[Buildroot] building a kernel+ramdisk separate from rootfs for using dm_crypt filesystem
tharvey at gateworks.com
Wed Mar 31 21:02:54 UTC 2021
I'm using buildroot to build a kernel and rootfs but now need to
implement dm_crypt for a secure filesystem.
I'm not all that familiar with dm_crypt but it would appear that I
need to use an initramfs to open (unlock) the encrypted filesystem and
Do I need to build a separate buildroot config for the initramfs image
from the buildroot config that builds my traditional kernel and
rootfs? I was hoping to be able to build this all as a single project.
Perhaps there is a way of using dm_crypt without an initramfs that I'm
not aware of.
Perhaps I don't even need dm_crypt and there are other simple ways to
secure my root filesystem? I am working with a system that is secure
up to and including the bootloader and am using U-Boot verified boot
to boot a signed kernel from a FIT image.
More information about the buildroot