It's not possible.pnaven03 wrote:... but i need sdcard security also, in sdcard loads my application code, if any other persons open sdcard he will not understand my code. This is my costumer requirement , please any one help me on this.
You could re-partition the SD card and create a new empty, encrypted partition. Then you put all your applications and data in this partition with the rest of the usual/generic Raspbian in the first partition, as normal. You can also encrypt the whole / partition (but not the /boot partition). You can even do this on an already setup Pi.pnaven03 wrote:Thanks for the reply,
What is the best method to provide security to my device,am disabling ssh,root access etc , but i need sdcard security also,
in sdcard loads my application code, if any other persons open sdcard he will not understand my code.
This is my costumer requirement , please any one help me on this.
Better still, we could bypass the middle-man and give your client my email address and I'll collect the fee...pnaven03 wrote:Gordon,
Thanks for the reply,
client will not accept to enter the password.
if any other methods please provide me link.
This looks really promising actually! Im also looking for an EFS solution for the RPi so I'll definitely be keeping up with zymbit.
acawley wrote: ↑Tue Feb 18, 2020 4:30 pmI'm confused by the negative responses on this, as though it is impossible to encrypt a device.
Would it not be possible to implement some form of full disk encryption on the SD card in a way that it prompts the user for a decryption key on-boot. So the user holds the secret key (a good password in their mind) which is used to decrypt the whole system?
I use full disk encryption on Windows and Linux desktops and laptops, so I had hoped that something similar might be possible on a Raspberry Pi. It would be good peace of mind to know that SSH keys were secured in the event of physical theft.
Although perhaps the full disk encryption I use on some of my Windows & Linux systems relies on complicated boot processes that simply aren't possible on the Pi hardware, I'm not sure?
I'm thinking of things like VeraCrypt (or other Linux alternatives).
For me I have Pi Zero's in headless situations which are powered on for a long time (weeks continiously). Even if I had to plug a keyboard in on first boot to enter in my password blindly I would prefer that if I knew it was more secure in the event of theft / power-down.
if you use an initrd, you can easily encrypt the ext4 partition, but you still have problems (that might have already been mentioned in this thread)peterlite wrote: ↑Sat Apr 22, 2017 2:26 amYou cannot encrypt the Ext4 partition because the boot code in the FAT partition can not read an encrypted partition. You would have to split the Ext4 partition in two, one for the operating system and one for your encrypted data.
Big computers have encryption at the disk level because they have megabytes of BIOS running before booting the operating system. To do that, you need a big processor with a noisy fan or a dedicated encryption chip. $$$$