@@ -195,16 +195,31 @@ def _read_cryptsetup_header(self, mapped_name: str, slave_device: str = None) ->
195195 self .logger .warning ("Cannot read detached LUKS header for validation: %s" % e )
196196 return {}
197197
198+ def _detect_luks_aes_module (self , luks_cipher_name : str ) -> None :
199+ """Using the cipher name from the LUKS header, detects the corresponding kernel module."""
200+ if luks_cipher_name .startswith ("aes" ):
201+ self ["_kmod_auto" ] = "aes" # Try to enable the aesni module for any aes type
202+
203+ aes_type = luks_cipher_name .split ("-" )[1 ] # Get the cipher type from the name
204+ self ["_kmod_auto" ] = aes_type # Add the aes type to the kernel modules
205+
206+ crypto_name = f"{ aes_type } # Format the name like the /proc/crypto entry
207+ crypto_config = self ["_crypto_ciphers" ][crypto_name ]
208+ if crypto_config ["module" ] == "kernel" :
209+ self .logger .debug ("Cipher kernel modules are builtin: %s" % crypto_name )
210+ else :
211+ self .logger .info ("[%s] Adding kernel module for LUKS cipher: %s" % (crypto_name , crypto_config ["module" ]))
212+ self ["_kmod_auto" ] = crypto_config ["module" ]
198213
199214def _detect_luks_header_aes (self , luks_info : dict ) -> dict :
200215 """Checks the cipher type in the LUKS header, reads /proc/crypto to find the
201216 corresponding driver. If it's not builtin, adds the module to the kernel modules."""
202217 for keyslot in luks_info .get ("keyslots" , {}).values ():
203218 if keyslot .get ("area" , {}).get ("encryption" ).startswith ("aes" ):
204- self [ "_kmod_auto" ] = "aes"
219+ _detect_luks_aes_module ( self , keyslot [ "area" ][ "encryption" ])
205220 for segment in luks_info .get ("segments" , {}).values ():
206221 if segment .get ("encryption" ).startswith ("aes" ):
207- self [ "_kmod_auto" ] = "aes"
222+ _detect_luks_aes_module ( self , segment [ "encryption" ])
208223
209224def _detect_luks_header_sha (self , luks_info : dict ) -> dict :
210225 """Reads the hash algorithm from the LUKS header,
0 commit comments