Extroot on a LUKS encrypted USB -?

Hi guys.

Although I've had Extroot on USB for a while - docs made it simple - I'm still new to oWRT so go easy on me.
I got larger USB and decided to take my oWRT installation seriously - in terms of security - and I thought I should start by encrypting my USB, so..

  • inasmuch as luks-encrypting a block device seems same easy as everywhere, I failed to find any info on how to auto-open such encrypted device, so device mapper will do that @boot.
    Is that possible without any "hackery" ?

Then, if above is possible - which I thought it'd be in 2022 by "standard" - then would Extroot be possible on such block device?

many thanks, L.

A partial answer to my question - auto-unlocking LUKS usb is possible with hotplug.d @boot time.

But such an unlock does not seem to satisfy 'extroot', as extroot does not find the device early enough and fails to mount '/overlay', even with:

fstab.@global[0].delay_root='99'

-> $ logread | cut -d\  -f 6- | sed -n -e "/- preinit -/,/- init -/p"
...
user.info kernel: [   11.358546] block: attempting to load /tmp/ubifs_cfg/upper/etc/config/fstab
user.info kernel: [   11.362806] block: extroot: device not present, retrying in 99 seconds
kern.notice kernel: [   12.156971] scsi 0:0:0:0: Direct-Access              USB DISK 3.0     PMAP PQ: 0 ANSI: 6
kern.notice kernel: [   12.167816] sd 0:0:0:0: [sda] 967860480 512-byte logical blocks: (496 GB/462 GiB)
kern.notice kernel: [   12.170934] sd 0:0:0:0: [sda] Write Protect is off
kern.debug kernel: [   12.174389] sd 0:0:0:0: [sda] Mode Sense: 2b 00 00 08
kern.notice kernel: [   12.174978] sd 0:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
kern.notice kernel: [   12.677003] sd 0:0:0:0: [sda] Attached SCSI removable disk
user.err kernel: [  110.561603] block: extroot: cannot find device luks-sda
user.info kernel: [  110.563991] mount_root: switching to ubifs overlay
...

Anybody have any suggestions - much appreciated.
many thanks, L.