Raspi3PlusFan
Posts: 1
Joined: Wed Apr 24, 2019 10:20 pm

Any OS installer for Raspberry Pi 3 Plus with full encryption included?

Wed Apr 24, 2019 10:33 pm

Hello,

I've been trying for weeks to get my Raspberry Pi 3 Plus fully encrypted, so far with no success, using instructions like this one:
https://github.com/NicoHood/NicoHood.gi ... n-Tutorial

Tired of all the work entering endless command-line statements without success.

I don't care what OS it is, as long as it can run an Owncloud Server on my Pie.

What I want is simply an installer for my Pi that encrypts the target installation drive right during setup.
Just like the Ubuntu Live CD for PC does.
I've been missing the dialog asking for encryption of the target drive in the Ubuntu Mate for Raspberry Pie setup.

I understand the Raspberry Pie images are just flashed with Etcher to the target drive right away, so the rest is just some initial on-drive setup on first boot.
So what I need is really an installer that resides on my SD card, and that asks me to select target partitions on an attached USB drive and offers the option to encrypt them and do all the necessary auto-mount config for me.
So that after setup, all I have to do is enter the Password at boot.

Why is that so hard to find?

User avatar
Joel_Mckay
Posts: 288
Joined: Mon Nov 12, 2012 10:22 pm
Contact: Website

Re: Any OS installer for Raspberry Pi 3 Plus with full encryption included?

Fri Apr 26, 2019 8:48 am

Raspi3PlusFan wrote:
Wed Apr 24, 2019 10:33 pm
Why is that so hard to find?
It is not difficult, but may be counter-intuitive to new users given the signal-to-noise ratio in web search results.
LMGTFY: https://www.kali.org/tutorials/secure-kali-pi-2018/

Since the OS files are signed within apt one can usually just encrypt the user /home on public systems, setup a unique os audit tripwire, and mount the password-protected partition key over a secured remote NFS. Also, this setup still is only really "secure" if a hardware IDS is always on... ;-)

The reason why it is not popular on ARM platforms is:
1. a minor flash-disk error can corrupt things quite badly
2. it slows down the user experience (especially if you encrypted /root and swap)
3. Often requires restructuring the disk layout
4. There is a lot of posts around that make the wrong recommendations

Relevant: https://www.xkcd.com/538/

Best of luck,
J

Return to “Advanced users”