From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-ed1-x542.google.com (mail-ed1-x542.google.com
 [IPv6:2a00:1450:4864:20::542])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Sat,  8 Aug 2020 11:11:00 +0200 (CEST)
Received: by mail-ed1-x542.google.com with SMTP id bs17so2933013edb.1
 for <dm-crypt@saout.de>; Sat, 08 Aug 2020 02:11:00 -0700 (PDT)
References: <173c83429e8.ccbeba0f94728.5730675362566872944@d.mobilunity.com>
From: Milan Broz <gmazyland@gmail.com>
Message-ID: <c387efe8-0dcc-6cbd-e610-e1c285beb4f0@gmail.com>
Date: Sat, 8 Aug 2020 11:10:57 +0200
MIME-Version: 1.0
In-Reply-To: <173c83429e8.ccbeba0f94728.5730675362566872944@d.mobilunity.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Subject: Re: [dm-crypt] Using dm-verity+dm-crypt on rootfs (Embedded Linux)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Andrii Voloshyn <a.voloshyn@d.mobilunity.com>, dm-crypt <dm-crypt@saout.de>

On 07/08/2020 11:15, Andrii Voloshyn wrote:
> Hi there,
> 
>       Spent quite some time looking on the Internet for a reference, and couldn't find anything that would satisfy my requirements.
> Let's imagine an Embedded Linux setup, where size of the NOR flash is limited to say 16MB, root filesystem is squashfs, and assume
> that the bootloader (U-Boot) is trusted, and it validates kernel+dts. Alright, now I need to check validity of the rootfs, plus it needs to be
> encrypted, and failsafe  (in case power is gone while writing to the flash). So I guess, I need to use a combination dm-verity+dm-crypt?

You can use that, but dm-verity is read-only device (but that;s what you awant here, I guess). Then all you need is to properly store and sign dm-verity root hash.

DM-verity here provides data integrity, dm-crypt then confidentiality protection.

>      
>       From my experiments, I found out that I couldn't really use LUKS, as the header size would not fit into the flash. So I need to use plain mode, and that's Ok.

You can, LUKS2 header can be scaled down to be even smaller than LUKS1. Did you try that? Activation will be much simpler for you later.

Seems we do not have it in FAQ yet, but the idea is described here
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932437#10

>       Now, the question is, what information to pass to the kernel, and how (bootargs?, initrd?), so that it could verify and mount encrypted squashfs as rootfs?
>       Have seen a lot of articles how to get it done on a partition, USB drive, etc. but not as the rootfs.
> Any reference on any project already existing or documentation would be helpful. Or, any thoughts on how it could be done differently?

I think you are reinventing what Android and ChromeOS is doing already ;-)

Milan