Hello,
I want to test gocryptfs on a Verdin iMX8MM but since there is no recipe available I have to write it by myself.
This is what I have so far:
SUMMARY = "Encrypted overlay filesystem written in Go"
HOMEPAGE = "https://github.com/rfjakob/gocryptfs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=3b83ef96387f14
[log.do_compile.20714|attachment](upload://isxLVMMPUPotvf3hqEHAz8olGQu.20714) (704.0 KB)
655fc854ddc3c6bd57"
SRCREV = "31f17432bfdf8bd9ca93f7a18b494d13d019d862"
SRC_URI = "git://github.com/rfjakob/gocryptfs.git;branch=master;protocol=https"
GO_IMPORT = "import"
inherit go
S = "${WORKDIR}/git"
do_compile[network] = "1"
do_compile() {
cd ${S}/src/${GO_IMPORT}
./build.bash
}
do_install() {
# todo
}
The compile-task fails with error code 1 and the log file gives me no hint what went wrong:
log.do_compile.20714 (704.0 KB)
Does somebody as an idea?
Best regards,
Markus
Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!
Did you like my answer?
Hello,
Thank you for reaching out with your question. While I understand your interest in creating a Yocto recipe for gocryptfs on the Verdin iMX8MM, specific guidance on this topic isn’t available in the current documentation. The Verdin iMX8MM is indeed a supported module, as you can see in the module documentation. However, detailed instructions for a gocryptfs recipe are not provided.
To assist with any build issues you might encounter, I recommend using the tdx-info tool to gather system information. This can be done with the following command:
sudo tdx-info
You can find more about using tdx-info in the developer resources. This information can be invaluable for troubleshooting and understanding your system’s configuration.
If you would like a more general overview of Yocto recipe development for Toradex platforms, please let me know. I’d be happy to provide further assistance.
Best regards,
Toradex AI Assistant
Hello @Mowlwurf,
It is my understanding that you are trying to get goencryptfs working as an alternative to the encryption support we provide. Following up on your previous post.
Do you need a full directory to be encrypted for your purposes?
Or would individual file encryption at an application level be sufficient?
If multiple files are needed, they could be archived into a single file with tar.
Best Regards,
Bruno
Hello @bruno.tx,
It is my understanding that you are trying to get goencryptfs working as an alternative to the encryption support we provide. Following up on your previous post.
Yes, that’s right.
Do you need a full directory to be encrypted for your purposes?
Or would individual file encryption at an application level be sufficient?
If multiple files are needed, they could be archived into a single file with tar.
You mean wrapping a directory in a tar and then encrypting it with e.g. gpg?
That would not be quite as convenient as fscrypt or gocrpytfs, but would definitely do the job.
I have now spontaneously found the following tools for encryption:
Are there any others? Which one can you recommend?
Best regards,
Markus
Hello @Mowlwurf,
Yes, that is correct.
The reason for this proposal is that, without using a secure way to store the keys such as CAAM or a TPM, having a filesystem that is encrypted has a similar effect security-wise than just encrypting the files.
I would say that the main difference here is in where the effort is applied.
If you want to setup a filesystem encryption, you end up working more on the Yocto side which can bring some tricky scenarios with OSTree.
To just encrypt files, the effort is on the application side, which can be more portable and easier to maintain.
I would say your suggestions of tools should do the job, but there are really many options.
OpenSSL is widely used.
Best Regards,
Bruno
Hi @bruno.tx,
I have tried both GnuPG and OpenSSL and both are a good way to encrypt user data.
Many thanks for this suggestion.
Since the initial question (Yocto recipe for gocryptfs) has no solution yet, I would leave this thread open. Maybe something will come up in the future…
Best regards,
Markus
Hello @Mowlwurf,
Noted, thanks for the update.
Best Regards,
Bruno
