We would like to use a luks encrypted rootfs on the SAMA5D2. We've included meta-encrypted-storage (https://github.com/jiazhang0/meta-secur ... ed-storage) in our Yocto build. This feature employs cryptsetup together with an initramfs and an init script to unlock the luks encrypted root partition as part of kernel boot.
To create a luks encrypted partition the following steps are generally needed:
Code: Select all
cryptsetup luksFormat /dev/mmcblkxxx keyfile cryptroot
cryptsetup luksOpen -d keyfile /dev/mmcblkxxx cryptroot
mkfs.ext4 /dev/mapper/cryptroot
mount /dev/mapper/cryptroot /mnt/cryptroot
cp -ax /mnt/path-to-rootfs/* /mnt/cryptroot # populate luks encrypted partition
unmount /mnt/crtyproot
cryptsetup luksClose cryptrootDoes anyone know how to best handle this or something similar within the Yocto built process? The desire is to to have the build process automatically create and package a luks encrypted rootfs in the .wic file instead of the plain rootfs.
Thanks,
Don