MMGen

Fixed some errors with dropbear installation.

Tutorial revised, improved and updated for current Ubuntu Bionic images.

Everything works as usual. If you're worried about forgetting the key, start out with a simple disk password like 'abc'. The password is all you need. Use case: if your machine ever falls into the wrong hands, any sensitive information on your disk is inaccessible to the attacker (but then you'll need a better password than 'abc').

Re-tested tutorial with current server image. Minor updates and revisions.

Thanks! It's sort of like the mix-up with USB slots on computers. Some are upside-down, others right side up. And it's a constant source of annoyance. Hardware manufacturers are horrible when it comes to observing standards.

So power green, status red is OK? This is the standard for Armbian? Just wanted to clarify that.

Can confirm: ORANGE_PI-PC2-V1_2_schematic.pdf erroneously has STATUS-LED as PA15 when it's really PA20. But this is the RED led (next to the green one, which is always on). I think power led and status led might be reversed then on the PC2. On RPi/Raspbian the power led is red and status is green.

Assuming all the steps of the tutorial completed without error, this is probably an authorization problem. Make sure you installed the correct SSH public key or keys as described and are unlocking from the correct remote machine. Also make sure dropbear is running. You should see a 'dropbear started' message at boot up if you have a monitor connected.

dmesg | less Type 'F' inside less.

Revised and re-tested tutorial with current Armbian OPi PC2 images, removed unneeded kernel compilation section.

Edit: dropped the ip argument from the kernel command line because it's not necessary.

Edited tutorial and made the following improvements: only one card reader required improved dropbear configuration using configured address and non-standard port allow for DHCP-configured systems The dm-crypt module has now been added to the kernel (thanks, developers!), which makes the whole setup process much easier.

Update: commenting out the following line in 'boot.cmd' allows you to unlock the disk from the tty as well as via ssh: # if test "${console}" = "serial" || test "${console}" = "both"; then setenv consoleargs "${consoleargs} console=ttyS0,115200"; fi

Rechecked tutorial, fixed a non-critical error, removed a couple unnecessary commands. Just replace the bogus device filenames with real ones and everything will work "out of the box".

Full root filesystem encryption on an Armbian/Orange Pi PC 2 system MMGen (https://github.com/mmgen) This tutorial provides detailed, step-by-step instructions for setting up full root filesystem encryption on an Armbian/Orange Pi PC2 system. With minor changes, it can be adapted to other Armbian-supported boards. The disk is unlocked remotely via ssh, permitting unattended bootup. Requirements: Linux host system One Orange Pi PC 2 Two blank Micro-SD cards (or a working Armbian system for your board + one blank SD card) USB Micro-SD