This project has moved. For the latest updates, please go here.

Possible better version check? (nokernelcrypto)

Topics: Feature Requests
Feb 11, 2016 at 3:18 AM
Hello everyone,

On RHEL and RHEL derivative platforms, kernel 2.6.32 is sufficient for kernel crypto and >2TB volumes. In fact, we'd previously patched our own version of Truecrypt in the same way to allow for mounting.

In Core/Unix/Linux/CoreLinux.cpp, the line:

dmCreateArgs << StringConverter::ToLower (StringConverter::ToSingle (cipher.GetName())) << (xts ? (SystemInfo::IsVersionAtLeast (2, 6, 33) ? "-xts-plain64 " : "-xts-plain ") : "-lrw-benbi ");

Could be changed to perform a better check. Please note this article on RHEL:

In our own testing, we find that it absolutely true, and just simply change the version to 2, 6, 31 allows for our drives to mount without the need for the nokernelcrypto flag (we have tested this without issue for both truecrypt, and veracrypt). This seems as if it would be a relatively easy modification, and as long as dm-crypt is version 1.7.0, it has backported supported on RHEL-based platforms to support mounting. This would make a lot of lives easier, and improve performance on those platforms.

Would this be possible to integrate into the next version?

Feb 25, 2016 at 12:12 AM
I'm somewhat surprised there's been no response in 2 weeks. Should I just submit a patch?
Feb 25, 2016 at 7:37 AM
Hi Michael,

Sorry for not coming back on this earlier.
I don't have access to Redhat portal so I can't read the details of the issue and solution. Your message seems to indicate that the simple change to 2.6.31 in the check should solve the issue but a test in our side is needed to confirm this. An important aspect seems to be the check of the version of dm-crypt on the machine since you indicate that 1.7.0 is a minimum.
Do you happen to know how we can retrieve dm-crypt version?