After the move to a post 5.0 kernel Adiantum has become available.
Adiantum is an encryption mode created by Google specifically for devices without AES hardware acceleration, like all the Raspberry Pi models, and can provide significantly faster encryption and decryption speed for both full disk encryption and file based encryption. More details and some benchmarks can be found on the announcement and on the RPF GitHub PR.
Adiantum can be enabled as described in the Android documentation, but to make it short adding
This would allow to finally have usable disk encryption on both external block devices, with cryptsetup/LUKS, and on home directories, with file-based encryption (fscrypt) on EXT4/F2FS.
If Sam doesn’t want to include those two modules, you can always build them yourself. Just be aware that you might need to rebuild them whenever a new kernel version is installed.
The following assumes that you’re on a Pi 2 or 3. For a Pi 4, the source and headers are prefixed with rbp464 and all modules will need to be built inside the 64-bit OSMC toolchain. All commands are run as rroot, hence the sudo -s.
sudo -s
apt-get update
apt-get install rbp2-source-$(uname -r) rbp2-headers-$(uname -r) build-essential bc
cp /boot/config-$(uname -r) /usr/src/rbp2-source-$(uname -r)/.config
cp /usr/src/rbp2-headers-$(uname -r)/Module.symvers /usr/src/rbp2-source-$(uname -r)
cd /usr/src/rbp2-source-$(uname -r)
# Edit .config file, as appropriate.
make oldconfig
make scripts prepare modules_prepare
make -C . M=./crypto
cp ./crypto/adiantum.ko ./crypto/nhpoly1305.ko /lib/modules/$(uname -r)/kernel/crypto
depmod
<Ctrl-d> # Exit from root.