Welcome to the Linux Foundation Forum!

Playing around with Luks.

Hi.

I'm going over my notes for Luks. I have two questions.

In /proc/crypto what is the difference between kernel and aesni_intel modules?

I tried to use sha256 for encryption but it failed. I used switch --cipher sha256. I have noticed that the type field in the description of the module in the /proc/crypto file says shash for some modules and cipher for others. Is this why the switch option failed?

I am looking into auto-mounting my encrypted drive. I have seen on other websites that it is necessary to use a key-file but I do not see any mention of this in the course notes. This is what the course says:

/etc/fstab:
/dev/mapper/SECRET /mnt ext4 defaults 0 0
/etc/crypttab:
SECRET /dev/sdc12

Is this all I need to auto-mount an encrypted drive?

Thanks.

Comments

  • Posts: 1,273
    edited July 2020

    Hi @WarrenUK ,

    In /proc/crypto what is the difference between kernel and aesni_intel modules?

    If it says "kernel" in the module parameter, it means it's the support for it is included in the kernel. Per the documentation, it says "module: the kernel module providing the cipher implementation (or “kernel” for statically linked ciphers)".

    If it says "aesni_intel", it means it's using that module name, and you can get information about it by doing "modinfo aesni_intel":

    luis@ubuntu18:~$ modinfo aesni_intel
    filename: /lib/modules/5.3.0-62-generic/kernel/arch/x86/crypto/aesni-intel.ko
    alias: crypto-aes
    alias: aes
    license: GPL
    description: Rijndael (AES) Cipher Algorithm, Intel AES-NI instructions optimized
    srcversion: 598E78B4B9CD24BD2D698B8
    alias: cpu:type:x86,venfammod:feature:0099*
    depends: glue_helper,aes-x86_64,crypto_simd
    retpoline: Y
    intree: Y
    name: aesni_intel
    vermagic: 5.3.0-62-generic SMP mod_unload
    signat: PKCS#7
    signer:
    sig_key:
    sig_hashalgo: md4

    You can see some important details here:

    https://www.kernel.org/doc/html/latest/crypto/architecture.html?highlight=proc crypto

    I am looking into auto-mounting my encrypted drive. I have seen on other websites
    that it is necessary to use a key-file but I do not see any mention of this in the course notes.
    This is what the course says:
    .
    /etc/fstab:
    /dev/mapper/SECRET /mnt ext4 defaults 0 0
    /etc/crypttab:
    SECRET /dev/sdc12
    .
    Is this all I need to auto-mount an encrypted drive?

    I just did a test editing /etc/fstab and /etc/crypttab and it mounted the partition automatically at boot. It asked the password during the boot process, of course :)

    I encourage you to do the test by yourself!

    BTW, what error did you get when using sha256? If possible, provide a screenshot.

    Many regards,
    Luis.

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training