Request for Documentation on Encrypting SquashFS RootFS with Yocto for i.MX93

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Request for Documentation on Encrypting SquashFS RootFS with Yocto for i.MX93

Jump to solution
531 Views
udayMouli
Contributor I

I am trying to encrypt my squashfs rootfs for imx93 during build time. I am using yocto
i tried fetching below document but i am unable to
https://community.nxp.com/docs/DOC-342300
can you please help me to point to proper documentation related to encrypting squashfs of rootfs

Labels (1)
0 Kudos
Reply
1 Solution
448 Views
AldoG
NXP TechSupport
NXP TechSupport

Hello,

We do not have documentation available for this, but you may use as a reference one of our partners implementation for this kind of use case:
https://github.com/toradex/meta-toradex-security/blob/kirkstone-6.x.y/docs/README-encryption.md

You may create the layer the same way they are using it, so it is indeed possible
https://github.com/toradex/meta-toradex-security/tree/kirkstone-6.x.y

Best regards/Saludos,
Aldo.

View solution in original post

0 Kudos
Reply
4 Replies
482 Views
udayMouli
Contributor I

I have reviewed section 10.5.5 and would like to implement a similar encryption approach. Our requirement is to encrypt the production-ready SquashFS image during build time in Yocto. However, using /dev/mapper is not feasible since it requires root privileges.
Is there any method or documentation available for integrating dm-crypt-based encryption directly into a Yocto recipe?

0 Kudos
Reply
449 Views
AldoG
NXP TechSupport
NXP TechSupport

Hello,

We do not have documentation available for this, but you may use as a reference one of our partners implementation for this kind of use case:
https://github.com/toradex/meta-toradex-security/blob/kirkstone-6.x.y/docs/README-encryption.md

You may create the layer the same way they are using it, so it is indeed possible
https://github.com/toradex/meta-toradex-security/tree/kirkstone-6.x.y

Best regards/Saludos,
Aldo.

0 Kudos
Reply
505 Views
AldoG
NXP TechSupport
NXP TechSupport

Hi,

I forgot to mention that you may also check our Linux documentation, i.MX Linux User's Guide Chapter 10 Security & 10.5.5 DM-Crypt usage on i.MX Platforms without CAAM hardware IP

Since i.MX93 does not have have CAAM hardware IP enabled.

Best regards/Saludos,
Aldo.

0 Kudos
Reply