keyctl add failing for caam_tk on an iMX7D based board during implemention of encrypted partition

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

keyctl add failing for caam_tk on an iMX7D based board during implemention of encrypted partition

2,323件の閲覧回数
anoop2
Contributor II

Hello,
I'm following AN12714 (iMX Encrypted Storage Using CAAM Secure Keys) to create an encrypted partition. I'm using an iMX7D based Eval Board, which is running Debian Buster and linux kernel version is 4.14.98. I followed steps in Appendix A for Kernel configuration. After booting with the new kernel, step 3 of section 3.2 for creating a secure key is failing. Below is console interaction.

root@myhost:~# grep -B1 -A2 tk- /proc/crypto|grep -v kernel
name : tk(ecb(aes))
driver : tk-ecb-aes-caam
priority : 1
--
name : tk(cbc(aes))
driver : tk-cbc-aes-caam
priority : 1

root@myhost:~# dmsetup targets
multipath v1.13.0
crypt v1.18.1
striped v1.6.0
linear v1.4.0
error v1.5.0

root@myhost:~# keyctl add caam_tk seckey "new ecb 16" @s
add_key: No such device

I notice that Application Note is written for iMX8 EVK, with its own source repo. In our case, we are using a customized linux build for iMX7D provided by board vendor. Hence we can't take the source code as it is given in the Application Note.

Based on the error condition above, any suggestion if there is any general step which I have missed.
It will be helpful if I can get a set of instructions which doesn't require me to compile a full base image. Instead I should have option to apply CAAM specific changes in a working linux build for iMX7 board.

Thanks

 

0 件の賞賛
返信
5 返答(返信)

2,315件の閲覧回数
Yuri
NXP Employee
NXP Employee

@anoop2 
Hello,

 

  Please use the following Community discussion.

https://community.nxp.com/t5/i-MX-Processors/Kernel-version-for-AN12714-i-MX-Encrypted-Storage-Using...

 

Regards,
Yuri.

0 件の賞賛
返信

2,306件の閲覧回数
anoop2
Contributor II

Hello,

I went through suggested discussion thread. The final solution uses Rev. 1 of AN12714_iMX Encrypted Storage Using CAAM Secure Keys. We can't use this solution, as we don't have support for kernel version 5.4.47 from our board vendor.

In the same thread, you have attached Rev. 0 of AN12714_iMX Encrypted Storage Using CAAM Secure Keys. We are also following the exactly same document. This attached document is for kernel version 4.14.78, which is closer to what we are using right now.

Our specific issue comes when running step 3 of section 3.2. Command logs for failing keyctl command are given in my original query.

Now I know that there are multiple versions of AN12714_iMX Encrypted Storage Using CAAM Secure Keys. So I am specifically asking, for a working linux build on iMX7 board; what are the appropriate instructions with respect to Rev 0 of AN12714_iMX Encrypted Storage Using CAAM Secure Keys. 

Thanks

0 件の賞賛
返信

2,290件の閲覧回数
anoop2
Contributor II

@Yuri 

Hello

We are stuck at this point, as given tutorials are not working for us. We also can't update the kernel version to 5.4.x, as vendor is not supporting version above 4.19.x. As I mentioned there is one tutorial (Rev 0 of AN12714_iMX Encrypted Storage Using CAAM Secure Keys) which is for kernel 4.14.x. So we are hopeful that solution should exist for our kernel.

It would be helpful, if you can point us towards some approaches which we can try to solve this issue.

Thanks

0 件の賞賛
返信

2,258件の閲覧回数
Yuri
NXP Employee
NXP Employee

@anoop2 
Hello,

  I've sent some comments directly.

Regards,
Yuri.

0 件の賞賛
返信

1,591件の閲覧回数
akiftariq
Contributor I

Can you share the information with me as well? We also do not want to change our current implementation.

0 件の賞賛
返信