albumrest.blogg.se

25 Juni 2023 - 17:56
Rpi wipefs
Allmänt
Rpi wipefs








rpi wipefs
  1. #RPI WIPEFS HOW TO#
  2. #RPI WIPEFS INSTALL#
  3. #RPI WIPEFS UPDATE#
  4. #RPI WIPEFS OFFLINE#
  5. #RPI WIPEFS DOWNLOAD#

I am not sure if the order matters or not.

#RPI WIPEFS UPDATE#

Now let’s update the files on boot partition to reflect the changes: add this to cmdline.txt rd.neednet=1 ip=dhcpĪnd change the value of root and add a cryptdevice entry before it. While /etc/crypttab says that you should not have the root partition listed, it is needed for crypt-ssh module to work: crypt /dev/mmcblk0p2 none luks Put the following into /etc/fstab: /dev/mapper/crypt / ext4 defaults,noatime 0 1

rpi wipefs

Configuring LUKSīefore you generate a dracut image, we need to adjust fstab for this change. I blacklisted btrfs because it was spamming my dmesg log. We shouldn’t even need a shell in dracut, because there will only be one command to execute over ssh. I blacklisted bash and dash because I prefer busybox so why have them. I also used the following dracut configuration, which you can place in nf: omit_dracutmodules+="bash dash btrfs" # cat /root/.dracut/ssh_dracut_ecdsa_key.pub > /root/.dracut/authorized_keys # cat /root/.dracut/ssh_dracut_rsa_key.pub > /root/.dracut/authorized_keys # chmod 700 /root/.dracut/authorized_keys Now add the key(s) to authorized keys: # touch /root/.dracut/authorized_keys Using passphrases made dropbear_convert fail for me, so do not use them. # ssh-keygen -t ecdsa -f /root/.dracut/ssh_dracut_ecdsa_key # ssh-keygen -t rsa -f /root/.dracut/ssh_dracut_rsa_key We generate ssh keys like so: # umask 0077 Similarly, dropbear_acl can be left as is, but I strongly recommend creating a separate authorized_keys file because these can be easily extracted from initrd later on. I also changed the port to 22, you can leave the default 222. Change the values in crypt-ssh module’s configuration file /etc//nf: dropbear_port="22"ĭropbear_rsa_key="/root/.dracut/ssh_dracut_rsa_key"ĭropbear_ecdsa_key="/root/.dracut/ssh_dracut_ecdsa_key"ĭropbear_acl="/root/.dracut/authorized_keys" Let’s configure dracut now following the tutorial at the project’s github site.

#RPI WIPEFS INSTALL#

Install the required packages for LUKS and ssh in initrd, as well as the crypt-ssh module: # xbps-install -S cryptsetup dropbear dracut-crypt-ssh busybox It was enabled by default on my system, so just check that it is running with sv status ntpd.

#RPI WIPEFS DOWNLOAD#

Void Linux wiki also tells you to start ntpd with sv start ntpd for https certificates to work (required for xbps to download packages). Set your hostname with the command hostname your-hostname and also put this hostname in /etc/hostname. Connect via ssh (user: root, password: voidlinux). Insert the SD card to your Raspberry Pi and boot it up. # echo '/dev/mmcblk0p1 /boot vfat defaults 0 0' > rootfs/etc/fstab (parted) mkpart primary fat32 2048s 256MB Remember to replace sdX with your SD card’s path in /dev which you can look up with the command fdisk -l. Alternatively, you can follow the commands I used below. Install Void Linux like you normally would by following these steps on an existing Linux machine. You can skip the first step if you have Void Linux already running on your Raspberry Pi. I found multiple tutorials, which I made work together in this one.

#RPI WIPEFS OFFLINE#

I have a strong belief that all offline storage should be encrypted today.

#RPI WIPEFS HOW TO#

I was trying to find a tutorial on how to make an encrypted root partition work with Raspberry Pi. One of the advantages for me was the absence of systemd and the presence of musl libc, my admiration for which I shared in a recent blog post about Alpine Linux. So I have decided to go Void Linux on all my machines. Util-linux: /usr/share/man/man8/wipefs.8.#linux #luks #raspberrypi #howto #installation #voidlinux Or if wipefs is already installed and you need the package name % apt-file search "$(which wipefs)" Other examples for apt-file % apt-file search -regex "/wipefs$" To use apt_file you have to install it sudo apt-get install apt_file We know, that we search the binary, usually located in /bin, /usr/bin or /sbin, therefore your package name is util-linux and you can install it, as said with sudo apt-get install util-linux Util-linux: /usr/share/man/man8/wipefs.8.gz Util-linux: /usr/share/bash-completion/completions/wipefs Manpages-fr-extra: /usr/share/man/fr/man8/wipefs.8.gz Manpages-de: /usr/share/man/de/man8/wipefs.8.gz But in your case apt-file search wipefs is the better choice.

rpi wipefs

Apt-cache is a good idea if you now the package name.










Rpi wipefs
0 kommentar(er)
Om Mig: