FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Request for Documentation on Encrypting SquashFS RootFS with Yocto for i.MX93

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Request for Documentation on Encrypting SquashFS RootFS with Yocto for i.MX93

Jump to solution
‎08-19-2025 09:20 AM
1,094 Views
udayMouli
Contributor I

I am trying to encrypt my squashfs rootfs for imx93 during build time. I am using yocto
i tried fetching below document but i am unable to
https://community.nxp.com/docs/DOC-342300
can you please help me to point to proper documentation related to encrypting squashfs of rootfs

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Jump to solution
‎08-21-2025 12:41 PM
1,011 Views
AldoG
NXP TechSupport
NXP TechSupport

Hello,

We do not have documentation available for this, but you may use as a reference one of our partners implementation for this kind of use case:
https://github.com/toradex/meta-toradex-security/blob/kirkstone-6.x.y/docs/README-encryption.md

You may create the layer the same way they are using it, so it is indeed possible
https://github.com/toradex/meta-toradex-security/tree/kirkstone-6.x.y

Best regards/Saludos,
Aldo.

View solution in original post

0 Kudos
Reply
4 Replies

Jump to solution
‎08-19-2025 07:43 PM
1,045 Views
udayMouli
Contributor I

I have reviewed section 10.5.5 and would like to implement a similar encryption approach. Our requirement is to encrypt the production-ready SquashFS image during build time in Yocto. However, using /dev/mapper is not feasible since it requires root privileges.
Is there any method or documentation available for integrating dm-crypt-based encryption directly into a Yocto recipe?

0 Kudos
Reply

Jump to solution
‎08-21-2025 12:41 PM
1,012 Views
AldoG
NXP TechSupport
NXP TechSupport

Hello,

We do not have documentation available for this, but you may use as a reference one of our partners implementation for this kind of use case:
https://github.com/toradex/meta-toradex-security/blob/kirkstone-6.x.y/docs/README-encryption.md

You may create the layer the same way they are using it, so it is indeed possible
https://github.com/toradex/meta-toradex-security/tree/kirkstone-6.x.y

Best regards/Saludos,
Aldo.

0 Kudos
Reply

Jump to solution
‎08-19-2025 01:28 PM
1,068 Views
AldoG
NXP TechSupport
NXP TechSupport

Hi,

I forgot to mention that you may also check our Linux documentation, i.MX Linux User's Guide Chapter 10 Security & 10.5.5 DM-Crypt usage on i.MX Platforms without CAAM hardware IP

Since i.MX93 does not have have CAAM hardware IP enabled.

Best regards/Saludos,
Aldo.

