PINE64
Rootfs Encryption on Ubuntu 16.04 - Printable Version

+- PINE64 (https://forum.pine64.org)
+-- Forum: PINE A64(+) (https://forum.pine64.org/forumdisplay.php?fid=4)
+--- Forum: Linux on Pine A64(+) (https://forum.pine64.org/forumdisplay.php?fid=6)
+---- Forum: Ubuntu (https://forum.pine64.org/forumdisplay.php?fid=27)
+---- Thread: Rootfs Encryption on Ubuntu 16.04 (/showthread.php?tid=4507)



Rootfs Encryption on Ubuntu 16.04 - saro - 05-05-2017

Hi guys,


do you have an idea about which is the best approach to crypt the entire rootfs (using criptsetup software or other tools) and then decrypt itself automatically on system startup?


Thanks in advance  Wink


RE: Rootfs Encryption on Ubuntu 16.04 - dkryder - 05-05-2017

there is no reason to encrypt the entire rootfs so i think the best approach is to not do it. however, if i do encrypt data there is certainly no reason to automatically decrypt on startup since anyone who steals the device would only need to turn it on to gain access to un-encrypted data.


RE: Rootfs Encryption on Ubuntu 16.04 - pfeerick - 05-06-2017

(05-05-2017, 05:03 AM)saro Wrote: do you have an idea about which is the best approach to crypt the entire rootfs (using criptsetup software or other tools) and then decrypt itself automatically on system startup?

Why would you want to encrypt the entire rootfs? Why not just partition things so you have a separate /home partition, and encrypt that? I don't think the core operating system files are that exciting that they would need to be encrypted/decrypted!


RE: Rootfs Encryption on Ubuntu 16.04 - bobpaul - 05-09-2017

Perhaps you could give some insight into your use case and why you're interested in encrypting the OS image? Sometimes knowing a few more details sparks ideas.


RE: Rootfs Encryption on Ubuntu 16.04 - saro - 05-11-2017

(05-05-2017, 10:59 PM)dkryder Wrote: there is no reason to encrypt the entire rootfs so i think the best approach is to not do it. however, if i do encrypt  data there is certainly no reason to automatically decrypt on startup since anyone who steals the device would only need to turn it on to gain access to un-encrypted data.
Hi dkryder,
I must garantee that my system can run only on a specific pine64 machine and must be unreadable when connect the sd card on other machines.

(05-06-2017, 03:45 AM)pfeerick Wrote:
(05-05-2017, 05:03 AM)saro Wrote: do you have an idea about which is the best approach to crypt the entire rootfs (using criptsetup software or other tools) and then decrypt itself automatically on system startup?

Why would you want to encrypt the entire rootfs? Why not just partition things so you have a separate /home partition, and encrypt that? I don't think the core operating system files are that exciting that they would need to be encrypted/decrypted!
Hi pfeerick,
I must garantee also that the system tools installed, and the type and version of the OS must be unreadable with an sd card analysis.

(05-09-2017, 02:48 PM)bobpaul Wrote: Perhaps you could give some insight into your use case and why you're interested in encrypting the OS image? Sometimes knowing a few more details sparks ideas.
Hi bobpaul,
my idea is a fully encrypted System coupled with a start on a specific pine64 machine only.


RE: Rootfs Encryption on Ubuntu 16.04 - dkryder - 05-11-2017

well i know that the new win 10 pro [not home] has bitlocker which can fully encrypt sd cards and flash drives making then unusable to anyone. but the downside is that you would have to un-encrypt to use and then encrypt after each use plus you need win 10 pro. but there may be other programs that can do this.


RE: Rootfs Encryption on Ubuntu 16.04 - saro - 05-17-2017

(05-11-2017, 05:09 AM)dkryder Wrote: well i know that the new win 10 pro [not home] has bitlocker which can fully encrypt sd cards and flash drives making then unusable to anyone. but the downside is that you would have to un-encrypt to use and then encrypt after each use plus you need win 10 pro. but there may be other programs that can do this.

Hi dkryder,
sorry but my intent is another, similar to automated procedure followed by
Ubuntu installer software, in which is possible to crypt all rootfs and swap partition
and decrypt them on startup.


RE: Rootfs Encryption on Ubuntu 16.04 - pfeerick - 05-17-2017

(05-17-2017, 04:01 AM)saro Wrote: sorry but my intent is another, similar to automated procedure followed by
Ubuntu installer software, in which is possible to crypt all rootfs and swap partition
and decrypt them on startup.

I suggest you have a look eCryptfs then as that is the tool that Ubuntu uses to encrypt the /home partition as part of a new install.

dm-crypt and truecrypt (now veracrypt) are two other possibilities... though I don't know how you'll fare as far as getting them to work on the pine64. This guide may give you some guidance on how and what to use.