cryptsetup-2.8.1

Introduction to cryptsetup

cryptsetup is used to set up transparent encryption of block devices using the kernel crypto API.

This package is known to build and work properly using an LFS 12.4 platform.

Package Information

Download (HTTP): https://www.kernel.org/pub//linux/utils/cryptsetup/v2.8/cryptsetup-2.8.1.tar.xz
Download SHA256 Sum: 2c3379eb76597dcab50911449b013e2697c4bffcc716dbbf0d9b0e8fbbb46fb4
Download MD5 sum: 92b51ffa30e98447dccece6e4a055e3b
Download size: 22,884.7 KB
Estimated disk space required: 32,629.5 KB
Estimated build time: less than 0.1 SBU

cryptsetup Dependencies

Required

JSON-C-0.18, LVM2-2.03.36, and popt-1.19

Optional

"asciidoctor", "libpwquality", argon2, libssh, mbedtls, and passwdqc

Kernel Configuration

Encrypted block devices require kernel support. To use it, the appropriate kernel configuration parameters need to be set:

Device Drivers --->
  [*] Multiple devices driver support (RAID and LVM) --->                   [MD]
    <*/M> Device mapper support                                     [BLK_DEV_DM]
    <*/M>   Crypt target support                                      [DM_CRYPT]

-*- Cryptographic API --->                                              [CRYPTO]
  Block ciphers --->
    <*/M> AES (Advanced Encryption Standard)                        [CRYPTO_AES]
    # For tests:
    <*/M> Twofish                                               [CRYPTO_TWOFISH]
  Length-preserving ciphers and modes --->
    <*/M> XTS (XOR Encrypt XOR with ciphertext stealing)            [CRYPTO_XTS]
  Hashes, digests, and MACs --->
    <*/M> SHA-224 and SHA-256                                    [CRYPTO_SHA256]
  Userspace interface --->
    <*/M> Symmetric key cipher algorithms             [CRYPTO_USER_API_SKCIPHER]

Installation of cryptsetup

Prepare cryptsetup by running the following commands:

./configure --prefix=/usr       \
            --disable-ssh-token \
            --disable-asciidoc

make

Some tests will fail if appropriate kernel configuration options are not set. Some additional options that may be needed for tests are:

CONFIG_SCSI_LOWLEVEL,
CONFIG_SCSI_DEBUG,
CONFIG_BLK_DEV_DM_BUILTIN,
CONFIG_CRC_T10DIF,
CONFIG_CRYPTO_USER,
CONFIG_CRYPTO_CRYPTD,
CONFIG_CRYPTO_LRW,
CONFIG_CRYPTO_XTS,
CONFIG_CRYPTO_ESSIV,
CONFIG_CRYPTO_AES_TI,
CONFIG_CRYPTO_AES_NI_INTEL,
CONFIG_CRYPTO_BLOWFISH,
CONFIG_CRYPTO_CAST5,
CONFIG_CRYPTO_SERPENT,
CONFIG_CRYPTO_SERPENT_SSE2_X86_64,
CONFIG_CRYPTO_SERPENT_AVX_X86_64,
CONFIG_CRYPTO_SERPENT_AVX2_X86_64, and
CONFIG_CRYPTO_TWOFISH_X86_64

To test the result, as the root user issue:

make check

Now Install the package, as the root user:

make install

Command Explanations

--disable-ssh-token: This switch is required if the optional libssh dependency is not installed.

--disable-asciidoc: This switch disables regeneration of the man pages. Remove this switch if you have "asciidoctor" installed and wish to regenerate the man pages. Note that even if this switch is used, the pre-generated man pages are shipped in the tarball and they'll still be installed.

Configuring cryptsetup

Because of the number of possible configurations, setup of encrypted volumes is beyond the scope of the BLFS book. Please see the configuration guide in the cryptsetup FAQ.

Installed Programs: cryptsetup, integritysetup, and veritysetup

Installed Libraries: libcryptsetup.so

Installed Directories: /usr/lib/cryptsetup

Short Descriptions

cryptsetup	is used to setup dm-crypt managed device-mapper mappings
integritysetup	is a tool to manage dm-integrity (block level integrity) volumes
veritysetup	is used to configure dm-verity managed device-mapper mappings. The Device-mapper verity target provides read-only transparent integrity checking of block devices using the kernel crypto API

Prev
JSON-C-0.18
Next
libblockdev-3.4.0
Up
Home

Zirconium Linux From Scratch - Version r12.4-45-systemd

Chapter 14. Build Qt6 and Support