Wind River Support Network

HomeDefectsLIN1018-2929
Not to be fixed

LIN1018-2929 : Failed to create a LUKS Partition on a Storage Device

Created: Nov 14, 2018    Updated: Apr 29, 2021
Resolved Date: Apr 29, 2021
Found In Version: unknown
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Documentation, Userspace

Description

The procedure listed in the Security Features Guide (wr_linux_security_features_guide.pdf ) does not work.

"Creating a LUKS Partition on a Storage Device" section on page 36:
Step 1.
=========================
Error when creating LUKS partition - with TPM
        root@intel-x86-64:~# ls /dev/sd*
        /dev/sda /dev/sda1 /dev/sdb /dev/sdb1 /dev/sdb2 /dev/sdb3
        root@intel-x86-64:~# luks-setup.sh -f -e -d /dev/sdb4 -n rootfs_encrypted
        Device /dev/sdb4 doesn't exist or access denied.
       
        ******************************************************************
        The primary key and passphrase previously created will be wiped,
        so the data protected by them cannot be restored any more!!!
        Make sure you know what to do before confirming current operation.
        ******************************************************************
       
        Do you wish to continue? [y/n] y
        Installation confirmed
        TPM device /dev/tpm0 detected
        Fri Oct 26 18:51:33 UTC 2018: [ERROR] Unable to get the TPM PCR banks (0x80012)Fri Oct 26 18:51:33 UTC 2018: [ERROR] Unsupported PCR bank algorithm
        Unable to create the primary key and passphrase
=========================

Error when creating LUKS partition - without TPM
=========================
        root@intel-x86-64:~# luks-setup.sh -t -f -d /dev/sdb4 -n rootfs_encrypted
        Device /dev/sdb4 doesn't exist or access denied.
       
        ******************************************************************
        The primary key and passphrase previously created will be wiped,
        so the data protected by them cannot be restored any more!!!
        Make sure you know what to do before confirming current operation.
        ******************************************************************
       
        Do you wish to continue? [y/n] y
        Installation confirmed
       
        **************************************************
        The plain passphrase cannot be protected by a TPM.
        You have to type the passphrase when prompted.
        Take the risk by self if leaked by accident.
        **************************************************
       
        Creating the LUKS partition rootfs_encrypted ...
        Failed to initialize device signature probes.
        Unable to create the LUKS partition on /dev/sdb4
=========================

Steps to Reproduce

Create encrypted-storage supported image:
git clone -b WRLINUX_10_18_BASE git://yow-git.wrs.com/wrlinux-x 
./wrlinux-x/setup.sh --machine intel-x86-64 --distro wrlinux --dl-layers --templates  feature/encrypted-storage
. ./environment-setup-x86_64-wrlinuxsdk-linux 
. ./oe-init-build-env 
bitbake wrlinux-image-glibc-std

Deploy the WIC image into a USB disk and use it to boot TPM integrated Intel device, I'm using Intel® NUC Board NUC5i5MYBE
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube