SOLVED: Re: ecryptfs missing twofish support?

Charles Curley charlescurley at charlescurley.com
Tue Jul 12 08:52:01 MDT 2011 

On Tue, 12 Jul 2011 08:16:07 -0600
Aaron Toponce <aaron.toponce at gmail.com> wrote:

> On Tue, Jul 12, 2011 at 07:59:06AM -0600, Paul N wrote:
> > On Mon, Jul 11, 2011 at 3:39 PM, Charles Curley
> > <charlescurley at charlescurley.com> wrote:
> > > On Sun, 10 Jul 2011 17:59:53 -0600
> > > Charles Curley <charlescurley at charlescurley.com> wrote:
> > >
> > > So why would changing kernels bring back twofish encryption?
> >
> > IIRC, twofish is set in the kernel using CONFIG_CRYPTO_TWOFISH in
> > the config file. The parameter probably wasn't set for your newer
> > kernel. I think there's a way to see the config file inside the
> > running kernel, or there could be a copy of it in /boot...

Thanks, Paul.

> 
> If you are running Ubuntu, which I think you are,

Yes.

> then you should
> have a /boot/config-2.6.* for your kernel. That file will give you
> all the compile-time flags for that specific kernel.
> 
> For me on Debian, I have the following set with regards to Twofish:
> 
>     CONFIG_CRYPTO_TWOFISH=m
>     CONFIG_CRYPTO_TWOFISH_COMMON=m
>     CONFIG_CRYPTO_TWOFISH_586=m
> 
> This means that it's compiled as a module, and I need to use
> modprobe(8) to load it, and/or lsmod(8) to see if it is already
> loaded:
> 
>     # modprobe twofish
>     # lsmod | grep twofish
>     twofish_generic        16569  0
>     twofish_x86_64         12501  0
>     twofish_common         20544  2 twofish_generic,twofish_x86_64
> 
> Hope that helps.

Yes.

So far so good. Using the older kernel, where twofish is available.

root at dzur:/boot# grep TWOFISH config-2.6.3*
config-2.6.35-30-generic:CONFIG_CRYPTO_TWOFISH=m
config-2.6.35-30-generic:CONFIG_CRYPTO_TWOFISH_COMMON=m
config-2.6.35-30-generic:CONFIG_CRYPTO_TWOFISH_X86_64=m
config-2.6.38-8-generic:CONFIG_CRYPTO_TWOFISH=m
config-2.6.38-8-generic:CONFIG_CRYPTO_TWOFISH_COMMON=m
config-2.6.38-8-generic:CONFIG_CRYPTO_TWOFISH_X86_64=m
root at dzur:/boot# lsmod | grep twofish
twofish                 5923  1 
twofish_common         14655  1 twofish
root at dzur:/boot# uname -a
Linux dzur 2.6.35-30-generic #54-Ubuntu SMP Tue Jun 7 18:41:54 UTC 2011
x86_64 x86_64 x86_64 GNU/Linux root at dzur:/boot# 

This is the older kernel; I will reboot to the newer one shortly and
test that. On the older kernel, I have twofish with no modprobe that I
know of. I don't see it in /etc/modules, nor does it show up in:

root at dzur:/etc# find modprobe.d/ -type f | xargs grep twofish
root at dzur:/etc# 

After rebooting to the newer kernel, I see it isn't there:

root at dzur:~# lsmod | grep twofish
root at dzur:~# uname -a
Linux dzur 2.6.38-8-generic #42-Ubuntu SMP Mon Apr 11 03:31:24 UTC 2011
x86_64 x86_64 x86_64 GNU/Linux root at dzur:~#


So it somehow got loaded for the older kernel, but not for the newer
one.

I added twofish to /etc/modules and it now shows up after a reboot:

root at dzur:~# lsmod | grep twofish
twofish_generic        16635  0 
twofish_x86_64         12567  0 
twofish_common         20919  2 twofish_generic,twofish_x86_64

and twofish shows up in the menu for ecryptfs.

Aaron, thanks for the lucid explanation and example commands. I'll blog
this later today in case anyone else hits it.

There's probably a more elegant solution, but this works for me.



-- 

Charles Curley                  /"\    ASCII Ribbon Campaign
Looking for fine software       \ /    Respect for open standards
and/or writing?                  X     No HTML/RTF in email
http://www.charlescurley.com    / \    No M$ Word docs in email

Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20110712/8e8b6645/attachment.bin

More information about the PLUG mailing list