AN12714 can't re-mount encrypted drive

richc128 · ‎07-06-2022

I'm following AN12714 and the creation of the encrypted image and mounting to /mnt/encrypted goes fine.

When I reboot and try to run dmsetup again I see this

root@imx:~# dmsetup -v create encrypted --table "0 $(blockdev --getsz /dev/loop0) crypt capi:tk(cbc(aes))-plain :36:logon:logkey: 0 /dev/loop0 0 1 sector_size:512"
device-mapper: reload ioctl on encrypted failed: Required key not available Command failed.

If I load the original key it's fine

root@imx:~# cat /data/caam/randomkey | keyctl padd logon logkey: @s
308049694
root@imx:~# dmsetup -v create encrypted --table "0 $(blockdev --getsz /dev/loop0) crypt capi:tk(cbc(aes))-plain :36:logon:logkey: 0 /dev/loop0 0 1 sector_size:512"
Name:              encrypted
State:             ACTIVE
Read Ahead:        256
Tables present:    LIVE
Open count:        0
Event number:      0
Major, minor:      252, 0
Number of targets: 1

But, I now can't mount

root@imx:~# mount /dev/mapper/encrypted /mnt/encrypted/
mount: /mnt/encrypted: wrong fs type, bad option, bad superblock on /dev/mapper/encrypted, missing codepage or helper program, or other error.

So, the first question is I guess why doesn't importKey work? But, if I could just get the mount to work I'd be happy.

Harvey021 · ‎07-17-2022

Hi @richc128

-> reload ioctl on encrypted failed

Please check if you have successfully add black key to key retention service, you can perform "keyctl list @s". Or you need to check if successfully import black key from blob and add it to key retention service

-> can't mount

Please check if you set up the ext4 file system for the respective devices or you have imported the correct key.

By the way, Suppose that you have built the bsp with version 5.4.47 as the AN. I try it without problem. If you didn't perform it with the same, please check the kernel configuration as 5 Appendix A. Configuration of the AN.

Best regards

Harvey