Enabling DM_Crypt Functionality in SDK release 5.07

Similar documents
Pengwyn Documentation

Linux U-Boot and Kernel Users Guide

U-Boot and Linux Kernel Debug using CCSv5

Labs instructions for Enabling BeagleBone with TI SDK 5.x

MCAM335x Linux User's Guide

Disk-Level Encryption

Linux. For BCT RE2G2. User Guide. Document Reference: BCTRE2G2 Linux User Guide. Document Issue: Associated SDK release: 1.

Lab2 - Bootloader. Conventions. Department of Computer Science and Information Engineering National Taiwan University

FIAMMA MCAM335x Linux User's Guide

Secure Storage with Encrypted file systems

Disk-Level Encryption

Hands-on with the Sitara Linux SDK

Cross-compilation with Buildroot

Protecting your system from the scum of the universe

Protecting your system from the scum of the universe

By: Yushi Wang Partners: Shen Yue and Yubing Xu Group 6. How to Setup Pandaboard ES Software Environment for UAV Project

Encryption Security Recommendations

RocketRAID 2522 SATA Controller Ubuntu Linux Installation Guide

Raspberry Pi Kernel Install. By: Daniel Rizko

Idea6410 Ubuntu User Manual V 0.19

Operating System. Hanyang University. Hyunmin Yoon Operating System Hanyang University

Manually Mount Usb Flash Drive Linux Command Line Fedora

DSP/BIOS LINK OMAP2530 EVM LNK 172 USR. Version 1.64 NOV 13, 2009

RocketRAID 231x/230x SATA Controller Fedora Linux Installation Guide

Rocket RAID 2644 SAS Controller opensuse Linux Installation Guide

Fedora Linux Installation Guide

Blueprints. Securing Sensitive Files With TPM Keys

Android Bootloader and Verified Boot

Ubuntu Linux Installation Guide

RocketRAID 231x/230x SATA Controller Red Hat Enterprise/CentOS Linux Installation Guide


CREATION OF A MINIMAL STAND ALONE RTAI SYSTEM ================================================

MV 4412 Android 4.0 Compilation

SLES Linux Installation Guide

ECEN 449: Microprocessor System Design Department of Electrical and Computer Engineering Texas A&M University

Upgrade Cisco Interface Module for LoRaWAN IXM using the Console

Building and Running Inter-Processor Communication (IPC) Examples on the AM572x GP EVM. Sahin Okur Embedded Processor Catalog Applications

Customizing the Yocto-Based Linux Distribution for Production

RocketRAID 2680/2684 SAS Controller Red Hat Enterprise/CentOS Linux Installation Guide

Sitara Linux Training: uboot linux debug with ccsv5

Developing Environment for Intel Mainstone Board

Fedora Linux Installation Guide

RocketRAID 231x/230x SATA Controller Debian Linux Installation Guide

Debugging Linux systems using GDB and QEMU. Khem Raj

Once your USB drive is formatted for the FAT32 file system it can be mounted and tested on the GESBC To do this, use the following command:

e2 factory the emlix Embedded Build Framework

LS9200 User Guide LinkSprite Technologies, Inc.

Section 1. A zseries Linux file system test script

Integrity-checked block devices with device mapper. Mandeep Baines Will Drewry

Platform Specific Guides. Release

QEMU: Architecture and Internals Lecture for the Embedded Systems Course CSD, University of Crete (April 18, 2016)

Linux Distribution: Kernel Configuration

Building Linux for the Innovator Development Kit for OMAP Platform

Manually Mount Usb Flash Drive Ubuntu Server

Getting Started with BeagleBoard xm

Yocto Project and OpenEmbedded training 3-day session

This guide is used as an entry point into the Petalinux tool. This demo shows the following:

How many of you have never built a NetBSD kernel?

Upgrading Prime Optical

Zephyr Kernel Installation & Setup Manual

Confessions of a security hardware driver maintainer

Disks, Filesystems, Booting Todd Kelley CST8177 Todd Kelley 1

POWER7+ Accelerated Encryption and Random Number Generation for Linux

AT91SAM9G45-EVK Linux. User Manual

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Parallella Linux - quickstart guide. Antmicro Ltd

Disks, Filesystems 1

GELI (8) FreeBSD System Manager s Manual GELI (8)

Configuring Code Composer Studio for OMAP Debugging

Scratchbox Remote Shell

Adding a block devices and extending file systems in Linux environments

TS-7350 Single Board Computer Documentation

ARM Powered SoCs OpenEmbedded: a framework for toolcha. generation and rootfs management

