Hi,
I intend to use the Rock64 as a multi-purpose server handling VPN, LDAP authentication, internal DNS, etc. and I'd really like to LUKS encrypt the emmc. I'm familiar with the process using Grub2 as a boot loader but U-Boot is throwing me some curves.
Has anyone undertaken a project like this?
I just use a second partition and mount bind over root where required. The advantage being the system can reboot remotely.
(11-06-2017, 04:28 AM)elatllat Wrote: [ -> ]I just use a second partition and mount bind over root where required. The advantage being the system can reboot remotely.
Thanks! I haven't tried that approach yet but it'd be nice to have all partitions encrypted to maintain integrity and availability.
Also, even though it's a bit of a nightmare to configure initially, initrd can be configured to load a dropbear SSH server on boot that'll drop a user to a busybox shell, allowing remote disk decryption. The advantage of this approach is that all the things are encrypted and the device can still be rebooted remotely. Like I said, it's a bit of a nightmare to configure. Maybe that'll be a future post once we figure this out.
Also, I'll admit that I have no experience with building custom Linux images and this seems like it'd be a situation where I should do just that and opt for Grub2 over U-Boot. I'm unsure of compatibility though.
Hi guys,
Did you manage with full disk encryption? Can you write some manual for that?
Thanks in advance.