On Sun, Feb 10, 2008 at 01:58:34AM +0100, Jonas Meurer wrote:
On 08/02/2008 Joachim Breitner wrote:I’m not sure about his. I am pretty sure the error messages came _after_ I entered the password the first time, but _before_ cryptsetup exits, which I noticed when I entered the password wrong the first time, and the second prompt came after the error messages. I’ll make sure this observation is correct at the next boot. Also, fgrepping the contents of my initramdisk for padlock, I only get: ./lib/modules/2.6.24-1-686/kernel/drivers/crypto/padlock-aes.ko. ./lib/modules/2.6.24-1-686/kernel/drivers/crypto/padlock-sha.ko. ./sbin/cryptsetup. ./usr/lib/libcrypto.so.0.9.8. so no script is manually loading these.Still some script adds the modules to you initramdisk, but i'm not sure whether this is initramfs-tools (update-initramfs) or some thirdparty script. Maybe you could add some debugging code to /usr/share/initramfs-tools/scripts/local-top/cryptroot and/or /usr/share/initramfs-tools/hooks/cryptroot? David, could you give further advice?
/usr/lib/libcrypto.so.0.9.8 comes from the openssl package. The openssl package changelog says:
openssl (0.9.8e-1) unstable; urgency=low ... - Load padlock modules (Closes: #345656, #368476) ...So it seems that the openssl library might be responsible for loading the padlock modules.
As to why they are included in the initramfs image in the first place, the cryptsetup initramfs hook uses the initramfs-tools function manual_add_modules to add modules to the initramfs image.
manual_add_modules checks module dependencies with modprobe, so if the cryptsetup hook calls "manual_add_modules aes", the following is executed by that function (this example is for the Debian 2.6.24 kernel):
modprobe --set-version="2.6.24-1-686" --ignore-install --show-depends aes which gives this output:insmod /lib/modules/2.6.24-1-686/kernel/crypto/aes_generic.ko insmod /lib/modules/2.6.24-1-686/kernel/crypto/blkcipher.ko insmod /lib/modules/2.6.24-1-686/kernel/drivers/crypto/geode-aes.ko insmod /lib/modules/2.6.24-1-686/kernel/crypto/blkcipher.ko insmod /lib/modules/2.6.24-1-686/kernel/drivers/crypto/padlock-aes.ko insmod /lib/modules/2.6.24-1-686/kernel/arch/x86/crypto/aes-i586.ko
And all of those modules are added as a result. I think the next step would be to get some feedback from Maximilian. -- David Härdeman