MMGen

@DIYprojectz: It should be possible to put the encrypted root filesystem on a different device than the boot partition, though I've never tried it with an SoC or Armbian. Thanks for the idea. I promise to look into it, but don't expect immediate results as I'm busy with other things at the moment.

Sorry for the extreme delay in replying to your post. Since the errors are coming from APT, this could be a distro-specific problem. Have you tried the Bullseye image?

Glad you got it to work. Instead of setting up the LUKS partition manually, erasing everything with the -z option might have solved the problem here.

Are you able to unlock the device via SSH as per the instructions? Can you ping the device at the expected address? Note that the script has been updated, so you might clone or pull the new version from Github and try running it again.

Updated automated script to support Bullseye and Jammy images, plus minor bugfixes.

Thanks for the offer/request. I'll be busy for the next several days, but when I get some free time I'll look into doing this.

Glad everything worked! However, the bind mount wasn't necessary. Since you're still booting from the SD/eMMC, the old fstab would have worked unmodified. Can't say why you couldn't log in via SSH initially, but in any case this is a minor issue.

Yes, this should be doable. Create a LUKS partition and ext4 fs on the SSD, copy the root fs to it, update /etc/crypttab with the new device UUID, mount, chroot and update the initramfs. I haven't tested this myself though, so other steps might be required. But first you should try the tutorial without modification to make sure it works for your board. If it does, please let me know and I'll add the HC4 to the "supported" list.

Add serial console disk unlocking instructions at step 9.1. Serial console disk unlocking has been added as an option to the automated script as well.

No, I wouldn't assume that. See the comments by @sunzone above regarding the Orange Pi Zero. In their case, the problem may be connected with the fact that the OPi Zero requires 'flash-kernel' to set up the boot loader. I think that boards/images that don't depend on flash-kernel should generally work with this tutorial, but I need more test data to confirm that hypothesis.

- Add RockPro64 to supported list - Add automatic disk unlock prompt (Step 9.10)

Sorry to hear that. I'm afraid I've run out of options, since I don't have an Opi Zero for testing. If you really need root fs encryption, then you might try building Armbian with the CRYPTROOT_ENABLE option mentioned by @DevShankyin the post above.

This is not the kind of error I would expect to see. Are you sure you performed all the steps correctly, didn't omit anything? Is the SD card itself in working order? I'll take a look at the Focal Orange Pi Zero image to see if there's anything there that might be causing this error, but I don't have that board to test on, unfortunately. UPDATE: I looked at your image. Some things you might want to check: 1) Make sure you're editing armbianEnv.txt correctly. After performing the edits, the file should look like this: verbosity=1 bootlogo=false console=display disp_mode=1920x1080p60 overlay_prefix=sun8i-h3 overlays=usbhost2 usbhost3 rootdev=/dev/mapper/rootfs rootfstype=ext4 2) In boot.cmd there are two lines beginning with 'setenv rootdev'. Make sure you're deleting the first one. If that doesn't work, there are other things you might try and see whether you get the same or similar error at bootup: 1) Use the automated script instead of the tutorial. 2) Try the Buster image instead of Focal.

You don't need nand-sata-install, because the tutorial (and script) create the encrypted system directly on the eMMC. This has been tested successfully on the RockPi 4. Would like to hear from users how it works on other boards.

Thanks for pointing that out! As far as overlap goes, I think this tutorial (and the automated script) has a clear use case, as it creates encrypted Armbian systems without building or compiling anything, which is much easier for most users (the automated script can create a fully configured system on your SD card or eMMC in a matter of minutes). Secondly, the tutorial can be a valuable learning experience for those interested in better understanding disk partitioning, loop devices, LUKS encryption, uBoot, the Linux bootup process, basic administrative commands, etc.