+- PINE64 (https://forum.pine64.org)
+-- Forum: ROCK64 (https://forum.pine64.org/forumdisplay.php?fid=85)
+--- Forum: Linux on Rock64 (https://forum.pine64.org/forumdisplay.php?fid=88)
+--- Thread: Full Disk Encryption (/showthread.php?tid=5344)
Full Disk Encryption - archangel - 11-05-2017
Hi,
I intend to use the Rock64 as a multi-purpose server handling VPN, LDAP authentication, internal DNS, etc. and I'd really like to LUKS encrypt the emmc. I'm familiar with the process using Grub2 as a boot loader but U-Boot is throwing me some curves.
Has anyone undertaken a project like this?
RE: Full Disk Encryption - elatllat - 11-06-2017
I just use a second partition and mount bind over root where required. The advantage being the system can reboot remotely.
RE: Full Disk Encryption - archangel - 11-06-2017
(11-06-2017, 04:28 AM)elatllat Wrote: I just use a second partition and mount bind over root where required. The advantage being the system can reboot remotely.
Thanks! I haven't tried that approach yet but it'd be nice to have all partitions encrypted to maintain integrity and availability.
Also, even though it's a bit of a nightmare to configure initially, initrd can be configured to load a dropbear SSH server on boot that'll drop a user to a busybox shell, allowing remote disk decryption. The advantage of this approach is that all the things are encrypted and the device can still be rebooted remotely. Like I said, it's a bit of a nightmare to configure. Maybe that'll be a future post once we figure this out.
Also, I'll admit that I have no experience with building custom Linux images and this seems like it'd be a situation where I should do just that and opt for Grub2 over U-Boot. I'm unsure of compatibility though.
RE: Full Disk Encryption - gzom - 03-30-2019
@archangel @elatllat
Hi guys,
Did you manage with full disk encryption? Can you write some manual for that?
Thanks in advance.