MMGen

Sorry to hear that. I'm afraid I've run out of options, since I don't have an Opi Zero for testing. If you really need root fs encryption, then you might try building Armbian with the CRYPTROOT_ENABLE option mentioned by @DevShankyin the post above.

This is not the kind of error I would expect to see. Are you sure you performed all the steps correctly, didn't omit anything? Is the SD card itself in working order? I'll take a look at the Focal Orange Pi Zero image to see if there's anything there that might be causing this error, but I don't have that board to test on, unfortunately. UPDATE: I looked at your image. Some things you might want to check: 1) Make sure you're editing armbianEnv.txt correctly. After performing the edits, the file should look like this: verbosity=1 bootlogo=false console=display disp_m

You don't need nand-sata-install, because the tutorial (and script) create the encrypted system directly on the eMMC. This has been tested successfully on the RockPi 4. Would like to hear from users how it works on other boards.

Thanks for pointing that out! As far as overlap goes, I think this tutorial (and the automated script) has a clear use case, as it creates encrypted Armbian systems without building or compiling anything, which is much easier for most users (the automated script can create a fully configured system on your SD card or eMMC in a matter of minutes). Secondly, the tutorial can be a valuable learning experience for those interested in better understanding disk partitioning, loop devices, LUKS encryption, uBoot, the Linux bootup process, basic administrative commands, etc.

This tutorial is now replaced by https://forum.armbian.com/topic/15618-full-root-filesystem encryption on-an-armbian-system-new-replaces-2017-tutorial-on-this-topic/

Full root filesystem encryption on an Armbian system (new, fully rewritten, replaces my earlier tutorial on this topic) MMGen (https://github.com/mmgen) This tutorial provides detailed, step-by-step instructions for setting up full root filesystem encryption on an Armbian system. The disk can be unlocked remotely via SSH, permitting unattended bootup. Note that unlike my earlier tutorial all steps are performed within a running Armbian system. The tutorial has been tested with Debian Buster mainline and Ubuntu Bionic and Focal legacy images

Fixed boot sector size, luksFormat command. Removed outdated image downloading and unpacking instructions. Tested on SD and eMMC; Orange Pi PC2 and RockPi 4; Bionic legacy, Focal legacy and Buster mainline images. Instead of this tutorial, users are now encouraged to use my automated script, which does things in a better, more up-to-date way: git clone https://github.com/mmgen/mmgen-geek-tools

post deleted

Fixed some errors with dropbear installation.

Tutorial revised, improved and updated for current Ubuntu Bionic images.

Everything works as usual. If you're worried about forgetting the key, start out with a simple disk password like 'abc'. The password is all you need. Use case: if your machine ever falls into the wrong hands, any sensitive information on your disk is inaccessible to the attacker (but then you'll need a better password than 'abc').

Re-tested tutorial with current server image. Minor updates and revisions.

Thanks! It's sort of like the mix-up with USB slots on computers. Some are upside-down, others right side up. And it's a constant source of annoyance. Hardware manufacturers are horrible when it comes to observing standards.

So power green, status red is OK? This is the standard for Armbian? Just wanted to clarify that.

Can confirm: ORANGE_PI-PC2-V1_2_schematic.pdf erroneously has STATUS-LED as PA15 when it's really PA20. But this is the RED led (next to the green one, which is always on). I think power led and status led might be reversed then on the PC2. On RPi/Raspbian the power led is red and status is green.