+- PINE64 (https://forum.pine64.org)
+-- Forum: Pinebook Pro (https://forum.pine64.org/forumdisplay.php?fid=111)
+--- Forum: Linux on Pinebook Pro (https://forum.pine64.org/forumdisplay.php?fid=114)
+--- Thread: Manjaro Arm Encrypted EMMC (/showthread.php?tid=8903)
Manjaro Arm Encrypted EMMC - detrexer - 01-23-2020
Hey,
Im trying to get an encrypted Manajaro Arm Minimal Running on my pbpro. I managed to create a minimal manjaro arm image and tried the following
1. Flash Uboot from Manjaro to the first sectors of the EMMC
2. Create a 500MB Ext4 Boot partition
3. Create an encrypted BTRFS Luks partition for the rest of the emmc
I copied the fs to the main btrfs partition and moved /boot to the boot partition. Without any further setup i tried booting the pbpro and only got a black screen. I think what I have to do now is
1. Reconfigure UBOOT to find the /boot partition and advice kernel to mount encrypted btrfs root partition
2. Recompile Kernel with all the stuff necessary for booting luks
3. setup fstab for the new rootfs
I know how to do the last one but I'm stuck on the first two and cant find any good refenrece on how to do this on arm with uboot. Can you help me?
Thx
P.S. Once i firgured it all out, I'll write up a guide for yall
RE: Manjaro Arm Encrypted EMMC - xmixahlx - 01-23-2020
look at the danielt's debian installer for ideas.
RE: Manjaro Arm Encrypted EMMC - limxr - 02-07-2020
Here is a write up on getting fde with luks on manjaro xfce image installed on an sdcard. Not exactly what your are wanting to do but may help.
https://forum.pine64.org/showthread.php?tid=9052
RE: Manjaro Arm Encrypted EMMC - llsf - 02-08-2020
You might want to have an UART connection handy.
Or if that's not a possibility, the first thing you should probably do is building an initramfs with the modules required for the display so you can get output earlier during boot; no need to rebuild the kernel. Beware, though, that the default boot.txt on Manjaro doesn't seem to properly load the initramfs. The linked thread by limxr and/or https://github.com/lsfxz/pinebookpro-things/tree/master/luks might help (the latter was initially a gist elsewhere, should give you some hints about where to look / modify things).
RE: Manjaro Arm Encrypted EMMC - grego - 02-10-2020
Has anyone managed to successfully do this?
RE: Manjaro Arm Encrypted EMMC - wsgts - 02-10-2020
(02-10-2020, 03:14 AM)grego Wrote: Has anyone managed to successfully do this?
I have my PBP on Manjaro with the home directory encrypted via this guide. https://wiki.archlinux.org/index.php/ECryptfs.
Pretty much followed it to the letter and it worked fine. I haven't tried the encryption of the SWAP space as of yet.
RE: Manjaro Arm Encrypted EMMC - Janoz - 02-10-2020
I did my best to understand the write up from: https://forum.pine64.org/showthread.php?tid=9052
Unfortunately I'm not experienced enough to understand it fully. I do feel confused at the start when using gparted for setting up partitions and copying files.
I'm going to do some more reading/testing and Kudos to limxr for writing this.
RE: Manjaro Arm Encrypted EMMC - Janoz - 02-10-2020
(02-10-2020, 09:57 AM)Janoz Wrote: I did my best to understand the write up from: https://forum.pine64.org/showthread.php?tid=9052
Unfortunately I'm not experienced enough to understand it fully. I do feel confused at the start when using gparted for setting up partitions and copying files.
I'm going to do some more reading/testing and Kudos to limxr for writing this.
^I had to take it slower with gparted (never used it before). Now it finally works on my SD. I'm not sure if this will work on eMMC but it feels like it's around the corner. Thanks for this @limxr
RE: Manjaro Arm Encrypted EMMC - GloriousCoffee - 03-20-2020
(02-10-2020, 09:19 AM)wsgts Wrote:(02-10-2020, 03:14 AM)grego Wrote: Has anyone managed to successfully do this?
I have my PBP on Manjaro with the home directory encrypted via this guide. https://wiki.archlinux.org/index.php/ECryptfs.
Pretty much followed it to the letter and it worked fine. I haven't tried the encryption of the SWAP space as of yet.
Where do I get the 'ecryptfs-migrate-home' ? The wiki says nothing about where it can be found.