# Kernel does not support aes-cbc-essiv:sha256 cipher?

## frozenQueue

I have a Gentoo x86 system with full disk encryption (with LVM layered on top of that). I have been running linux-2.6.35-gentoo-r4 and have had no trouble unlocking the luks encryption during boot up.

However, recently I "upgraded" to linux-2.6.34-gentoo-r12 to sync with what Portage said was the latest gentoo-sources kernel. But when I boot up, after entering the password to unlock the drive, the boot up procedure tells me to it cannot unlock the drive and to check if the kernel supports the aes-cbc-essiv: sha256 cipher. However, this is confusing because in the kernel config I have all the aes* and the sha* encryption options selected to be statically compiled in, and this is the genkernel line I used to build it:

```
genkernel --menuconfig --lvm --luks --save-config --bootloader=grub all
```

I can get back into my system by selecting the old kernel and initramfs in grub.

```
# emerge --info

Portage 2.1.8.3 (default/linux/x86/10.0/desktop/gnome, gcc-4.4.4, glibc-2.11.2-r3, 2.6.35-gentoo-r4 i686)

=================================================================

System uname: Linux-2.6.35-gentoo-r4-i686-Intel-R-_Atom-TM-_CPU_N270_@_1.60GHz-with-gentoo-1.12.14

Timestamp of tree: Fri, 12 Nov 2010 18:00:20 +0000

distcc 3.1 i686-pc-linux-gnu [disabled]

app-shells/bash:     4.1_p7

dev-java/java-config: 2.1.11-r1

dev-lang/python:     2.6.5-r3, 3.1.2-r4

dev-util/cmake:      2.8.1-r2

sys-apps/baselayout: 1.12.14-r1

sys-apps/sandbox:    2.3-r1

sys-devel/autoconf:  2.13, 2.65-r1

sys-devel/automake:  1.9.6-r3, 1.10.3, 1.11.1

sys-devel/binutils:  2.20.1-r1

sys-devel/gcc:       4.4.4-r2

sys-devel/gcc-config: 1.4.1

sys-devel/libtool:   2.2.10

sys-devel/make:      3.81-r2

virtual/os-headers:  2.6.30-r1

ACCEPT_KEYWORDS="x86"

ACCEPT_LICENSE="* -@EULA"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-O2 -march=i686 -pipe -m32"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/share/X11/xkb"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"

CXXFLAGS="-O2 -march=i686 -pipe -m32"

DISTDIR="/usr/portage/distfiles"

FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"

GENTOO_MIRRORS="http://distfiles.gentoo.org"

LANG="en_US.UTF-8"

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

MAKEOPTS="-j1"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive   --links   --safe-links  --perms  --times  --compress  --force --whole-file  --delete  --stats  --timeout=180   --exclude='/distfiles'   --exclude='/local' --exclude='/packages' --bwlimit=10"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="X a52 aac acl acpi alsa bash-completion berkdb bluetooth branding bzip2 cairo cdr cli consolekit cracklib crypt cups cxx dbus dell dri dts dvd dvdr eds emacs emboss encode evo exif fam firefox flac fortran gdbm gdu gif gnome gnome-keyring gpm gstreamer gtk hal iconv ipv6 jpeg laptop lcms ldap libnotify mad mikmod mmx mng modules mp3 mp4 mpeg mudflap nautilus ncurses nls nptl nptlonly ogg opengl openmp pam pango pcre pdf perl png policykit ppds pppd python qt3support qt4 readline sdl session spell sse sse2 ssl ssse3 startup-notification svg sysfs tcpd tiff truetype unicode usb vorbis x264 x86 xcb xml xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

```

----------

## mr.sande

I can confim that gentoo-sources-2.6.34-r12 does work with aes-cbc-essiv:sha256 and LUKS. Have you checked if CBC support (CONFIG_CRYPTO_CBC) built in?

edit: typo

----------

## frozenQueue

It was selected, but as a module, which obviously doesn't work in my case. Thanks.

----------

