[yocto] cryptsetup in initramfs causes ~4 MB image size increase

Craig McQueen craig.mcqueen at innerrange.com
Mon Jun 22 19:21:58 PDT 2015


I'm interested to use an encrypted root filesystem, by using cryptsetup in initramfs.

I'm finding that adding cryptsetup to an initramfs image increases its size by about 4 MB. It seems that cryptsetup depends on openssl and lvm2, and lvm2 depends on bash, and the result of that is that a lot of extra files get dragged in.

Is this all strictly necessary? Perhaps cryptsetup really only needs libraries, not all of openssl and lvm2.

What would be a good way to go about reducing the dependencies that get pulled in for cryptsetup?

I also noticed that libgcrypt could possibly be used instead of openssl (by putting in bbappend, PACKAGECONFIG = ""), saving about 0.5 MB. However libgcrypt isn't used, according to the cryptsetup bb file, because it drops root privileges if it is linked with libcap support. That gives the obscure cryptsetup error "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" when trying to use cryptsetup with libgcrypt. Is there any reasonable work-around for this?

-- 
Craig McQueen




More information about the yocto mailing list