Details for my Tegra
# R35 (release), REVISION: 5.0, GCID: 35550185, BOARD: t186ref, EABI: aarch64, DATE: Tue Feb 20 04:46:31 UTC 2024
Distro details
Linux tegra-ubuntu 5.10.192-tegra #1 SMP PREEMPT Mon Feb 19 20:19:53 PST 2024 aarch64 aarch64 aarch64 GNU/Linux
I have a device I’d like to update in the future via a tarball of the root file system, but I’m going to be flashing it with encryption enabled, and then fetch the key from the luks-serv (if I’m getting that right) during boot.
I wanted to write a wrapper around this such that a public key signature verification (with a challenge) can allow the OTA to happen from within the mounted disk via a request for the encryption key or something of that sort.
Is there a C library that allows me to write such checks around the luks-serve so as to let me such logic?
Alternatively, can a virtual disk partition be encrypted via luks-serv?