If it doesn’t, open a ssh shell and kill all sh processes. It may show a warning but as long as it boots, it’s fine. Ssh using the dracut-specific ssh key and run the unlock command: ssh -p 22 -i /path/to/ssh_dracut_rsa_key unlock < your_luks_passphrase Now, after booting Raspberry Pi, wait a few seconds and then connect to it via You will also need to have cryptsetup installed on this Linux machine. We are going to backup the SD card, create the LUKS volume and then put the files back on the SD card. Now poweroff the Raspberry Pi and insert the SD card into another Linux machine. You can finally generate a dracut image: dracut /boot/initrd.img -force cryptdevice=/dev/mmcblk0p2:crypt root=/dev/mapper/cryptĪdd this to config.txt: initramfs initrd.img followkernel I am not sure if the order matters or not.
#VOID LINUX WIPEFS UPDATE#
Now let’s update the files on boot partition to reflect the changes:Īdd this to cmdline.txt rd.neednet=1 ip=dhcpĪnd change the value of root and add a cryptdevice entry before it. While /etc/crypttab says that you should not have the root partition listed, it is needed for crypt-ssh module to work: crypt /dev/mmcblk0p2 none luks Put the following into /etc/fstab: /dev/mapper/crypt / ext4 defaults,noatime 0 1 Configuring LUKSīefore you generate a dracut image, we need to adjust fstab for this change. I blacklisted btrfs because it was spamming my dmesg log. We shouldn’t even need a shell in dracut, because there will only be one command to execute over ssh. I blacklisted bash and dash because I prefer busybox so why have them. I also used the following dracut configuration, which you can place in nf: omit_dracutmodules+="bash dash btrfs" # touch /root/.dracut/authorized_keys # chmod 700 /root/.dracut/authorized_keys # cat /root/.dracut/ssh_dracut_rsa_key.pub > /root/.dracut/authorized_keys # cat /root/.dracut/ssh_dracut_ecdsa_key.pub > /root/.dracut/authorized_keys
#VOID LINUX WIPEFS INSTALL#
Install the required packages for LUKS and ssh in initrd, as well as the crypt-ssh module:
It was enabled by default on my system, so just check that it is running with sv status ntpd. Void Linux wiki also tells you to start ntpd with sv start ntpd for https certificates to work (required for xbps to download packages). Set your hostname with the command hostname your-hostname and also put this hostname in /etc/hostname. Insert the SD card to your Raspberry Pi and boot it up.Ĭonnect via ssh (user: root, password: voidlinux). # mkfs.vfat -F32 /dev/sdX1 # mkfs.ext4 -O ^has_journal /dev/sdX2 # mkdir rootfs # mount /dev/sdX2 rootfs/ # mkdir rootfs/boot # mount /dev/sdX1 rootfs/boot # tar xvfJp -C rootfs # echo '/dev/mmcblk0p1 /boot vfat defaults 0 0' > rootfs/etc/fstab (parted ) mkpart primary fat32 2048s 256MB
# parted /dev/sdX (parted ) mktable msdos
0 kommentar(er)
