Hi guys,
do you have an idea about which is the best approach to crypt the entire rootfs (using criptsetup software or other tools) and then decrypt itself automatically on system startup?
Thanks in advance
there is no reason to encrypt the entire rootfs so i think the best approach is to not do it. however, if i do encrypt data there is certainly no reason to automatically decrypt on startup since anyone who steals the device would only need to turn it on to gain access to un-encrypted data.
(05-05-2017, 05:03 AM)saro Wrote: [ -> ]do you have an idea about which is the best approach to crypt the entire rootfs (using criptsetup software or other tools) and then decrypt itself automatically on system startup?
Why would you want to encrypt the entire rootfs? Why not just partition things so you have a separate /home partition, and encrypt that? I don't think the core operating system files are that exciting that they would need to be encrypted/decrypted!
Perhaps you could give some insight into your use case and why you're interested in encrypting the OS image? Sometimes knowing a few more details sparks ideas.
(05-05-2017, 10:59 PM)dkryder Wrote: [ -> ]there is no reason to encrypt the entire rootfs so i think the best approach is to not do it. however, if i do encrypt data there is certainly no reason to automatically decrypt on startup since anyone who steals the device would only need to turn it on to gain access to un-encrypted data.
Hi dkryder,
I must garantee that my system can run only on a specific pine64 machine and must be unreadable when connect the sd card on other machines.
(05-06-2017, 03:45 AM)pfeerick Wrote: [ -> ] (05-05-2017, 05:03 AM)saro Wrote: [ -> ]do you have an idea about which is the best approach to crypt the entire rootfs (using criptsetup software or other tools) and then decrypt itself automatically on system startup?
Why would you want to encrypt the entire rootfs? Why not just partition things so you have a separate /home partition, and encrypt that? I don't think the core operating system files are that exciting that they would need to be encrypted/decrypted!
Hi pfeerick,
I must garantee also that the system tools installed, and the type and version of the OS must be unreadable with an sd card analysis.
(05-09-2017, 02:48 PM)bobpaul Wrote: [ -> ]Perhaps you could give some insight into your use case and why you're interested in encrypting the OS image? Sometimes knowing a few more details sparks ideas.
Hi bobpaul,
my idea is a fully encrypted System coupled with a start on a specific pine64 machine only.
well i know that the new win 10 pro [not home] has bitlocker which can fully encrypt sd cards and flash drives making then unusable to anyone. but the downside is that you would have to un-encrypt to use and then encrypt after each use plus you need win 10 pro. but there may be other programs that can do this.
(05-11-2017, 05:09 AM)dkryder Wrote: [ -> ]well i know that the new win 10 pro [not home] has bitlocker which can fully encrypt sd cards and flash drives making then unusable to anyone. but the downside is that you would have to un-encrypt to use and then encrypt after each use plus you need win 10 pro. but there may be other programs that can do this.
Hi dkryder,
sorry but my intent is another, similar to automated procedure followed by
Ubuntu installer software, in which is possible to crypt all rootfs and swap partition
and decrypt them on startup.
(05-17-2017, 04:01 AM)saro Wrote: [ -> ]sorry but my intent is another, similar to automated procedure followed by
Ubuntu installer software, in which is possible to crypt all rootfs and swap partition
and decrypt them on startup.
I suggest you have a look
eCryptfs then as that is the tool that Ubuntu uses to encrypt the /home partition as part of a new install.
dm-crypt and truecrypt (now veracrypt) are two other possibilities... though I don't know how you'll fare as far as getting them to work on the pine64.
This guide may give you some guidance on how and what to use.