Hi everyone,
I am trying to do disk encryption on i.MX6UL. The device is USB armory II. It has DCP and no CAAM.
This is my plan:
1、Two partitions. One for /boot, one for rootfs. Bootloader and kernel are stored in /boot and they are in plain text. The rootfs is encrypted by LUKS(DM-crpty).
2、Configure initramfs in the kernel. During the boot process, decrypt the encrypted rootfs and mount the root directory automatically.
3、LUKS uses file as key. At the same time this key file is encrypted with DCP.
Here is my question:
1、How to install the system on an already partitioned SD card?How to configure the encrypted file system?
2、How to configure initramfs to encrypt and load rootfs automatically?
I am just new to embedded development. Any suggestions, documentation and tutorials are welcome.
I have searched for similar issues
How to boot into a luks encrypted rootfs partition from initramfs on imx6 quad?
The document "Root filesystem encryption using DM-Crypt" looks useful but I don't have permission to access it.
Thanks!
Dear Mr. Yuri
I also working on rootfs encryption for IMX6, if you could please also provide me with a copy of the "Root filesystem encryption using DM-Crypt" document I would appreciate ie.
Best regards,
Adeola
Hi,
I am not sure if you already figured this out, but recently I've modified the USB Armory's image builder script to support the encrypted rootfs you mentioned.
https://github.com/r1cebank/usbarmory-debian-base_image
Hope this helps.
Hello,
Please refer to the following app note (assuming encrypted boot of U-boot and kernel).
"i.MX Encrypted Storage Using CAAM Secure Keys"
https://www.nxp.com/docs/en/application-note/AN12714.pdf
Regards,
Yuri.
Hi,
Thanks a lot!
But I have seen this doc. And I have no CAAM, only DCP. Are threy same?
Hi,
Thank you for your reply. Could you show me any docs explain how to preform software based DM-crypt?
btw Why can't DCP do what CAAM does?
Dear Yuri,
Is it possible to share the document to me. I am attempting rootfs encryption on a i.MX 6 ULL
Hello Yuri,
I am working on encryption on i.MX8Mmini.
Could I have access to the document "Root filesystem encryption using DM-Crypt"?
Thanks in advance.
@YoussefDALIL
Hello,
In addition to AN12714 (i.MX Encrypted Storage Using CAAM Secure Keys) use
section 10.5 (Disk encryption acceleration) of i.MX Linux User's Guide.
https://www.nxp.com/webapp/Download?colCode=AN12714
https://www.nxp.com/docs/en/user-guide/IMX_LINUX_USERS_GUIDE.pdf
For specific customer's cases (OS releases) NXP Pro Support may be involved.
Regards,
Yuri.
Hello,
I have the AN12714 and IMX Linux User Guide (IMXLUG_6.6.23_2.0.0) but would like to have a look into "Root filesystem encryption using DM-Crypt". Could you provide me this?
@andreamengalli
Hello,
please refer to
https://www.nxp.com/docs/en/application-note/AN12714.pdf
Regards,
Yuri.