So I got FDE mostly working, according to https://wiki.mobian-project.org/doku.php?id=security that guide. It's rather involved and the guide isn't complete.
edit - apparently I'm super late to the party - this script is a more complete version of what I've been doing.
https://gitlab.com/-/snippets/2027389
A small addendum follows, since the guide is incomplete. It assumes a debian laptop with the target image mounted at /mnt/target. G
If you're running this on your x86(_64) computer, you will need qemu-user-mode emulation, but don't fret. It's super easy. Use your package manager to install 'binfmt-support' and 'qemu-user-static' (or whatever your distro calls it - check pkgs.org). You should have a binary in /usr/bin/ called qemu-aarch64-static or something like that. Copy it to your target, i.e. /mnt/target/.
Copy your /etc/resolv.conf into the target as well. Then bind mounts to get things like update-initramfs working:
Run update-initramfs -u, and then edit /etc/default/u-boot with an editor (vim/nano). You will need to replace the U_BOOT_PARAMETERS with this line:
U_BOOT_PARAMETERS="osk-sdl-root=/dev/mmcblk0p2 osk-sdl-root-name=pine root=/dev/mapper/pine console=ttyS0,115200 consoleblank=0 loglevel=7 rw plymouth.ignore-serial-consoles vt.global_cursor_default=0"
This will instruct the bootloader, u-boot, to use osk-sdl during the boot process. Next run u-boot-update for u-boot to regenerate its config file from the one you just edited. The config file lives in /boot/extlinux/extlinux.conf for mobian.
Make sure you also edit this file and ensure that the 'append' line does not begin with 'root=UUID....'. If so, just that section, and make sure osk-sdl's entries are first. Mine looks like this:
append osk-sdl-root=/dev/mmcblk0p2 osk-sdl-root-name=pine root=/dev/mapper/pine console=ttyS0,115200 consoleblank=0 loglevel=7 rw plymouth.ignore-serial-consoles vt.global_cursor_default=0
I've noticed every time u-boot-update runs it will add 'root=UUID=.....' to the append line. I just go into the /boot/extlinux/extlinux.conf and delete it, and it seems to now work fine.
If you're flashing to the emmc, replace /dev/mmcblk0p2 with /dev/mmcblk2p2.
Some quirks compared to PostmarketOS: If you enter your LUKS passphrase wrong, you have to reboot and try again. The keyboard behaves very weirdly after a failure.
Let me know if FDE on Mobian works for you?
edit - apparently I'm super late to the party - this script is a more complete version of what I've been doing.
https://gitlab.com/-/snippets/2027389
A small addendum follows, since the guide is incomplete. It assumes a debian laptop with the target image mounted at /mnt/target. G
If you're running this on your x86(_64) computer, you will need qemu-user-mode emulation, but don't fret. It's super easy. Use your package manager to install 'binfmt-support' and 'qemu-user-static' (or whatever your distro calls it - check pkgs.org). You should have a binary in /usr/bin/ called qemu-aarch64-static or something like that. Copy it to your target, i.e. /mnt/target/.
Copy your /etc/resolv.conf into the target as well. Then bind mounts to get things like update-initramfs working:
- mount --types proc /proc /mnt/target/proc
- mount --rbind /dev /mnt/target/dev
- mount --rbind /sys /mnt/target/sys
Run update-initramfs -u, and then edit /etc/default/u-boot with an editor (vim/nano). You will need to replace the U_BOOT_PARAMETERS with this line:
U_BOOT_PARAMETERS="osk-sdl-root=/dev/mmcblk0p2 osk-sdl-root-name=pine root=/dev/mapper/pine console=ttyS0,115200 consoleblank=0 loglevel=7 rw plymouth.ignore-serial-consoles vt.global_cursor_default=0"
This will instruct the bootloader, u-boot, to use osk-sdl during the boot process. Next run u-boot-update for u-boot to regenerate its config file from the one you just edited. The config file lives in /boot/extlinux/extlinux.conf for mobian.
Make sure you also edit this file and ensure that the 'append' line does not begin with 'root=UUID....'. If so, just that section, and make sure osk-sdl's entries are first. Mine looks like this:
append osk-sdl-root=/dev/mmcblk0p2 osk-sdl-root-name=pine root=/dev/mapper/pine console=ttyS0,115200 consoleblank=0 loglevel=7 rw plymouth.ignore-serial-consoles vt.global_cursor_default=0
I've noticed every time u-boot-update runs it will add 'root=UUID=.....' to the append line. I just go into the /boot/extlinux/extlinux.conf and delete it, and it seems to now work fine.
If you're flashing to the emmc, replace /dev/mmcblk0p2 with /dev/mmcblk2p2.
Some quirks compared to PostmarketOS: If you enter your LUKS passphrase wrong, you have to reboot and try again. The keyboard behaves very weirdly after a failure.
Let me know if FDE on Mobian works for you?