Skip to content

image: support luks root filesystem

Daniel Dehenninrequested to merge
dad-guest/mobian-recipes:feature/luks-encrypt into master

The actual implementation hardcode the cipher, pbkdf, key-size and hash algorithm options.

The resize of the root encrypted volume is not working:

systemd-growfs[417]: crypt_resize() of /dev/mmcblk0p2 failed: Operation not permitted
systemd-growfs[417]: Unable to resize underlying device of "/", proceeding anyway: Operation not permitted
systemd-growfs[417]: Successfully resized "/" to 3.8G bytes.

  • build.sh: new option -c to enable encrypted root filesystem.

  • image.yaml: install fde packages when encrypted root is enabled. New action to encrypt the root partition to a LUKS volume. Force initramfs update with /dev mounted to resolve /dev/mapper/root.

  • scripts/setup-luks.sh: convert the root filesystem to a cryptsetup volume.

  • scripts/update-initramfs.sh: mount /dev and update the initramfs.

  • devices/librem5/bootloader.sh: get TARGET_DISK from /boot because LUKS encrypted root device make it more difficult.

Merge request reports