Boot encrypted root file system from sd card

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Boot encrypted root file system from sd card

5,718件の閲覧回数
alampret
Contributor I

Hello everyone,

I try to boot from an encrypted sd card but it's not possible. What have I missed?

Main setup was done as shown here: Installing Ubuntu Rootfs on NXP i.MX6 boards 

The first partition is vfat and the second one ext4 with LUKS.

On boot I get "Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block"

What's necessary for booting? Unfortunately I found hundreds of tutorial how to sign uboot but nothing related encrypting root fs of Linux and booting into it.

Storing the key will be a separate question. For the moment I would be happy if key file is stored on vfat partition (partition one on sd card)

Thx in advance!

Best regards,

Alexander

ラベル(2)
タグ(3)
0 件の賞賛
返信
5 返答(返信)

3,437件の閲覧回数
Yuri
NXP Employee
NXP Employee

@alampret 
Hello,

   use app note "i.MX Encrypted Storage Using CAAM Secure Keys"

https://www.nxp.com/webapp/Download?colCode=AN12714

 

Regards,
Yuri.

0 件の賞賛
返信

3,433件の閲覧回数
EliteHawk
Contributor II

I may be wrong, but isn't this one a guide to creating a generic new partition on the board instead of a root ("/") partition one? I think that there should be some hooks in initramfs/initrd to do so

0 件の賞賛
返信

3,966件の閲覧回数
dry
Senior Contributor I

Hey,

Dunno if you seen something like this guide :

dm-crypt/Encrypting an entire system - ArchWiki 

Note that you likely need to create a custom initrd/initramfs  and setup/hookup your encrypted root from there, before Linux can use it and jump into it.

0 件の賞賛
返信

3,456件の閲覧回数
EliteHawk
Contributor II

Hi,

I'm trying to do the exact same thing but with another board.

So there is no way to carry out this task without adding an initrd/initramfs?

If is it so, could you kindly link me to any guide to do it?

Thank you and Regards

0 件の賞賛
返信

3,966件の閲覧回数
igorpadykov
NXP Employee
NXP Employee

Hi Alexander

as starting point one can try with uboot:

Use HAB API from u-boot to decrypt Linux image 

High Assurance Boot (HAB) for dummies - Boundary Devices 

AN4581 Secure Boot

https://www.nxp.com/docs/en/application-note/AN4581.pdf 

Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 件の賞賛
返信