USB storage encryption

fvodopive · January 20, 2023, 10:50am

Hi,

I am using external USB storage for Database purpose and I want to encrypt it on system level of Linux.
What is best solution for encryption considering limited Linux on Torizon board (something like Windows BitLocker).

Regards

josep.tx · January 20, 2023, 2:21pm

Hello @fvodopive ,
Thanks for your question, that is a very interesting use case

Right now we are not sure if and how TorizonCore deals with encrypted data, but we will ask internally and get back to you as soon as we have the information.

Of course if you want to add some encryption capabilities on your own to the base OS, you can rebuild it and at your own custom layers.

Just two more questions:

which TorizonCore version are you using?
which Verdin SoM model and version are you using?

Best regards,
Josep

alex.tx · January 20, 2023, 8:29pm

There are a few options for encrypting external USB storage on a Linux system, such as the Colibri iMX6 running Torizon.

dm-crypt: This is a kernel-level encryption module that can be used to encrypt block devices such as USB storage. dm-crypt is a built-in feature of the Linux kernel, so it does not require any additional software to be installed. However, it does require some command line configuration.
LUKS: Linux Unified Key Setup (LUKS) is a disk encryption specification that uses dm-crypt as the backend. LUKS provides a user-friendly interface for configuring dm-crypt and allows for multiple encryption keys to be used on a single storage device.
eCryptfs: This is a file-level encryption system that allows specific files and directories to be encrypted. eCryptfs is a userspace application and is therefore easier to use than dm-crypt.

Both dm-crypt and LUKS are good options for encrypting the external USB storage on your Colibri iMX6 running Torizon, but LUKS provides a more user-friendly experience. eCryptfs is good for file level encryption but might not be the best solution for whole storage encryption.

Please note that all mentioned solutions are not included in Torizon core by default.

fvodopive · January 23, 2023, 10:19am

Hello Josep,

I am using TorizonCore -5.7.0 and Verdin iMX8M Mini SoM

Best regards,
Filip

henrique.tx · January 25, 2023, 5:44pm

Hi @fvodopive !

Due to your question, Torizon R&D enabled the following kernel configurations:

CONFIG_DM_CRYPT
CONFIG_FS_ENCRYPTION
CONFIG_ECRYPT_FS

This blog post might be helpful to you in this topic as well: https://sergioprado.blog/introduction-embedded-linux-security-part-1/

Best regards,