Hi.

I'm brand new to Linode, and I've set mine up using Arch Linux i686 with kernel "Latest 2.6 Paravirt (2.6.32.16-linode28)"

I want to encrypt a disk with cryptsetup/LUKS, using the command:

cryptsetup --debug luksFormat /dev/xvdc -c aes-xts-plain -h sha512 -s 512

but it fails with:

Check that kernel supports aes-xts-plain cipher

It doesn't fail if I use CBC mode: aes-cbc-plain, and XTS can't be found in /proc/crypto. The stock Arch kernel (on my laptop) supports XTS. How can I get it to work on my Linode?

On linode the kernel comes from xen aka the Latest Paravirt kernel not from the distribution, if you want your own kernel check here http://library.linode.com/advanced/pv-grub-howto (there isn't a guide for arch so you'll have to adapt the commands to your os)

Our kernels support loading modules. If you can get the cipher you want to build as a module (and appease the Linux kernel gods correctly), our kernel might let you modprobe it.

Start with: http://www.linode.com/src/

Might be easier to just revert to your distribution's kernel, but I seem to recall issues with Arch's domU kernel. Can't provide any evidence, but Arch is sticking out in my brain.

_________________
Disclaimer: I am no longer employed by Linode; opinions are my own alone.

Hmm. Well I'm not really well-versed in compiling kernel modules, but I managed to get my xts.ko module by downloading the Linode kernel sources and changing in .config to:

CONFIG_CRYPTO_XTS=m

then:

make modules
make modules_install

BUT:

# modprobe xts
FATAL: Module xts not found.

# insmod /lib/modules/2.6.32.16-linode28/kernel/crypto/xts.ko
insmod: error inserting '/lib/modules/2.6.32.16-linode28/kernel/crypto/xts.ko': -1 Invalid module format

# dmesg
xts: no symbol version for module_layout

I'd appreciate any help. Thanks all.

Would be nice if XTS mode was enabled in the stock Linode kernels.

You can use truecrypt instead if you are interested. Without kernel modules use the following:

-m=nokernelcrypto