Disk encryption using cryptsetup returns error

My device is running OpenWrt 19.07 kernel 4.14. I'd like to encrypt external storage (a micro-SD card). I'm following the directions from this link except during install I --force-depends:

# opkg install kmod-crypto-ecb kmod-crypto-xts kmod-crypto-iv kmod-crypto-misc kmod-crypto-user cryptsetup --force-depends

After installation, I attempt to run cryptsetup:

# cryptsetup luksFormat /dev/mmcblk0
WARNING: Device /dev/mmcblk0 already contains a 'ext4' superblock signature.

This will overwrite data on /dev/mmcblk0 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/mmcblk0:
Verify passphrase:
Cannot initialize crypto backend.
Failed to set pbkdf parameters.

And as you can see it fails. I'm guessing --force-depends is the issue?

The reason I'm not including these packages when compiling the firmware is because kmod-crypto-iv is not present in make menuconfig.

That's a bad idea for kmods.
You certainly don't need that option on a stable release.
And you most likely don't need all those kmods.

In case someone else stumbles upon this thread from Google or search, I may have found a solution.

The issue I faced is that I cannot find one specific dependency kmod-crypto-iv in the menuconfig, even on the master branch of the OpenWrt source code. You can see the package here and importantly its dependencies. Each of those dependencies I was able to find and include when compiling the firmware in addition to the dependencies in the disk encryption guide.

After burning the firmware, I created the directory /run/cryptsetup and ran

# cryptsetup luksFormat /dev/mmcblk0

And the encrypted container was created.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.