Raspberry Pi setup - Githubissues

random-archer / mkinitcpio-systemd-tool

Provisioning tool for systemd in initramfs (systemd-tool)

https://www.archlinux.org/packages/community/any/mkinitcpio-systemd-tool/

Other

113 stars 27 forks source link

Raspberry Pi setup #16

Closed ShapeShifter499 closed 6 years ago

ShapeShifter499 commented 6 years ago

Add support for multiple encrypted devices

I'm updating this issue. After messing around I can manually mount the extra drives using the shell mode but I'd like to see better support. I'm thinking any drives that need decrypting at boot could go into /etc/mkinitcpio.d/crypttab but let the system mount them later on in /etc/fstab since they are not the root drive which should be in /etc/mkinitcpio.d/fstab

Andrei-Pozolotin commented 6 years ago

this is already supported:

either use same password for all devices and list them in /etc/mkinitcpio.d/crypttab
or alternatively use /etc/crypttab.key file stored inside the encrypted device which in turn will auto unlock devices listed in real root /etc/crypttab https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Unlocking_a_secondary_partition_at_boot

after you succeed, please document rpi-specific setup here https://github.com/random-archer/mkinitcpio-systemd-tool/wiki

thank you

ShapeShifter499 commented 6 years ago

My setup at the time of writing is as follows. (Written originally on 05/14/2018)

Raspberry Pi 3B+ (Plus) Arch Linux ARM: https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-3#installation I used the AArch64 rootfs: http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-3-latest.tar.gz I used this kernel: https://aur.archlinux.org/packages/linux-aarch64-raspberrypi-bin/

After making sure mkinitcpio was correctly copying over the modules into initramfs into a directory the kernel was expecting I have decided to go with the second method as described above.

My root is unlocked by /etc/mkinitcpio.d/crypttab and /etc/mkinitcpio.d/fstab then once booted the rest of the boot process mounts everything else using keyfiles and the normal /etc/crypttab and /etc/fstab

ShapeShifter499 commented 6 years ago

NOTE: It appears to 'hang' after entering your encryption passphrase but be patient! The Raspberry Pi takes some time to decrypt and boot with this method. Around 5-10 minutes on my set up. Once booted it seems to run fine. Since I only have to reboot once in a while for upgrades, it should be ok for me.