RUT906 - Build SDK 7.15.1 With Cryptsetup

Dawie_Joubert · June 22, 2025, 10:39am

Dear Teltonika/Community,

A specific project of ours requires a rather “complex” SD card setup. The specific requirement is in the form of RAID1 with underlining dm_integrity. Building it from an OpenWRT (non-Teltonika source base) was confirmed. However, we would like to keep the Teltonika source baseline for commercial support and remote manage capablity reasons.

Changing the “feeds.conf.default” to the latest (non-tagged) versions seem to allow the cryptsetup to be selected. However, then the question becomes, what, if any of the patches that Teltonika provides are impacted, and secondly, the build fails as it could not find the libpopt library: “configure: error: You need popt 1.7 or newer to compile.”

Do anyone here have a solution to the compilation problem, or would Teltonika enable cryptsetup as part of their SDK capability?

Best regards,

Dawie

Dawie_Joubert · June 22, 2025, 11:56am

PS. The current way we get cryptsetup to be included is to:

Changing the “feeds.conf.default” to latest;
Update the feeds;
Enable libaio, libdevmapper, lvm2, kernel raid modules, kernel crypto dax, and kernel crypto user modules in menuconfig;
Compile;
Get the cryptsetup, libpopt, and mdadm from openwrt;
Install all the libs and modules as required; and
Install cryptsetup and mdadm.

After this we have a nice 200KiB still “available” …

But it feels like a roundabout way …

Marija · June 23, 2025, 6:50am

Hello,

I will consult with our RnD team regarding your request. Once I receive their feedback, I will get back to you.

Thank you for your patience.

Best regards,

Marija · June 23, 2025, 7:39am

I received feedback that the SDK is provided specifically for such cases, so this is not considered a workaround but rather part of the standard custom development process.

If storage space is a concern, you can remove unnecessary packages based on your specific use case to optimize resources.

Additionally, if the project you’re working on is large-scale and may involve purchasing more devices, I recommend reaching out to our sales team by filling out the contact form here: Contact Us – Teltonika Networks

They may be able to coordinate the development of a custom firmware tailored for your project, which could help streamline your development process.

Best regards,

Dawie_Joubert · June 23, 2025, 8:40am

Understood. However, would you mind sharing with me how I add the libpopt to the feeds? integritysetup is not available via the openwrt opkg feeds, and it seems that libpopt feed for the SDK is missing.

flebourse · June 23, 2025, 9:04am

Hello,
popt is present in package/libs/popt by default in Openwrt just enable it with make menuconfig or equivalent.
Regards,

Dawie_Joubert · June 23, 2025, 10:35am

Yes, I see now, thanks. It was in the Openwrt source tree, but not in the packages feed that was specified. I created my own custom feed and copied the contents of the popt/libpopt in there. It is now building fine and correctly. Thank you.

For others that need to do this, you will have to add the popt as part of the “./scripts/dockerbuild ./scripts/feeds install popt” command so that it is known for the building of cryptsetup (obviously you have to ./scripts/dockerbuild ./scripts/feeds install cryptsetup) when your feeds are not tagged.

Marija · June 23, 2025, 10:37am

@Dawie_Joubert, great to hear it’s working now!

Let me know if you need any further assistance.

Best regards,

Dawie_Joubert · June 23, 2025, 3:37pm

Hi, this is not an assistance thing, but for others to maybe benefit from this or even help improve upon it. dm-integrity isn’t “enabled” by default, and there is no option for it within the menuconfig.

So, we cheated …

We edited the ./package/kernel/linux/modules/block.mk file and changed the following:

define KernelPackage/dm
SUBMENU:=$(BLOCK_MENU)
TITLE:=Device Mapper
DEPENDS:=+kmod-crypto-manager +kmod-dax +kmod-lib-xor +kmod-lib-crc32c
KCONFIG:=
CONFIG_BLK_DEV_MD=n
CONFIG_DM_DEBUG=n
CONFIG_DM_UEVENT=n
CONFIG_DM_DELAY=n
CONFIG_DM_LOG_WRITES=n
CONFIG_DM_MQ_DEFAULT=n
CONFIG_DM_MULTIPATH=n
CONFIG_DM_ZERO=n
CONFIG_DM_SNAPSHOT=n
CONFIG_DM_LOG_USERSPACE=n
CONFIG_MD=y
CONFIG_BLK_DEV_DM
CONFIG_DM_CRYPT
CONFIG_DM_MIRROR
CONFIG_DM_INTEGRITY
CONFIG_BLK_DEV_INTEGRITY
FILES:=
$(LINUX_DIR)/drivers/md/dm-mod.ko
$(LINUX_DIR)/drivers/md/dm-crypt.ko
$(LINUX_DIR)/drivers/md/dm-log.ko
$(LINUX_DIR)/drivers/md/dm-mirror.ko
$(LINUX_DIR)/drivers/md/dm-region-hash.ko
$(LINUX_DIR)/drivers/md/dm-integrity.ko
$(LINUX_DIR)/drivers/md/dm-bufio.ko
$(LINUX_DIR)/crypto/async_tx/async_xor.ko
$(LINUX_DIR)/crypto/async_tx/async_tx.ko
AUTOLOAD:=$(call AutoLoad,30,dm-mod dm-log dm-region-hash dm-mirror dm-crypt dm-integrity dm-bufio async_xor async_tx)
endef

That made it so that the dm-integrity module be built as part of the kmod-dm … however, this is not an elegant solution, as dm-integrity should probably have its own “define KernelPackage/dm-integrity” … but it is working and we have integrity devices now …

system · August 21, 2025, 10:40am

This topic was automatically closed after 60 days. New replies are no longer allowed.