Full Disk Encryption


 Share

0
Go to solution Solved by Werner,

Recommended Posts

Are there any plans to add an option for full disk encryption to the installer ? I am using the RockPro64 if that matters. I notice that no ARM distro I have tried supports this for the RockPro64 currently so i'm not sure if it is just a low priority or if there is a techncial reason to not have it. Regardless if it's doable I would appreciate it being added down the road.

Link to post
Share on other sites

Donate and support the project!

I hate to be the pedantic one here, but with cryptography, minor differences are very important.

 

Root filesystem encryption is possible. Full disk encryption is generally *not* possible with Armbian (or ARM SBC's in general). So, technical issue that this doesn't exist.

 

The problem is that software based cryptography, the system must be able to load the software before it can decrypt anything else. Your boot partition is generally unencrypted, which can be a major issue.

 

Actual Full Disk Encrption uses special drives that can play magic tricks such as multiple boot sectors and modification-resistant boot images. Most ARM SBCs will not boot from these drives.

 

You might be able to do it with the EspressoBin, as it can boot directly off SATA. But I think @Igor and the team have some broken glass they'd rather eat.

Link to post
Share on other sites

7 hours ago, tparys said:

have some broken glass they'd rather eat.


Good one. :lol: And sadly true.

 

I think disk encryption matters most when you are using spinning hard drives and you can safely discard them when they fail. With assumption decryption keys are some other media. You can easily do encryption with ZFS as well ...

 

On 1/2/2022 at 6:36 AM, PublicLewdness said:

Are there any plans


After months of preparation we are starting our 1st project (refactoring of https://github.com/armbian/config tool) outside of our primary job - maintaining build framework and (unnecessary) hardware support to cover what vendors and chip vendors lack. Since we are unable to do it alone, we need to hire 3rd party help and before that we have to raise money. We got some, but that won't do to finish this.

 

There are no plans / resources to work on anything from this Features request subforum. 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

0