Hi, We would like to use a luks encrypted rootfs with the SAMA5D2. We've included meta-encrypted-storage (https://github.com/jiazhang0/meta-secure-core/tree/master/meta-encrypted-storage) in our Yocto configuration. This leverages an initramfs with cryptsetup and init scripts to unlock and mount an encrypted rootfs during boot.
The issue we have is not knowing how to automatically build the encrypted rootfs and package it into the .wic file during the Yocto build process. Today our Yocto build produces a .wic with a boot partition and a plain rootfs which is then flashed to eMMC. We would like to replace the plain rootfs in the .wic with an encrypted one. The basic steps to create a luks encrypted file system look something like this: cryptsetup luksFormat /dev/mmcblkxxx keyfile cryptroot cryptsetup luksOpen -d keyfile /dev/mmcblkxxx cryptroot mkfs.ext4 /dev/mapper/cryptroot mount /dev/mapper/cryptroot /mnt/cryptroot cp -ax /mnt/path-to-rootfs/* /mnt/cryptroot # populate luks encrypted partition unmount /mnt/crtyproot cryptsetup luksClose cryptroot Where would we incorporate this into the BB recipes? Or is this a case where we would need to make changes / extension so the WIC scripts and/or plugins? Thanks in advance for any suggestions. Regards, Don
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
