From 2587df7f0229994678c767e02f2c5707037b2da5 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Fri, 7 Jun 2019 22:15:35 +0200 Subject: [PATCH 1/2] cryptsetup: enable kernel crypto api support again This is needed for tcrypt and the benchmark subcommand. If enabled, it is also used to unlock LUKS2 volumes and therefore the kernel modules providing this feature need to be available in our initrd. Fixes #42163. #54019. --- nixos/modules/system/boot/luksroot.nix | 1 + pkgs/os-specific/linux/cryptsetup/default.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 9dcb683eff43..b5c8d5241a3d 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -438,6 +438,7 @@ in default = [ "aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" + "af_alg" "algif_skcipher" (if pkgs.stdenv.hostPlatform.system == "x86_64-linux" then "aes_x86_64" else "aes_i586") ]; diff --git a/pkgs/os-specific/linux/cryptsetup/default.nix b/pkgs/os-specific/linux/cryptsetup/default.nix index fac62597013c..ebd09759be6e 100644 --- a/pkgs/os-specific/linux/cryptsetup/default.nix +++ b/pkgs/os-specific/linux/cryptsetup/default.nix @@ -32,7 +32,6 @@ stdenv.mkDerivation rec { NIX_LDFLAGS = "-lgcc_s"; configureFlags = [ - "--disable-kernel_crypto" "--enable-cryptsetup-reencrypt" "--with-crypto_backend=openssl" ] ++ stdenv.lib.optional enablePython "--enable-python"; From c51786bd5dab8156956852342594a1d43a6985da Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Sat, 8 Jun 2019 12:14:03 +0200 Subject: [PATCH 2/2] nixos/tests: fix luksroot installer test name Both tests were previously called "luksroot-luks2". --- nixos/tests/installer.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 5e363f5d09e9..07659b60b3b8 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -273,7 +273,7 @@ let }; }; - makeLuksRootTest = name: luksFormatOpts: makeInstallerTest "luksroot-format2" + makeLuksRootTest = name: luksFormatOpts: makeInstallerTest name { createPartitions = '' $machine->succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos"