pnaven03
Posts: 139
Joined: Thu Feb 16, 2017 5:21 pm

Securing SD card Image by encrypting in raspberry pi 3

Fri Apr 21, 2017 1:55 pm

Hi Team,

We are using Raspberry pi 3 and kernel version Linux raspberrypi 4.4.11-v7+ #888 SMP Mon May 23 20:10:33 BST 2016 armv7l GNU/Linux,How my sdcard image encrypting,this is for the security purpose please any one can help on this.

Regards,
Nv

mattmiller
Posts: 2247
Joined: Thu Feb 05, 2015 11:25 pm

Re: Securing SD card Image by encrypting in raspberry pi 3

Fri Apr 21, 2017 2:34 pm

Short answer is no - cant be done in any way that makes sense.
No way of securing a Pi image on an SD card that is of any practical use.

peterlite
Posts: 720
Joined: Sun Apr 17, 2016 4:00 am

Re: Securing SD card Image by encrypting in raspberry pi 3

Sat Apr 22, 2017 2:26 am

You cannot encrypt the Ext4 partition because the boot code in the FAT partition can not read an encrypted partition. You would have to split the Ext4 partition in two, one for the operating system and one for your encrypted data.

Big computers have encryption at the disk level because they have megabytes of BIOS running before booting the operating system. To do that, you need a big processor with a noisy fan or a dedicated encryption chip. $$$$

pnaven03
Posts: 139
Joined: Thu Feb 16, 2017 5:21 pm

Re: Securing SD card Image by encrypting in raspberry pi 3

Sat Apr 22, 2017 10:03 am

Thanks for the reply,

What is the best method to provide security to my device,am disabling ssh,root access etc , but i need sdcard security also,
in sdcard loads my application code, if any other persons open sdcard he will not understand my code.
This is my costumer requirement , please any one help me on this.

Regards,
Nv

User avatar
DougieLawson
Posts: 40167
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Securing SD card Image by encrypting in raspberry pi 3

Sat Apr 22, 2017 10:49 am

pnaven03 wrote:... but i need sdcard security also, in sdcard loads my application code, if any other persons open sdcard he will not understand my code. This is my costumer requirement , please any one help me on this.
It's not possible.
Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

User avatar
gordon@drogon.net
Posts: 2023
Joined: Tue Feb 07, 2012 2:14 pm
Location: Devon, UK
Contact: Website Twitter

Re: Securing SD card Image by encrypting in raspberry pi 3

Mon Apr 24, 2017 5:31 pm

pnaven03 wrote:Thanks for the reply,

What is the best method to provide security to my device,am disabling ssh,root access etc , but i need sdcard security also,
in sdcard loads my application code, if any other persons open sdcard he will not understand my code.
This is my costumer requirement , please any one help me on this.

Regards,
Nv
You could re-partition the SD card and create a new empty, encrypted partition. Then you put all your applications and data in this partition with the rest of the usual/generic Raspbian in the first partition, as normal. You can also encrypt the whole / partition (but not the /boot partition). You can even do this on an already setup Pi.

Downsides -
(a) You/Someone will need to provide the password at boot time every time the Pi is booted. Unattended reboots will not be possible. This may or may not be acceptable to you or your client.
(b) It will be slower than it already is.
(c) google it - the first 2 links I got told me all I needed to know.
(d) You have not thought of this yourself. If I were your client, you'd be sacked by now.

First link on google: https://github.com/NicoHood/NicoHood.gi ... n-Tutorial

-Gordon
--
Gordons projects: https://projects.drogon.net/

pnaven03
Posts: 139
Joined: Thu Feb 16, 2017 5:21 pm

Re: Securing SD card Image by encrypting in raspberry pi 3

Tue Apr 25, 2017 9:09 am

Gordon,

Thanks for the reply,

client will not accept to enter the password.
if any other methods please provide me link.

Regards,
Nv

User avatar
RaTTuS
Posts: 10600
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK
Contact: Twitter YouTube

Re: Securing SD card Image by encrypting in raspberry pi 3

Tue Apr 25, 2017 9:25 am

other ideas - all are defeatable
hot glue the sdcard into place
make tamper proof case
make the code work via a internet connection and only allow from authorized hosts
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

User avatar
gordon@drogon.net
Posts: 2023
Joined: Tue Feb 07, 2012 2:14 pm
Location: Devon, UK
Contact: Website Twitter

Re: Securing SD card Image by encrypting in raspberry pi 3

Tue Apr 25, 2017 12:52 pm

pnaven03 wrote:Gordon,

Thanks for the reply,

client will not accept to enter the password.
if any other methods please provide me link.

Regards,
Nv
Better still, we could bypass the middle-man and give your client my email address and I'll collect the fee...

