Generating luks encrypted rootfs in .wic

This forum is for users of Microchip MPUs and who are interested in using Linux OS.

Moderator: nferre

donws
Posts: 4
Joined: Thu Jul 21, 2016 9:20 pm

Generating luks encrypted rootfs in .wic

Thu Jun 13, 2019 10:48 pm

Hi,

We would like to use a luks encrypted rootfs on the SAMA5D2. We've included meta-encrypted-storage (https://github.com/jiazhang0/meta-secur ... ed-storage) in our Yocto build. This feature employs cryptsetup together with an initramfs and an init script to unlock the luks encrypted root partition as part of kernel boot.

To create a luks encrypted partition the following steps are generally needed:

Code: Select all

cryptsetup luksFormat /dev/mmcblkxxx keyfile cryptroot
cryptsetup luksOpen -d keyfile /dev/mmcblkxxx cryptroot
mkfs.ext4 /dev/mapper/cryptroot 
mount  /dev/mapper/cryptroot /mnt/cryptroot
cp -ax /mnt/path-to-rootfs/* /mnt/cryptroot  # populate luks encrypted partition
unmount /mnt/crtyproot
cryptsetup luksClose cryptroot

Does anyone know how to best handle this or something similar within the Yocto built process? The desire is to to have the build process automatically create and package a luks encrypted rootfs in the .wic file instead of the plain rootfs.

Thanks,
Don

Return to “LINUX”

Who is online

Users browsing this forum: No registered users and 4 guests