Full Disk Encryption
#1
So I got FDE mostly working, according to https://wiki.mobian-project.org/doku.php?id=security that guide. It's rather involved and the guide isn't complete.

edit - apparently I'm super late to the party - this script is a more complete version of what I've been doing.
https://gitlab.com/-/snippets/2027389

A small addendum follows, since the guide is incomplete. It assumes a debian laptop with the target image mounted at /mnt/target. G

If you're running this on your x86(_64) computer, you will need qemu-user-mode emulation, but don't fret. It's super easy. Use your package manager to install 'binfmt-support' and 'qemu-user-static' (or whatever your distro calls it - check pkgs.org). You should have a binary in /usr/bin/ called qemu-aarch64-static or something like that. Copy it to your target, i.e. /mnt/target/.

Copy your /etc/resolv.conf into the target as well. Then bind mounts to get things like update-initramfs working:
  • mount --types proc /proc /mnt/target/proc
  • mount --rbind /dev /mnt/target/dev
  • mount --rbind /sys /mnt/target/sys
Next, you'll need to download a file - the 'osk-sdl' keyboard package - from this releases page. It's a precompiled .deb for arm64. Since you're now root inside your image, you can just wget the latest release and then run apt install ./osk-sdk_arm64.deb -y to install the package. You WILL need to remove the cryptsetup-initramfs package, if the , so 'apt remove' it.

Run update-initramfs -u, and then edit /etc/default/u-boot with an editor (vim/nano). You will need to replace the U_BOOT_PARAMETERS with this line:

U_BOOT_PARAMETERS="osk-sdl-root=/dev/mmcblk0p2 osk-sdl-root-name=pine root=/dev/mapper/pine console=ttyS0,115200 consoleblank=0 loglevel=7 rw plymouth.ignore-serial-consoles vt.global_cursor_default=0"

This will instruct the bootloader, u-boot, to use osk-sdl during the boot process. Next run u-boot-update for u-boot to regenerate its config file from the one you just edited. The config file lives in /boot/extlinux/extlinux.conf for mobian.

Make sure you also edit this file and ensure that the 'append' line does not begin with 'root=UUID....'. If so, just that section, and make sure osk-sdl's entries are first. Mine looks like this:
append osk-sdl-root=/dev/mmcblk0p2 osk-sdl-root-name=pine root=/dev/mapper/pine console=ttyS0,115200 consoleblank=0 loglevel=7 rw plymouth.ignore-serial-consoles vt.global_cursor_default=0


I've noticed every time u-boot-update runs it will add 'root=UUID=.....' to the append line. I just go into the /boot/extlinux/extlinux.conf and delete it, and it seems to now work fine.

If you're flashing to the emmc, replace /dev/mmcblk0p2 with /dev/mmcblk2p2.


Some quirks compared to PostmarketOS: If you enter your LUKS passphrase wrong, you have to reboot and try again. The keyboard behaves very weirdly after a failure.

Let me know if FDE on Mobian works for you?


Possibly Related Threads…
Thread Author Replies Views Last Post
  boot gets stuck shortly after disk decryption vortex 10 7,838 Yesterday, 10:50 AM
Last Post: demetemre
  Full disk encryption with calamares: beware of last testing upgrade! mdk 3 1,531 02-21-2025, 07:25 AM
Last Post: dragonhospital
  How to use an NVMe disk as rootfs Smaking 3 1,283 11-29-2024, 06:51 AM
Last Post: walter1950
  low disk space on file system root revisited benedikt55 2 2,813 09-24-2022, 10:16 AM
Last Post: benedikt55
  Low Disk Space on Filesystem root ichbins 9 7,422 08-28-2022, 10:52 AM
Last Post: Eugo
  Enter disk decryption passphrase error healthyliving101 3 4,521 09-07-2021, 12:21 PM
Last Post: Fenellakw
  Keyboard stopped working on disk encryption screen on Mobian after update cowsay 2 3,639 08-16-2021, 08:31 AM
Last Post: Zebulon Walton
  "Low Disk Space on Filesystem root" after installing Axolotl and Podcasts Anna 11 12,911 03-05-2021, 02:33 AM
Last Post: Anna
  Full disk encryption is coming a-wai 15 20,400 02-05-2021, 07:07 AM
Last Post: arno_nuehm
  Is there an encryption package missing from mobian? rp3 0 2,223 01-27-2021, 05:16 AM
Last Post: rp3

Forum Jump:


Users browsing this thread: 1 Guest(s)