I have built a custom Linux image for colibri imx7d using Yocto version 2.6 (thud), Toradex BSP version 3
I have enabled in the kernel config support for ecryptfs:
CONFIG_MISC_FILESYSTEMS=y
CONFIG_ECRYPT_FS=y
When I check the status of ecryptfs service on the device I get this message:
Active: failed (Result: exit-code) since Wed 2022-04-27 09:54:55 UTC; 1 day 22h ago
Process: 259 ExecStart=/usr/bin/ecryptfsd -f (code=exited, status=163)
Main PID: 259 (code=exited, status=163)
Apr 27 09:54:54 colibri-imx7-emmc systemd[1]: Started A userspace daemon that runs as the user perform file operations under th
e eCryptfs mount point.
Apr 27 09:54:54 colibri-imx7-emmc ecryptfsd[259]: main: Current kernel does not have support for /dev/ecryptfs; please use 2.6.
26 or newer
Apr 27 09:54:55 colibri-imx7-emmc systemd[1]: ecryptfs.service: Main process exited, code=exited, status=163/n/a
Apr 27 09:54:55 colibri-imx7-emmc systemd[1]: ecryptfs.service: Failed with result 'exit-code'.
Is there anything else I need to configure in the Linux kernel in order to activate ecryptfs support? The menuconfig item did not give me any other option though.
Interestingly, I could mount a folder on the device with “-t ecryptfs” and properly decrypt a file in there, which I had previously encrypted on a host machine. So the ecryptfs service seems not necessary for the correct function of ecryptfs file system.
Actually, since I verified that ecryptfs appears to be working despite the failing service, its not an urgent issue. I wonder what purpose the service has and whether the service failing has any consequences for ecryptfs working correctly. However, if the service cannot be corrected to work properly I wouldn’t mind removing it at all.
I would not mind removing the service since it seems to have no influence on ecryptfs working or not.
I would like to keep ecryptfs working. And currently it does work, despite the service exiting with some failure. Thus I conclude the service is not really needed and could be removed if it cannot be corrected.
Best regards,
Otmar
It seems that your initial assumption was right. We reproduced it here and we can confirm that the service is not launched when an ecryptfs directory is mounted.
I would say so, if you face any unexpected behavior afterwards feel free to add it to this post here.