Hello,
I am trying to enable encryption for our product which is based on a verdin-imx8mp module. I got secure boot working with the meta-toradex-security layer with the inheritance of tdxref-signed which provides me an extended chain of trust (ECoT).
The next step we want to take is to encrypt the signed (read-only) root filesystem, and later on we want to encrypt a separate data partition. In the meta-toradex-security layer I have read the page: https://github.com/toradex/meta-toradex-security/blob/kirkstone-6.x.y/docs/README-encryption.md
However some things are not yet clear to me or needs some clarification in combination with our current implementation. We are working with the A/B partitioning which means we have duplicate boot partitions (containing the signed fitimage with the tdx-reference-ramdisk-image), two root filesystem (containing the verity images), and some other data partitions. This is to provide fail-safe updating of the system at a later stage. I added the INHERIT += “tdx-encrypted” variable together with other required variables to enable the encryption, for now I will first start with the TDX_ENC_KEY_BACKEND=“cleartext” to get a correct understanding. The same applies for the TDX_STORAGE_LOCATION, I currently set it to the A root filesystem partition but I think I will need some extension here later to also support A/B partitioning.
When building the image I see that the tdx-enc.sh script and the services are being installed to the our image/root filesystem, caused by the IMAGE_INSTALL in the tdx-encrypted.bbclass. From my point of view, I would expect this to be appended to the tdx-reference-ramdisk-image since this decrypts the root filesystem, verifies the signature and will then mount it.
- Is this correct and should I adapt this?
Furthermore I am questioning if there is any order for the dm tools, is dm-crypt performed before dm-verity or otherwise (e.g. first decrypt or first verify).
- What is the correct order here? Or do you maybe have a boot log of a system where this already is working, it would be very useful as a reference.
Apart from this implementation questions I have a question regarding the keys. I understand that a symmetric key solution is chosen and this is stored in a secure element such as the CAAM module using the trusted keys feature.
- Do I need to provide a key to the system at installation point?
- Or does it generate and load a key itself and will the key be never known to the outside world? (as I saw in tdx-enc.sh tdx_enc_key_gen_caam/cleartext/tpm).
If this last one is true then I guess it could make sense to generate this key at installation and then encrypt partitions A and B at the same time with the common key, since I want to be able to update the B partition also at a later stage.
- Do you know if for example swupdate provides a feature to use the CAAM and dm-crypt?
I am using kirkstone-6.x.y branch from meta-toradex-security with hash: 8389b4b60725b2804afd790cb194affd73f9b84b
Thanks in advance!
Kind regards,
Randy