FS#59151 : [cryptsetup] "encrypt" initcpio hook doesn't include dm-integrity module

FS#59151 - [cryptsetup] "encrypt" initcpio hook doesn't include dm-integrity module

Attached to Project: Arch Linux
Opened by Pascal Ernster (hardfalcon) - Tuesday, 26 June 2018, 22:20 GMT
Last edited by Christian Hesse (eworm) - Thursday, 15 August 2019, 19:04 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Christian Hesse (eworm)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	3 Duncan Townsend (duncancmt) (2019-07-23) Masanori Ogino (omasanori) (2019-03-14) Tommy Schmitt (spinka) (2018-08-07)
Private	No

Details

The "encrypt" initcpio hook that ships with cryptsetup 2.0.3-2 doesn't include the dm-integrity module in the initramfs, thus failing to decrypt newer LUKS2 volumes which use authenticated encryption. Manually adding the module in /etc/mkinitcpio.conf and rebuilding the initramfs fixes the issue on my machine, but of course, the "clean" solution would be to add the module through /usr/lib/initcpio/install/encrypt.

Looking at /usr/lib/initcpio/install/sd-encrypt, the "sd-encrypt" hook seems to suffer from the same issue, but I haven't that that.

This task depends upon

Closed by Christian Hesse (eworm)
Thursday, 15 August 2019, 19:04 GMT
Reason for closing: Implemented
Additional comments about closing: cryptsetup 2.2.0-1

Comment by Duncan Townsend (duncancmt) - Tuesday, 23 July 2019, 14:47 GMT

I can confirm that this problem exists for the sd-encrypt hook as well. Adding dm_integrity to MODULES in /etc/mkinitcpio.conf fixes the problem.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#59151 - [cryptsetup] "encrypt" initcpio hook doesn't include dm-integrity module

Details

Loading...