System Administration. Storage Systems

User s Manual for the Boundary Devices Nitrogen R board

USB System Design in Sitara Devices Using Linux. [Part 4]: Verify USB in Linux sysfs Bin Liu (EP, Processors)

file://c:\documents and Settings\degrysep\Local Settings\Temp\~hh607E.htm

Ubuntu - How to Create Software RAID 1 in Ubuntu Linux - Tutorial

Android System Development Training 4-day session

Installing Prime Optical

Keystone II guide on running IPC examples

Anand Raghunathan

Introduction to Linux Init Scripts

Application Note: Demo programs for PremierWave EN and PremierWave XN

StampA5D3x/PortuxA5/PanelA5. Quickstart Guide

Hardware Assisted Debug with Embedix Linux

RakunLS1, Qseven SBC module with LS1021A

MV V310 Android 4.0 Compilation

Manually Mount Usb Flash Drive Linux Command Line Redhat

RHCSA BOOT CAMP. Filesystem Administration

Speeding AM335x Programmable Realtime Unit (PRU) Application Development Through Improved Debug Tools

Raspberry Pi Network Boot

Cyclone V SoC PCI-Express Root Port Example Design. Application Note

REAL TIME IMAGE PROCESSING BASED ON EMBEDDED LINUX

Lab 1. OMAP5912 Starter Kit (OSK5912)

exam.30q. Number: Passing Score: 800 Time Limit: 120 min File Version: 1 LPI

Flashing binaries to DRA7xx factory boards using DFU

OMAP3530 has 256MB NAND flash in PoP (PoP: Package-On-Package implementation for Memory Stacking) configuration.

DSP/BIOS LINK. DM6446/DM6467/DM6467T Media Processor LNK 110 USR 1.64

Embedded Systems Programming

Transcription:

Enabling DM_Crypt Functionality in SDK release 5.07 This document lists steps to enable DM_Crypt functionality in SDK 05.07 Note: This document is intended for use with SDK release 5.07 and Ubuntu 10.04LTS. If using a different release, certain steps such as the exportation of the PATH directory will be different. Proceed accordingly. Code Steps will be shown in Courier New Font. Assumptions: This tutorial assumes one has a clean install of SDK 5.07 and that setup.sh has been run with all needed setup scripts. Run create-sdcard.sh once on the chosen SD card once to create a fresh install for later modification. Note: Some SD card readers will automount the boot and rootfs filesystems as read only. These must be remounted as RW or else this tutorial will fail Building the Kernel In order to build the Linux kernel you will need a cross compiler installed on your system which can generate object code for the ARM core in your Sitara device. In the case of the AMSDK this compiler can be found inside of the SDK in the <sdk install dir>/linuxdevkit/bin directory. If you have not already done so you should add this compiler to your path by doing: export PATH="<sdk install dir>/linux-devkit/bin:$path" Where <sdk install dir> should be replaced with the directory where the SDK was installed. It is important that when using the GCC toolchain provided with the SDK or stand-alone from TI that you do NOT source the environment-setup file included with the toolchain when building the kernel. Doing so will cause the compilation of host side components within the kernel tree to fail. The following commands are intended to be run from the root of the kernel tree unless otherwise specified. The root of the kernel tree is the top-level directory and can be identified by looking for the "MAINTAINERS" file. Next, enter the kernel build directory and clean the kernel sources:

cd <sdk install dir>/board-support/linux-3.2.0 psp04.06.00.10 make ARCH=arm CROSS_COMPILE=arm-arago-linux-gnueabi- mrproper Configure the kernel for the default AM335x installation: make ARCH=arm CROSS_COMPILE=arm-arago-linux-gnueabiam335x_evm_defconfig Next, it is important to further modify the kernel configuration to enable DM_Crypt. Enter menuconfig. make ARCH=arm CROSS_COMPILE=arm-arago-linux-gnueabi- menuconfig Enter Device Drivers Press Y to enable Multiple devices driver support (RAID and LVM) Press enter and Y to enable Device mapper support (NEW) Press Y to enable Device mapper debugging support (NEW) Press Y to enable Crypt target support (NEW) Hardware Acceleration for Crypto should be enabled by default. Affirm that Cryptographic API->Hardware crypto devices is enabled Affirm that Cryptographic API->Hardware crypto devices->support for OMAP4 AES hw engine is enabled Affirm that Cryptographic API->Hardware crypto devices->support for OMAP4 SHA/MD5 hw engine is enabled Exit menuconfig and build the kernel. This should take around 10 minutes. make ARCH=arm CROSS_COMPILE=arm-arago-linux-gnueabi- uimage

This will result in a kernel image file being created in the arch/arm/boot/ directory called uimage. This file should be copied over to the /boot partition of your SD card. Another uimage should be overwritten.

Cross Compiling Cryptsetup export PATH="<SDK INSTALL DIR>/linux-devkit/bin:$PATH" source <SDK INSTALL DIR>/linux-devkit/environment-setup cd <SDK INSTALL DIR>/linux-devkit/arm-arago-linux-gnueabi Cross compile libgpg-error wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.9.tar.bz2 bzcat libgpg-error-1.9.tar.bz2 tar xv cd libgpg-error-1.9./autogen.sh./configure --enable-static --host=arm-arago-linux-gnueabi --prefix=< mount-point of sd-card root>/usr (NOTE: The command above will likely look something like./configure --enable-static --host=arm-arago-linux-gnueabi -- prefix=/media/rootfs/usr) make make install cd../ NOTE: there should be no compilation-halting failures Cross compile libgcrypt wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.bz2 bzcat libgcrypt-1.5.2.tar.bz2 tar xv cd libgcrypt-1.5.2./autogen.sh./configure --enable-static --host=arm-arago-linux-gnueabi --prefix=< mount-point of sd-card root>/usr --with-gpg-error-prefix=<mount-point of sd-card root>/usr make make install cd../ NOTE: there should be no compilation-halting failures

Cross compile LVM2 wget ftp://sources.redhat.com/pub/lvm2/lvm2.2.02.98.tgz tar xzvf LVM2.2.02.98.tgz cd LVM2.2.02.98 export ac_cv_func_malloc_0_nonnull=yes c_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes./configure --host=arm-arago-linux-gnueabi --enable-static --enablelvm1_fallback --enable-fsadm --with-clvmd=cman --with-cluster=internal --with-pool=internal --with-user= --with-group= --with-dmdir=devicemapper.0 --with-device-uid=0 --with-device-gid=6 --with-devicemode=0660 --enable-pkgconfig --with-static-link --with-clvmd=none -- with-pool=none --with-cluster=none --with-snapshots=none --withmirrors=none --prefix=<mount-point of sd-card root>/usr make make install cd../ NOTE: there should be no compilation-halting failures Cross compile cryptsetup wget http://cryptsetup.googlecode.com/files/cryptsetup-1.6.1.tar.bz2 bzcat cryptsetup-1.6.1.tar.bz2 tar xv cd cryptsetup-1.6.1 c_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes./configure --host=arm-arago-linux-gnueabi --build=arm-linux --enablestatic --prefix=<mount-point of sd-card root>/usr --with-libgcryptprefix=<mount-point of sd-card root>/usr make make install cd../ NOTE: there should be no compilation-halting failures

Using Cryptsetup Remove the SD card from your computer and place it in the SD card port on the AM335x EVM. This tutorial assumes a USB drive has enumerated to /dev/sda1. It is also possible to mount a loopback device (/dev/loop0) as an encrypted partition or the RAM (/dev/ram0) if one wishes. To create and mount encrypted partition: cryptsetup --cipher aes-cbc-null --key-size 128 --hash sha256 luksformat /dev/sda1 cryptsetup luksopen /dev/sda1 enc-pv mke2fs -T ext2 /dev/mapper/enc-pv mount /dev/mapper/enc-pv /mnt To mount an already created encrypted partition: cryptsetup luksopen /dev/sda1 enc-pv mount /dev/mapper/enc-pv /mnt To unmount an encrypted partition: umount /mnt cryptsetup luksclose enc-pv Verification of Hardware Crypto Accelerators for Cryptsetup To verify that Hardware Accelerators (referred to as HWA) are active at all, run time -v openssl speed -evp aes-128-cbc -engine cryptodev If HWA are active, the Percent of CPU this job got: should be around 40-50% If HWA are inactive, the Percent of CPU this job got: should be around 80-90%

Now that HWA are confirmed to be active, they need to be confirmed active and functioning for cryptsetup. For this task, there are two recommended methods. One checks for HWA routines in memory and requires an external JTAG and access to code composer. The other is an empirical approach that checks for an excessive number of EDMA IRQs (IRQ #12). The first approach should be used to confirm if the equipment is available since it is a more guaranteed method. HWA Routine Method Connect a JTAG emulator to the AM335x and connect in code composer to ARM A8 while running linux. If code composer is resetting the AM335x memory on connection, comment out the internals of the OnTargetConnect() function in the used ARM A8 GEL file. This will prevent the gel file from initializing the AM335x on connection so the memory of the actively running linux will not be reset. Open View->Disassembly To find where to put the hardware breakpoints for the HWA functions, use the leftmost column of the following functions ran in linux: cat /proc/kallsyms grep omap4_aes_cbc_encrypt cat /proc/kallsyms grep omap4_aes_crypt cat /proc/kallsyms grep omap4_aes_cbc_decrypt Place hardware breakpoints at these locations and mount an encrypted filesystem. cd <mount-point of encrypted filesystem> dd if=/dev/zero of=bigfile bs=1m count=100 This is an example of creating a file in the encrypted filesystem. One should now observe the omap4_aes_cbc_encrypt and omap4_aes_crypt breakpoints being activated in code composer. cat /mnt/bigfile This is an example of reading a file from the encrypted filesystem. One should now observe the omap4_aes_cbc_decrypt breakpoint being activated in code composer.

EDMA Observation Method Mount an encrypted filesystem and enter the directory. cd <mount-point of encrypted filesystem> Note the number of EDMA interrupts that have occurred using the following: cat /proc/interrupts Create a file in the encrypted file system using the following: time v dd if=/dev/zero of=bigfile bs=1m count=100 Note the number of EDMA interrupts that have now occurred using the following: cat /proc/interrupts Subtract the number of EDMA interrupts from the second /proc/interrupts call from the first /proc/interrupts call and divide by the number of wall seconds given from the time v dd command. If the number of EDMA interrupts per wall second is above 1000, it is highly likely that cryptsetup is using the HWA drivers. Perform this trial multiple times to remove false positives and negatives.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback