[systemd-devel] Add LUKS disk to an Raspberry Pi 4 install
Barry Scott
barry at barrys-emacs.org
Sat Sep 25 16:47:44 UTC 2021
[I originally ask this question on the Fedora ARM list, but got no reply]
I'm trying to build a RPi4 system that uses a LUKS encrypted disk.
But I cannot get the volume to be unlocked when the system boots.
I have installed Fedora-Minimal-34-1.2.aarch64.raw.xz to with
arm-image-installer --target=rpi4 and that boots.
Then I have added a new partition to that sdcard that I setup using this
command on a Fedora 34 x86_86 system.
cryptsetup \
--type luks2 \
--cipher xchacha20,aes-adiantum-plain64 \
--hash sha256 \
--iter-time 5000 \
--pbkdf argon2i \
luksFormat ${DEVICE}
I got these settings from a blog on setting up LUKS for debian on raspberry
pi.
I add an entry to /etc/crypttab for the volume.
When I boot the system I am not prompted for the password to unlock the
volume as I was expecting.
Looking in journalctl -b 0 I see these lines:
Apr 06 01:01:36 clef.chelsea.private systemd[1]: dev-disk-
by\x2duuid-8c2519ae\x2d78a9\x2d44b0\x2d871f\x2d0aa2422de03a.device: Job dev-
disk-by\x2duuid-8c2519ae\x2d78a9\x2d44b0\x2d871f\x2d0aa2422de03a.device/start
timed out.
Apr 06 01:01:36 clef.chelsea.private systemd[1]: Timed out waiting for device
/dev/disk/by-uuid/8c2519ae-78a9-44b0-871f-0aa2422de03a.
Apr 06 01:01:36 clef.chelsea.private systemd[1]: Dependency failed for
Cryptography Setup for clef-root.
Apr 06 01:01:36 clef.chelsea.private systemd[1]: Dependency failed for Local
Encrypted Volumes.
Once I login I can open the volume and mount it
$ cryptsetup luksOpen /dev/mmcblk0p4 clef-root
$ mount /dev/mapper/clef-root /mnt
I have tried updating the initrd with:
dracut --force.
And also adding to the kernel command line:
# cat /proc/cmdline
BOOT_IMAGE=(hd0,msdos2)/vmlinuz-5.11.12-300.fc34.aarch64
root=UUID=67ca2085-9dab-405b-a042-ff6269816fbc ro rhgb quiet console=tty0
rd.luks.uuid=8c2519ae-78a9-44b0-871f-0aa2422de03a
I have a other systems that use full disk encryption that work. But I have
failed to spot the difference between the RPi config and the working systems
config.
Do you know what is missing or not configured?
Hmm, just noticed that the kernel command says console is tty0.
But when I log in on the console its tty1.
Barry
More information about the systemd-devel
mailing list