Error added: 2006-10-30T09:53:02Z
The kernel doesn\'t have support for the cipher that was asked for. This could be due to a missing module (ciphername.ko, for example serpent.ko) for the cipher, or that the cipher was not included when the kernel was configured. If the problem occurs during the boot process, the module is probably missing from the initrd.img (the initial ram file system loaded at boot time) corresponding to the kernel version and set up by the boot loader.
This config works for me, found out that adding x86_64 aes solved the problem, though I didn\'t use aes-cbc-essiv:sha256 # CONFIG_BLK_DEV_CRYPTOLOOP is not set CONFIG_CRYPTO=y CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_MANAGER=y # CONFIG_CRYPTO_HMAC is not set # CONFIG_CRYPTO_XCBC is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_MD4 is not set # CONFIG_CRYPTO_MD5 is not set # CONFIG_CRYPTO_SHA1 is not set CONFIG_CRYPTO_SHA256=y # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_WP512 is not set # CONFIG_CRYPTO_TGR192 is not set # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_ECB is not set CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_CRYPTD is not set # CONFIG_CRYPTO_DES is not set # CONFIG_CRYPTO_FCRYPT is not set # CONFIG_CRYPTO_BLOWFISH is not set # CONFIG_CRYPTO_TWOFISH is not set # CONFIG_CRYPTO_TWOFISH_X86_64 is not set # CONFIG_CRYPTO_SERPENT is not set # CONFIG_CRYPTO_AES is not set CONFIG_CRYPTO_AES_X86_64=y # CONFIG_CRYPTO_CAST5 is not set # CONFIG_CRYPTO_CAST6 is not set # CONFIG_CRYPTO_TEA is not set # CONFIG_CRYPTO_ARC4 is not set # CONFIG_CRYPTO_KHAZAD is not set # CONFIG_CRYPTO_ANUBIS is not set # CONFIG_CRYPTO_DEFLATE is not set # CONFIG_CRYPTO_MICHAEL_MIC is not set # CONFIG_CRYPTO_CRC32C is not set # CONFIG_CRYPTO_CAMELLIA is not set # CONFIG_CRYPTO_TEST is not set # CONFIG_CRYPTO_HW is not set
Remember to have chaininiv.ko, rng.ko and krng.ko modules available.
If you\'re using truecrypt - you need to either use this :- --mount-options=nokernelcrypto or TrueCrypt>>Settings>>Preferences>>System Integration and checking the box for \"Do not use kernel cryptographic services\" or possibly recompile your kernel to use whatever crypto routines were selected for the volume you\'re trying to mount.
adding LRW and XTS (in addiction to the modules for the encryption algorithms choosen for the volume) worked on my gentoo whithout the need of the --mount-options=nokernelcrypto flag for truecrypt. [*] Cryptographic API ---> ..... <*> LRW support <*> XTS support .....
If you use aes-cbc-essiv:sha256 as cipher you need the modules dm-crypt, aes, cbc, sha256, and blkcipher in the initial ram disk (added with i.e. --with=cbc when using mkinitrd).
Well, in my case there was not loaded cryptomgr module. I\'d think cipers are dependent on it but clearly it is not the case. I have module autoloading turned off and I\'ve read that it would load it.
modprobing dm-crypt, aes, cbc, sha256, and blkcipher were the final straws for me on this one (actually, it was aes_generic, sha512, sha256_generic, cryptomgr. YMMV); that and making sure that my cryptsetup was the built in the same way as my kernel (for a gentoo system, this entailed re-emerging cryptsetup after doing a kernel rebuild)
If you know the answer, please add your own solution below.
If you don't know, but find out later, please come back and share your answer - there will be other people
struggling with this too.
If you want to be notified via email when this is solved, enter your email address here: