LUKS Encrypt 🔐 Raspberry PI 🍓🥧
F1LT3R
Posted on January 8, 2024
Requirements
- Raspberry PI
- SDCard w/ Raspberry PI OS Lite installed
- Flash drive connected to the RPI (to copy data from root partition during encrypt)
- Bash scripts: https://github.com/F1LT3R/luks-encrypt-raspberry-pi
Install OS and Update Kernel
Burn the Raspberry PI OS to the SDCard w/
Balenar EtcherorRaspberry PI ImagerCopy install scripts into
/boot/install/Boot into the Raspberry PI and run
sudo /boot/install/1.update.shsudo rebootto load the updated kernel
Install Enc Tools and Prep initramfs
Run script
/boot/install/2.disk_encrypt.shsudo rebootto drop into the initramfs shell.
Mount and Encrypt
-
Mount master block device to
/tmp/boot/
mkdir /tmp/boot mount /dev/mmcblk0p1 /tmp/boot/ -
Run the encryption script, passing your flash drive descriptor:
/tmp/boot/install/3.disk_encrypt_initramfs.sh [sda|sdb|etc] When LUKS encrypts the root partition it will ask you to type
YES(in uppercase).Create a decryption password (you will be asked twice).
LUKS will ask for the decryption password again to copy the data back from the flash drive to the root partition.
reboot -fto drop back into initramfs.
Unlock and Reboot to OS
-
Mount master block device at
/tmp/boot/
mkdir /tmp/boot mount /dev/mmcblk0p1 /tmp/boot/ -
Open the LUKS encrypted disk:
/tmp/boot/install/4.luks_open.sh Type in your decryption password again.
exitto quit BusyBox and boot normally.
Rebuild initramfs for Normal Boot
Run script:
/boot/install/5.rebuild_initram.shsudo rebootinto Raspberry PI OS.-
You should be asked for your decryption password every time you boot.
Please unlock disc sdcard: _
References
- Source: https://forums.raspberrypi.com/viewtopic.php?t=219867
- https://github.com/johnshearing/MyEtherWalletOffline/blob/master/Air-Gap_Setup.md#setup-luks-full-disk-encryption
- https://robpol86.com/raspberry_pi_luks.html
- https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile
Posted on January 8, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related