# [Solved] Kernel not loading AES module

## rip_her_APART

Hey all my gentoo friends!

I am currently struggling with AES  :Sad: 

note: my CPU supports AES-NI.

When I am trying to 

```
cryptsetup luksFormat /dev/sdb /root/key

```

output:

```
device-mapper: reload ioctl on temporary-cryptsetup-8758 failed: No such file or directory

Failed to setup dm-crypt key mapping for device /dev/sdb.

Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).
```

modprobe aes:

```
modprobe:_FATAL: Module aes not found.
```

My first kernel conf was:

```
Device Drivers  --->

  [*] Multiple devices driver support (RAID and LVM)  --->

    <*>   Device mapper support

    <*>     Crypt target support

-*- Cryptographic API  --->

  <*>   AES cipher algorithms (x86_64)
```

from there I tried to enable almost all options, then I tried to enable AES NI and so on, nothing works.

I went from 4.1.15-gentoo-r1 kernel to 4.4.2-hardened, still same result.

What did I miss? Shouldn't be that hard to get AES modules to load?

PS: Thanks in advance!Last edited by rip_her_APART on Wed Mar 30, 2016 5:43 pm; edited 1 time in total

----------

## Ant P.

What does

```
sed -n '/aes/,/^$/p' /proc/crypto
```

print?

----------

## frostschutz

You also need block ciphers and hashing algorithms (sha-whatnots), it's used to initialize some of the other things (should be a dependency but for some reason it is not), if in doubt just enable everything crypto in the kernel and then experiment later what you can remove and what not...

I prefer AES-NI to be built-in because if it's a module and not loaded early enough, you get AES and cryptsetup opens the LUKS device fine but it's not accelerated even if you load aesni module later on...   :Exclamation: 

I'm actually not using any modules at all in my kernel, damn buggers never loaded when you need them

----------

## rip_her_APART

first of all, sorry for the late response!

It took me so long to respond since I decided to re-do everything from scratch (again  :Shocked: ) for several reasons. Now everything works fine, encrypted drives with my desired options/parameters and zfs pools. AES-NI is also enabled in kernel and print shows that it is working  :Laughing:   :Cool: 

 *Ant P. wrote:*   

> What does
> 
> ```
> sed -n '/aes/,/^$/p' /proc/crypto
> ```
> ...

 

I already tried that, but it didn't print aes-xts. Thanks though.

 *frostschutz wrote:*   

> You also need block ciphers and hashing algorithms (sha-whatnots), it's used to initialize some of the other things (should be a dependency but for some reason it is not), if in doubt just enable everything crypto in the kernel and then experiment later what you can remove and what not...
> 
> I prefer AES-NI to be built-in because if it's a module and not loaded early enough, you get AES and cryptsetup opens the LUKS device fine but it's not accelerated even if you load aesni module later on...  
> 
> I'm actually not using any modules at all in my kernel, damn buggers never loaded when you need them

 

I did define cipher, hash, keysize and so on:

```
cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sda4
```

Enabling everything in crypto didn't work and I already tried to experiment with different options   :Crying or Very sad: 

Didn't know that there was another person who is also not using modules  :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

I am also preferring "built-in" over "modules" especially for important things like AES and so on. The idea behind modules is nice but for my use-case not beneficial, although I like when it's "all about choices!"  :Very Happy: 

Thank you for your help, guys   :Very Happy: 

----------

