I'm using Windows Subsystem for Linux (WSL1) on my Windows 10 system and tried to delete all data from a USB device and overwrite it with pseudorandom numbers following this tutorial (found it only in German, but is not really important for this question), but could not load a needed kernel module.
When trying to load dm-crypt I get
$ sudo modprobe dm-crypt
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-18362-Microsoft/modules.dep.bin'
modprobe: FATAL: Module dm-crypt not found in directory /lib/modules/4.4.0-18362-Microsoft
I assume my Ubuntu version is simply missing module dm-crypt.
Now my question: Does WSL support the kernel subsystem dm-crypt in general?
I'm using WSL1 with 64 bit Ubuntu 18.04 LTS.
Update:
I tried again with WSL2 and Ubuntu 18.04 LTS but got the same error message:
$ sudo modprobe dm-crypt
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.0-19013-Microsoft/modules.dep.bin'
modprobe: FATAL: Module dm-crypt not found in directory /lib/modules/4.4.0-19013-Microsoft
Best Answer
I can't vouch for WSL1, but it appears that WSL2 supports it since it is running the full Linux kernel. In fact I have just tried to load the dm-crypt module and succeeded.
dm-crypt module loaded
You'll have to enable WSL2 first. As at this writing, it's only available to Windows Insiders: https://docs.microsoft.com/en-us/windows/wsl/wsl2-install
Then you'll have to compile your own custom kernel to get dm-crypt support: https://github.com/microsoft/WSL2-Linux-Kernel/blob/master/README-Microsoft.WSL2
Install git and some compilers:
Clone the Microsoft WSL2 kernel:
You'll have to select the cryptographic features. I used the menu:
And whatever algorithms you want...
For what you want to do, you'll have to select "XTS Support" under "Cryptographic API".
Save your config and then compile the kernel:
Then copy the new image to your windows host. My image file was called bzImage:
Create a file on your Windows host's "Users\your-user-name" folder called ".wslconfig" (note the dot . in-front). I used Notepad++. Put the following lines in it:
Exit your WSL2 instance, and reboot your WSL2 instance (use Powershell):
Open you WSL2 bash session again and try to load the dm-crypt module:
UPDATE 1:
Regarding the access to block devices, well... as of this writing, it seems Microsoft is still working on it: https://github.com/Microsoft/WSL/issues/689
Hope that helps :)
UPDATE 2:
You could get around the block device limitation on WSL2 by serving your host's USB drive to WSL2 via the USB/IP or iSCSI protocol. I tried USP/IP, but I had too much trouble with it since my USB device was classified as a "hub". So I tried the iSCSI method by creating an iSCSI target on my Windows host, and then connected to it from my WSL2 instance.
I used the "iSCSIConsole" application on TalAloni's github repository: https://github.com/TalAloni/iSCSIConsole to create the target.
You'll have to run it with administrator privileges in order to attach a physical disk such as a USB drive. You also may have to allow it through the Windows host firewall to get it to communicate with the WSL2 instance. I attached my USB thumb drive with the default iSCSI target name of "iqn.1991-05.com.microsoft:target1".
Adding an iSCSI Target
Selecting a Physical Disk
After you got that running, you can connect to it from your WSL2 instance.
First, you must make sure you have the iSCSI driver modules loaded for your custom WSL2 kernel. I enabled it in the kernel configuration menu, then recompiled:
Once you have your new kernel and modules installed, load the iscsi modules:
Then I set up a client/initiator on my WSL2 instance. We're going to use open-iscsi, but it requires systemd, and systemd is not enabled on WSL2 by default. But it is very easy to do. Here is a very short guide on how to do that: https://forum.snapcraft.io/t/running-snaps-on-wsl2-insiders-only-for-now/13033. You can skip the snap parts.
Then install open-iscsi:
Edit the "/etc/iscsi/iscsid.conf" and change change "node.startup" to "automatic".Setting it to automatic will cause your WSL sessions to start up very slowly next time you reboot, since your "host" IP changes and it will not be able to reconnect.Start the iscsi initiator:
Then connect to the target and list the storage devices:
Now we can connect:
My USB drive was then listed as /dev/sdb.
Now you can do your drive encryption...