Closed ShapeShifter499 closed 6 years ago
this is already supported:
either use same password for all devices and list them in /etc/mkinitcpio.d/crypttab
or alternatively use /etc/crypttab.key
file stored inside the encrypted device
which in turn will auto unlock devices listed in real root /etc/crypttab
https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Unlocking_a_secondary_partition_at_boot
after you succeed, please document rpi-specific setup here https://github.com/random-archer/mkinitcpio-systemd-tool/wiki
thank you
My setup at the time of writing is as follows. (Written originally on 05/14/2018)
Raspberry Pi 3B+ (Plus) Arch Linux ARM: https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-3#installation I used the AArch64 rootfs: http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-3-latest.tar.gz I used this kernel: https://aur.archlinux.org/packages/linux-aarch64-raspberrypi-bin/
After making sure mkinitcpio was correctly copying over the modules into initramfs into a directory the kernel was expecting I have decided to go with the second method as described above.
My root is unlocked by /etc/mkinitcpio.d/crypttab and /etc/mkinitcpio.d/fstab then once booted the rest of the boot process mounts everything else using keyfiles and the normal /etc/crypttab and /etc/fstab
NOTE: It appears to 'hang' after entering your encryption passphrase but be patient! The Raspberry Pi takes some time to decrypt and boot with this method. Around 5-10 minutes on my set up. Once booted it seems to run fine. Since I only have to reboot once in a while for upgrades, it should be ok for me.
Add support for multiple encrypted devices
I'm updating this issue. After messing around I can manually mount the extra drives using the shell mode but I'd like to see better support. I'm thinking any drives that need decrypting at boot could go into /etc/mkinitcpio.d/crypttab but let the system mount them later on in /etc/fstab since they are not the root drive which should be in /etc/mkinitcpio.d/fstab