[yocto] rootfs encryption support
Ayoub Zaki
ayoub.zaki at embexus.com
Tue Sep 26 03:48:26 PDT 2017
Hi,
On 26.09.2017 12:29, Kumar, Shrawan wrote:
> To add further information to the query , I am executing “cryptsetup”
> from a recipe as below : (/Yocto 2.0.2)/
>
> fakeroot do_install() {
>
> cryptsetup --type=plain open hello.enc demomap <
> dm-crypt-key
>
> }
>
> Additional debug log :
>
> + do_install
>
> | + cryptsetup --type=plain open
> /path_to/tmp/work/cortexa9hf-vfp-neon-elina-linux-gnueabi/DM-CryptSetup/1.0-r0/hello.enc
> demomap
>
> | *Cannot initialize device-mapper. Is dm_mod kernel module loaded?*
>
> |
>
> | Cannot initialize device-mapper. Is dm_mod kernel module loaded?
>
> | + bb_exit_handler
>
Your Host kernel need to have support for DM-Crypt enabled, you can
autoload the corresponding kernel module by adding to your build host
modules configuration:
$ sudo sh -c 'echo dm_mod > /etc/modules-load.d/dm_mod.conf'
>
> Ideally , I was under impression that “fakeroot” shall have allowed to
> me achieve the goal.
>
> Thanks & Regads
>
> Shrawan
>
> *From:* Kumar, Shrawan
> *Sent:* Tuesday, September 26, 2017 10:56 AM
> *To:* 'yocto at yoctoproject.org' <yocto at yoctoproject.org>
> *Subject:* rootfs encryption support
>
> Hello Team ,
>
> Is it possible to get encrypted rootfs during image build ?
>
> Currently , I am running “*cryptsetup*” (as sudo) *manually* after
> the final image(rootfs.ext4) is produced . The idea is to get this
> done within yocto environment without sudo problem .
>
> Thanks and Regards
>
> Shrawan
>
>
>
More information about the yocto
mailing list