DM-Crypt with CAAM key Encrypted Filesystem Corrupt After Reboot

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DM-Crypt with CAAM key Encrypted Filesystem Corrupt After Reboot

2,540 Views
nsleung
Contributor I

Hello, I am using the iMX8M Mini SoC and am going through the app note (Rev 1 11/2020) Section 3.2 Usage (https://www.mouser.com/pdfDocs/AN12714.pdf). Kernel version is 5.4.70. I am able to complete everything (create tagged key, dummy image, ext4 filesystem, encrypt using dmsetup target crypt, etc). However, after the reboot and following the steps to mount the encrypted image fails. This is what is shown:

 sudo mount /dev/mapper/encrypted /mnt/encrypted/
mount: /mnt/encrypted: wrong fs type, bad option, bad superblock on /dev/mapper/encrypted, missing codepage or helper program, or other error.

 And when checking the integrity of the filesystem using fsck, it also reports bad superblock, leading me to believe something might be corrupted after rebooting. 

e2fsck /dev/mapper/encrypted
e2fsck 1.44.5 (15-Dec-2018)
ext2fs_open2: Bad magic number in super-block
e2fsck: Superblock invalid, trying backup blocks...
e2fsck: Bad magic number in super-block while trying to open /dev/mapper/encrypted

The superblock could not be read or does not describe a valid ext2/ext3/ext4
filesystem.  If the device is valid and it really contains an ext2/ext3/ext4
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
    e2fsck -b 8193 <device>
 or
    e2fsck -b 32768 <device>

 Any suggestions or thoughts would be appreciated!

0 Kudos
Reply
5 Replies

2,496 Views
Harvey021
NXP TechSupport
NXP TechSupport

Have you run caam-keygen import: # ./caam-keygen import /data/caam/randomkey.bb importKey

before running: # cat /data/caam/importKey | keyctl padd logon logkey2: @s 

Because this key has to be re-injected every time it is powered up

 

Best regards

Harvey

 

 

0 Kudos
Reply

2,489 Views
nsleung
Contributor I

Yes, I'm able to import the key and add to keyctl from blob after rebooting every time. I can also create the encrypted device mapper device using the same block device before the power cycle but when mounting, it will report 'corrupted filesystem'. Do I need to boot in Secure Mode? I don't believe I am doing that.

0 Kudos
Reply

2,516 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi @nsleung 

I've just followed up the guide to experiment it again. there is no such issue arise. 

There would be probably required tools missed liek "coreutils keyutils lvm2 e2fsprogs-mke2fs util-linux"" which states in

section 8. Add required tools to build by editing conf/local.conf file and appending.

 

Best regards

Harvey

0 Kudos
Reply

2,502 Views
nsleung
Contributor I

Thanks for the suggestion, I do have those additional utilities built in

0 Kudos
Reply

1,941 Views
lfant
Contributor II

Hello @nsleung ,

 

were you ever able to solve the problem? I see the exact same issue when using CAAM+dmcrypt on a iMX8MP running Yocto kirkstone & kernel 5.15.x

0 Kudos
Reply