I am developing an embedded ARM-based Linux device, which is initially programmed with a non-encrypted ext4 filesystem image. On first boot, an initramfs script uses resize2fs followed by cryptsetup-reencrypt to LUKS-encrypt the root partition in-place. (See eg encryption - Is there a way to encrypt disk without formatting it?.) That strategy has been working fine.
However, now I want to change to using dmsetup to encrypt the partition with "plain" dm-crypt, rather than using cryptsetup. The reason is, to use a key management system built-in to the processor (CAAM on NXP i.MX8), and apparently it's necessary to use dmsetup.
My question is, is there some functional equivalent of cryptsetup-reencrypt, to convert a non-encrypted filesystem to be encrypted to a dmsetup type of plain dm-crypt encrypted filesystem?
