FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Encrypt a device by using CAAM on iMX7

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Encrypt a device by using CAAM on iMX7

‎10-17-2020 03:09 AM
1,717 Views
aleksandar_niko
Contributor III

Hello,

I am trying to have a secure boot chain which will have the rootfs decryption integrated. The board would boot up to the initramfs, where I would like to decrypt the rootfs and mount it.The following requirement is to be fulfilled:

- the rootfs partition should be encrypted on the host machine in Yocto

I am not sure how to proceed with this. I have found the following two documents which describe how to create an encrypted storage by using the CAAM module:

- AN12554 (https://www.nxp.com/docs/en/application-note/AN12554.pdf)

- AN12714 (https://www.nxp.com/docs/en/application-note/AN12714.pdf)

As I can see, the latter document is newer (from February 2020) but seems like a device is encrypted on the target, which is not what I want. The former document is from August 2019 and seems to support the device encryption on the host and its decryption on the target.

Could someone assist me on how I should proceed on this?

Regards,

Aleksandar

0 Kudos
Reply
2 Replies

‎11-19-2020 02:05 PM
1,690 Views
aleksandar_niko
Contributor III

Thanks Yuri.

Reply

‎10-20-2020 05:01 AM
1,705 Views
Yuri
NXP Employee
NXP Employee

@aleksandar_niko 
Hello,

  We do not have example for Your situation.
You may use the recent NXP Linux BSP (L5.4.47). Look at section 9.5 (Disk
encryption acceleration) of "IMX_LINUX_USERS_GUIDE.pdf".

https://www.nxp.com/design/software/embedded-software/i-mx-software/embedded-linux-for-i-mx-applicat...

 

Regards,
Yuri.

0 Kudos
Reply