I've been unsuccessfully trying to encrypt parts of the home directory on my phone. It seems that device-mapper crypto is not working on the Volla phone, albeit the kernel looking like having the rudimentary dm-crypt support compiled in.
I started with example commands from this post, and then tried to get to the root of the problem by using lower level APIs. cryptsetup does not work at all. I'm now playing with dmsetup, as that allows more low-level interfacing to the device-mapper.
I would expect, that the following commands would create a very minmal (and unsecure) device-mapper crypto mapping on my volla phone (running this via ssh, sudo -i):
dd if=/dev/zero of=/home/phablet.img bs=1024 count=128 conv=excl
LODEV=$(losetup --find --show -r /home/phablet.img)
echo "0 128 crypt aes-ecb 0123456789abcdef0123456789abcdef 0 $LODEV 0" | dmsetup create crypt2
However dmsetup fails with error:
device-mapper: reload ioctl on crypt2 failed: Operation not permitted
Using strace to look at the root cause, it fails at ioctl
ioctl(3, DM_TABLE_LOAD, 0x607b2412e0) = -1 EPERM (Operation not permitted)
If I use target "linear" instead of target "crypt", dmsetup does work, so the device-mapper and dmsetup are not totally broken.
The kernel on Volla phone is:
Linux ubuntu-phablet 4.4.146+ #47 SMP PREEMPT Mon Mar 8 05:16:13 CET 2021 aarch64 aarch64 aarch64 GNU/Linux
According to /proc/config.gz, it does have the relevant options enabled:
What am I missing? The commands above work flawlessly on my Debian desktop PC. Anybody knows what other kernel options are required to make dm-crypt work? Is /proc/config.gz maybe lying about how the kernel was actually compiled? Is this a problem about user-space dmsetup not being compatible with the kernel in question?