Hi there! I’m trying to create an encrypted partition on a uSD flash card with the Xavier NX Developer Kit. I would like to ensure that the partition I’m formatting is using the HW accelerated crypto provided by the platform to ensure minimal overhead.
After diving into the platform’s encryption docs, I was able to extract that AES-CBC with ESSIV is the algorithm of choice. The docs also showed the exact cipher flag (
aes-cbc-essiv:sha256) and key size (128) to pass into
cryptsetup. I attempted formatting an already created partition a couple of ways using
cryptsetup (which uses
cryptsetup --type=luks2 -c aes-cbc-essiv:sha256 -s 128 -v --debug luksFormat /dev/mmcblk0p12
This method returned an error, indicating that it was unsupported/invalid:
# Allocating context for crypt device /dev/mmcblk0p12. # Trying to open and read device /dev/mmcblk0p12 with direct-io. # Initialising device-mapper backend library. # File descriptor passphrase entry requested. Failed to open key file. # Releasing crypt device /dev/mmcblk0p12 context. # Releasing device-mapper backend. # Unlocking memory. Command failed with code -1 (wrong or missing parameters).
Interestingly, I do not see
cryptsetup --type=plain -c aes-cbc-essiv:sha256 -s 128 -v --debug luksFormat /dev/mmcblk0p12
This one succeeded, however I noticed poor read/write speeds compared to another unencrypted partition. A side question: perhaps this is due to alignment of the partition itself?
I also noticed that the docs referenced above are super new, so I have tried this on the latest developer kit image (as of today -
What is the recommended method to create an encrypted partition using
cryptsetup such that HW accelerated crypto is taken full advantage of?
Thanks a bunch in advance!