Re: [Pkg-cryptsetup-devel] Bug#464673: cryptsetup seems to try to load some padlock modules

To: Joachim Breitner <nomeata@debian.org>, 464673@bugs.debian.org, Debian-Kernel <debian-kernel@lists.debian.org>
Cc: David Härdeman <david@hardeman.nu>
Subject: Re: [Pkg-cryptsetup-devel] Bug#464673: cryptsetup seems to try to load some padlock modules
From: Jonas Meurer <jonas@freesources.org>
Date: Mon, 18 Feb 2008 18:06:45 +0100
Message-id: <[🔎] 20080218170645.GA3397@freesources.org>
In-reply-to: <[🔎] 20080210140448.GA20357@hardeman.nu>
References: <20080208091904.4330.68877.reportbug@otto.ehbuehl.net> <20080208101338.GA8991@freesources.org> <1202466805.4412.3.camel@otto.ehbuehl.net> <20080208122901.GC8991@freesources.org> <1202475435.7822.8.camel@otto.ehbuehl.net> <[🔎] 20080208131658.GD8991@freesources.org> <[🔎] 1202477588.7822.13.camel@otto.ehbuehl.net> <[🔎] 20080210005834.GA7596@freesources.org> <[🔎] 20080210140448.GA20357@hardeman.nu>

On 10/02/2008 David Härdeman wrote:
> As to why they are included in the initramfs image in the first place,  
> the cryptsetup initramfs hook uses the initramfs-tools function  
> manual_add_modules to add modules to the initramfs image.
>
> manual_add_modules checks module dependencies with modprobe, so if the  
> cryptsetup hook calls "manual_add_modules aes", the following is  
> executed by that function (this example is for the Debian 2.6.24  
> kernel):
>
> modprobe --set-version="2.6.24-1-686" --ignore-install --show-depends aes
>
> which gives this output:
>
> insmod /lib/modules/2.6.24-1-686/kernel/crypto/aes_generic.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/crypto/blkcipher.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/drivers/crypto/geode-aes.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/crypto/blkcipher.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/drivers/crypto/padlock-aes.ko insmod 
> /lib/modules/2.6.24-1-686/kernel/arch/x86/crypto/aes-i586.ko 
>
> And all of those modules are added as a result.
>
> I think the next step would be to get some feedback from Maximilian.

I discussed the issue with maks and waldi on irc today, and finally
waldi told me that the aes module where renamed to aes_generic in kernel
2.6.24. The same goes for des, sha1 and sha256 modules.
All aes* modules do have an alias for aes, thus modprobe from
manual_add_modules() produces the list above.

The proposed fix for this is to check for kernel version in the
initramfs cryptroot hook, and substitute aes/des/sha256 by <cipher>_generic
if necessary. I don't like that idea though, as that bloats the script even
more and doesn't provide a general solution for the future. How shall we
know when yet another cipher module is renamed? and i fear that we will
end up with something like

case "$k_vers" in
	2.6.2[4-9]*)
		modules=$(sed -e 's/aes/aes_generic' \
				-e 's/des/des_generic' [...])
	2.6.2[5-9]*)
		modules=$(sed -e 's/<cipher>/<cipher>_generic' \
				[...])

which in my eyes is a nightmare to maintain.

greetings,
 jonas

Reply to:

References:
- Re: [Pkg-cryptsetup-devel] Bug#464673: cryptsetup seems to try to load some padlock modules
  - From: Jonas Meurer <jonas@freesources.org>
- Re: [Pkg-cryptsetup-devel] Bug#464673: cryptsetup seems to try to load some padlock modules
  - From: Joachim Breitner <nomeata@debian.org>
- Re: [Pkg-cryptsetup-devel] Bug#464673: cryptsetup seems to try to load some padlock modules
  - From: Jonas Meurer <jonas@freesources.org>
- Re: [Pkg-cryptsetup-devel] Bug#464673: cryptsetup seems to try to load some padlock modules
  - From: David Härdeman <david@hardeman.nu>

Prev by Date: Re: Future of the linux udebs
Next by Date: Re: Future of the linux udebs
Previous by thread: Re: [Pkg-cryptsetup-devel] Bug#464673: cryptsetup seems to try to load some padlock modules
Next by thread: Processing of linux-modules-extra-2.6_2.6.24-3_i386.changes
Index(es):
- Date
- Thread