Secure Data Encryption on board without TPM support ( AM62P)

Secure Data Encryption on board without TPM support ( AM62P)

[Gupta, Ayush]

[-- Attachment #1: Type: text/plain, Size: 1227 bytes --]

Dear CIP Development Team,

I am currently working on enabling encrypted storage for the TI's AM62P platform, which, as per current hardware capabilities, does not include TPM support.

To address this, I have implemented a working initramfs-crypt-hook-nontpm (link provided at the end)  solution that removes TPM dependencies. It utilizes a keyfile embedded directly into the initramfs for unlocking encrypted partitions during boot. The initramfs itself is considered secure as it is protected by verified boot (Secure Boot is enabled on the platform).

I would like to know if this is an acceptable and secure approach from the CIP security perspective for boards without TPM support. Additionally, are there any recommended alternatives or best practices for strengthening this method in scenarios where TPM support is not available?

Looking forward to your guidance.



Patch for

initramfs-crypt-hook-nontpm

recipes-initramfs/initramfs-crypt-hook-nontpm * main * 22CSB0C01_AYUSH GUPTA / am62x-security-features * GitLab<https://gitlab.com/ag22csb0c01/am62x-security-features/-/tree/main/recipes-initramfs/initramfs-crypt-hook-nontpm?ref_type=heads>


Best regards,
Ayush Gupta
Texas Instruments


[-- Attachment #2: Type: text/html, Size: 3901 bytes --]

Re: [cip-dev] Secure Data Encryption on board without TPM support ( AM62P)

[Heinisch, Alexander]

Hi Ayush,

On Mon, 2025-06-02 at 18:03 +0000, Gupta, Ayush via lists.cip-
project.org wrote:
> 
> 
> 
> Dear CIP Development Team,
> 
> I am currently working on enabling encrypted storage for the TI’s
> AM62P platform, which, as per current hardware capabilities, does not
> include TPM support.
> 
> To address this, I have implemented a working initramfs-crypt-hook-
> nontpm (link provided at the end)  solution that removes TPM
> dependencies. It utilizes a keyfile embedded directly into the
> initramfs for unlocking encrypted partitions during boot. The
> initramfs itself is considered secure as it is protected by verified
> boot (Secure Boot is enabled on the platform).

Since the initramfs itself is not encrypted, anyone who has access to
the storage device containing the initramfs (or UKI, ...) can extract
the keyfile, and thus, can decrypt your partitions.

> 
> I would like to know if this is an acceptable and secure approach
> from the CIP security perspective for boards without TPM support.
> Additionally, are there any recommended alternatives or best
> practices for strengthening this method in scenarios where TPM
> support is not available?

If you need security for devices without TPM you either need a third
party device to store the key (or an encrypted version of the key)
securely (e.g. HSM) or you need some (human) interaction on boot.
Storing the key on the device does not provide the protection you
intended to have.

> 
> Looking forward to your guidance.
>  
> Patch for
> initramfs-crypt-hook-nontpm
> recipes-initramfs/initramfs-crypt-hook-nontpm · main ·
> 22CSB0C01_AYUSH GUPTA / am62x-security-features · GitLab
> 
Please post patches using `git format-patch` and `git send-email` as
proposed here [1]

BR Alexander 

> 
> Best regards,
> Ayush Gupta
> Texas Instruments
>  
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#18961):
> https://lists.cip-project.org/g/cip-dev/message/18961
> Mute This Topic: https://lists.cip-project.org/mt/113433531/8886423
> Group Owner: cip-dev+owner@lists.cip-project.org
> Unsubscribe:
> https://lists.cip-project.org/g/cip-dev/unsub [alexander.heinisch@siemens.com
> ]
> -=-=-=-=-=-=-=-=-=-=-=-
> 
[1]:
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/CONTRIBUTING.md?ref_type=heads

Re: Secure Data Encryption on board without TPM support ( AM62P)

[Jan Kiszka]

Hi Ayush,

On 02.06.25 20:03, Gupta, Ayush wrote:
> Dear CIP Development Team,
> 
> I am currently working on enabling encrypted storage for the TI’s AM62P
> platform, which, as per current hardware capabilities, does not include
> TPM support.
> 
> To address this, I have implemented a working initramfs-crypt-hook-
> nontpm (link provided at the end)  solution that removes TPM
> dependencies. It utilizes a keyfile embedded directly into the initramfs
> for unlocking encrypted partitions during boot. The initramfs itself is
> considered secure as it is protected by verified boot (Secure Boot is
> enabled on the platform).

That should be integrity protected but no longer secret, no? Physical
attackers should then be able to retrieve the initramfs from the device
and, thus, also read out the data encryption key. From there on...

> 
> I would like to know if this is an acceptable and secure approach from
> the CIP security perspective for boards without TPM support.
> Additionally, are there any recommended alternatives or best practices
> for strengthening this method in scenarios where TPM support is not
> available?
> 
> Looking forward to your guidance.
> 

Did you already study how we are exploiting fTPM on the AM65x?
https://github.com/siemens/meta-iot2050/

Jan

-- 
Siemens AG, Foundational Technologies
Linux Expert Center

Re: Secure Data Encryption on board without TPM support ( AM62P)

[Ayush Gupta]

On 6/3/25 07:16, Jan Kiszka wrote:
> Hi Ayush,
>
> On 02.06.25 20:03, Gupta, Ayush wrote:
>> Dear CIP Development Team,
>>
>> I am currently working on enabling encrypted storage for the TI’s AM62P
>> platform, which, as per current hardware capabilities, does not include
>> TPM support.
>>
>> To address this, I have implemented a working initramfs-crypt-hook-
>> nontpm (link provided at the end)  solution that removes TPM
>> dependencies. It utilizes a keyfile embedded directly into the initramfs
>> for unlocking encrypted partitions during boot. The initramfs itself is
>> considered secure as it is protected by verified boot (Secure Boot is
>> enabled on the platform).

> That should be integrity protected but no longer secret, no? Physical
> attackers should then be able to retrieve the initramfs from the device
> and, thus, also read out the data encryption key. From there on...

You are absolutely right- the keyfile can be extracted by a physical 
attackers as it is not encrypted.
We should find a more secure key. Thanks for highlighting the issue.

>
>> I would like to know if this is an acceptable and secure approach from
>> the CIP security perspective for boards without TPM support.
>> Additionally, are there any recommended alternatives or best practices
>> for strengthening this method in scenarios where TPM support is not
>> available?
>>
>> Looking forward to your guidance.
>>

> Did you already study how we are exploiting fTPM on the AM65x?
> https://github.com/siemens/meta-iot2050/
>
> Jan
>
Not explored this fully - but will check this out also. Me and the team 
are also trying something more on that.
We will reach out to you if we need any further clarifications.

Again thanks for suggesting this repo!

Ayush