I'm trying to build a RPi4 system that uses a LUKS encrypted disk.
But I cannot get the volume to be unlocked when the system boots.
I have install Fedora-Minimal-34-1.2.aarch64.raw.xz to with
arm-image-installer --target=rpi4 and that boots.
That I have added a new partition to that sdcard that I setup using this
command from Fedora 34 x86_86 system.
cryptsetup \
--type luks2 \
--cipher xchacha20,aes-adiantum-plain64 \
--hash sha256 \
--iter-time 5000 \
--pbkdf argon2i \
luksFormat ${DEVICE}
I got these settings from a blog on setting up crypt for debian on raspberry
pi.
I add an entry to /etc/crypttab for the volume.
When I boot the system I am not prompted for the password to unlock the
volume as I was expecting.
Looking in journalctl -b 0 I see these lines:
Apr 06 01:01:36 clef.chelsea.private systemd[1]: dev-disk-
by\x2duuid-8c2519ae\x2d78a9\x2d44b0\x2d871f\x2d0aa2422de03a.device: Job dev-
disk-by\x2duuid-8c2519ae\x2d78a9\x2d44b0\x2d871f\x2d0aa2422de03a.device/start
timed out.
Apr 06 01:01:36 clef.chelsea.private systemd[1]: Timed out waiting for device
/dev/disk/by-uuid/8c2519ae-78a9-44b0-871f-0aa2422de03a.
Apr 06 01:01:36 clef.chelsea.private systemd[1]: Dependency failed for
Cryptography Setup for clef-root.
Apr 06 01:01:36 clef.chelsea.private systemd[1]: Dependency failed for Local
Encrypted Volumes.
Once I log in I can open the volume and mount it
$ cryptsetup luksOpen /dev/mmcblk0p4 clef-root
$ mount /dev/mapper/clef-root /mnt
I have tried updating the initrd with:
dracut --force.
And also adding to the kernel command line:
# cat /proc/cmdline
BOOT_IMAGE=(hd0,msdos2)/vmlinuz-5.11.12-300.fc34.aarch64
root=UUID=67ca2085-9dab-405b-a042-ff6269816fbc ro rhgb quiet console=tty0
rd.luks.uuid=8c2519ae-78a9-44b0-871f-0aa2422de03a
I have a other systems that use full disk encryption that work. But I have
failed to spot the difference between the RPi config and the working systems
config.
Do you know what is missing or not configured?
Hmm, just noticed that the kernel command says console is tty0.
But when I log in on the console its tty1.
Barry
Just not
_______________________________________________
arm mailing list -- arm@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to arm-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/arm@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
