FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Disk encryption using CAAM secure key

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Disk encryption using CAAM secure key

Jump to solution
‎04-15-2020 09:11 AM
5,346 Views
jorge_rebollo
Contributor III

Dear all,

I successfully tested meta-imx-fde-demo - imx_sec_apps - i.MX Security Application Examples full disk encryption patch on kernel 4.14 applying patch by hand

I want to integrate it in kernel 4.19 and after applying those patches, also by hand, everything compiles well and key blob is properly generated

However, device mapper launches following error when calling dmsetup

caam_jr 30901000.jr0: caam algorithms can't process tagged key
device-mapper: table: 253:0: crypt: Error decoding and setting key
device-mapper: ioctl: error adding target to table

Development board is MCIMX7SABRE (device status is OPEN)

Linux kernel tested are linux-imx_4.14.78_1.0.0_ga and linux-imx_4.19.35_1.1.0 from linux-imx - i.MX Linux kernel  CodeAurora NXP repository

Reference documentation AN12714 i.MX Encrypted Storage Using CAAM Secure Keys

Can any one give me some help ?

Thanks in advance

Jorge R

Labels (2)
Labels
0 Kudos
Reply
1 Solution

Jump to solution
‎02-02-2021 11:42 AM
4,846 Views
jorge_rebollo
Contributor III

Hi all,

After been in contact with my local NXP FAE, I would like to share the solution to my problem

This functionality is already available on the L.5.4.47-2.2.0 and the latest L.5.4.70-2.3.0 Linux BSPs

Tested on L.5.4.70-2.3.0 and works as expected !

View solution in original post

Reply
6 Replies

Jump to solution
‎03-09-2023 02:07 AM
3,669 Views
haichao
Contributor III

Hi

I follow AN12714 Rev. 0 — 25 February 2020,

I also tested meta-imx-fde-demo - imx_sec_apps - i.MX Security Application Examples full disk encryption patch on kernel 4.14.98 applying patch by hand,but the file in ./mnt/encrypted unencrypted, I do not know why and how to solve.  my platform is imx6ul

thanks

0 Kudos
Reply

Jump to solution
‎02-02-2021 11:42 AM
4,847 Views
jorge_rebollo
Contributor III

Hi all,

After been in contact with my local NXP FAE, I would like to share the solution to my problem

This functionality is already available on the L.5.4.47-2.2.0 and the latest L.5.4.70-2.3.0 Linux BSPs

Tested on L.5.4.70-2.3.0 and works as expected !

Reply

Jump to solution
‎12-24-2020 07:19 AM
5,000 Views
jorge_rebollo
Contributor III

After been in contact with my local NXP FAE, I would like to share the requested functionality is now available in latest Yocto BSP L5.4.47_2.2.0

Not tested yet, but promising it is already official and in NXP BSP mainline !

0 Kudos
Reply

Jump to solution
‎04-16-2020 02:41 AM
5,171 Views
Yuri
NXP Employee
NXP Employee

Hello,

  I've sent You directly some comments.

Regards,

Yuri.

0 Kudos
Reply

Jump to solution
‎04-16-2020 03:02 AM
5,171 Views
jorge_rebollo
Contributor III

Hi Yuri,

Thanks for your message

This is my first NXP information request and after revising the information given at NXP technical portal it is not clear to me how to proceed

Do you want me to contact ProSupport ?

Does that require a paid contract between my company and NXP ?

May I have to wait for kernel 5.7 availability and stop trying any other kernel higher than 4.14 ?

I also tested applying demo-caam-blobs 0001-black-key-blob-after-4.14ga-changes-and-license-iden.patch, which is quite similar to kernel 4.14 patch, but with no success on 4.19 disk encryption !

Regards

0 Kudos
Reply

Jump to solution
‎04-16-2020 02:27 AM
5,171 Views
jorge_rebollo
Contributor III

Yocto Linux BSP used is L4.19.35_1.1.0 downloaded from https://source.codeaurora.org/external/imx/imx-manifest (the latest available when I started working with MCIMX7SABRE last December)

0 Kudos
Reply