Cannot setup dm-crypt

root@OpenWrt:~# opkg install "kmod-crypto-ecb" "kmod-crypto-iv" "kmod-crypto-misc" "cryptsetup";
root@OpenWrt:~# cryptsetup luksFormat "/dev/sda";
WARNING: Device /dev/sda already contains a 'iso9660' superblock signature.
WARNING: Device /dev/sda already contains a 'gpt' partition signature.
This will overwrite data on /dev/sda irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sda:
Verify passphrase:
Locking aborted. The locking path /run/cryptsetup is unusable (not a directory or missing).
Failed to acquire write device lock.
Cannot format device /dev/sda in use.
root@OpenWrt:/etc/hotplug.d/block# block info
/dev/mtdblock5: UUID="1ed3cb7b-cf7c8a04-ffbb0445-861f2a0e" VERSION="4.0" MOUNT="/rom" TYPE="squashfs"
/dev/mtdblock6: MOUNT="/overlay" TYPE="jffs2"

Before the luksFormat command, the device /dev/sda was plugged-in, not mounted or in use of any sort. After the format failed, it magically disappeared from the system. block info won't detect it until I plug it into a PC to create a MBR / GPT.

What is the problem and how do I solve it?

Wrong path. Seems this has to be fixed.

Alright, I solve the problem by creating the directory /run/cryptsetup. I do not know what is that directory used for, but it should be created by default after the packet cryptsetup is installed.

After the format fails, looks like the MBR / GPT is destroyed. Still, what I want to know is why the USB device cannot be detected by block info until I re-create a MBR / GPT for it?

The OpenWrt user guide for disk encryption is poorly maintained. Even the sample auto-mount script is written in Bash. I'll port it back into pure Busybox ash when my testing goes well enough.

1 Like

Well, you ran "cryptsetup" over "/dev/sda", what did you expect?

Opened a PR fixing this: