Encrypted storage on i.MX
Brief
Many embedded Linux systems does have some kind of sensitive information on a file storage. It could be private keys, passwords or whatever. It's always a risk that this information could be revealed by an unauthorized person that got their physical hands on the device. The only protection against attackers that who simply bypass the system and access the data storage directly is encryption.
Let's say that we encrypt our sensitive data. Where should we then store the decryption key?
We need to store even that sensitive key on a secure place.
i.MX CAAM
Most of the i.MX SoCs has the Cryptographic Accelerator and Assurance Module (CAAM). This includes both the i.MX6 and i.MX8 SoCs series. The only i.MX SoC that I have worked with that does not have the CAAM module is i.MX6ULL, but there could be more.
The CAAM module does have many use cases and one of those is to generate and handle secure keys. Secure keys that we could use to encrypt/decrypt a file, partition or a whole disk.
Device mapper
Device mapper is a framework that adds an extra abstraction layer on block devices that lets you create virtual block devices to offer additional features. Such features could be snapshots, RAID, or as in our case, disc encryption.
As you can see in the picture below, the device mapper is a layer in between the Block layer and the Virtual File System (VFS) layer:
The Linux kernel does support a bunch of different mappers. The current kernel (v6.2) does support the following mappers [1]:
- dm-delay
- dm-clone
- dm-crypt
- dm-dust
- dm-ebs
- dm-flakey
- dm-ima
- dm-integrity
- dm-io
- dm-queue-length
- dm-raid
- dm-service-time
- dm-zoned
- dm-era
- dm-linear
- dm-log-writes
- dm-stripe
- dm-switch
- dm-verity
- dm-zero
Where dm-crypt [2] is the one we will focus on. One cool feature of device mappers is that those are stackable. You could for example use dm-crypt on top of a dm-raid mapping. How cool isn't that?
DM-Crypt
DM-Crypt is a device mapper implementation that uses the Crypto API [3] to transparently encrypt/decrypt all access to the block device. Once the device is mounted, all users will not even notice that the data read/written to that mount point is encrypted.
Normally you will use cryptsetup [4] or cryptmount [5] as those are the preferred way to handle the dm-crypt layer. For this we will use dmsetup though, which is a very low level (and difficult) tool to use.
CAAM Secure Keys
Now it's time to answer the question in the introduction section;
Let's say that we encrypt our sensitive data. Where should we then store the decryption key?
The CAAM module has a way to handle these keys in a secure way by store the keys in a protected area that is only readable by the CAAM module itself. In other word, it's not even possible to read out the key. Together with dm-crypt, we can create a master key that will never leave this protected area. On each boot, we will generate a derived (session) key that is the key we could use from userspace. These session keys are called black keys.
How to use it?
Installation
We need to build and install keyctl_caam in order to generate black keys and encapsulate it into a black blob. Download the source code:
git clone https://github.com/nxp-imx/keyctl_caam.git cd keyctl_caam
And build:
CC=aarch64-linux-gnu-gcc make
I build with a external toolchain prefixed with aarch64-linux-gnu-. If you have a Yocto environment, you could use the toolchain from that SDK instead by use the environment setup script, e.g.:
./environment-setup-aarch64-poky-linux make
You also have to make sure that the following kernel configurations is enabled:
CONFIG_BLK_DEV_DM=y CONFIG_BLK_DEV_MD=y CONFIG_MD=y CONFIG_DM_CRYPT=y CONFIG_DM_MULTIPATH=y CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API=y
Usage
Create a black key from random data, use ECB encryption:
caam-keygen create randomkey ecb -s 16
The file is written to the /data/caam/ folder unless the application is built to use another location (specified with KEYBLOB_LOCATION). Two files should now been generated:
ls -l /data/caam/ total 8 -rw-r--r-- 1 root root 36 apr 3 21.09 randomkey -rw-r--r-- 1 root root 96 apr 3 21.09 randomkey.bb
Add the generated black key to the kernel key retention service. To this we use the keyctl command:
cat /data/caam/randomkey | keyctl padd logon logkey: @s
Create a deivce-mapper device named $ENCRYPTED_LABEL and map it to the block device $DEVICE:
dmsetup -v create $ENCRYPTED_LABEL --table "0 $(blockdev --getsz $DEVICE) crypt capi:tk(cbc(aes))-plain :36:logon:logkey: 0 $DEVICE 0 1 sector_size:512"
Create a filesystem on our newly created mapper device:
mkfs.ext4 -L $VOLUME_LABEL /dev/mapper/$ENCRYPTED_LABEL
Mount it on $MOUNT_POINT:
mount /dev/mapper/$ENCRYPTED_LABEL ${MOUNT_POINT}
Congrats! Your encrypted device is now ready to use! All data written to $MOUNT_POINT will be encrypted on the fly and decrypted upon read.
To illustrate this, create a file on the encrypted volume:
echo "Encrypted data" > ${MOUNT_POINT}/encrypted-file
Clean up and reboot:
umount $MOUNT_POINT dmsetup remove $ENCRYPTED_LABEL keyctl clear @s reboot
A new session key will be generated upon each cold boot. So we have to import the key from the blob and add it to the key retention service. We also have to create the device mapper. This has to be done at each boot:
caam-keygen import $KEYPATH/$KEYNAME.bb $IMPORTKEY cat $IMPORTKEYPATH/$IMPORTKEY | keyctl padd logon logkey: @s dmsetup -v create $ENCRYPTED_LABEL --table "0 $(blockdev --getsz $DEVICE) crypt capi:tk(cbc(aes))-plain :36:logon:logkey: 0 $DEVICE 0 1 sector_size:512" mount /dev/mapper/$ENCRYPTED_LABEL ${MOUNT_POINT}
We will now be able read back the data from the encrypted device:
cat ${MOUNT_POINT}/encrypted-file Encrypted data
That was it!
Conclusion
Encryption could be hard, but the CAAM module makes it pretty much straight forward. It protect your secrets from physical attacks, which could be hard to protect otherwise.
However, keep in mind that as soon as the encrypted device is mounted and available to the system, it's free to read for any intruder that have access to the system.
The device security chain is no stronger than its weakest link and you have to identify and handle all potential security risks. This is only one.