You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be a huge step forward to facilitate creating images where the rootfs is a LUKS partition, with prompt for passphrase on boot.
Proposal: Add new flags:
[--cryptroot] (if set, encrypt rootfs)
[-p passphrase]
[-f passphrase-file] (-p and -f are mutually exclusive)
[--cryptroot-parameters=''] (optional extra parameters to pass to cryptsetup)
Enabling remote ssh unlock via dropbear/tinyssh would be a nice addition, but is not required.
It seems like this can currently be achieved as a two-step process by first building an image like normal here, and then generating an encrypted one with https://github.com/dreemurrs-embedded/archarm-mobile-fde-installer (though it seems PinePhone Pro is not yet supported there?)
There needs to be a disclaimer that encrypted images should be considered single-use (as LUKS keys would be identical across installations otherwise)
The text was updated successfully, but these errors were encountered:
It would be a huge step forward to facilitate creating images where the rootfs is a LUKS partition, with prompt for passphrase on boot.
Proposal: Add new flags:
Inspiration taken from CRYPTROOT parameters in https://docs.armbian.com/Developer-Guide_Build-Options/#main-options
Enabling remote ssh unlock via dropbear/tinyssh would be a nice addition, but is not required.
It seems like this can currently be achieved as a two-step process by first building an image like normal here, and then generating an encrypted one with https://github.com/dreemurrs-embedded/archarm-mobile-fde-installer (though it seems PinePhone Pro is not yet supported there?)
There needs to be a disclaimer that encrypted images should be considered single-use (as LUKS keys would be identical across installations otherwise)
The text was updated successfully, but these errors were encountered: