On Wed, 20 Jun 2018 at 06:42:03 +0000, 901...@chiru.no wrote: > This line: > blockcipher="$(printf '%s' "$value" | cut -d':' -f1 | cut -d'-' -f1)" > should be: > blockcipher="$(printf '%s' "$value" | cut -d':' -f1 | cut -d'-' -f2)"
That's indeed the regression, causing modules required for the cipher
mode not to be included to the initrd, for instance with AES-XTS on CPUs
lacking the AES-NI instruction set.
But it's wasn't the only problem with that code. Looking closer at the
specs [0], the mapping table format for crypt target prints the cipher
specifications in the following format
cipher[:keycount]-chainmode-ivmode[:ivopts]
or (since linux 4.12)
capi:cipher_api_spec-ivmode[:ivopts]
Determining the cipher/mode/IV to use in the first format when a
keycount is present, such as "aes:64-cbc-lmk", or in the second format,
such as "capi:xts(aes)-plain64", was already broken in <2:2.0.3-2. The
former is now fixed, for the latter a warning is now displayed.
--
Guilhem.
[0]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/device-mapper/dm-crypt.txt
signature.asc
Description: PGP signature
