Hello,
I'm following AN12714 (iMX Encrypted Storage Using CAAM Secure Keys) to create an encrypted partition. I'm using an iMX7D based Eval Board, which is running Debian Buster and linux kernel version is 4.14.98. I followed steps in Appendix A for Kernel configuration. After booting with the new kernel, step 3 of section 3.2 for creating a secure key is failing. Below is console interaction.
root@myhost:~# grep -B1 -A2 tk- /proc/crypto|grep -v kernel
name : tk(ecb(aes))
driver : tk-ecb-aes-caam
priority : 1
--
name : tk(cbc(aes))
driver : tk-cbc-aes-caam
priority : 1
root@myhost:~# dmsetup targets
multipath v1.13.0
crypt v1.18.1
striped v1.6.0
linear v1.4.0
error v1.5.0
root@myhost:~# keyctl add caam_tk seckey "new ecb 16" @s
add_key: No such device
I notice that Application Note is written for iMX8 EVK, with its own source repo. In our case, we are using a customized linux build for iMX7D provided by board vendor. Hence we can't take the source code as it is given in the Application Note.
Based on the error condition above, any suggestion if there is any general step which I have missed.
It will be helpful if I can get a set of instructions which doesn't require me to compile a full base image. Instead I should have option to apply CAAM specific changes in a working linux build for iMX7 board.
Thanks
Hello,
I went through suggested discussion thread. The final solution uses Rev. 1 of AN12714_iMX Encrypted Storage Using CAAM Secure Keys. We can't use this solution, as we don't have support for kernel version 5.4.47 from our board vendor.
In the same thread, you have attached Rev. 0 of AN12714_iMX Encrypted Storage Using CAAM Secure Keys. We are also following the exactly same document. This attached document is for kernel version 4.14.78, which is closer to what we are using right now.
Our specific issue comes when running step 3 of section 3.2. Command logs for failing keyctl command are given in my original query.
Now I know that there are multiple versions of AN12714_iMX Encrypted Storage Using CAAM Secure Keys. So I am specifically asking, for a working linux build on iMX7 board; what are the appropriate instructions with respect to Rev 0 of AN12714_iMX Encrypted Storage Using CAAM Secure Keys.
Thanks
Hello
We are stuck at this point, as given tutorials are not working for us. We also can't update the kernel version to 5.4.x, as vendor is not supporting version above 4.19.x. As I mentioned there is one tutorial (Rev 0 of AN12714_iMX Encrypted Storage Using CAAM Secure Keys) which is for kernel 4.14.x. So we are hopeful that solution should exist for our kernel.
It would be helpful, if you can point us towards some approaches which we can try to solve this issue.
Thanks