6/25/2020 8:50 AM | |
Joined: 4/28/2015 Last visit: 6/28/2024 Posts: 578 Rating: (43) |
We are missing CONFIG_CRYPTO_XTS=y (or =m) in the kernel config, possibly more. Try adding that to https://github.com/siemens/meta-iot2050/blob/master/recipes-kernel/linux/files/iot2050_defconfig_extra.cfg and rebuild. If you identified the missing switches, let us know or even submit a pull request on github. BTW, what is your plan regarding the decryption key? How will you protect it? Or will someone have to enter it manually each time the device boots? |
6/25/2020 1:09 PM | |
Joined: 4/28/2015 Last visit: 6/28/2024 Posts: 578 Rating: (43) |
Right, but then the protection of the key is the challenge. Moving the SD card around implies a physical attack, and then you need to prevent that the local attacker simply also steals the key. The Advanced variant provides security features, we embed OP-TEE which supports secure storage (https://optee.readthedocs.io/en/latest/architecture/secure_storage.html), but I personally didn't work with that yet. |
7/13/2020 8:41 PM | |
Joined: 10/10/2018 Last visit: 4/29/2024 Posts: 21 Rating: (0) |
Hi I add the CONFIG_CRYPTO_XTS=y, as you suggest. Next the console output:
It fail again. :( Best Regards,
|
Follow us on