Welcome to the Linux Foundation Forum!

Playing around with Luks.

Hi.

I'm going over my notes for Luks. I have two questions.

In /proc/crypto what is the difference between kernel and aesni_intel modules?

I tried to use sha256 for encryption but it failed. I used switch --cipher sha256. I have noticed that the type field in the description of the module in the /proc/crypto file says shash for some modules and cipher for others. Is this why the switch option failed?

I am looking into auto-mounting my encrypted drive. I have seen on other websites that it is necessary to use a key-file but I do not see any mention of this in the course notes. This is what the course says:

/etc/fstab:
/dev/mapper/SECRET /mnt ext4 defaults 0 0
/etc/crypttab:
SECRET /dev/sdc12

Is this all I need to auto-mount an encrypted drive?

Thanks.

Comments

  • luisviveropena
    luisviveropena Posts: 1,249
    edited July 2020

    Hi @WarrenUK ,

    In /proc/crypto what is the difference between kernel and aesni_intel modules?

    If it says "kernel" in the module parameter, it means it's the support for it is included in the kernel. Per the documentation, it says "module: the kernel module providing the cipher implementation (or “kernel” for statically linked ciphers)".

    If it says "aesni_intel", it means it's using that module name, and you can get information about it by doing "modinfo aesni_intel":

    luis@ubuntu18:~$ modinfo aesni_intel
    filename: /lib/modules/5.3.0-62-generic/kernel/arch/x86/crypto/aesni-intel.ko
    alias: crypto-aes
    alias: aes
    license: GPL
    description: Rijndael (AES) Cipher Algorithm, Intel AES-NI instructions optimized
    srcversion: 598E78B4B9CD24BD2D698B8
    alias: cpu:type:x86,venfammod:feature:0099*
    depends: glue_helper,aes-x86_64,crypto_simd
    retpoline: Y
    intree: Y
    name: aesni_intel
    vermagic: 5.3.0-62-generic SMP mod_unload
    signat: PKCS#7
    signer:
    sig_key:
    sig_hashalgo: md4

    You can see some important details here:

    https://www.kernel.org/doc/html/latest/crypto/architecture.html?highlight=proc crypto

    I am looking into auto-mounting my encrypted drive. I have seen on other websites
    that it is necessary to use a key-file but I do not see any mention of this in the course notes.
    This is what the course says:
    .
    /etc/fstab:
    /dev/mapper/SECRET /mnt ext4 defaults 0 0
    /etc/crypttab:
    SECRET /dev/sdc12
    .
    Is this all I need to auto-mount an encrypted drive?

    I just did a test editing /etc/fstab and /etc/crypttab and it mounted the partition automatically at boot. It asked the password during the boot process, of course :)

    I encourage you to do the test by yourself!

    BTW, what error did you get when using sha256? If possible, provide a screenshot.

    Many regards,
    Luis.

Categories

Upcoming Training