I try to mount external hdd that is ext4 encrypted (luks).
Installed cryptsetup and then:
$ sudo cryptsetup luksOpen /dev/sda1 EXT_HDD
Enter passphrase for /dev/sda1:
device-mapper: reload ioctl on failed: No such file or directory
Failed to setup dm-crypt key mapping for device /dev/sda1.
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).
device-mapper: remove ioctl on temporary-cryptsetup-21945 failed: No such device or address
device-mapper: table ioctl on failed: No such device or address
device-mapper: remove ioctl on temporary-cryptsetup-21945 failed: No such device or address
device-mapper: table ioctl on failed: No such device or address
device-mapper: remove ioctl on temporary-cryptsetup-21945 failed: No such device or address
device-mapper: table ioctl on failed: No such device or address
device-mapper: remove ioctl on temporary-cryptsetup-21945 failed: No such device or address
device-mapper: table ioctl on failed: No such device or address
device-mapper: remove ioctl on temporary-cryptsetup-21945 failed: No such device or address
The relevant entries in syslog:
May 8 21:58:15 freedombox kernel: [35466.556738] device-mapper: table: 254:0: crypt: Error allocating crypto tfm
May 8 21:58:15 freedombox kernel: [35466.563827] device-mapper: ioctl: error adding target to table
There is nothing in FreedomBox software that could cause issues with using LUKS encrypted drives compared to a plain Debian machine.
How was the disk connected? It is powered separately via powered USB hub or separate power cable to the disk? If not perhaps the problem is with power.
Try accessing the disk with xxd /dev/sda1. Is that yielding errors?
Or is another, perhaps unencrypted partition, mountable and accessible?
What above the disk being accessible from regular Debian machine?
If nothing works, this should be reported to Debian or Olimex.
xxd /dev/sda1 works fine. No errors.
No unencrypted partition to test.
Disk works fine on Ubuntu bionic.
It seems the kernel does not support the cipher. Found thread explaining how to see which ciphers kernel supports by doing zcat /proc/config.gz | grep CRYPTO but there is no /proc/config.gz.
Anyone more experienced? Do I need to recompile or get a newer kernel?
I was able to reproduce your issue on my Lime2 (problem is not reproducible on my FreedomBox amd64 VM):
root@freedombox:~# dd if=/dev/zero of=test-crypto-disk bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0.0555911 s, 189 MB/s
root@freedombox:~# cryptsetup luksFormat test-crypto-disk
WARNING!
========
This will overwrite data on test-crypto-disk irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase for test-crypto-disk:
Verify passphrase:
device-mapper: reload ioctl on failed: No such file or directory
Failed to setup dm-crypt key mapping for device test-crypto-disk.
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).
device-mapper: remove ioctl on temporary-cryptsetup-4461 failed: No such device or address
device-mapper: table ioctl on failed: No such device or address
device-mapper: remove ioctl on temporary-cryptsetup-4461 failed: No such device or address
device-mapper: table ioctl on failed: No such device or address
device-mapper: remove ioctl on temporary-cryptsetup-4461 failed: No such device or address
device-mapper: table ioctl on failed: No such device or address
device-mapper: remove ioctl on temporary-cryptsetup-4461 failed: No such device or address
device-mapper: table ioctl on failed: No such device or address
device-mapper: remove ioctl on temporary-cryptsetup-4461 failed: No such device or address
On a Debian machine, the kernel configuration is available from /boot. Here is the output of cat /boot/config-4.19.0-4-armmp-lpae | grep CRYPTO on my FreedomBox.
