switch Posted October 1, 2019 Posted October 1, 2019 I'm attempting to build an image for the ROC-RK3328-CC (Renegade) with cryptroot encryption (and SSH unlock) enabled, but I run into weird behavior. The board will start and I can SSH in and reach the BusyBox prompt. So far so good but from what I've gathered I should enter the command "unlock" there to display the cryptroot password prompt. However it only results in the message -sh: unlock: not found. I read somewhere else the command might be "cryptroot-unlock" but that instead gives nothing, not even the error message. Furthermore, regardless whether I enter any commands, around 10 seconds into the SSH session it will freeze and I eventually get kicked off with a broken pipe error. I suspect the board is restarting by itself but it is difficult to verify because it is running headless. After a few seconds I'm able to SSH in again for another ~10 sec session. Building it without cryptroot works just fine and the board starts normally and I can SSH in. I have not tested building it with cryptroot only (without the SSH-unlock ability), because again it is difficult to verify due to the headless setup. Has anyone run into these kind of behavior when building Armbian images with cryptroot setup or have any idea what's gone wrong? Is it a bug in the build cryptroot feature? Below is my config-default.conf KERNEL_ONLY="no" KERNEL_CONFIGURE="no" CLEAN_LEVEL="make,debs,oldcache" DEST_LANG="en_US.UTF-8" EXTERNAL_NEW="prebuilt" INSTALL_HEADERS="yes" LIB_TAG="master" USE_TORRENT="yes" CARD_DEVICE="/dev/sdb" BOARD="renegade" RELEASE="buster" BUILD_MINIMAL="yes" CRYPTROOT_ENABLE="yes" CRYPTROOT_PASSPHRASE="password" CRYPTROOT_SSH_UNLOCK="yes" CRYPTROOT_SSH_UNLOCK_PORT="2222"
Igor Posted October 1, 2019 Posted October 1, 2019 6 hours ago, switch said: Has anyone run into these kind of behavior when building Armbian images with cryptroot setup or have any idea what's gone wrong? Is it a bug in the build cryptroot feature? This feature was a work from someone that was not a part of the core group. I said: do it and if it doesn't break anything we will accept it. We are unable to support it so functionality will be either removed or if someone takes a look what is wrong. I saw other people reporting, so its indeed broken.
switch Posted October 3, 2019 Author Posted October 3, 2019 On 10/2/2019 at 3:57 AM, Igor said: This feature was a work from someone that was not a part of the core group. I said: do it and if it doesn't break anything we will accept it. We are unable to support it so functionality will be either removed or if someone takes a look what is wrong. I saw other people reporting, so its indeed broken. This is unfortunate because building an image with cryptroot pre-installed is a very useful feature to have, doing it manually later is hell. I'll create a Github issue and ping the author of the pull to see if he or anyone else is able to fix it.
Igor Posted October 3, 2019 Posted October 3, 2019 3 hours ago, switch said: This is unfortunate because building an image with cryptroot pre-installed is a very useful feature to have, doing it manually later is hell. Development is nice and glorious. Most of people like to do that. Me included. Hell is maintaining this project with our private time. 3 hours ago, switch said: I'll create a Github issue and ping the author of the pull to see if he or anyone else is able to fix it. Good idea. Let's see.
kimidare Posted October 19, 2019 Posted October 19, 2019 On 10/1/2019 at 4:41 PM, switch said: because again it is difficult to verify due to the headless setup. Don't you have a usb-ttl thing? http://wiki.t-firefly.com/ROC-RK3328-CC/debug.html
Recommended Posts