Recently someone asked about disk encryption on Bookworm at viewtopic.php?t=363217
Adding rootfs encryption has been on my list of things to add to sdm for a while. The query popped my round-tuit.
sdm V11.2 just released, and it includes the ability to encrypt the rootfs partition on a RasPiOS system disk. It can be used in one of two ways:
There is one key difference, however: If you bork your sdm-customized system you can easily recreate it. if you bork your manually-configured system, it's rebuild from your notes. (You did take good notes, didn't you?)
The net result of either method is that the rootfs partition on a RasPiOS system disk is encrypted, and you must enter the passphrase in order to boot the system each time the system boots.
You can read all about it here.
Enjoy!
[Attribution: Started with https://rr-developer.github.io/LUKS-on-Raspberry-Pi/, made Bookworm-required changes, and scripted/automated it.]
Adding rootfs encryption has been on my list of things to add to sdm for a while. The query popped my round-tuit.
sdm V11.2 just released, and it includes the ability to encrypt the rootfs partition on a RasPiOS system disk. It can be used in one of two ways:
- Standalone, on your already-running system, with no dependencies on sdm itself
- Integrated into sdm, and invoked as part of customizing an IMG or burning an SSD/SD card
There is one key difference, however: If you bork your sdm-customized system you can easily recreate it. if you bork your manually-configured system, it's rebuild from your notes. (You did take good notes, didn't you?)
The net result of either method is that the rootfs partition on a RasPiOS system disk is encrypted, and you must enter the passphrase in order to boot the system each time the system boots.
You can read all about it here.
Enjoy!
[Attribution: Started with https://rr-developer.github.io/LUKS-on-Raspberry-Pi/, made Bookworm-required changes, and scripted/automated it.]
Statistics: Posted by bls — Thu Jan 18, 2024 7:18 pm