# CONFIG_ARM_CRYPTO is not set
# CONFIG_BLK_DEV_CRYPTOLOOP is not set
CONFIG_RT2X00_LIB_CRYPTO=y
CONFIG_CRYPTO=y
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=m
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_BLKCIPHER=m
CONFIG_CRYPTO_BLKCIPHER2=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_RNG=m
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=m
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_KPP=y
CONFIG_CRYPTO_ACOMP2=y
CONFIG_CRYPTO_RSA=y
CONFIG_CRYPTO_DH=y
CONFIG_CRYPTO_ECDH=m
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
CONFIG_CRYPTO_USER=m
# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
CONFIG_CRYPTO_GF128MUL=m
CONFIG_CRYPTO_NULL=m
CONFIG_CRYPTO_NULL2=y
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_WORKQUEUE=y
# CONFIG_CRYPTO_CRYPTD is not set
# CONFIG_CRYPTO_MCRYPTD is not set
CONFIG_CRYPTO_AUTHENC=m
CONFIG_CRYPTO_TEST=m
CONFIG_CRYPTO_ENGINE=m
CONFIG_CRYPTO_CCM=m
CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_AEGIS128L=m
CONFIG_CRYPTO_AEGIS256=m
CONFIG_CRYPTO_MORUS640=m
CONFIG_CRYPTO_MORUS1280=m
CONFIG_CRYPTO_SEQIV=m
CONFIG_CRYPTO_ECHAINIV=m
CONFIG_CRYPTO_CBC=m
# CONFIG_CRYPTO_CFB is not set
CONFIG_CRYPTO_CTR=m
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_ECB=m
CONFIG_CRYPTO_LRW=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
# CONFIG_CRYPTO_KEYWRAP is not set
CONFIG_CRYPTO_CMAC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_CRC32C=m
CONFIG_CRYPTO_CRC32=m
CONFIG_CRYPTO_CRCT10DIF=y
CONFIG_CRYPTO_GHASH=m
CONFIG_CRYPTO_POLY1305=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
CONFIG_CRYPTO_RMD320=m
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_SHA3=m
# CONFIG_CRYPTO_SM3 is not set
CONFIG_CRYPTO_TGR192=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_AES=y
# CONFIG_CRYPTO_AES_TI is not set
CONFIG_CRYPTO_ANUBIS=m
CONFIG_CRYPTO_ARC4=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_BLOWFISH_COMMON=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAST_COMMON=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_DES=m
CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SALSA20=m
CONFIG_CRYPTO_CHACHA20=m
CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
# CONFIG_CRYPTO_SM4 is not set
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_TWOFISH_COMMON=m
CONFIG_CRYPTO_DEFLATE=m
CONFIG_CRYPTO_LZO=y
# CONFIG_CRYPTO_842 is not set
CONFIG_CRYPTO_LZ4=m
CONFIG_CRYPTO_LZ4HC=m
# CONFIG_CRYPTO_ZSTD is not set
CONFIG_CRYPTO_ANSI_CPRNG=m
CONFIG_CRYPTO_DRBG_MENU=m
CONFIG_CRYPTO_DRBG_HMAC=y
# CONFIG_CRYPTO_DRBG_HASH is not set
# CONFIG_CRYPTO_DRBG_CTR is not set
CONFIG_CRYPTO_DRBG=m
CONFIG_CRYPTO_JITTERENTROPY=m
CONFIG_CRYPTO_USER_API=m
CONFIG_CRYPTO_USER_API_HASH=m
CONFIG_CRYPTO_USER_API_SKCIPHER=m
CONFIG_CRYPTO_USER_API_RNG=m
CONFIG_CRYPTO_USER_API_AEAD=m
CONFIG_CRYPTO_HASH_INFO=y
CONFIG_CRYPTO_HW=y
CONFIG_CRYPTO_DEV_MARVELL_CESA=m
# CONFIG_CRYPTO_DEV_FSL_CAAM is not set
# CONFIG_CRYPTO_DEV_OMAP is not set
# CONFIG_CRYPTO_DEV_SAHARA is not set
# CONFIG_CRYPTO_DEV_MXC_SCC is not set
# CONFIG_CRYPTO_DEV_EXYNOS_RNG is not set
# CONFIG_CRYPTO_DEV_S5P is not set
# CONFIG_CRYPTO_DEV_MXS_DCP is not set
CONFIG_CRYPTO_DEV_SUN4I_SS=m
# CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG is not set
# CONFIG_CRYPTO_DEV_ROCKCHIP is not set
CONFIG_CRYPTO_DEV_CHELSIO=m
CONFIG_CRYPTO_DEV_VIRTIO=m
# CONFIG_CRYPTO_DEV_CCREE is not set
This is starting to look like a bug in Debian’s configuration of the ARM kernel. If we find the missing configuration option we can file a bug report in Debian.
I guess I’ve had a similar problem. I tried to install an OlinuXino Lime2 A20 with Debian on the microSD and an HDD attached. I’ve installed the Debian Buster and encrypted a partition on the microSD and the whole HDD. Booting the freshly installed system I could unlock the microSD but not the HDD, the latter giving some “aes-xts-plain64” error, although both media have been encrypted the same way.
After I’ve found this thread pointing to some problem with Debian kernel I tried the Bullseye installer with a newer kernel and everything works fine.
My knowledge isn’t sufficient to give a more precise description, but with some support I’d be willing to reproduce this issue.