Hi,
The SBC Raspberry Pi 4 boot on an sdcard with two partition /boot and /
So I managed to encrypt the partition / with cryptsetup
Here the partition of my sd-card
| device | FILESYS | LABEL | UUID |
|---|---|---|---|
| sdb1 | vfat | BOOT | ( 9 characters ) |
| sdb2 | crrypto_LUKS | <unknow> | ( 36 characters ) |
I’ve modified the /boot/cmdline.txt
to ( on one line )
console=serial0,115200
console=tty1
root=UUID=#If I try the UUID of sdb2 it fail and also the UUID when I use `cryptsetup luksOpen /dev/sdb2 b2open`
rootfstype=ext4
fsck.repair=yes
loglevel=5
net.ifnames=0
firmware_class.path=/lib/firmware/updates/brcm
rootwait
cryptdevice=UUID=#I dont know which one:b2open
any ideas ?
Thanks.
I’m not sure I understood you correctly, is the problem just that you don’t know which uuid-s to use where? Cryptdevice corresponds to your sdb2, and root is /dev/mapper/b2open. Otherwise, provide the exact error
I believe my initramfs do not support luks encryption, but the link of @[email protected] might work… 🤞
Depends on the distro. On arch you need to enable a few hooks, for example
I never could be bothered with manually setting up LUKS, here’s an automation script if you don’t get it to work:
https://github.com/gitbls/sdm/blob/master/Docs/Disk-Encryption.md
Thanks @[email protected] ! indeed https://github.com/gitbls/sdm/blob/master/Docs/Disk-Encryption.md#the-sdm-cryptconfig-script seem what I need. I’ll try
I’ve used it to encrypt both Pi4’s and 5’s. I think it’s most compatible with Raspberry Pi OS (Bookworm), used it on both Lite and Desktop editions. Remember to use non-AES encryption since only the 5 has hardware enc/decryption. Good luck!
