I'm trying to build a RPi4 system that uses a LUKS encrypted disk.
But I cannot get the volume to be unlocked when the system boots.
I have install Fedora-Minimal-34-1.2.aarch64.raw.xz to with
arm-image-installer --target=rpi4 and that boots.
That I have added a new partition to that sdcard that I setup using this
command from Fedora 34 x86_86 system.
--type luks2 \
--cipher xchacha20,aes-adiantum-plain64 \
--hash sha256 \
--iter-time 5000 \
--pbkdf argon2i \
I got these settings from a blog on setting up crypt for debian on raspberry
I add an entry to /etc/crypttab for the volume.
When I boot the system I am not prompted for the password to unlock the
volume as I was expecting.
Looking in journalctl -b 0 I see these lines:
Apr 06 01:01:36 clef.chelsea.private systemd: dev-disk-
by\x2duuid-8c2519ae\x2d78a9\x2d44b0\x2d871f\x2d0aa2422de03a.device: Job dev-
Apr 06 01:01:36 clef.chelsea.private systemd: Timed out waiting for device
Apr 06 01:01:36 clef.chelsea.private systemd: Dependency failed for
Cryptography Setup for clef-root.
Apr 06 01:01:36 clef.chelsea.private systemd: Dependency failed for Local
Once I log in I can open the volume and mount it
$ cryptsetup luksOpen /dev/mmcblk0p4 clef-root
$ mount /dev/mapper/clef-root /mnt
I have tried updating the initrd with:
And also adding to the kernel command line:
# cat /proc/cmdline
root=UUID=67ca2085-9dab-405b-a042-ff6269816fbc ro rhgb quiet console=tty0
I have a other systems that use full disk encryption that work. But I have
failed to spot the difference between the RPi config and the working systems
Do you know what is missing or not configured?
Hmm, just noticed that the kernel command says console is tty0.
But when I log in on the console its tty1.
Show replies by date