Full Disk Encryption
#1
Hi,

I intend to use the Rock64 as a multi-purpose server handling VPN, LDAP authentication, internal DNS, etc. and I'd really like to LUKS encrypt the emmc. I'm familiar with the process using Grub2 as a boot loader but U-Boot is throwing me some curves.

Has anyone undertaken a project like this?
  Reply
#2
I just use a second partition and mount bind over root where required. The advantage being the system can reboot remotely.
  Reply
#3
(11-06-2017, 04:28 AM)elatllat Wrote: I just use a second partition and mount bind over root where required. The advantage being the system can reboot remotely.

Thanks! I haven't tried that approach yet but it'd be nice to have all partitions encrypted to maintain integrity and availability.

Also, even though it's a bit of a nightmare to configure initially, initrd can be configured to load a dropbear SSH server on boot that'll drop a user to a busybox shell, allowing remote disk decryption. The advantage of this approach is that all the things are encrypted and the device can still be rebooted remotely. Like I said, it's a bit of a nightmare to configure. Maybe that'll be a future post once we figure this out.

Also, I'll admit that I have no experience with building custom Linux images and this seems like it'd be a situation where I should do just that and opt for Grub2 over U-Boot. I'm unsure of compatibility though.
  Reply
#4
@archangel @elatllat
Hi guys,
Did you manage with full disk encryption? Can you write some manual for that?
Thanks in advance.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Encryption support rockfun 1 4,090 06-10-2020, 08:27 AM
Last Post: rockfun
  Arch Linux minimal image w/ full HDMI output support hiccupstix 1 4,764 11-01-2018, 08:33 AM
Last Post: danboid
  Problems with USB 3.0 and SATA disk (UAS) diglam 6 15,330 10-16-2018, 11:05 AM
Last Post: Trash_Can_Man
  Official Debian image doesn't recognize full SD capacity silverknight 2 4,623 08-29-2017, 06:00 AM
Last Post: silverknight

Forum Jump:


Users browsing this thread: 1 Guest(s)