Hello, I am trying to implement device mapper using CAAM.
After configured the kernel adding all the required config options (AN12714 appendix A) and build it with the required tools (CORE_IMAGE_EXTRA_INSTALL+="coreutils keyutils lvm2 e2fsprogs-mke2fs util-linux"), I followed the Usage section (3.2) of the AN12714.
In /proc/crypto I have the tagged key registered:
name : tk(cbc(aes))
driver : tk-cbc-aes-caam
module : kernel
priority : 3000
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : yes
blocksize : 16
min keysize : 36
max keysize : 164
ivsize : 16
chunksize : 16
walksize : 16
"dmsetup targets" returns:
crypt v1.24.0
multipath v1.14.0
striped v1.6.0
linear v1.4.0
error v1.5.0
I also added the logon key into the keyring but when I try to create a new device mapper:
dmsetup -v create encrypted --table "0 $(blockdev --getsz /dev/loop0) crypt capi:tk(cbc(aes))-plain :36:logon:logkey: 0 /dev/loop0 0 1 sector_size:512"
I get the "Error decoding and setting key" error:
[18500.454877] device-mapper: table: 252:0: crypt: Error decoding and setting key (-EINVAL)
[18500.463005] device-mapper: ioctl: error adding target to table
device-mapper: reload ioctl on encrypted (252:0) failed: Invalid argument
Command failed.
If I register don't use the tk-cbc-aes key everything works:
dmsetup -v create encrypted --table "0 $(blockdev --getsz /dev/loop0) crypt aes-xts-plain64 e8cfa3dbfe373b536be43c5637387786c01be00ba5f730aacb039e86f3eb72f3 0 /dev/loop0 0"