-Gordon
--
Gordons projects: https://projects.drogon.net/

User avatar
RaTTuS
Posts: 10600
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK
Contact: Twitter YouTube

Re: Securing SD card Image by encrypting in raspberry pi 3

Fri Jul 07, 2017 1:44 pm

How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

haggy
Posts: 5
Joined: Sat Nov 05, 2016 9:23 pm

Re: Securing SD card Image by encrypting in raspberry pi 3

Fri May 18, 2018 6:11 pm

This looks really promising actually! Im also looking for an EFS solution for the RPi so I'll definitely be keeping up with zymbit.

le_
Posts: 1
Joined: Mon Oct 14, 2019 6:50 am

Re: Securing SD card Image by encrypting in raspberry pi 3

Mon Oct 14, 2019 7:01 am

Is it possible to use chroot with encryption?
Instead of encrypting the entire disk, it might be possible to encrypt a single partition. The raspbian system would boot normally, and then you could mount and load the chroot from the encrypted partition...
And anything that requires encryption protection could be transferred to chroot.

acawley
Posts: 51
Joined: Sun Feb 24, 2013 8:22 pm

Re: Securing SD card Image by encrypting in raspberry pi 3

Tue Feb 18, 2020 4:30 pm

I'm confused by the negative responses on this, as though it is impossible to encrypt a device.

Would it not be possible to implement some form of full disk encryption on the SD card in a way that it prompts the user for a decryption key on-boot. So the user holds the secret key (a good password in their mind) which is used to decrypt the whole system?

I use full disk encryption on Windows and Linux desktops and laptops, so I had hoped that something similar might be possible on a Raspberry Pi. It would be good peace of mind to know that SSH keys were secured in the event of physical theft.

Although perhaps the full disk encryption I use on some of my Windows & Linux systems relies on complicated boot processes that simply aren't possible on the Pi hardware, I'm not sure?

I'm thinking of things like VeraCrypt (or other Linux alternatives).

For me I have Pi Zero's in headless situations which are powered on for a long time (weeks continiously). Even if I had to plug a keyboard in on first boot to enter in my password blindly I would prefer that if I knew it was more secure in the event of theft / power-down.

Any thoughts?

User avatar
B.Goode
Posts: 10725
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: Securing SD card Image by encrypting in raspberry pi 3

Tue Feb 18, 2020 4:40 pm

acawley wrote:
Tue Feb 18, 2020 4:30 pm
I'm confused by the negative responses on this, as though it is impossible to encrypt a device.

Would it not be possible to implement some form of full disk encryption on the SD card in a way that it prompts the user for a decryption key on-boot. So the user holds the secret key (a good password in their mind) which is used to decrypt the whole system?

I use full disk encryption on Windows and Linux desktops and laptops, so I had hoped that something similar might be possible on a Raspberry Pi. It would be good peace of mind to know that SSH keys were secured in the event of physical theft.

Although perhaps the full disk encryption I use on some of my Windows & Linux systems relies on complicated boot processes that simply aren't possible on the Pi hardware, I'm not sure?

I'm thinking of things like VeraCrypt (or other Linux alternatives).

For me I have Pi Zero's in headless situations which are powered on for a long time (weeks continiously). Even if I had to plug a keyboard in on first boot to enter in my password blindly I would prefer that if I knew it was more secure in the event of theft / power-down.

Any thoughts?

At least 2 of the responses were positive and drew attention to a possible solution.

Repeated here: https://community.zymbit.com/t/encrypti ... -crypt/150

acawley
Posts: 51
Joined: Sun Feb 24, 2013 8:22 pm

Re: Securing SD card Image by encrypting in raspberry pi 3

Tue Feb 18, 2020 4:46 pm

Apologies! I did indeed miss that link it seems, thank you for bringing it to my attention, I will certainly be giving it a read and a go myself when I have time.

Anyone out there given it a go? What were your experiences?

cleverca22
Posts: 1865
Joined: Sat Aug 18, 2012 2:33 pm

Re: Securing SD card Image by encrypting in raspberry pi 3

Sat Feb 29, 2020 3:44 am

peterlite wrote:
Sat Apr 22, 2017 2:26 am
You cannot encrypt the Ext4 partition because the boot code in the FAT partition can not read an encrypted partition. You would have to split the Ext4 partition in two, one for the operating system and one for your encrypted data.

Big computers have encryption at the disk level because they have megabytes of BIOS running before booting the operating system. To do that, you need a big processor with a noisy fan or a dedicated encryption chip. $$$$
if you use an initrd, you can easily encrypt the ext4 partition, but you still have problems (that might have already been mentioned in this thread)

the password to decrypt that ext4 end, must enter the pi somehow, either by being in the fat32 partition (then you have no security) or by entering it on the keyboard every time you boot (then it cant boot without your permission)

dustnbone
Posts: 397
Joined: Tue Nov 05, 2019 2:49 am

Re: Securing SD card Image by encrypting in raspberry pi 3

Sat Feb 29, 2020 4:15 am

Doing this in a way that doesn't require a key being stored unencrypted, or a password to be entered at boot, or some kind of other authentication mechanism, is physically impossible.

You can encrypt things to your hearts content, but the decryption key needs to be provided somehow if you plan to access said encrypted data.

Return to “General programming discussion”