FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to boot into a luks encrypted rootfs partition from initramfs on i.MX6ULZ?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to boot into a luks encrypted rootfs partition from initramfs on i.MX6ULZ?

‎05-18-2020 08:46 AM
6,487 Views
skwang6272
Contributor II

Hi everyone, 

I am trying to do disk encryption on i.MX6UL. The device is USB armory II. It has DCP and no CAAM.

This is my plan:

1、Two partitions. One for /boot, one for rootfs. Bootloader and kernel are stored in /boot and they are in plain text. The rootfs is encrypted by LUKS(DM-crpty).

2、Configure initramfs in the kernel. During the boot process, decrypt the encrypted rootfs and mount the root directory automatically.

3、LUKS uses file as key. At the same time this key file is encrypted with DCP.

Here is my question:

1、How to install the system on an already partitioned SD card?How to configure the encrypted file system?

2、How to configure initramfs to encrypt and load rootfs automatically?

I am just new to embedded development. Any suggestions, documentation and tutorials are welcome.

I have searched for similar issues

How to boot into a luks encrypted rootfs partition from initramfs on imx6 quad?

The document "Root filesystem encryption using DM-Crypt"  looks useful but I don't have permission to access it.

Thanks!

Labels (1)
Labels
Reply
23 Replies

‎11-01-2021 02:34 PM
4,672 Views
MikeAtMT
Contributor I

+1 looking for "Root filesystem encryption using DM-Crypt" - I've worked on this many years ago, but need to refresh my memory. Thank you!

Reply

‎03-15-2021 12:13 AM
5,634 Views
r1cebank
Contributor II

Hi,

I am not sure if you already figured this out, but recently I've modified the USB Armory's image builder script to support the encrypted rootfs you mentioned.

https://github.com/r1cebank/usbarmory-debian-base_image

Hope this helps.

Reply

‎05-18-2020 08:42 PM
6,144 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Please refer to the following app note (assuming encrypted boot of U-boot and kernel).
"i.MX Encrypted Storage Using CAAM Secure Keys"
 
https://www.nxp.com/docs/en/application-note/AN12714.pdf

Regards,

Yuri.

0 Kudos
Reply

‎05-24-2020 06:17 PM
6,144 Views
skwang6272
Contributor II

Hi,

Thanks a lot!

But I have seen this doc. And I have no CAAM, only DCP. Are threy same?

0 Kudos
Reply

‎05-25-2020 05:33 AM
6,144 Views
Yuri
NXP Employee
NXP Employee

Hello,

  If i.MX processor does not have CAAM - only software based DM-crypt

may be applied.

Regards,

Yuri.

0 Kudos
Reply

‎04-12-2022 01:22 PM
3,776 Views
adde_ado
Contributor III

Hi Yuri,

Could you please send to me 

"Root filesystem encryption using DM-Crypt" document?

I'm working with Imx8mm and I have same issue.

Best regards,

Adde

0 Kudos
Reply

‎05-27-2020 06:20 PM
6,144 Views
skwang6272
Contributor II

Hi, 

Thank you for your reply. Could you show me any docs explain how to preform software based DM-crypt?

btw Why can't DCP do what CAAM does?

0 Kudos
Reply

‎05-29-2020 12:11 AM
6,144 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Some material have been sent directly.

Regards,

Yuri.

0 Kudos
Reply

‎11-28-2022 02:09 AM
2,747 Views
arunkrishnank
Contributor I

Dear Yuri,

Is it possible to share the document to me. I am attempting rootfs encryption on a i.MX 6 ULL

0 Kudos
Reply

‎06-09-2021 05:57 AM
5,301 Views
andreamengalli
Contributor II

Hello Yuri,

I am working on encryption on i.MX8Mmini.

Could I have access to the document "Root filesystem encryption using DM-Crypt"?

Thanks in advance.

0 Kudos
Reply

‎01-28-2022 06:49 AM
4,241 Views
YoussefDALIL
Contributor I

Hello @Yuri ,

Could I have also access to the document "Root filesystem encryption using DM-Crypt"

I really need this document to work on my project please.

Waiting for your reply

Thanks

0 Kudos
Reply

‎01-30-2022 08:07 PM
4,227 Views
Yuri
NXP Employee
NXP Employee

@YoussefDALIL 
Hello,

In addition to AN12714 (i.MX Encrypted Storage Using CAAM Secure Keys) use
section 10.5 (Disk encryption acceleration) of i.MX Linux User's Guide.


https://www.nxp.com/webapp/Download?colCode=AN12714

https://www.nxp.com/docs/en/user-guide/IMX_LINUX_USERS_GUIDE.pdf

 For specific customer's cases (OS releases) NXP Pro Support may be involved.

Regards,
Yuri.

0 Kudos
Reply

‎06-10-2021 02:20 AM
5,297 Views
Yuri
NXP Employee
NXP Employee

@andreamengalli 
Hello,

  please refer to

https://www.nxp.com/docs/en/application-note/AN12714.pdf

 

Regards,
Yuri.

0 Kudos
Reply

‎10-12-2021 02:19 PM
4,780 Views
parthitce
Contributor III

@YuriCould you please share the documents for dm-crypt to do with imx6ULL/imx6ULZ?

Thanks,

Parthiban N

Reply

‎10-12-2021 10:25 PM
4,773 Views
Yuri
NXP Employee
NXP Employee

@parthitce 
Hello,

  I've sent You the file.

Regards,
Yuri.

0 Kudos
Reply

‎05-07-2021 02:13 AM
5,480 Views
kmaincent
Contributor I

Hello Yuri,

I am also working on encryption.

Could I have access to the document "Root filesystem encryption using DM-Crypt"?

Thanks,

0 Kudos
Reply

‎05-07-2021 03:22 AM
5,466 Views
Yuri
NXP Employee
NXP Employee

@kmaincent 
Hello,

  I've sent You some comments.

Regards,
Yuri.

Tags (1)
0 Kudos
Reply

‎02-24-2021 04:16 PM
5,742 Views
r1cebank
Contributor II

I am having the same question, is it possible to send me the same documents?

0 Kudos
Reply

‎02-24-2021 10:35 PM
5,719 Views
Yuri
NXP Employee
NXP Employee

@r1cebank 

Done!

~Yuri.

0 Kudos
Reply

‎09-23-2023 10:03 AM
1,338 Views
gulsrb
Contributor I
Dear Mr. Yuri
It would be very much appreciated if you could also provide me with a copy of the "Root filesystem encryption using DM-Crypt" document.
Best regards,
Aleksandar
0 Kudos
Reply