[Pkg-cryptsetup-devel] Bug#464673: Bug#464673: cryptsetup seems to try to load some padlock modules

David Härdeman david at hardeman.nu
Sun Feb 10 14:04:48 UTC 2008 

On Sun, Feb 10, 2008 at 01:58:34AM +0100, Jonas Meurer wrote:
>On 08/02/2008 Joachim Breitner wrote:
>> I’m not sure about his. I am pretty sure the error messages came _after_
>> I entered the password the first time, but _before_ cryptsetup exits,
>> which I noticed when I entered the password wrong the first time, and
>> the second prompt came after the error messages.
>> 
>> I’ll make sure this observation is correct at the next boot.
>> 
>> Also, fgrepping the contents of my initramdisk for padlock, I only get:
>> ./lib/modules/2.6.24-1-686/kernel/drivers/crypto/padlock-aes.ko.
>> ./lib/modules/2.6.24-1-686/kernel/drivers/crypto/padlock-sha.ko.
>> ./sbin/cryptsetup.
>> ./usr/lib/libcrypto.so.0.9.8.
>> 
>> so no script is manually loading these.
>
>Still some script adds the modules to you initramdisk, but i'm not sure
>whether this is initramfs-tools (update-initramfs) or some thirdparty
>script. Maybe you could add some debugging code to
>/usr/share/initramfs-tools/scripts/local-top/cryptroot and/or
>/usr/share/initramfs-tools/hooks/cryptroot?
>
>David, could you give further advice?

/usr/lib/libcrypto.so.0.9.8 comes from the openssl package. The openssl 
package changelog says:

openssl (0.9.8e-1) unstable; urgency=low
...
    - Load padlock modules (Closes: #345656, #368476)
...

So it seems that the openssl library might be responsible for loading 
the padlock modules.

As to why they are included in the initramfs image in the first place, 
the cryptsetup initramfs hook uses the initramfs-tools function 
manual_add_modules to add modules to the initramfs image.

manual_add_modules checks module dependencies with modprobe, so if the 
cryptsetup hook calls "manual_add_modules aes", the following is 
executed by that function (this example is for the Debian 2.6.24 
kernel):

modprobe --set-version="2.6.24-1-686" --ignore-install --show-depends aes

which gives this output:

insmod /lib/modules/2.6.24-1-686/kernel/crypto/aes_generic.ko 
insmod /lib/modules/2.6.24-1-686/kernel/crypto/blkcipher.ko 
insmod /lib/modules/2.6.24-1-686/kernel/drivers/crypto/geode-aes.ko 
insmod /lib/modules/2.6.24-1-686/kernel/crypto/blkcipher.ko 
insmod /lib/modules/2.6.24-1-686/kernel/drivers/crypto/padlock-aes.ko 
insmod /lib/modules/2.6.24-1-686/kernel/arch/x86/crypto/aes-i586.ko 

And all of those modules are added as a result.

I think the next step would be to get some feedback from Maximilian.

-- 
David Härdeman

More information about the Pkg-cryptsetup-devel mailing list