We are not ready yet to roll out secure boot and full disk encryption, and are more concerned at this time about implementing encryption at rest for our data partition (footage that has been captured from onboard cameras).
As I understand it so far (which is not much), we hope to use LUKS to encrypt our data partition (which lives on an NVMe disk on our product). The main question is what are the pieces that we need to manage in order to make sure the Security Engine accelerates the access to this partition?
There are two partitions in the layout. One in unencrypted APP and the other is encrypted APP_ENC. So you can put the data in APP_ENC partition for protection.
Thanks, but this answer is in the context of the existing documentation, which if I understand it correctly (it is not explicitly stated) we can use only upon turning on secure boot.
I explicitly stated we want to just encrypt a data partition instead of rootfs while avoiding doing the work of updating our production process to enable secure boot.
However, it’s dawning on me that the requirement of secure boot will most likely be the same to encrypt a data partition in this “proper” way, so I totally get that this question comes across confusing.