Boot on LUKS drive ( Rapsberry pi 4 )
from SpongeB0B@programming.dev to linux@lemmy.ml on 06 Dec 12:39
https://programming.dev/post/22530641
from SpongeB0B@programming.dev to linux@lemmy.ml on 06 Dec 12:39
https://programming.dev/post/22530641
Hi,
The SBC Raspberry Pi 4 boot on an sdcard with two partition /boot and /
So I managed to encrypt the partition / with cryptsetup
Here the partition of my sd-card
| device | FILESYS | LABEL | UUID |
|---|---|---|---|
| sdb1 | vfat | BOOT | ( 9 characters ) |
| sdb2 | crrypto_LUKS | <unknow> | ( 36 characters ) |
I’ve modified the /boot/cmdline.txt
to ( on one line )
console=serial0,115200 console=tty1 root=UUID=#If I try the UUID of sdb2 it fail and also the UUID when I use `cryptsetup luksOpen /dev/sdb2 b2open` rootfstype=ext4 fsck.repair=yes loglevel=5 net.ifnames=0 firmware_class.path=/lib/firmware/updates/brcm rootwait cryptdevice=UUID=#I dont know which one:b2open
any ideas ?
Thanks.
threaded - newest
I never could be bothered with manually setting up LUKS, here’s an automation script if you don’t get it to work:
github.com/gitbls/sdm/blob/…/Disk-Encryption.md
Thanks @DrDystopia@lemy.lol ! indeed github.com/gitbls/sdm/blob/…/Disk-Encryption.md#t… seem what I need. I’ll try
I’ve used it to encrypt both Pi4’s and 5’s. I think it’s most compatible with Raspberry Pi OS (Bookworm), used it on both Lite and Desktop editions. Remember to use non-AES encryption since only the 5 has hardware enc/decryption. Good luck!
I’m not sure I understood you correctly, is the problem just that you don’t know which uuid-s to use where? Cryptdevice corresponds to your sdb2, and root is /dev/mapper/b2open. Otherwise, provide the exact error
I believe my initramfs do not support luks encryption, but the link of @DrDystopia@lemy.lol might work… 🤞
Depends on the distro. On arch you need to enable a few hooks, for example
I’m using Devuan ( systemd free ! ) :)