MMGen

Add serial console disk unlocking instructions at step 9.1. Serial console disk unlocking has been added as an option to the automated script as well.

No, I wouldn't assume that. See the comments by @sunzone above regarding the Orange Pi Zero. In their case, the problem may be connected with the fact that the OPi Zero requires 'flash-kernel' to set up the boot loader. I think that boards/images that don't depend on flash-kernel should generally work with this tutorial, but I need more test data to confirm that hypothesis.

- Add RockPro64 to supported list - Add automatic disk unlock prompt (Step 9.10)

Sorry to hear that. I'm afraid I've run out of options, since I don't have an Opi Zero for testing. If you really need root fs encryption, then you might try building Armbian with the CRYPTROOT_ENABLE option mentioned by @DevShankyin the post above.

This is not the kind of error I would expect to see. Are you sure you performed all the steps correctly, didn't omit anything? Is the SD card itself in working order? I'll take a look at the Focal Orange Pi Zero image to see if there's anything there that might be causing this error, but I don't have that board to test on, unfortunately. UPDATE: I looked at your image. Some things you might want to check: 1) Make sure you're editing armbianEnv.txt correctly. After performing the edits, the file should look like this: verbosity=1 bootlogo=false console=display disp_m

You don't need nand-sata-install, because the tutorial (and script) create the encrypted system directly on the eMMC. This has been tested successfully on the RockPi 4. Would like to hear from users how it works on other boards.

Thanks for pointing that out! As far as overlap goes, I think this tutorial (and the automated script) has a clear use case, as it creates encrypted Armbian systems without building or compiling anything, which is much easier for most users (the automated script can create a fully configured system on your SD card or eMMC in a matter of minutes). Secondly, the tutorial can be a valuable learning experience for those interested in better understanding disk partitioning, loop devices, LUKS encryption, uBoot, the Linux bootup process, basic administrative commands, etc.

This tutorial is now replaced by https://forum.armbian.com/topic/15618-full-root-filesystem encryption on-an-armbian-system-new-replaces-2017-tutorial-on-this-topic/

Full root filesystem encryption on an Armbian system (new, fully rewritten, replaces my earlier tutorial on this topic) MMGen (https://github.com/mmgen) This tutorial provides detailed, step-by-step instructions for setting up full root filesystem encryption on an Armbian system. The disk can be unlocked remotely via SSH or the serial console, permitting unattended bootup. An automated script that performs the same steps, saving you much time and effort, can be found at https://github.com/mmgen/mmgen-geek-tools Note that unlike my earlier t

Fixed boot sector size, luksFormat command. Removed outdated image downloading and unpacking instructions. Tested on SD and eMMC; Orange Pi PC2 and RockPi 4; Bionic legacy, Focal legacy and Buster mainline images. Instead of this tutorial, users are now encouraged to use my automated script, which does things in a better, more up-to-date way: git clone https://github.com/mmgen/mmgen-geek-tools

post deleted

Fixed some errors with dropbear installation.

Tutorial revised, improved and updated for current Ubuntu Bionic images.

Everything works as usual. If you're worried about forgetting the key, start out with a simple disk password like 'abc'. The password is all you need. Use case: if your machine ever falls into the wrong hands, any sensitive information on your disk is inaccessible to the attacker (but then you'll need a better password than 'abc').

Re-tested tutorial with current server image. Minor updates and revisions.