다음을 사용하여 dm-crypt 파일 시스템을 만들 수 있습니다.
root@smarcimx8mq4g:~# cat /data/caam/randomkey | keyctl padd logon logkey: @s
731358804
root@smarcimx8mq4g:~# dmsetup -v create encrypted --table "0 $(blockdev --getsz /dev/mmcblk1p3) crypt capi:tk(cbc(aes))-plain :36:logon:logkey: 0 /dev/mmcblk1p3 0 1 sector_size:512"
(저는 imx8의 CAAM 구현을 사용하고 있습니다 tk(cbc(aes)).)
불행하게도 이렇게 하면 /dev/mmcblk1p3의 데이터가 지워집니다(또는 디코딩 기능이 손실됩니다). /dev/mapper/encrypted를 사용할 수 있지만 mkfs.ext4를 실행하고 설치한 후에만 가능합니다.
나는 또한 다음을 시도했습니다.
root@smarcimx8mq4g:~# dmsetup -v load encrypted --table "0 $(blockdev --getsz /dev/mmcblk1p3) crypt capi:tk(cbc(aes))-plain :36:logon:logkey: 0 /dev/mmcblk1p3 0 1 sector_size:512"
device-mapper: reload ioctl on encrypted failed: No such device or address
Command failed.
(나는 /dev/mapper/encrypted 노드를 생성하기 위해 "만들기" 외에는 아무것도 원하지 않습니다.)
dm-crypt를 사용하여 원시 데이터에 액세스하는 방법은 무엇입니까?
답변1
내가 깨닫지 못한 것은 키가 세션마다 다르기 때문에 재부팅할 때마다 black-blob(.bb) 파일에서 키를 가져와야 한다는 것입니다. 새로 가져온 키를 사용하여 모든 후속 재부팅 시 초기 "dmsetup -v create" 명령을 사용해야 합니다.
전체 작업 기록:
root@smarcimx8mq4g:~# caam-keygen create randomkey ecb -s 16
root@smarcimx8mq4g:~# cd /data/caam/
root@smarcimx8mq4g:/data/caam# ls -l
total 8
-rw-r--r-- 1 root root 36 Apr 4 13:32 randomkey
-rw-r--r-- 1 root root 96 Apr 4 13:32 randomkey.bb
root@smarcimx8mq4g:/data/caam# cat /data/caam/randomkey | keyctl padd logon logkey: @s
600708898
root@smarcimx8mq4g:/data/caam# keyctl list @s
2 keys in keyring:
63045264: --alswrv 0 65534 keyring: _uid.0
600708898: --alsw-v 0 0 logon: logkey:
root@smarcimx8mq4g:/data/caam# dmsetup -v create encrypted --table "0 $(blockdev --getsz /dev/mmcblk1p3) crypt capi:tk(cbc(aes))-plain :36:logon:logkey: 0 /dev/mmcblk1p3 0 1 sector_size:512"
Name: encrypted
State: ACTIVE
Read Ahead: 256
Tables present: LIVE
Open count: 0
Event number: 0
Major, minor: 252, 0
Number of targets: 1
root@smarcimx8mq4g:/data/caam# dmsetup table --showkey encrypted
0 53933055 crypt capi:tk(cbc(aes))-plain :36:logon:logkey: 0 179:99 0
root@smarcimx8mq4g:/data/caam# mkfs.ext4 /dev/mapper/encrypted
mke2fs 1.46.2 (28-Feb-2021)
Creating filesystem with 6741631 4k blocks and 1687552 inodes
Filesystem UUID: f28e329b-6f40-47e1-9ef3-893dc2646339
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
root@smarcimx8mq4g:/data/caam# mkdir /mnt/encrypted
root@smarcimx8mq4g:/data/caam# mount -t ext4 /dev/mapper/encrypted /mnt/encrypted/
root@smarcimx8mq4g:/data/caam# echo "This is a test of full disk encryption on i.MX" > /mnt/encrypted/readme.txt
root@smarcimx8mq4g:/data/caam# umount /mnt/encrypted/
root@smarcimx8mq4g:/data/caam# dmsetup remove encrypted
root@smarcimx8mq4g:/data/caam# reboot
The system is going down for reboot NOW!g (pts/0) (Thu Apr 4 13:37:13 2024):
Connection to 10.1.2.3 closed by remote host.
Connection to 10.1.2.3 closed.
fadedbee@box ~ $ ssh [email protected]
...
root@smarcimx8mq4g:~# cd /data/caam/
root@smarcimx8mq4g:/data/caam# caam-keygen import /data/caam/randomkey.bb importKey
root@smarcimx8mq4g:/data/caam# sha1sum *
1873e20436126910ea83bcb2bb5229d7d94237ba importKey
5c14092a3be806551df9e1c8bba4dae638bd82d1 randomkey
784a04eef33b21f12c1c9d9c0cdfd754febe34f7 randomkey.bb
root@smarcimx8mq4g:/data/caam# cat /data/caam/importKey | keyctl padd logon logkey: @s
941979697
root@smarcimx8mq4g:/data/caam# dmsetup -v create encrypted --table "0 $(blockdev --getsz /dev/mmcblk1p3) crypt capi:tk(cbc(aes))-plain :36:logon:logkey: 0 /dev/mmcblk1p3 0 1 sector_size:512"
Name: encrypted
State: ACTIVE
Read Ahead: 256
Tables present: LIVE
Open count: 0
Event number: 0
Major, minor: 252, 0
Number of targets: 1
root@smarcimx8mq4g:/data/caam# mount /dev/mapper/encrypted /mnt/encrypted/
root@smarcimx8mq4g:/data/caam# cat /mnt/encrypted/readme.txt
This is a test of full disk encryption on i.MX