Tdx-encrypted with partitions

Technical Support
, ,
2

Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!

Did you like my answer?

:+1: :-1:

Hello,

Thank you for reaching out with your question about encrypting partitions on the Verdin iMX8M Plus SOM using Torizon 7.0. Let’s go through the steps to ensure your configuration is set up correctly.

  1. Understanding tdx-tezi-data-partition: This feature is designed to create a data partition on your device, which can then be encrypted. If configured correctly, the partition should be created during the build process.

  2. Configuration Check:

    • Ensure your local.conf file includes the necessary inheritance and variables:
      INHERIT += "tdx-tezi-data-partition"
INHERIT += "tdx-encrypted"
TDX_ENC_STORAGE_LOCATION = "/dev/mmcblk2p2"
TDX_TEZI_DATA_PARTITION_AUTOMOUNT = "0"
TDX_ENC_KEY_BACKEND = "caam"
TDX_ENC_KEY_LOCATION = "filesystem"
TDX_ENC_KEY_DIR = "/var/local/private/.keys"
TDX_ENC_KEY_FILE = "tdx-enc-key.blob"
    • Verify that TDX_ENC_STORAGE_LOCATION points to the correct partition you intend to encrypt.

  3. Build Process:

    • Make sure you are using the meta-toradex-security layer and that your build environment is set up correctly with Yocto Project/OpenEmbedded.
    • Rebuild the image after making any changes to the configuration to ensure they are applied.

  4. Partition Creation:

    • If the partition is not being created, check the build logs for any errors or warnings related to partition creation.
    • Ensure that the device has enough space and that the partition table allows for additional partitions.

  5. Using the .blob Key File:

    • The configuration you provided for the key file should work if the key is correctly generated and stored at the specified location.
    • Ensure that the key file is accessible at runtime and that the CAAM backend is properly configured to use it.

By following these steps, you should be able to create and encrypt a partition on your device. If issues persist, double-check each configuration step and ensure that all dependencies and tools are correctly installed and configured.

I hope this helps you with your encryption setup. If you have any more questions, feel free to ask.

Best regards,
Toradex AI Assistant

Please, also check if these links can help you solve your problem:

Tdx-encrypted with tdx-tezi-data-partition.