Re: [yocto] rootfs encryption support
On 2017-09-26 01:25 AM, Kumar, Shrawan wrote: Hello Team , Is it possible to get encrypted rootfs during image build ? Currently , I am running “*cryptsetup*” (as sudo) *manually* after the final image(rootfs.ext4) is produced . The idea is to get this done within yocto environment without sudo problem . Thanks and Regards Shrawan I'm not working on it but I think people are trying to focus such work in this layer: https://layers.openembedded.org/layerindex/branch/master/layer/meta-encrypted-storage/ https://github.com/jiazhang0/meta-secure-core -- # Randy MacLeod. WR Linux # Wind River an Intel Company -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] rootfs encryption support
Hi,
On 26.09.2017 12:29, Kumar, Shrawan wrote:
To add further information to the query , I am executing “cryptsetup”
from a recipe as below : (/Yocto 2.0.2)/
fakeroot do_install() {
cryptsetup --type=plain open hello.enc demomap <
dm-crypt-key
}
Additional debug log :
+ do_install
| + cryptsetup --type=plain open
/path_to/tmp/work/cortexa9hf-vfp-neon-elina-linux-gnueabi/DM-CryptSetup/1.0-r0/hello.enc
demomap
| *Cannot initialize device-mapper. Is dm_mod kernel module loaded?*
|
| Cannot initialize device-mapper. Is dm_mod kernel module loaded?
| + bb_exit_handler
Your Host kernel need to have support for DM-Crypt enabled, you can
autoload the corresponding kernel module by adding to your build host
modules configuration:
$ sudo sh -c 'echo dm_mod > /etc/modules-load.d/dm_mod.conf'
Ideally , I was under impression that “fakeroot” shall have allowed to
me achieve the goal.
Thanks & Regads
Shrawan
*From:* Kumar, Shrawan
*Sent:* Tuesday, September 26, 2017 10:56 AM
*To:* 'yocto@yoctoproject.org'
*Subject:* rootfs encryption support
Hello Team ,
Is it possible to get encrypted rootfs during image build ?
Currently , I am running “*cryptsetup*” (as sudo) *manually* after
the final image(rootfs.ext4) is produced . The idea is to get this
done within yocto environment without sudo problem .
Thanks and Regards
Shrawan
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] rootfs encryption support
To add further information to the query , I am executing "cryptsetup" from a
recipe as below : (Yocto 2.0.2)
fakeroot do_install() {
cryptsetup --type=plain open hello.enc demomap < dm-crypt-key
}
Additional debug log :
+ do_install
| + cryptsetup --type=plain open
/path_to/tmp/work/cortexa9hf-vfp-neon-elina-linux-gnueabi/DM-CryptSetup/1.0-r0/hello.enc
demomap
| Cannot initialize device-mapper. Is dm_mod kernel module loaded?
|
| Cannot initialize device-mapper. Is dm_mod kernel module loaded?
| + bb_exit_handler
Ideally , I was under impression that "fakeroot" shall have allowed to me
achieve the goal.
Thanks & Regads
Shrawan
From: Kumar, Shrawan
Sent: Tuesday, September 26, 2017 10:56 AM
To: 'yocto@yoctoproject.org'
Subject: rootfs encryption support
Hello Team ,
Is it possible to get encrypted rootfs during image build ?
Currently , I am running "cryptsetup" (as sudo) manually after the final
image(rootfs.ext4) is produced . The idea is to get this done within yocto
environment without sudo problem .
Thanks and Regards
Shrawan
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] rootfs encryption support
Hello Team , Is it possible to get encrypted rootfs during image build ? Currently , I am running "cryptsetup" (as sudo) manually after the final image(rootfs.ext4) is produced . The idea is to get this done within yocto environment without sudo problem . Thanks and Regards Shrawan -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
