#define DM_KEY_WIPE_SUPPORTED (1 << 0) /* key wipe message */
#define DM_LMK_SUPPORTED (1 << 1) /* lmk mode */
#define DM_SECURE_SUPPORTED (1 << 2) /* wipe (secure) buffer flag */
+#define DM_PLAIN64_SUPPORTED (1 << 3) /* plain64 IV */
uint32_t dm_flags(void);
const char *dm_get_dir(void);
if (dm_maj >= 4 && dm_min >= 20)
_dm_crypt_flags |= DM_SECURE_SUPPORTED;
+ /* not perfect, 2.6.33 supports with 1.7.0 */
+ if (crypt_maj >= 1 && crypt_min >= 8)
+ _dm_crypt_flags |= DM_PLAIN64_SUPPORTED;
+
/* Repeat test if dm-crypt is not present */
if (crypt_maj > 0)
_dm_crypt_checked = 1;
uint32_t flags)
{
uint64_t size, offset;
+ uint32_t req_flags;
char *cipher;
const char *device;
int read_only, r;
if (r)
return r;
- if (keys_count == 1)
+ if (keys_count == 1) {
+ req_flags = DM_PLAIN64_SUPPORTED;
r = asprintf(&cipher, "%s-%s", base_cipher, "cbc-plain64");
- else
+ } else {
+ req_flags = DM_LMK_SUPPORTED;
r = asprintf(&cipher, "%s:%d-%s", base_cipher, 64, "cbc-lmk");
+ }
if (r < 0)
return -ENOMEM;
size, offset, offset, vk->keylength, vk->key,
read_only, 0);
- if (!r && keys_count != 1 && !(dm_flags() & DM_LMK_SUPPORTED)) {
+ if (!r && !(dm_flags() & req_flags)) {
log_err(cd, _("Kernel doesn't support loop-AES compatible mapping.\n"));
r = -ENOTSUP;
}