Full disk encryption on Lime2?

Started by unicorn, September 23, 2019, 11:20:17 PM

Previous topic - Next topic

unicorn

Hello there!

I am intending to set up full disk encryption for my Lime2 server since it will contain sensitive data and I would like to have it secured in the best way possible from physical access. (I am aware of limitations)

My setup is intended to be unlockable via SSH, so there would be a boot partition with dropbear and cryptsetup that can unlock the root luks container.

I did some research and found that there are some Armbian build options for this purpose:
CRYPTROOT_ENABLE, CRYPTROOT_PASSPHRASE, CRYPTROOT_SSH_UNLOCK, CRYPTROOT_SSH_UNLOCK_PORT and CRYPTROOT_PARAMETERS.

I do not have experience building big things like this and am afraid of messing up some other part of the build process (bad choice of values or some other messup), so I wanted to ask if there is a simpler way. Do you have some other way, or perhaps some help with the building process?

Thank you in advance!

tebin

I'm very much interested in this approach. I'm plan to acquire Lime2 and I want to get all the protection in place. I've been running luks-encryption on the systems I use for years, it's always been worth the effort, and with care, I have not lost any data.
Great challenge to get it on LIME2!

oly

Hi there,

Did you achieve your goal ?