armv8crypto.ko has AES-CBC 128. The following command caused a kernel panic using armv8crypto.ko . root@espresso:~ # geli init -e AES-CBC -s 4096 -K /etc/geli/da0p2.key /dev/da0p2 root@espresso:~ # geli attach -k /etc/geli/da0p2.key /dev/da0p2 Enter passphrase: GEOM_ELI: Device da0p2.eli created. GEOM_ELI: Encryption: AES-CBC 128 GEOM_ELI: Crypto: hardware panic: CRD_F_KEY_EXPLICIT cpuid = 1 time = 1573038302 KDB: stack backtrace: #0 0xffff00000043c3a4 at kdb_backtrace+0x60 #1 0xffff0000003f2b74 at vpanic+0x18c #2 0xffff0000003f29e4 at panic+0x44 #3 0xffff000053882910 at armv8_crypto_process+0x220 #4 0xffff000000634a38 at crypto_dispatch+0x164 #5 0xffff00005384a1d4 at g_eli_crypto_run+0x244 #6 0xffff000053843c8c at g_eli_worker+0x404 #7 0xffff0000003b4c74 at fork_exit+0x90 Uptime: 13h42m12s Dumping 127 out of 999 MB: More information about 'CRD_F_KEY_EXPLICIT' can be found from 'man -S9 crypto' : "When the CRD_F_KEY_EXPLICIT flag is set, the crd_key points to a buffer with encryption or authentication key." The key file contains 64 B data from random: root@espresso:~ # file /etc/geli/da0p2.key /etc/geli/da0p2.key: data root@espresso:~ # ls -l /etc/geli/da0p2.key -rw-r--r-- 1 root wheel 64 Nov 6 12:42 /etc/geli/da0p2.key root@espresso:~ # hexdump -C /etc/geli/da0p2.key 00000000 87 25 16 38 b0 dc 4b f3 86 fb 10 0b 2d 1d 9a 98 |.%.8..K.....-...| 00000010 0a 38 c7 79 0f a9 7f f4 2f 57 45 6e 56 5e 4d ff |.8.y..../WEnV^M.| 00000020 1a f5 1e f2 78 98 56 85 41 1d 33 3e e0 4e e7 8d |....x.V.A.3>.N..| 00000030 ff f7 f0 98 8f 93 cf d0 49 83 e4 3c ff dd 24 62 |........I..<..$b| 00000040 Adding more bytes to the key file, 4096 B did not help. File ownership 'chmod 400' did not help. Changing the random bytes to human readable characters and removing the sector size '-s' from init did not help. root@espresso:~ # uname -a FreeBSD espresso 12.1-RELEASE FreeBSD 12.1-RELEASE #3 r358082M: Mon Nov 4 23:41:54 EET 2019 root@espresso:/usr/obj/usr/src/arm64.aarch64/sys/ESPRESSOBIN arm64
After looking at the code, the module file 'armv8_crypto.c' calls 'panic' if the flag is set: if ((enccrd->crd_flags & CRD_F_KEY_EXPLICIT) != 0) { panic("CRD_F_KEY_EXPLICIT"); } This happens in a subfunction of a declared function: DEVMETHOD(cryptodev_process, armv8_crypto_process) Where the key is given in and what is the reason, I've not yet had time solve. Where can I find more information about kernel modules and what are the declarations?
I'm not able to reproduce this on an espressobin running recent HEAD. The opencrypto code and drivers have been refactored quite a bit in the meantime, so this exact panic() call is gone now.
This was fixed in commit c03414326909ed7a740be3ba63fbbef01fe513a8. Note that this fix is only in 13 and is not likely to be merged to 12.