I rebooted today and found that my veracrypt volume which usually mounts on boot, is failing to mount.
Error: device-mapper: reload ioctl on veracrypt1 failed: Invalid argument
This usually indicates that veracrypt couldn’t use the kernel crypto services to decrypt the volume. So I tried mounting it with
-m=nokernelcrypto, and it works.
Here are the attributes of the volume:
Algorithm: AES Primary Key size: 256bits Secondary Key Size (XTS Mode): 256 bits Block Size: 128 bts Mode: XTS PKCS-5 PRF: HMAC-SHA-256 Volume format verson: 2
It sure looks like the kernel supports everything I need:
» grep name /proc/crypto |grep aes name : __xts(aes) name : cbc(aes) name : ccm(aes) name : ctr(aes) name : cbcmac(aes) name : cmac(aes) name : __ecb(aes) name : gcm(aes) name : rfc4106(gcm(aes)) name : __gcm(aes) name : __rfc4106(gcm(aes)) name : xts(aes) name : ctr(aes) name : cbc(aes) name : ecb(aes) name : __xts(aes) name : __ctr(aes) name : __cbc(aes) name : __ecb(aes) name : aes name : aes
I’m posting here in case there was a change in the most recent kernel updates. Pacman log says I had an update a couple of weeks ago to linux58 (5.8.6-1 -> 5.8.11-1). Veracrypt hasn’t been updated in over a month, so I doubt that’s the issue.
EDIT: added link to the GH issue