The L5 has only about 30G of memory. I want to extend it with an SD card. However, I want the SD card to be encrypted (luks container). To this end, inserted an SD card and encrypted it
cryptsetup luksFormat /dev/sda
Then, I copied the /etc/crypttab entry for crypt_root to another line, changed the name to crypt_sd, updated the UUID, and added nofail to the options.
At boot, I get a screen to put in my passphrase for the root partition. I put this in, and then I am presented with ANOTHER password screen, but only for about 0.2 seconds. This screen goes away and I get some tty-esque text output which is asking for a passphrase for about 1 second before it boots normally.
It seems like it decrypts root normally, but doesn’t give me enough time to type the passphrase for the sd card. Then, it boots normally ignoring the failed decrypt.
Has anyone gotten encrypted sd cards to open at boot? If so, How did you do it? Is there something wrong with my crypttab entry above?
Hmm. I don’t like the idea of having a key hanging around on disk, but maybe it is fine since my root is encrypted? I would rather enter a passphrase at boot like with the root drive, but I suppose this will do. Thanks!
You need to create the directory to write the key to. You could put your key anywhere, but in the example, it is being written to /etc/luks-keys/, so you should make that:
Thank you!!
Please, I’m trying this step:
“ –Add to /etc/crypttab”
But when I digit: sudo gedit /etc/crypttab
Terminal replies:
Gtk-WARNING … cannot open display: :0
How can I add my “ sdb1_crypt UUID=2a2375bf-2262-413c-a6a8-fbeb14659c85 /etc/luks-keys/disk_secret_key luks” to crypttab?
I don’t know vim command
Could you, please, type here the command?
Thank you
Here is an alternative method to create an SD Card that will automatically decrypt on the Librem 5 utilizing GNOME Disks. The application should be preinstalled on the device
Before doing these steps check out this thread. It appears that GNOME may have some issues but let me know if I am wrong:
Shutdown and Insert your SD card into the Librem 5.
It fits alongside your SIM Card in your SIM card tray.
Open GNOME Disks from the application menu.
Select the SD card from the list of storage devices on the left.
Format the SD card by clicking the gear icon and selecting “Format Partition…”
Click the + sign
You will then wanna select “Internal disk for use with Linux systems only” as well as "Password protect volume (LUKS)
It should prompt you for the encryption password.
Set up automatic decryption:
Open the “Disks” menu at the top-right of the GNOME Disks application.
Go to “Edit Encryption Options.”
Swipe to the left “Session Defaults”
Check the option “Unlock at system startup”
Make sure to fill in the section titled “passphrase” with the associated encryption password
PS Note that the above procedure will result in the passphrase for the encrypted SD card being stored in plain text in the root file system. So that is really only acceptable if the root file system itself is encrypted.
(A corollary to that is that “unlock at system startup” should only be used when the contents of the SD card have a confidentiality that is no greater than the confidentiality of the root file system.)
I tried this alternative method using GNOME Disks first, and found myself stuck in the boot issue others have had (my apologies, I can no longer find the post) where during boot up, after I type in my main encryption password, it asks for the encryption password for the SD card but doesn’t offer a keyboard and in any case, only does so for a second or two before shutting down again.
