Encrypt the config file of Raspbian OS image

[dylan701m]

Hello,

I need help and some expert's advise if anyone of you had an experience before in encrypting the config file of the Raspbian OS. I'm planning to deploy the Raspbian OS in a Raspi4 and I don't want to expose whatever configuration I did and let other user to reverse engineer the setup I did. How can I encrypt the config files in the SD Card? Is there way or some method to do this?

Thanks pips!

Dy

[jamesh]

This is not possible with /boot/config.txt or /boot/cmdline.txt.

Are those the ones you are thinking about?

[B.Goode]

Hello,

I need help and some expert's advise if anyone of you had an experience before in encrypting the config file of the Raspbian OS. I'm planning to deploy the Raspbian OS in a Raspi4 and I don't want to expose whatever configuration I did and let other user to reverse engineer the setup I did. How can I encrypt the config files in the SD Card? Is there way or some method to do this?

Thanks pips!

Dy

Firstly, there is no single, atomic, unique identifiable file that encapsulates the setup of a RasPIOS system. So that option can be ruled out.

Many prior posts here have critically demolished any proposed scheme for securing a RasPiOS system by software configuration alone.

There is a commercial hardware-aided option available. https://www.zymbit.com/blog-security-mo ... pberry-pi/ {Disclaimer: link provided without endorsement or recommendation, for information only.}

[dylan701m]

Hi jamesh,

Thanks for responding to my query. Actually I'm not pretty sure if that's the file that I want to encrypt and if it's safe to do it for that particular file. To expand more of what I want to do is that I don't want a standard user to alter anything that has been configured and setup in the Raspi. Since I'll be using my pi with Raspbian OS installed just to RDP a computer outside my network. Also, I want to prevent anyone to access the file(eg., if someone took my pi and then plugged in the SD card to a computer, then they are able to access the files and extract any credentials and config done) in the SDcard and change it that's why I want it to be encrypted. Can you able to advise me which file should I encrypt and what's the best tool to encrypt it? Thanks again.

[DougieLawson]

How can I encrypt the config files in the SD Card? Is there way or some method to do this?

What's your rationale behind that? What would you gain if it were not impossible?

If I have physical access to your RPi then all the software security in the world won't stop me.

[jamesh]

Hi jamesh,

Thanks for responding to my query. Actually I'm not pretty sure if that's the file that I want to encrypt and if it's safe to do it for that particular file. To expand more of what I want to do is that I don't want a standard user to alter anything that has been configured and setup in the Raspi. Since I'll be using my pi with Raspbian OS installed just to RDP a computer outside my network. Also, I want to prevent anyone to access the file(eg., if someone took my pi and then plugged in the SD card to a computer, then they are able to access the files and extract any credentials and config done) in the SDcard and change it that's why I want it to be encrypted. Can you able to advise me which file should I encrypt and what's the best tool to encrypt it? Thanks again.

You could encrypt your home folder, Google will find data on how to do that. Will be a performance hit, and if you forget you password you lose everything.