cryptsetup: set the default luks format to LUKS1

The cryptsetup 2.1 uses LUKS2 format as the default LUKS format. This
change introduced the following issues:

* LUKS2 requires kernel userspace crypto API to be available
  (CONFIG_CRYPTO_USER_API and CONFIG_CRYPTO_USER_API_SKCIPHER). But
  linux-yocto doesn't enable these options by default. If missing these
  kernel modules, the cryptsetup will fall back to using dmcrypt-device
  for keyslot processing.

  $ cryptsetup --debug --type luks luksFormat /dev/sda3
    [snip]
    Checking if cipher aes-xts-plain64 is usable.
    Userspace crypto wrapper cannot use aes-xts-plain64 (-95).
    Using dmcrypt to access keyslot area.
    [snip]

* The grub can not decrypt a LUKS2 encrypted boot partition because it
  doesn't support LUKS2 now.
  See grub bug: https://savannah.gnu.org/bugs/?55093

Add a PACKAGCONFIG for luks format and set the default LUKS format to
LUKS1. The users can specify '--type luks2' in cryptsetup command line
if they want to use LUKS2.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

1 files changed, 1 insertions, 0 deletions

diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
index a500b1898..deaede857 100644
--- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
+++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
@@ -65,6 +65,7 @@ PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
 PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
 PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
 PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
+PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1"
 
 RRECOMMENDS_${PN} = "kernel-module-aes-generic \
                      kernel-module-dm-crypt \