full disk encryption of device

[yippyskippy]

Currently hyper-pi is very good and I get mine to work from these nice instructions :D but I wonder that if user starts using for actual secure messaging and then loses device that is bad. Maybe we could add some instructions for how to do LUKS style full disk encryption of devices? It seems to be not too hard but tricky in some ways. Here are some links of what I find.

• https://carlo-hamalainen.net/2017/03/12/raspbian-with-full-disk-encryption/

This one has a bunch of terminal commands to get it working. As one in comments points out this downside of approach outlined

"You need to manually re-create the initramfs-image after a new kernel is installed. 🙁"

Other documented similar steps

• https://docs.kali.org/kali-dojo/04-raspberry-pi-with-luks-disk-encryption
• https://robpol86.com/raspberry_pi_luks.html

[yippyskippy]

One idea could be use YubiKey or similar device to enter the LUKS decryption passphrase. This approach would make us not require figuring out how to get a keyboard (soft or hardware) for entering a passphrase. There is some documentation on using a yubikey like this

• https://github.com/cornelinux/yubikey-luks