DM-Crypt with CAAM key Encrypted Filesystem Corrupt After Reboot

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

DM-Crypt with CAAM key Encrypted Filesystem Corrupt After Reboot

2,532 次查看
nsleung
Contributor I

Hello, I am using the iMX8M Mini SoC and am going through the app note (Rev 1 11/2020) Section 3.2 Usage (https://www.mouser.com/pdfDocs/AN12714.pdf). Kernel version is 5.4.70. I am able to complete everything (create tagged key, dummy image, ext4 filesystem, encrypt using dmsetup target crypt, etc). However, after the reboot and following the steps to mount the encrypted image fails. This is what is shown:

 sudo mount /dev/mapper/encrypted /mnt/encrypted/
mount: /mnt/encrypted: wrong fs type, bad option, bad superblock on /dev/mapper/encrypted, missing codepage or helper program, or other error.

 And when checking the integrity of the filesystem using fsck, it also reports bad superblock, leading me to believe something might be corrupted after rebooting. 

e2fsck /dev/mapper/encrypted
e2fsck 1.44.5 (15-Dec-2018)
ext2fs_open2: Bad magic number in super-block
e2fsck: Superblock invalid, trying backup blocks...
e2fsck: Bad magic number in super-block while trying to open /dev/mapper/encrypted

The superblock could not be read or does not describe a valid ext2/ext3/ext4
filesystem.  If the device is valid and it really contains an ext2/ext3/ext4
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
    e2fsck -b 8193 <device>
 or
    e2fsck -b 32768 <device>

 Any suggestions or thoughts would be appreciated!

0 项奖励
回复
5 回复数

2,488 次查看
Harvey021
NXP TechSupport
NXP TechSupport

Have you run caam-keygen import: # ./caam-keygen import /data/caam/randomkey.bb importKey

before running: # cat /data/caam/importKey | keyctl padd logon logkey2: @s 

Because this key has to be re-injected every time it is powered up

 

Best regards

Harvey

 

 

0 项奖励
回复

2,481 次查看
nsleung
Contributor I

Yes, I'm able to import the key and add to keyctl from blob after rebooting every time. I can also create the encrypted device mapper device using the same block device before the power cycle but when mounting, it will report 'corrupted filesystem'. Do I need to boot in Secure Mode? I don't believe I am doing that.

0 项奖励
回复

2,508 次查看
Harvey021
NXP TechSupport
NXP TechSupport

Hi @nsleung 

I've just followed up the guide to experiment it again. there is no such issue arise. 

There would be probably required tools missed liek "coreutils keyutils lvm2 e2fsprogs-mke2fs util-linux"" which states in

section 8. Add required tools to build by editing conf/local.conf file and appending.

 

Best regards

Harvey

0 项奖励
回复

2,494 次查看
nsleung
Contributor I

Thanks for the suggestion, I do have those additional utilities built in

0 项奖励
回复

1,933 次查看
lfant
Contributor II

Hello @nsleung ,

 

were you ever able to solve the problem? I see the exact same issue when using CAAM+dmcrypt on a iMX8MP running Yocto kirkstone & kernel 5.15.x

0 项奖励
回复