diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest
index 212251c157..b0e55eb628 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest
@@ -1,3 +1,3 @@
-DIST cryptsetup-2.3.2.tar.xz 11037076 BLAKE2B b0f8a1a274e6b95b12aa7172dbdd41e512aea2c87a98d62b8b4d4cbb898b2d4b82e250368e385c4d4acc8e77046ea4b4f7be730750587569572c4b9490815bc1 SHA512 c5eb41751ca64ff906187f40805705570c261816b014dfcdbf2777f42e53668e32966197092a2235b8f6a7a4e7f9c3f301d82f17c45cfbcff96b9818631d7e5f
-DIST cryptsetup-2.3.3.tar.xz 11104768 BLAKE2B 54aa6f087c5366e843c1f9b649fd77ec8be8c4e65c783a2a84a036b4ef460c9d070bdd8aff72f87a7a3136f13581e84534940b435f0b49eb1951d1a755cab47a SHA512 d613efb80e003364a21832da3fefe3891d36a891119cc0efa970aad40ba135dfcd42b32a0c19c31ad879d4eddf27864beccbea1d4b31a47a4e075bc0f756365c
 DIST cryptsetup-2.3.4.tar.xz 11114004 BLAKE2B 680e6eeb594737aeb8330b0ac8638e94941bdcc56fc3441b6f1bc4f3d209d768096e23a7f840dc1012f9e63fae0fdbc0e72d735d89e92a621cec88ea59560f19 SHA512 db0bfd795343e575acb7a80ea2b9d32acf08ac970037e5b158a1e4381976552dc292107ce79e55913f49fcf643d4ea7104ed73de7c1e8d424b83d471d20ab60d
+DIST cryptsetup-2.3.6.tar.xz 11154148 BLAKE2B 23a7d6fdeed2b8fb0492e800266a263b12dcf2b8c4304bda82e46d2de90b6c05a97a40f0f6f9c337b3dc428d51689d76953de5cc4daed210967cf0ea0ff503d2 SHA512 5b25cc806140d24181a0e4f0e7b0bd3caa8263aa502e8633b41c980f06ecba2e6acbf9c2d9cc4a785d38ce90d86dd8d22c52b28b9ca4a15824c2e8bdb3656665
+DIST cryptsetup-2.4.0-rc0.tar.xz 11145080 BLAKE2B e6425a54d14d93b712df42e7b9460e23afb8bcb74bbe164522a2399a26d3eb668bfcc6387e5934056cdf46fcf0c136601dc1617dcb96ded6d4251a8335442e27 SHA512 ed80cc7a1763cf0e788bd72eee979640d6133b98a7b294a3fa09c608273eef172c2d56d80802433143d01063a0c142e68ea06465392b273fc2615b8f90273b25
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.4.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.4-r1.ebuild
similarity index 89%
rename from sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.4.ebuild
rename to sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.4-r1.ebuild
index 78f20a6faf..e96df12d24 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.4.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.4-r1.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-inherit autotools linux-info libtool
+inherit autotools linux-info
 
 DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
 HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
@@ -12,13 +12,12 @@ SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.t
 LICENSE="GPL-2+"
 SLOT="0/12" # libcryptsetup.so version
 [[ ${PV} != *_rc* ]] && \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86"
 CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
 # we don't support nss since it doesn't allow cryptsetup to be built statically
 # and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 libressl nls pwquality reencrypt static static-libs +udev urandom"
+IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt static static-libs +udev urandom"
 REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
-	libressl? ( openssl )
 	static? ( !gcrypt )" #496612
 
 LIB_DEPEND="
@@ -29,10 +28,7 @@ LIB_DEPEND="
 	argon2? ( app-crypt/argon2:=[static-libs(+)] )
 	gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
 	nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
-	openssl? (
-		!libressl? ( dev-libs/openssl:0=[static-libs(+)] )
-		libressl? ( dev-libs/libressl:0=[static-libs(+)] )
-	)
+	openssl? ( dev-libs/openssl:0=[static-libs(+)] )
 	pwquality? ( dev-libs/libpwquality[static-libs(+)] )
 	sys-fs/lvm2[static-libs(+)]
 	udev? ( virtual/libudev[static-libs(-)] )"
@@ -89,6 +85,7 @@ src_configure() {
 		$(use_enable static-libs static)
 		$(use_enable udev)
 		$(use_enable !urandom dev-random)
+		$(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
 	)
 	econf "${myeconfargs[@]}"
 }
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.2.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.6.ebuild
similarity index 83%
rename from sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.2.ebuild
rename to sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.6.ebuild
index c9775999f9..e96df12d24 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.2.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.6.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-inherit autotools linux-info libtool
+inherit autotools linux-info
 
 DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
 HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
@@ -12,13 +12,12 @@ SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.t
 LICENSE="GPL-2+"
 SLOT="0/12" # libcryptsetup.so version
 [[ ${PV} != *_rc* ]] && \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv s390 sparc x86"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86"
 CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
 # we don't support nss since it doesn't allow cryptsetup to be built statically
 # and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 libressl luks1_default nls pwquality reencrypt static static-libs +udev urandom"
+IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt static static-libs +udev urandom"
 REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
-	libressl? ( openssl )
 	static? ( !gcrypt )" #496612
 
 LIB_DEPEND="
@@ -29,10 +28,7 @@ LIB_DEPEND="
 	argon2? ( app-crypt/argon2:=[static-libs(+)] )
 	gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
 	nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
-	openssl? (
-		!libressl? ( dev-libs/openssl:0=[static-libs(+)] )
-		libressl? ( dev-libs/libressl:0=[static-libs(+)] )
-	)
+	openssl? ( dev-libs/openssl:0=[static-libs(+)] )
 	pwquality? ( dev-libs/libpwquality[static-libs(+)] )
 	sys-fs/lvm2[static-libs(+)]
 	udev? ( virtual/libudev[static-libs(-)] )"
@@ -51,15 +47,6 @@ S="${WORKDIR}/${P/_/-}"
 
 PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )
 
-pkg_pretend() {
-	if ! use luks1_default ; then
-		ewarn "WARNING! WARNING! WARNING!"
-		ewarn "You have chosen LUKS2 as your default format."
-		ewarn "This can break LUKS1 backwards compatibility."
-		ewarn "Enable \"luks1_default\" USE flag if you need backwards compatibility."
-	fi
-}
-
 pkg_setup() {
 	local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
 	local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
@@ -87,7 +74,7 @@ src_configure() {
 		--enable-shared
 		--sbindir=/sbin
 		# for later use
-		--with-default-luks-format=LUKS$(usex luks1_default 1 2)
+		--with-default-luks-format=LUKS2
 		--with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
 		--with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
 		$(use_enable argon2 libargon2)
@@ -98,6 +85,7 @@ src_configure() {
 		$(use_enable static-libs static)
 		$(use_enable udev)
 		$(use_enable !urandom dev-random)
+		$(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
 	)
 	econf "${myeconfargs[@]}"
 }
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.3.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.0_rc0.ebuild
similarity index 84%
rename from sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.3.ebuild
rename to sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.0_rc0.ebuild
index e9301bd413..6a8851cfee 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.3.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.0_rc0.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-inherit autotools linux-info libtool
+inherit autotools linux-info
 
 DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
 HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
@@ -16,9 +16,8 @@ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~
 CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
 # we don't support nss since it doesn't allow cryptsetup to be built statically
 # and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 libressl luks1_default nls pwquality reencrypt static static-libs +udev urandom"
+IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt static static-libs +udev urandom ssh"
 REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
-	libressl? ( openssl )
 	static? ( !gcrypt )" #496612
 
 LIB_DEPEND="
@@ -29,11 +28,9 @@ LIB_DEPEND="
 	argon2? ( app-crypt/argon2:=[static-libs(+)] )
 	gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
 	nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
-	openssl? (
-		!libressl? ( dev-libs/openssl:0=[static-libs(+)] )
-		libressl? ( dev-libs/libressl:0=[static-libs(+)] )
-	)
+	openssl? ( dev-libs/openssl:0=[static-libs(+)] )
 	pwquality? ( dev-libs/libpwquality[static-libs(+)] )
+	ssh? ( net-libs/libssh[static-libs(+)] )
 	sys-fs/lvm2[static-libs(+)]
 	udev? ( virtual/libudev[static-libs(-)] )"
 # We have to always depend on ${LIB_DEPEND} rather than put behind
@@ -51,15 +48,6 @@ S="${WORKDIR}/${P/_/-}"
 
 PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )
 
-pkg_pretend() {
-	if ! use luks1_default ; then
-		ewarn "WARNING! WARNING! WARNING!"
-		ewarn "You have chosen LUKS2 as your default format."
-		ewarn "This can break LUKS1 backwards compatibility."
-		ewarn "Enable \"luks1_default\" USE flag if you need backwards compatibility."
-	fi
-}
-
 pkg_setup() {
 	local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
 	local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
@@ -87,7 +75,7 @@ src_configure() {
 		--enable-shared
 		--sbindir=/sbin
 		# for later use
-		--with-default-luks-format=LUKS$(usex luks1_default 1 2)
+		--with-default-luks-format=LUKS2
 		--with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
 		--with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
 		$(use_enable argon2 libargon2)
@@ -98,6 +86,8 @@ src_configure() {
 		$(use_enable static-libs static)
 		$(use_enable udev)
 		$(use_enable !urandom dev-random)
+		$(use_enable ssh ssh-token)
+		$(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
 	)
 	econf "${myeconfargs[@]}"
 }
@@ -122,6 +112,10 @@ src_install() {
 	if use static ; then
 		mv "${ED}"/sbin/cryptsetup{.static,} || die
 		mv "${ED}"/sbin/veritysetup{.static,} || die
+		mv "${ED}"/sbin/integritysetup{.static,} || die
+		if use ssh ; then
+			mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die
+		fi
 		if use reencrypt ; then
 			mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die
 		fi
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml
index e044cae408..d2968cbd56 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml
@@ -9,14 +9,14 @@
 	<flag name="argon2">Enable password hashing algorithm from <pkg>app-crypt/argon2</pkg></flag>
 	<flag name="gcrypt">Use <pkg>dev-libs/libgcrypt</pkg> crypto backend</flag>
 	<flag name="kernel">Use kernel crypto backend (mainly for embedded systems)</flag>
-	<flag name="luks1_default">Default to LUKS1 on disk encryption format rather than new LUKS2</flag>
 	<flag name="nettle">Use <pkg>dev-libs/nettle</pkg> crypto backend</flag>
 	<flag name="openssl">Use <pkg>dev-libs/openssl</pkg> crypto backend</flag>
 	<flag name="pwquality">Use <pkg>dev-libs/libpwquality</pkg> for password quality checking</flag>
-	<flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
 	<flag name="reencrypt">Build cryptsetup-reencrypt</flag>
+	<flag name="ssh">Build cryptsetup-ssh for experimental support of token via SSH-server</flag>
+	<flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
 </use>
 <upstream>
-	<remote-id type="google-code">cryptsetup</remote-id>
+	<remote-id type="gitlab">cryptsetup/cryptsetup</remote-id>
 </upstream>
 </pkgmetadata>