Boot sata encrypted disk

[lore77]

Hi,

 

I'm trying to install new bananian 15.08 ( jassie ), in the past I installed 15.04 ( wheezy ) and setup sata encrypted disk successfully using follow instructions ( http://development-annotations.blogspot.it/2015/05/banana-pi-encrypted-sata-disk-bootstrap.html ).

 

In the new 15.08 the /boot layout changed and I need some help:

I tried to setup the root disk in the boot.cmd and compiled the boot.scr

# mainline kernel >= 4.x
#--------------------------------------------------------------------------------------------------------------------------------
setenv bootargs console=ttyS0,115200 console=tty0 console=tty1 cryptdevice=/dev/sda1:cryptroot root=/dev/mapper/cryptroot rootfstype=ext4 elevator=deadline rootwait

In particular I set follow

  cryptdevice=/dev/sda1:cryptroot root=/dev/mapper/cryptroot

 

When I boot the bananapi it will start the normal kernel and at a certain point it will ask me for the disk password, however when loaded the root partition still on the SD card, cause, I suppose, it need an initial ramdisk setup.

 

I created the initial ramdisk ( initrd and uInitrd ) but don't know how to set it on the kernel paramters using boot.cmd.

 

thanks for any suggestion

 

​

[Igor]

How are you creating on the old system?

 

Try proceeding this way:

fatload mmc 0 0x49000000 /dtb/${fdtfile}
fatload mmc 0 0x48000000 initrd
fatload mmc 0 0x46000000 zImage
bootz 0x46000000 0x48000000 0x49000000 

If you are using uImage, some adjustments / converting is needed.

 

If not, check here.

[lore77]

Thanks for directions Igor,

 

now I'll go deeper with some try...

 

in the bananian 15.04 (previous wheezy) I used follow :

bootargs=console=ttyS0,115200 console=tty0 sunxi_g2d_mem_reserve=0 sunxi_ve_mem_reserve=0 disp.screen0_output_mode=EDID:1280x720p50 hdmi.audio=EDID:0 console=tty1 cryptdevice=/dev/sda1:cryptroot root=/dev/mapper/cryptroot rootfstype=ext4 elevator=deadline raid=noautodetect rootwait

aload_script=fatload mmc 0 0x43000000 script.bin;

aload_kernel=fatload mmc 0 0x48000000 uImage; fatload mmc 0 0x49000000 uInitrd; bootm 0x48000000 0x49000000;

uenvcmd=run aload_script aload_kernel

simply was added fatload mmc 0 0x49000000 uInitrd and extended the bootm at 0x49000000.

 

 

 

While now in the 15.08 ( Jessie ), I found follow newer :

#-------------------------------------------------------------------------------
-------------------------------------------------
# Boot loader script to boot with different boot methods for old and new kernel
# Credits: https://github.com/igorpecovnik - Thank you for this great script!
#-------------------------------------------------------------------------------
-------------------------------------------------
if load mmc 0:1 0x00000000 uImage-next
then
# mainline kernel >= 4.x
#-------------------------------------------------------------------------------
-------------------------------------------------
setenv bootargs console=ttyS0,115200 console=tty0 console=tty1 cryptdevice=/dev/sda1:cryptroot root=/dev/mapper/cryptroot rootfstype=ext4 elevator=deadline rootwait
load mmc 0:1 0x49000000 dtb/${fdtfile}
load mmc 0:1 0x46000000 uImage-next
bootm 0x46000000 - 0x49000000
#--------------------------------------------------------------------------------------------------------------------------------
else
# sunxi 3.4.x
#--------------------------------------------------------------------------------------------------------------------------------
setenv bootargs console=ttyS0,115200 console=tty0 console=tty1 sunxi_g2d_mem_reserve=0 sunxi_ve_mem_reserve=0 hdmi.audio=EDID:0 disp.screen0_output_mode=EDID:1680x1050p60 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait
setenv bootm_boot_mode sec
load mmc 0:1 0x43000000 script.bin
load mmc 0:1 0x48000000 uImage
bootm 0x48000000
#--------------------------------------------------------------------------------------------------------------------------------
fi

I would to put my initial ramdisk in the mainline kernel >= 4.x section but I notice the 0x49000000 is used by the dtb/${fdtfile} that I don't know what is it.

 

[Igor]

DTB is like script.bin in old kernel, hardware definitions. 

[lore77]

solved,

 

I updated the blog page http://development-annotations.blogspot.it/2015/05/banana-pi-encrypted-sata-disk-bootstrap.html

notes for Bananian 15.08 ( Jessie ) at the end of the page there are relevant actions to enable bootstrap using initial ramdisk.

 

thx again for your directions.

[Sim0x34985034101]

I followd the same thing, however I did not pay attention enought.

I did not format the sd card as you proposed:

• /dev/mmcblk0p1 (boot partition ~20mb)
• /dev/mmcblk0p2 (sd card root partition ~1.8gb)

I rather used 1 partion and ended not being able to split into /boot on the sd and /cryptdevice on sata, cause ofcourse it expected the fs somewhere else. I would have to:

• create initial ramdisk with mkinitramfs -o /b/initrd
• create uInitrd image with cd /b ; mkimage -A arm -O linux -T ramdisk -C gzip -a 0 -e 0 -d initrd uInitrd

and

• replace /boot/boot.cmd contents with (what you wrote)
• compile boot.cmd to boot.scr with mkimage -C none -A arm -T script -d boot.cmd boot.scr

Unfortunately I can't do that, because I cant boot into the same environment anymore...

[lore77]

I suggest to retry,

If you use Bananian (15.08 Jassie ) the updated version of the guide is available here https://searchathing.com/?p=178

as reported in the Update in the head of the page from development-annotations website.

 

Just reformat the SD card ( https://searchathing.com/?p=191) and install to the disk:

- encrypted os install ( https://searchathing.com/?p=250 ) or normal os install ( https://searchathing.com/?p=248 )

 

What is important to understand for bootstrap to SATA disk is that the Banana-pi requires the SD card for the boot into the SATA disk.

If you used a sd card say of about 4GB, the 1.8GB of OS partition is only needed in the first phase when copy data from the SD to the SATA disk.

When finished all the setup the SD card will be used only for its boot partition ~20mb and the rest will not used anymore ( the boot.cmd root parameter gives information about which root partition to mount ).

 

As a second option you can try to get back the SD card boot working if you did a copy of the boot.cmd and boot.scr to the .orig files: you could try to overwrite back the boot.cmd and .scr with these files ( this can be done from an explorer window inserting the SD card with an adapter into the USB ).

[Sim0x34985034101]

I failed again. Will try with slight adjustments tomorrow and report back.

[Sim0x34985034101]

I was able to run the normal sata install.
Encrypted always failed in the final booting instance.

I will try to get into application based encryption. This is also important and I have to get started.

PS: Its a pitty that boot.cmd can not recognize the disk by /dev/disk/by-uuid.

Especially with sata disks (and encryption) this linux feature can be live saving.

 

Thank you all for your help

[vba]

How to accomplish this in Armbian? I followed the guide, but i'm not sure about creating initrd, uInitrd and the changing entries in boot.cmd?

 

EDIT:

I finally got it working. I needed to set -a flag on mkimage when making the uInitrd image:

 

# mkimage -A arm -T ramdisk -C none -n uInitrd -a 0x42000000 -d initrd uInitrd.

 

I kept the original boot.cmd and only changed:

 

root=/dev/mapper/cryptroot

 

and added:

cryptdevice=/dev/sda1:cryptroot