I built the rootfs encryption tool mentioned by SpongeBob above in this thread. Unfortunately for you, it requires systemd to enable it.
But, fortunately for you, it does the encryption directly on the pi, which is what you said you wanted.
This method only depends on systemd for running boot-time steps, and the referenced document provides a reasonably thorough explanation of it, so if you're adept at reading bash code and sorting out how to fit it into your systemd-less environment, you should be able to use large parts of it with little change. Or you can manually perform the necessary steps without converting the code, and hope you never need to do it again![:roll:]( "Rolling Eyes")
Yes, you need to have initramfs. I can't help you sort out how to create and maintain it, but once you have a working initramfs you can lift the code from sdm-cryptconfig for function sdmluksunlock. sdmluksunlock runs in the initramfs to unlock the encrypted rootfs at boot. It's 100% systemd-free![:lol:]( "Laughing")
TL;DR Read the code in sdm-cryptconfig a few dozen times, and sort out how to implement what it does in your systemd-less environment, either manually or scripted.
But, fortunately for you, it does the encryption directly on the pi, which is what you said you wanted.
This method only depends on systemd for running boot-time steps, and the referenced document provides a reasonably thorough explanation of it, so if you're adept at reading bash code and sorting out how to fit it into your systemd-less environment, you should be able to use large parts of it with little change. Or you can manually perform the necessary steps without converting the code, and hope you never need to do it again
Yes, you need to have initramfs. I can't help you sort out how to create and maintain it, but once you have a working initramfs you can lift the code from sdm-cryptconfig for function sdmluksunlock. sdmluksunlock runs in the initramfs to unlock the encrypted rootfs at boot. It's 100% systemd-free
TL;DR Read the code in sdm-cryptconfig a few dozen times, and sort out how to implement what it does in your systemd-less environment, either manually or scripted.
Statistics: Posted by bls — Sun Dec 22, 2024 3:09 pm