# util-linux-2.12 is borked?

## Klavs

Hi guys,

I'm using Util-linux-2.11z-r1 and it works beautifully (but only with kernel-2.4).

I just tried to upgrade to util-linux-2.12, as there should some stuff meaning that I could use it with kernel-2.6-testX.

I have an aes encrypted file, that I need to loop mount and I've created it using the aes encryption in Gentoo-sources - not loop-aes.sf.net (which I've heard is a lot better - whats your say on this?).

Anyways, to the point, with util-linux-2.12 I get this message when trying to do losetup -e aes /dev/loop /path/to/encrypted/file (also it doesn't ask for the Keysize anymore. I also tried to add -E 192 - but stilll I get this message:

ioctl: LOOP_SET_STATUS: Invalid argument

Anyone know what kinda crap is up with the new util-linux version?

Also, does anyone know how best to enable encrypted loopback with both linux-2.4 and 2.6 ?

----------

## Jake

Does it work if you do everything in one step with mount? mount -o loop=/dev/loop0,encryption=aes,keysize=256... is the syntax, I think. Even if you get it working, you should know that filesystems aes encrypted with the linux international patch will still fail because the linuxi version of the algorithm is wrong. Another incompatability is the lack of a password hash option.

----------

## bpardy

 *Klavs wrote:*   

> Hi guys,
> 
> I'm using Util-linux-2.11z-r1 and it works beautifully (but only with kernel-2.4).
> 
> I just tried to upgrade to util-linux-2.12, as there should some stuff meaning that I could use it with kernel-2.6-testX.
> ...

 

Hi - do you have a binary of the older working losetup available?  I upgraded to util-linux 2.12 unknowingly, and it has destroyed my ability to access my encrypted filesystems.

I'm only running kernel 2.4 so I can't believe they changed something so drastically to break backwards compatibility like that - I'm REALLY pissed off right now.

----------

## Klavs

sure I have a binary for you. I ALWAYS build packages with the feature buildpkg (or the -b option for emerge) so I can roll back (hint hint  :Wink: 

Could you try to do what is suggested above - ie.

mount -o loop=/dev/loop0,encryption=aes,keysize=256 /path/to/encrypted/file /path/to/mountpoint

and see if it works?

----------

## bpardy

 *Klavs wrote:*   

> sure I have a binary for you. I ALWAYS build packages with the feature buildpkg (or the -b option for emerge) so I can roll back (hint hint 
> 
> Could you try to do what is suggested above - ie.
> 
> mount -o loop=/dev/loop0,encryption=aes,keysize=256 /path/to/encrypted/file /path/to/mountpoint
> ...

 

If I could access anything other than my minimal 30MB unencrypted root filesystem, I'd be able to get to those package backups  :Wink: 

It's actually blowfish here, so if I try:

mount -o loop=/dev/loop0,encryption=blowfish,keysize=256 /path/to/file /path/to/mnt

That just gives me 

ioctl: LOOP_SET_STATUS: Invalid argument 

I tried changing 'blowfish' to 'blowfish-ecb' and 'blowfish-cbc', both of which then ask me to specify the fs type, after doing which I actually *am* prompted for my loop password, but I get a "wrong fs type, bad option, bad superblock on /dev/loop0" error from mount.

So about those binaries....

----------

## lu_zero

modprobe cryptoloop before losetup/mount that and you'll be fine

----------

## Klavs

I did modprobe cryptoloop before running losetup - I do now and my encrypted partition works just fine. If I run util-linux-2.12 does as described - even though cryptoloop is loaded.

----------

## lu_zero

it seems to work (just created a new loopback now) with 2.6.0test4-mm3

which kernels are you using?

----------

## mmealman

Any chance you could you go through the steps of creating a new blank encrypted file, making the fs, setting the passphrase, etc and then mounting it to a dir all under 2.6?

Rather than try to mount my old 2.4 crypted files I'd like to be able to do a blank one from scratch to see where I'm messing up and/or just maybe copy the stuff out into new crypts.

----------

## Klavs

Only one problem - it's a 50gb partition (filled at the moment) on an 80gb disk...

And If I'm going to do that (which is going to take some time, 50gb's of encrypted datatransfer takes a bit of time, on a 900mhz duron  :Smile: , I'd prefer doing it to something that actually will work for both 2.4 and 2.6.

As I've heard so far, the only thing that really works on both kernels with the same utils, is loop-aes - or am I just plain wrong on that one? I've also heard that loop-aes should be better and more stable code (can't find the link - think it was Alan Cox that had some negative things to say about cryptoloop).

----------

## Klavs

Only one problem - it's a 50gb partition (filled at the moment) on an 80gb disk...

