[yocto] [EXTERNAL] Re: rootfs encryption support
Kumar, Shrawan
Shrawan.Kumar at harman.com
Tue Sep 26 05:06:27 PDT 2017
When I execute the cryptsetup manually (with sudo ) on the host , I could see " demomap" getting populated . This confirms that it works on host when I run manually and that HOST configuration is OK .
However this is not happing under yocto fakeroot environment and it says " Cannot initialize device-mapper. Is dm_mod kernel module loaded?*"
@:~$ ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Sep 15 02:26 control
lrwxrwxrwx 1 root root 7 Sep 26 11:56 demomap -> ../dm-7
lrwxrwxrwx 1 root root 7 Sep 15 02:26 vg00-lv2swap -> ../dm-6
lrwxrwxrwx 1 root root 7 Sep 15 02:26 vg00-lvdocker -> ../dm-1
lrwxrwxrwx 1 root root 7 Sep 15 02:26 vg00-lvhome -> ../dm-3
lrwxrwxrwx 1 root root 7 Sep 15 02:26 vg00-lvroot -> ../dm-2
lrwxrwxrwx 1 root root 7 Sep 15 02:26 vg00-lvswap -> ../dm-5
lrwxrwxrwx 1 root root 7 Sep 15 02:26 vg00-lvvar -> ../dm-4
lrwxrwxrwx 1 root root 7 Sep 15 02:26 vgdata-lvdata -> ../dm-0
off course , dm_mod which I could confirm with emty output of lsmod | grep dm_mod
But then how does it works on host when I run cryptsetup manually ?
I could see " dm_crypt" module is loaded .
-----Original Message-----
From: Ayoub Zaki [mailto:ayoub.zaki at embexus.com]
Sent: Tuesday, September 26, 2017 4:17 PM
To: Kumar, Shrawan <Shrawan.Kumar at harman.com>
Subject: [EXTERNAL] Re: [yocto] rootfs encryption support
On 26.09.2017 12:29, Kumar, Shrawan wrote:
> To add further information to the query , I am executing "cryptsetup"
> from a recipe as below : (/Yocto 2.0.2)/
>
> fakeroot do_install() {
>
> cryptsetup --type=plain open hello.enc demomap <
> dm-crypt-key
>
> }
>
> Additional debug log :
>
> + do_install
>
> | + cryptsetup --type=plain open
> /path_to/tmp/work/cortexa9hf-vfp-neon-elina-linux-gnueabi/DM-CryptSetu
> p/1.0-r0/hello.enc
> demomap
>
> | *Cannot initialize device-mapper. Is dm_mod kernel module loaded?*
>
> |
>
> | Cannot initialize device-mapper. Is dm_mod kernel module loaded?
>
> | + bb_exit_handler
>
*||**Your Host kernel need to have support for DM-Crypt enabled, you can autoload the corresponding kernel module by adding to your build host modules configuration:
$ sudo sh -c 'echo dm_mod > /etc/modules-load.d/dm_mod.conf'*
||
**
>
> Ideally , I was under impression that "fakeroot" shall have allowed to
> me achieve the goal.
>
> Thanks & Regads
>
> Shrawan
>
> *From:* Kumar, Shrawan
> *Sent:* Tuesday, September 26, 2017 10:56 AM
> *To:* 'yocto at yoctoproject.org' <yocto at yoctoproject.org>
> *Subject:* rootfs encryption support
>
> Hello Team ,
>
> Is it possible to get encrypted rootfs during image build ?
>
> Currently , I am running "*cryptsetup*" (as sudo) *manually* after
> the final image(rootfs.ext4) is produced . The idea is to get this
> done within yocto environment without sudo problem .
>
> Thanks and Regards
>
> Shrawan
>
>
>
--
Ayoub Zaki
Embedded Systems Consultant
Vaihinger Straße 2/1
D-71634 Ludwigsburg
Tel. : +4971415074546
Mobile : +4917662901545
Email : ayoub.zaki at embexus.com
Homepage : https://clicktime.symantec.com/a/1/8fQ575pM7qUybRZBFjM9C7WPhR2dXT1R4k3d_4A9BOc=?d=Tm5cGpFBEW_vK6_eBrh-lyBQV_R1miTaoqmkTnsHhnTjNs9fOY92cq9wfN5CbL76p9_yEC-LnqRTAKlF1fzjPCBupycsjT3GP6G75yD1UVlxZ7c2mqLgkyrhClC1V-74zP2Zbhs8BAnSEhpjJoqPP_0JU1Lzuo-iK8U_D7B1zQes8b4JBgf3DPo21HUsMa2qEGMbeqEDq7LU4y2SXKadgb1xcCNmOTvQIJ9LchpVyTITF0Qw2c5M1--o9oWn7FlThc-KBs5TLfBKAIexE3ndzKZOdu9D2NlCmcrEM7q1Oe8sarufZ71B8FsfvU5lT_9gB-hfFD0PEgEJY8VxBGtY4-tLfyAnaY8Z-BlIlSDBgZeorcaKkAzCj4nQTbXIWTTIYg%3D%3D&u=https%3A%2F%2Fembexus.com
More information about the yocto
mailing list