug#464673: cryptsetup seems to try to load some padlock modules

Mon, 18 Feb 2008 09:08:00 -0800 

On 10/02/2008 David Härdeman wrote:
> As to why they are included in the initramfs image in the first place,  
> the cryptsetup initramfs hook uses the initramfs-tools function  
> manual_add_modules to add modules to the initramfs image.
>
> manual_add_modules checks module dependencies with modprobe, so if the  
> cryptsetup hook calls "manual_add_modules aes", the following is  
> executed by that function (this example is for the Debian 2.6.24  
> kernel):
>
> modprobe --set-version="2.6.24-1-686" --ignore-install --show-depends aes
>
> which gives this output:
>
> insmod /lib/modules/2.6.24-1-686/kernel/crypto/aes_generic.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/crypto/blkcipher.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/drivers/crypto/geode-aes.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/crypto/blkcipher.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/drivers/crypto/padlock-aes.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/arch/x86/crypto/aes-i586.ko 
>
> And all of those modules are added as a result.
>
> I think the next step would be to get some feedback from Maximilian.

I discussed the issue with maks and waldi on irc today, and finally
waldi told me that the aes module where renamed to aes_generic in kernel
2.6.24. The same goes for des, sha1 and sha256 modules.
All aes* modules do have an alias for aes, thus modprobe from
manual_add_modules() produces the list above.

The proposed fix for this is to check for kernel version in the
initramfs cryptroot hook, and substitute aes/des/sha256 by <cipher>_generic
if necessary. I don't like that idea though, as that bloats the script even
more and doesn't provide a general solution for the future. How shall we
know when yet another cipher module is renamed? and i fear that we will
end up with something like

case "$k_vers" in
        2.6.2[4-9]*)
                modules=$(sed -e 's/aes/aes_generic' \
                                -e 's/des/des_generic' [...])
        2.6.2[5-9]*)
                modules=$(sed -e 's/<cipher>/<cipher>_generic' \
                                [...])

which in my eyes is a nightmare to maintain.

greetings,
 jonas


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to