I am trying to do disk encryption on i.MX6UL. The device is USB armory II. It has DCP and no CAAM.
This is my plan：
1、Two partitions. One for /boot, one for rootfs. Bootloader and kernel are stored in /boot and they are in plain text. The rootfs is encrypted by LUKS(DM-crpty).
2、Configure initramfs in the kernel. During the boot process, decrypt the encrypted rootfs and mount the root directory automatically.
3、LUKS uses file as key. At the same time this key file is encrypted with DCP.
Here is my question:
1、How to install the system on an already partitioned SD card？How to configure the encrypted file system？
2、How to configure initramfs to encrypt and load rootfs automatically?
I am just new to embedded development. Any suggestions, documentation and tutorials are welcome.
I have searched for similar issues