Bug#896649: linux: Please enable CONFIG_DM_INTEGRITY
Package: src:linux
Severity: wishlist
dm-integrity (introduced in Linux v4.12-rc1 and cryptsetup 2.0.0)
cryptsetup 2.0.0 adds support for integrity-protected block devices
(which was introduced in Linux v4.12-rc1), but support is not yet
enabled in Debian kernels:
When loaded, a successful invocation looks something like this:
# truncate -s 8M /tmp/dmtest
# cryptsetup luksFormat --type luks2 --cipher chacha20-random --integrity poly1305 /tmp/dmtest
WARNING!
========
This will overwrite data on /tmp/dmtest irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase for /tmp/dmtest:
Verify passphrase:
Wiping device to initialize integrity checksum.
You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).
Finished, time 00:00.088, 3 MiB written, speed 33.8 MiB/s
Currently, the initialization fails with the following error:
device-mapper: reload ioctl on failed: Invalid argument
Cannot format integrity for device /tmp/dmtest.
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.15.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: