(05-05-2017, 10:59 PM)dkryder Wrote: there is no reason to encrypt the entire rootfs so i think the best approach is to not do it. however, if i do encrypt data there is certainly no reason to automatically decrypt on startup since anyone who steals the device would only need to turn it on to gain access to un-encrypted data.Hi dkryder,
I must garantee that my system can run only on a specific pine64 machine and must be unreadable when connect the sd card on other machines.
(05-06-2017, 03:45 AM)pfeerick Wrote:Hi pfeerick,(05-05-2017, 05:03 AM)saro Wrote: do you have an idea about which is the best approach to crypt the entire rootfs (using criptsetup software or other tools) and then decrypt itself automatically on system startup?
Why would you want to encrypt the entire rootfs? Why not just partition things so you have a separate /home partition, and encrypt that? I don't think the core operating system files are that exciting that they would need to be encrypted/decrypted!
I must garantee also that the system tools installed, and the type and version of the OS must be unreadable with an sd card analysis.
(05-09-2017, 02:48 PM)bobpaul Wrote: Perhaps you could give some insight into your use case and why you're interested in encrypting the OS image? Sometimes knowing a few more details sparks ideas.Hi bobpaul,
my idea is a fully encrypted System coupled with a start on a specific pine64 machine only.
