Hello,
I work with a RPI COMPUTE MODULE 3 and I try to add decryption stage in my initramfs. I got the BalenaOS Yocto project and I added a script on initrdscripts_framework. My script uses cryptsetup and openssl packages. I checked dependencies are correctly installed in initramfs (libcryptsetup, libopenssl, dm-crypt module kernel). Nonetheless I can’t decrypt my partition with cryptsetup. To make easy debug, I launch sh terminal on initramfs. When I try to decrypt partition, I have the followed error :
cryptsetup -v luksOpen /dev/mmcblk0p7 dsi
[ 108.570097] random: cryptsetup: uninitialized urandom read (4 bytes read)
[ 108.579953] Enter passphrase for /dev/mmcblk0p7:
[ 111.701079]
[ 113.692423] Command failed with code -1 (wrong or missing parameters).
On my /dev/ folder I have :
cd /dev
ls
[ 22.883212] autofs
[ 22.883212] block
[ 22.883212] bus
[ 22.883212] cachefiles
[ 22.883212] char
[ 22.883212] console
[ 22.883212] cpu_dma_latency
[ 22.883212] disk
[ 22.883212] fb0
[ 22.883212] fd
[ 22.883212] full
[ 22.883212] gpiochip0
[ 22.883212] gpiochip1
[ 22.883212] gpiochip2
[ 22.883212] gpiomem
[ 22.883212] hwrng
[ 22.883212] input
[ 22.883212] kmsg
[ 22.883212] loop-control
[ 22.883212] loop0
[ 22.883212] loop1
[ 22.883212] loop2
[ 22.883212] loop3
[ 22.883212] loop4
[ 22.883212] loop5
[ 22.883212] loop6
[ 22.883212] loop7
[ 22.883212] mem
[ 22.883212] memory_bandwidth
[ 22.883212] mmcblk0
[ 22.883212] mmcblk0boot0
[ 22.883212] mmcblk0boot1
[ 22.883212] mmcblk0p1
[ 22.883212] mmcblk0p2
[ 22.883212] mmcblk0p3
[ 22.883212] mmcblk0p4
[ 22.883212] mmcblk0p5
[ 22.883212] mmcblk0p6
[ 22.883212] mmcblk0p7
[ 22.883212] mmcblk0rpmb
[ 22.883212] net
[ 22.883212] network_latency
[ 22.883212] network_throughput
Like we can see /dev/random and /dev/urandom are not present. I can’t have more log and I think the problem comes from there. More over, to strengthen my process other step is to communique with a tpm (to136) via i2c to get decryption key. After enable and add i2c-dev module like autoload on kernel I can’t have peripheral /dev/i2c-1 available on my initramfs. However when BalenaOS is launched, I am able to crypt/decrypt partition with cryptsetup and communicate with to136 via i2c.
I tried the same manipulation with another target board based on IMX6 and it’s work fine.
Do you know if there are special process to mount peripheral on initramfs for raspberry ? Can i have support for my issue ?
Thanks,
Ben