And If I'm going to do that (which is going to take some time, 50gb's of encrypted datatransfer takes a bit of time, on a 900mhz duron  :Smile: , I'd prefer doing it to something that actually will work for both 2.4 and 2.6.

As I've heard so far, the only thing that really works on both kernels with the same utils, is loop-aes - or am I just plain wrong on that one? I've also heard that loop-aes should be better and more stable code (can't find the link - think it was Alan Cox that had some negative things to say about cryptoloop).

----------

## watersb

 *Klavs wrote:*   

>  I'd prefer doing it to something that actually will work for both 2.4 and 2.6.
> 
> As I've heard so far, the only thing that really works on both kernels with the same utils, is loop-aes - or am I just plain wrong on that one?

 

I had the same problems with loop-AES-patched util-linux 2.12.

However, I have been able to get CryptoAPI to work against 2.6 as well as 2.4 -- although not against the same exact partitions.

Please see https://forums.gentoo.org/viewtopic.php?t=31363&start=251

----------

## Klavs

it's IMHO pretty ridiculous, that you can't have an encrypted disk that works for kernel-2.4 and 2.6. I'm hoping Linux will grow up on this issue at some point and make it a bit easier.

----------

## slick

I testing cryptoloop with gentoo-sources and current util-linux-2.11 from portagetree (Useflag crypt must set to add the patch automatic). Locks good at this time...

----------

## bl00mie

i was having trouble with the afore-mentioned ideas.  

originally, i tried putting the following line into my fstab, and then just mounting the appropriate drive:

```
/dev/hda3      /opt/crypt     ext2     defaults,noauto,loop=/dev/loop5,encryption=AES256   0 0
```

but that never worked.  i always got the loop_set_status: invalid argument message.  

i also tried the mount one-liner, but again, i got the same message.  i'm using kernel 2.6.0-test11, so maybe that was the problem.

anyway, i tried that stuff after already knowing i could mount hda3 using loop-aes by hand.  i just didn't like doing it.  so i just wrote a couple scripts to do it for me for now:

```
#!/bin/bash

losetup -e AES256 /dev/loop5 /dev/hda3

mount /dev/loop5 /opt/crypt
```

as expected, it asks me for a password.  when i type it, my crypt is unlocked!

and 

```
#!/bin/bash

umount /opt/crypt

losetup -d /dev/loop5
```

i know it's not the most 1337 way to do things.  if i were good at this stuff, i'd just get it to work the right way.  

--chad

----------

## slick

i dont use the fstab. i use my own initscript. the cipher and the cryptoloop must there in the kernel (not as modules). my kernel is 2.4.20-gentoo-r8.

in this case i use a encrypted /var, /data and an encrypted swap...

the password for swap is generated by (simple) random at start for better security

this script mount the devices before localmount otherwise a lot of errors will there because the /var is not mounted

i dont know if it the right way, but works great.

# /etc/init.d/cryptomount

```

depend() {

         need checkroot modules

         before localmount

}

start() {

        ebegin "Starting crypto loop devices"

        ebegin " load encrypted partition(s)"

        /sbin/swapoff -a >& /dev/null

       until [ "$passwd" = "$passwd2" -a -n "$passwd" ]; do

               # the bash read buitlin has to support the -s option.

               # Don't use read without -s!!

               read -s -p "Enter Passphrase: " passwd; echo

               read -s -p "Re-enter Passphrase: " passwd2; echo

       done

        echo $passwd | losetup -e twofish -k 256 -P sha256 -p 0 /dev/loop1 /dev/hda6

        fsck /dev/loop1

        if [ "$?" == "0" ] ; then

                mount /dev/loop1 /var

        else

                eerror "failure (dev/loop1 - var) can't mount"

        fi

        echo $passwd | losetup -e twofish -k 256 -P sha256 -p 0 /dev/loop2 /dev/hda7

        fsck /dev/loop2

        if [ "$?" == "0" ] ; then

                mount /dev/loop2 /data

        else

                eerror "failure (/dev/loop2 - data) can't mount"

        fi

        unset $passwd

        ebegin " encrypting Swap"

        swapoff /dev/hda1 >& /dev/null

        echo "`/bin/date | /bin/sed 's/[^a-z,A-Z,0-9]//g'`$RANDOM$RANDOM$RANDOM" | /sbin/losetup -e twofish -k 128 -P sha256 -p 0 /dev/loop0 /dev/hda1

        /sbin/mkswap /dev/loop0 &> /dev/null

        /sbin/swapon /dev/loop0

        /sbin/swapon -a >& /dev/null

        return 0

}

```

----------

