I'm playing around with cryptsetup looking to get authenticated encryption configured on a spare drive. I am hitting an issue when updating the initramfs. I created a quick VM installing debian 12.2.0 and ran the below to test getting the same issue. Imagine I'm very likely doing something quite wrong here as this is my first time trying to enable authenticated encryption instead of just luks2 alone. Looking around I don't see much on the topic outside of articles/docs describing similar steps to what I performed below. Any advice or wisdom is appreciated ^.^
Code:
root@Burner:~# cryptsetup --versioncryptsetup 2.6.1 flags: UDEV BLKID KEYRING KERNEL_CAPI
Code:
root@Burner:~# lsb_release --allNo LSB modules are available.Distributor ID:DebianDescription:Debian GNU/Linux 12 (bookworm)Release:12Codename:bookworm
Code:
root@Burner:~# uname -aLinux Burner 6.1.0-26-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64 GNU/Linux
Code:
root@Burner:~# lsblkNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTSsda 8:0 0 32G 0 disk ├─sda1 8:1 0 31G 0 part /├─sda2 8:2 0 1K 0 part └─sda5 8:5 0 975M 0 part [SWAP]sdb 8:16 0 1G 0 disk
Code:
root@Burner:~# cryptsetup luksFormat --type luks2 --integrity hmac-sha256 /dev/sdbWARNING!========This will overwrite data on /dev/sdb irrevocably.Are you sure? (Type 'yes' in capital letters): YESEnter passphrase for /dev/sdb: Verify passphrase: Wiping device to initialize integrity checksum.You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).Finished, time 00m04s, 941 MiB written, speed 218.5 MiB/s
Code:
root@Burner:~# cryptsetup luksDump /dev/sdbLUKS header informationVersion: 2Epoch: 3Metadata area: 16384 [bytes]Keyslots area: 16744448 [bytes]UUID: 3382b1d1-1881-46b6-ac9b-1cf71b910bb0Label: (no label)Subsystem: (no subsystem)Flags: (no flags)Data segments: 0: cryptoffset: 16777216 [bytes]length: (whole device)cipher: aes-xts-plain64sector: 512 [bytes]integrity: hmac(sha256)Keyslots: 0: luks2Key: 768 bitsPriority: normalCipher: aes-xts-plain64Cipher key: 512 bitsPBKDF: argon2idTime cost: 13Memory: 1048576Threads: 4Salt: ca a7 fc 77 0f 8f 85 8a 5f 5c 8a 50 13 77 c1 c4 cb bd 8b 7a 89 0b 02 d5 c0 99 3c 1a 72 31 89 88 AF stripes: 4000AF hash: sha256Area offset:32768 [bytes]Area length:385024 [bytes]Digest ID: 0Tokens:Digests: 0: pbkdf2Hash: sha256Iterations: 98698Salt: 37 09 c4 b3 87 d6 30 ac 80 c6 a1 48 a5 f9 4d c3 ce 00 76 b7 05 e6 7a 09 a9 ff 3f d9 a0 76 0b bc Digest: e0 71 b2 83 d2 0f 02 f7 7c 74 f8 65 6f d9 d3 e2 e9 6c cb 11 0e 7f b6 f6 4b 12 6e 88 e8 4f a4 db
Code:
root@Burner:~# cryptsetup luksOpen /dev/sdb crypt-testEnter passphrase for /dev/sdb:
Code:
root@Burner:~# lsblkNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTSsda 8:0 0 32G 0 disk ├─sda1 8:1 0 31G 0 part /├─sda2 8:2 0 1K 0 part └─sda5 8:5 0 975M 0 part [SWAP]sdb 8:16 0 1G 0 disk └─crypt-test_dif 254:0 0 941M 0 crypt └─crypt-test 254:1 0 941M 0 crypt
Code:
root@Burner:~# blkid /dev/sdb/dev/sdb: UUID="3382b1d1-1881-46b6-ac9b-1cf71b910bb0" TYPE="crypto_LUKS"
Code:
root@Burner:~# cat >> /etc/crypttab <<EOF> crypt-test UUID=3382b1d1-1881-46b6-ac9b-1cf71b910bb0 none luks,discard,initramfs> EOF
Code:
root@Burner:~# update-initramfs -u -k allupdate-initramfs: Generating /boot/initrd.img-6.1.0-26-amd64cryptsetup: ERROR: crypt-test: Source mismatchcryptsetup: WARNING: Couldn't determine cipher modules to load for crypt-test (kernel crypto API format isn't supported yet)update-initramfs: Generating /boot/initrd.img-6.1.0-13-amd64cryptsetup: ERROR: crypt-test: Source mismatchcryptsetup: WARNING: Couldn't determine cipher modules to load for crypt-test (kernel crypto API format isn't supported yet)
Statistics: Posted by moddingfox — 2024-11-05 06:44 — Replies 0 — Views 11