Boot encrypted root file system from sd card

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Boot encrypted root file system from sd card

5,719 次查看
alampret
Contributor I

Hello everyone,

I try to boot from an encrypted sd card but it's not possible. What have I missed?

Main setup was done as shown here: Installing Ubuntu Rootfs on NXP i.MX6 boards 

The first partition is vfat and the second one ext4 with LUKS.

On boot I get "Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block"

What's necessary for booting? Unfortunately I found hundreds of tutorial how to sign uboot but nothing related encrypting root fs of Linux and booting into it.

Storing the key will be a separate question. For the moment I would be happy if key file is stored on vfat partition (partition one on sd card)

Thx in advance!

Best regards,

Alexander

标签 (2)
标记 (3)
0 项奖励
回复
5 回复数

3,438 次查看
Yuri
NXP Employee
NXP Employee

@alampret 
Hello,

   use app note "i.MX Encrypted Storage Using CAAM Secure Keys"

https://www.nxp.com/webapp/Download?colCode=AN12714

 

Regards,
Yuri.

0 项奖励
回复

3,434 次查看
EliteHawk
Contributor II

I may be wrong, but isn't this one a guide to creating a generic new partition on the board instead of a root ("/") partition one? I think that there should be some hooks in initramfs/initrd to do so

0 项奖励
回复

3,967 次查看
dry
Senior Contributor I

Hey,

Dunno if you seen something like this guide :

dm-crypt/Encrypting an entire system - ArchWiki 

Note that you likely need to create a custom initrd/initramfs  and setup/hookup your encrypted root from there, before Linux can use it and jump into it.

0 项奖励
回复

3,457 次查看
EliteHawk
Contributor II

Hi,

I'm trying to do the exact same thing but with another board.

So there is no way to carry out this task without adding an initrd/initramfs?

If is it so, could you kindly link me to any guide to do it?

Thank you and Regards

0 项奖励
回复

3,967 次查看
igorpadykov
NXP Employee
NXP Employee

Hi Alexander

as starting point one can try with uboot:

Use HAB API from u-boot to decrypt Linux image 

High Assurance Boot (HAB) for dummies - Boundary Devices 

AN4581 Secure Boot

https://www.nxp.com/docs/en/application-note/AN4581.pdf 

Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 项奖励
回复