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2154554%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ERequest%20for%20Documentation%20on%20Encrypting%20SquashFS%20RootFS%20with%20Yocto%20for%20i.MX93%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2154554%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%3CSPAN%3EI%20am%20trying%20to%20encrypt%20my%20squashfs%20rootfs%20for%20imx93%20during%20build%20time.%20I%20am%20using%20yocto%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3Ei%20tried%20fetching%20below%20document%20but%20i%20am%20unable%20to%3C%2FSPAN%3E%3CBR%20%2F%3E%3CA%20title%3D%22%22%20href%3D%22vscode-file%3A%2F%2Fvscode-app%2Fc%3A%2FProgram%2520Files%2FMicrosoft%2520VS%2520Code%2Fresources%2Fapp%2Fout%2Fvs%2Fcode%2Felectron-browser%2Fworkbench%2Fworkbench.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fcommunity.nxp.com%2Fdocs%2FDOC-342300%3C%2FA%3E%3CBR%20%2F%3E%3CSPAN%3Ecan%20you%20please%20help%20me%20to%20point%20to%20proper%20documentation%20related%20to%20encrypting%20squashfs%20of%20rootfs%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2154554%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CLINGO-LABEL%3EYocto%20Project%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2156293%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Request%20for%20Documentation%20on%20Encrypting%20SquashFS%20RootFS%20with%20Yocto%20for%20i.MX93%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2156293%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%2C%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20do%20not%20have%20documentation%20available%20for%20this%2C%20but%20you%20may%20use%20as%20a%20reference%20one%20of%20our%20partners%20implementation%20for%20this%20kind%20of%20use%20case%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Ftoradex%2Fmeta-toradex-security%2Fblob%2Fkirkstone-6.x.y%2Fdocs%2FREADME-encryption.md%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Ftoradex%2Fmeta-toradex-security%2Fblob%2Fkirkstone-6.x.y%2Fdocs%2FREADME-encryption.md%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20may%20create%20the%20layer%20the%20same%20way%20they%20are%20using%20it%2C%20so%20it%20is%20indeed%20possible%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Ftoradex%2Fmeta-toradex-security%2Ftree%2Fkirkstone-6.x.y%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Ftoradex%2Fmeta-toradex-security%2Ftree%2Fkirkstone-6.x.y%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EBest%20regards%2FSaludos%2C%3CBR%20%2F%3EAldo.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2154823%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Request%20for%20Documentation%20on%20Encrypting%20SquashFS%20RootFS%20with%20Yocto%20for%20i.MX93%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2154823%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%3CSPAN%3EI%20have%20reviewed%20section%2010.5.5%20and%20would%20like%20to%20implement%20a%20similar%20encryption%20approach.%20Our%20requirement%20is%20to%20encrypt%20the%20production-ready%20SquashFS%20image%20during%20build%20time%20in%20Yocto.%20However%2C%20using%26nbsp%3B%3C%2FSPAN%3E%2Fdev%2Fmapper%3CSPAN%3E%26nbsp%3Bis%20not%20feasible%20since%20it%20requires%20root%20privileges.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EIs%20there%20any%20method%20or%20documentation%20available%20for%20integrating%20dm-crypt-based%20encryption%20directly%20into%20a%20Yocto%20recipe%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2154710%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Request%20for%20Documentation%20on%20Encrypting%20SquashFS%20RootFS%20with%20Yocto%20for%20i.MX93%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2154710%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI%20forgot%20to%20mention%20that%20you%20may%20also%20check%20our%20Linux%20documentation%2C%26nbsp%3B%3CSPAN%3Ei.MX%20Linux%20User's%20Guide%20Chapter%2010%20Security%20%26amp%3B%26nbsp%3B10.5.5%20DM-Crypt%20usage%20on%20i.MX%20Platforms%20without%20CAAM%20hardware%20IP%3CBR%20%2F%3E%3CBR%20%2F%3ESince%20i.MX93%20does%20not%20have%20have%20CAAM%20hardware%20IP%20enabled.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%20regards%2FSaludos%2C%3CBR%20%2F%3EAldo.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2154708%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Request%20for%20Documentation%20on%20Encrypting%20SquashFS%20RootFS%20with%20Yocto%20for%20i.MX93%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2154708%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%2C%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20this%20you%20may%20refer%20to%20the%20Linux%20Kernel%20documentation%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fnxp-imx%2Flinux-imx%2Ftree%2Flf-6.12.y%2FDocumentation%2Fsecurity%2Fkeys%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fnxp-imx%2Flinux-imx%2Ftree%2Flf-6.12.y%2FDocumentation%2Fsecurity%2Fkeys%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fnxp-imx%2Flinux-imx%2Fblob%2Flf-6.12.y%2FDocumentation%2Fsecurity%2Fkeys%2Ftrusted-encrypted.rst%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fnxp-imx%2Flinux-imx%2Fblob%2Flf-6.12.y%2FDocumentation%2Fsecurity%2Fkeys%2Ftrusted-encrypted.rst%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fnxp-imx%2Flinux-imx%2Fblob%2Flf-6.12.y%2FDocumentation%2Fsecurity%2Fkeys%2Fecryptfs.rst%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fnxp-imx%2Flinux-imx%2Fblob%2Flf-6.12.y%2FDocumentation%2Fsecurity%2Fkeys%2Fecryptfs.rst%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EBest%20regards%2FSaludos%2C%3CBR%20%2F%3EAldo.%3C%2FP%3E%3C%2FLINGO-BODY%3E