MMGen

Members
  • Content Count

    25
  • Joined

  • Last visited

Everything posted by MMGen

  1. Sorry to hear that. I'm afraid I've run out of options, since I don't have an Opi Zero for testing. If you really need root fs encryption, then you might try building Armbian with the CRYPTROOT_ENABLE option mentioned by @DevShankyin the post above.
  2. This is not the kind of error I would expect to see. Are you sure you performed all the steps correctly, didn't omit anything? Is the SD card itself in working order? I'll take a look at the Focal Orange Pi Zero image to see if there's anything there that might be causing this error, but I don't have that board to test on, unfortunately. UPDATE: I looked at your image. Some things you might want to check: 1) Make sure you're editing armbianEnv.txt correctly. After performing the edits, the file should look like this: verbosity=1 bootlogo=false console=display disp_m
  3. You don't need nand-sata-install, because the tutorial (and script) create the encrypted system directly on the eMMC. This has been tested successfully on the RockPi 4. Would like to hear from users how it works on other boards.
  4. Thanks for pointing that out! As far as overlap goes, I think this tutorial (and the automated script) has a clear use case, as it creates encrypted Armbian systems without building or compiling anything, which is much easier for most users (the automated script can create a fully configured system on your SD card or eMMC in a matter of minutes). Secondly, the tutorial can be a valuable learning experience for those interested in better understanding disk partitioning, loop devices, LUKS encryption, uBoot, the Linux bootup process, basic administrative commands, etc.
  5. This tutorial is now replaced by https://forum.armbian.com/topic/15618-full-root-filesystem encryption on-an-armbian-system-new-replaces-2017-tutorial-on-this-topic/
  6. Full root filesystem encryption on an Armbian system (new, fully rewritten, replaces my earlier tutorial on this topic) MMGen (https://github.com/mmgen) This tutorial provides detailed, step-by-step instructions for setting up full root filesystem encryption on an Armbian system. The disk can be unlocked remotely via SSH, permitting unattended bootup. Note that unlike my earlier tutorial all steps are performed within a running Armbian system. The tutorial has been tested with Debian Buster mainline and Ubuntu Bionic and Focal legacy images
  7. Fixed boot sector size, luksFormat command. Removed outdated image downloading and unpacking instructions. Tested on SD and eMMC; Orange Pi PC2 and RockPi 4; Bionic legacy, Focal legacy and Buster mainline images. Instead of this tutorial, users are now encouraged to use my automated script, which does things in a better, more up-to-date way: git clone https://github.com/mmgen/mmgen-geek-tools
  8. Everything works as usual. If you're worried about forgetting the key, start out with a simple disk password like 'abc'. The password is all you need. Use case: if your machine ever falls into the wrong hands, any sensitive information on your disk is inaccessible to the attacker (but then you'll need a better password than 'abc').
  9. Re-tested tutorial with current server image. Minor updates and revisions.
  10. MMGen

    Orange Pi Win

    Thanks! It's sort of like the mix-up with USB slots on computers. Some are upside-down, others right side up. And it's a constant source of annoyance. Hardware manufacturers are horrible when it comes to observing standards.
  11. MMGen

    Orange Pi Win

    So power green, status red is OK? This is the standard for Armbian? Just wanted to clarify that.
  12. MMGen

    Orange Pi Win

    Can confirm: ORANGE_PI-PC2-V1_2_schematic.pdf erroneously has STATUS-LED as PA15 when it's really PA20. But this is the RED led (next to the green one, which is always on). I think power led and status led might be reversed then on the PC2. On RPi/Raspbian the power led is red and status is green.
  13. Assuming all the steps of the tutorial completed without error, this is probably an authorization problem. Make sure you installed the correct SSH public key or keys as described and are unlocking from the correct remote machine. Also make sure dropbear is running. You should see a 'dropbear started' message at boot up if you have a monitor connected.
  14. Revised and re-tested tutorial with current Armbian OPi PC2 images, removed unneeded kernel compilation section.
  15. Edit: dropped the ip argument from the kernel command line because it's not necessary.
  16. Edited tutorial and made the following improvements: only one card reader required improved dropbear configuration using configured address and non-standard port allow for DHCP-configured systems The dm-crypt module has now been added to the kernel (thanks, developers!), which makes the whole setup process much easier.
  17. Update: commenting out the following line in 'boot.cmd' allows you to unlock the disk from the tty as well as via ssh: # if test "${console}" = "serial" || test "${console}" = "both"; then setenv consoleargs "${consoleargs} console=ttyS0,115200"; fi
  18. Rechecked tutorial, fixed a non-critical error, removed a couple unnecessary commands. Just replace the bogus device filenames with real ones and everything will work "out of the box".
  19. Full root filesystem encryption on an Armbian/Orange Pi PC 2 system MMGen (https://github.com/mmgen) WARNING: This tutorial has been obsoleted by Full root filesystem encryption on an Armbian system. In addition, an automated script is available, which can be downloaded here or by cloning the following repository: git clone https://github.com/mmgen/mmgen-geek-tools This tutorial provides detailed, step-by-step instructions for setting up full root filesystem encryption on an Armbian/Orange Pi PC2 system. With minor changes, it can be adapted to other Armbian