Xu4 with whole FS encryption + