- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
How to boot into a luks encrypted rootfs partition from initramfs on i.MX6ULZ?
Hi everyone,
I am trying to do disk encryption on i.MX6UL. The device is USB armory II. It has DCP and no CAAM.
This is my plan:
1、Two partitions. One for /boot, one for rootfs. Bootloader and kernel are stored in /boot and they are in plain text. The rootfs is encrypted by LUKS(DM-crpty).
2、Configure initramfs in the kernel. During the boot process, decrypt the encrypted rootfs and mount the root directory automatically.
3、LUKS uses file as key. At the same time this key file is encrypted with DCP.
Here is my question:
1、How to install the system on an already partitioned SD card?How to configure the encrypted file system?
2、How to configure initramfs to encrypt and load rootfs automatically?
I am just new to embedded development. Any suggestions, documentation and tutorials are welcome.
I have searched for similar issues
How to boot into a luks encrypted rootfs partition from initramfs on imx6 quad?
The document "Root filesystem encryption using DM-Crypt" looks useful but I don't have permission to access it.
Thanks!
I have the AN12714 and IMX Linux User Guide (IMXLUG_6.6.23_2.0.0) but would like to have a look into "Root filesystem encryption using DM-Crypt". Could you provide me this?
@d1ken
Hello,
In addition to AN12714 (i.MX Encrypted Storage Using CAAM Secure Keys) use
section 10.5 (Disk encryption acceleration) of i.MX Linux User's Guide.
https://www.nxp.com/webapp/Download?colCode=AN12714
https://www.nxp.com/docs/en/user-guide/IMX_LINUX_USERS_GUIDE.pdf
For specific customer's cases (OS releases) NXP Pro Support may be involved.
Regards,
Yuri.
