I rebooted today and found that my veracrypt volume which usually mounts on boot, is failing to mount.
Error: device-mapper: reload ioctl on veracrypt1 failed: Invalid argument
This usually indicates that veracrypt couldn’t use the kernel crypto services to decrypt the volume. So I tried mounting it with -m=nokernelcrypto
, and it works.
Here are the attributes of the volume:
Algorithm: AES
Primary Key size: 256bits
Secondary Key Size (XTS Mode): 256 bits
Block Size: 128 bts
Mode: XTS
PKCS-5 PRF: HMAC-SHA-256
Volume format verson: 2
It sure looks like the kernel supports everything I need:
» grep name /proc/crypto |grep aes
name : __xts(aes)
name : cbc(aes)
name : ccm(aes)
name : ctr(aes)
name : cbcmac(aes)
name : cmac(aes)
name : __ecb(aes)
name : gcm(aes)
name : rfc4106(gcm(aes))
name : __gcm(aes)
name : __rfc4106(gcm(aes))
name : xts(aes)
name : ctr(aes)
name : cbc(aes)
name : ecb(aes)
name : __xts(aes)
name : __ctr(aes)
name : __cbc(aes)
name : __ecb(aes)
name : aes
name : aes
I’m posting here in case there was a change in the most recent kernel updates. Pacman log says I had an update a couple of weeks ago to linux58 (5.8.6-1 -> 5.8.11-1). Veracrypt hasn’t been updated in over a month, so I doubt that’s the issue.
Any ideas?
(cross posted to Can't mount veracrypt volume using kernel crypto anymore · Issue #692 · veracrypt/VeraCrypt · GitHub )
EDIT: added link to the GH issue