I am trying to have a secure boot chain which will have the rootfs decryption integrated. The board would boot up to the initramfs, where I would like to decrypt the rootfs and mount it.The following requirement is to be fulfilled:
- the rootfs partition should be encrypted on the host machine in Yocto
I am not sure how to proceed with this. I have found the following two documents which describe how to create an encrypted storage by using the CAAM module:
As I can see, the latter document is newer (from February 2020) but seems like a device is encrypted on the target, which is not what I want. The former document is from August 2019 and seems to support the device encryption on the host and its decryption on the target.
Could someone assist me on how I should proceed on this?
We do not have example for Your situation.
You may use the recent NXP Linux BSP (L5.4.47). Look at section 9.5 (Disk
encryption acceleration) of "IMX_LINUX_USERS_GUIDE.pdf".