11-06-2017, 05:21 AM
(11-06-2017, 04:28 AM)elatllat Wrote: I just use a second partition and mount bind over root where required. The advantage being the system can reboot remotely.
Thanks! I haven't tried that approach yet but it'd be nice to have all partitions encrypted to maintain integrity and availability.
Also, even though it's a bit of a nightmare to configure initially, initrd can be configured to load a dropbear SSH server on boot that'll drop a user to a busybox shell, allowing remote disk decryption. The advantage of this approach is that all the things are encrypted and the device can still be rebooted remotely. Like I said, it's a bit of a nightmare to configure. Maybe that'll be a future post once we figure this out.
Also, I'll admit that I have no experience with building custom Linux images and this seems like it'd be a situation where I should do just that and opt for Grub2 over U-Boot. I'm unsure of compatibility though.