Using dm-verity+dm-crypt on rootfs (Embedded Linux)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,

      Spent quite some time looking on the Internet for a reference, and couldn't find anything that would satisfy my requirements.
Let's imagine an Embedded Linux setup, where size of the NOR flash is limited to say 16MB, root filesystem is squashfs, and assume
that the bootloader (U-Boot) is trusted, and it validates kernel+dts. Alright, now I need to check validity of the rootfs, plus it needs to be
encrypted, and failsafe  (in case power is gone while writing to the flash). So I guess, I need to use a combination dm-verity+dm-crypt?
     
      From my experiments, I found out that I couldn't really use LUKS, as the header size would not fit into the flash. So I need to use plain mode, and that's Ok.
      Now, the question is, what information to pass to the kernel, and how (bootargs?, initrd?), so that it could verify and mount encrypted squashfs as rootfs?
      Have seen a lot of articles how to get it done on a partition, USB drive, etc. but not as the rootfs.
Any reference on any project already existing or documentation would be helpful. Or, any thoughts on how it could be done differently?

Thank you for your wisdom

Cheers,
Andrew

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux