ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to boot into a luks encrypted rootfs partition from initramfs on i.MX6ULZ?

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

How to boot into a luks encrypted rootfs partition from initramfs on i.MX6ULZ?

‎05-18-2020 08:46 AM
7,650件の閲覧回数
skwang6272
Contributor II

Hi everyone, 

I am trying to do disk encryption on i.MX6UL. The device is USB armory II. It has DCP and no CAAM.

This is my plan:

1、Two partitions. One for /boot, one for rootfs. Bootloader and kernel are stored in /boot and they are in plain text. The rootfs is encrypted by LUKS(DM-crpty).

2、Configure initramfs in the kernel. During the boot process, decrypt the encrypted rootfs and mount the root directory automatically.

3、LUKS uses file as key. At the same time this key file is encrypted with DCP.

Here is my question:

1、How to install the system on an already partitioned SD card?How to configure the encrypted file system?

2、How to configure initramfs to encrypt and load rootfs automatically?

I am just new to embedded development. Any suggestions, documentation and tutorials are welcome.

I have searched for similar issues

How to boot into a luks encrypted rootfs partition from initramfs on imx6 quad?

The document "Root filesystem encryption using DM-Crypt"  looks useful but I don't have permission to access it.

Thanks!

ラベル(1)
ラベル
返信
24 返答(返信)

‎06-30-2024 08:24 AM
499件の閲覧回数
aadebayo
Contributor I

Dear Mr. Yuri
I also working on rootfs encryption for IMX6, if you could please also provide me with a copy of the "Root filesystem encryption using DM-Crypt" document I would appreciate ie.
Best regards,

Adeola 

0 件の賞賛
返信

‎11-01-2021 02:34 PM
5,720件の閲覧回数
MikeAtMT
Contributor I

+1 looking for "Root filesystem encryption using DM-Crypt" - I've worked on this many years ago, but need to refresh my memory. Thank you!

返信

‎03-15-2021 12:13 AM
6,682件の閲覧回数
r1cebank
Contributor II

Hi,

I am not sure if you already figured this out, but recently I've modified the USB Armory's image builder script to support the encrypted rootfs you mentioned.

https://github.com/r1cebank/usbarmory-debian-base_image

Hope this helps.

返信

‎05-18-2020 08:42 PM
7,197件の閲覧回数
Yuri
NXP Employee
NXP Employee

Hello,

  Please refer to the following app note (assuming encrypted boot of U-boot and kernel).
"i.MX Encrypted Storage Using CAAM Secure Keys"
 
https://www.nxp.com/docs/en/application-note/AN12714.pdf

Regards,

Yuri.

0 件の賞賛
返信

‎05-24-2020 06:17 PM
7,197件の閲覧回数
skwang6272
Contributor II

Hi,

Thanks a lot!

But I have seen this doc. And I have no CAAM, only DCP. Are threy same?

0 件の賞賛
返信

‎05-25-2020 05:33 AM
7,197件の閲覧回数
Yuri
NXP Employee
NXP Employee

Hello,

  If i.MX processor does not have CAAM - only software based DM-crypt

may be applied.

Regards,

Yuri.

0 件の賞賛
返信

‎04-12-2022 01:22 PM
4,824件の閲覧回数
adde_ado
Contributor III

Hi Yuri,

Could you please send to me 

"Root filesystem encryption using DM-Crypt" document?

I'm working with Imx8mm and I have same issue.

Best regards,

Adde

0 件の賞賛
返信

‎05-27-2020 06:20 PM
7,197件の閲覧回数
skwang6272
Contributor II

Hi, 

Thank you for your reply. Could you show me any docs explain how to preform software based DM-crypt?

btw Why can't DCP do what CAAM does?

0 件の賞賛
返信

‎05-29-2020 12:11 AM
7,197件の閲覧回数
Yuri
NXP Employee
NXP Employee

Hello,

  Some material have been sent directly.

Regards,

Yuri.

0 件の賞賛
返信

‎11-28-2022 02:09 AM
3,800件の閲覧回数
arunkrishnank
Contributor I

Dear Yuri,

Is it possible to share the document to me. I am attempting rootfs encryption on a i.MX 6 ULL

0 件の賞賛
返信

‎06-09-2021 05:57 AM
6,354件の閲覧回数
andreamengalli
Contributor II

Hello Yuri,

I am working on encryption on i.MX8Mmini.

Could I have access to the document "Root filesystem encryption using DM-Crypt"?

Thanks in advance.

0 件の賞賛
返信

‎01-28-2022 06:49 AM
5,294件の閲覧回数
YoussefDALIL
Contributor I

Hello @Yuri ,

Could I have also access to the document "Root filesystem encryption using DM-Crypt"

I really need this document to work on my project please.

Waiting for your reply

Thanks

0 件の賞賛
返信

‎01-30-2022 08:07 PM
5,280件の閲覧回数
Yuri
NXP Employee
NXP Employee

@YoussefDALIL 
Hello,

In addition to AN12714 (i.MX Encrypted Storage Using CAAM Secure Keys) use
section 10.5 (Disk encryption acceleration) of i.MX Linux User's Guide.


https://www.nxp.com/webapp/Download?colCode=AN12714

https://www.nxp.com/docs/en/user-guide/IMX_LINUX_USERS_GUIDE.pdf

 For specific customer's cases (OS releases) NXP Pro Support may be involved.

Regards,
Yuri.

0 件の賞賛
返信

‎06-10-2021 02:20 AM
6,350件の閲覧回数
Yuri
NXP Employee
NXP Employee

@andreamengalli 
Hello,

  please refer to

https://www.nxp.com/docs/en/application-note/AN12714.pdf

 

Regards,
Yuri.

0 件の賞賛
返信

‎10-12-2021 02:19 PM
5,833件の閲覧回数
parthitce
Contributor III

@YuriCould you please share the documents for dm-crypt to do with imx6ULL/imx6ULZ?

Thanks,

Parthiban N

返信

‎10-12-2021 10:25 PM
5,826件の閲覧回数
Yuri
NXP Employee
NXP Employee

@parthitce 
Hello,

  I've sent You the file.

Regards,
Yuri.

0 件の賞賛
返信

‎05-07-2021 02:13 AM
6,533件の閲覧回数
kmaincent
Contributor I

Hello Yuri,

I am also working on encryption.

Could I have access to the document "Root filesystem encryption using DM-Crypt"?

Thanks,

0 件の賞賛
返信

‎05-07-2021 03:22 AM
6,519件の閲覧回数
Yuri
NXP Employee
NXP Employee

@kmaincent 
Hello,

  I've sent You some comments.

Regards,
Yuri.

タグ(1)
0 件の賞賛
返信

‎02-24-2021 04:16 PM
6,795件の閲覧回数
r1cebank
Contributor II

I am having the same question, is it possible to send me the same documents?

0 件の賞賛
返信

‎02-24-2021 10:35 PM
6,772件の閲覧回数
Yuri
NXP Employee
NXP Employee

@r1cebank 

Done!

~Yuri.

0 件の賞賛
返信