Re: [yocto] rootfs encryption support
On 2017-09-26 01:25 AM, Kumar, Shrawan wrote: Hello Team , Is it possible to get encrypted rootfs during image build ? Currently , I am running “*cryptsetup*” (as sudo) *manually* after the final image(rootfs.ext4) is produced . The idea is to get this done within yocto environment without sudo problem . Thanks and Regards Shrawan I'm not working on it but I think people are trying to focus such work in this layer: https://layers.openembedded.org/layerindex/branch/master/layer/meta-encrypted-storage/ https://github.com/jiazhang0/meta-secure-core -- # Randy MacLeod. WR Linux # Wind River an Intel Company -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] rootfs encryption support
Hi, On 26.09.2017 12:29, Kumar, Shrawan wrote: To add further information to the query , I am executing “cryptsetup” from a recipe as below : (/Yocto 2.0.2)/ fakeroot do_install() { cryptsetup --type=plain open hello.enc demomap < dm-crypt-key } Additional debug log : + do_install | + cryptsetup --type=plain open /path_to/tmp/work/cortexa9hf-vfp-neon-elina-linux-gnueabi/DM-CryptSetup/1.0-r0/hello.enc demomap | *Cannot initialize device-mapper. Is dm_mod kernel module loaded?* | | Cannot initialize device-mapper. Is dm_mod kernel module loaded? | + bb_exit_handler Your Host kernel need to have support for DM-Crypt enabled, you can autoload the corresponding kernel module by adding to your build host modules configuration: $ sudo sh -c 'echo dm_mod > /etc/modules-load.d/dm_mod.conf' Ideally , I was under impression that “fakeroot” shall have allowed to me achieve the goal. Thanks & Regads Shrawan *From:* Kumar, Shrawan *Sent:* Tuesday, September 26, 2017 10:56 AM *To:* 'yocto@yoctoproject.org'*Subject:* rootfs encryption support Hello Team , Is it possible to get encrypted rootfs during image build ? Currently , I am running “*cryptsetup*” (as sudo) *manually* after the final image(rootfs.ext4) is produced . The idea is to get this done within yocto environment without sudo problem . Thanks and Regards Shrawan -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] rootfs encryption support
To add further information to the query , I am executing "cryptsetup" from a recipe as below : (Yocto 2.0.2) fakeroot do_install() { cryptsetup --type=plain open hello.enc demomap < dm-crypt-key } Additional debug log : + do_install | + cryptsetup --type=plain open /path_to/tmp/work/cortexa9hf-vfp-neon-elina-linux-gnueabi/DM-CryptSetup/1.0-r0/hello.enc demomap | Cannot initialize device-mapper. Is dm_mod kernel module loaded? | | Cannot initialize device-mapper. Is dm_mod kernel module loaded? | + bb_exit_handler Ideally , I was under impression that "fakeroot" shall have allowed to me achieve the goal. Thanks & Regads Shrawan From: Kumar, Shrawan Sent: Tuesday, September 26, 2017 10:56 AM To: 'yocto@yoctoproject.org'Subject: rootfs encryption support Hello Team , Is it possible to get encrypted rootfs during image build ? Currently , I am running "cryptsetup" (as sudo) manually after the final image(rootfs.ext4) is produced . The idea is to get this done within yocto environment without sudo problem . Thanks and Regards Shrawan -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] rootfs encryption support
Hello Team , Is it possible to get encrypted rootfs during image build ? Currently , I am running "cryptsetup" (as sudo) manually after the final image(rootfs.ext4) is produced . The idea is to get this done within yocto environment without sudo problem . Thanks and Regards Shrawan -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto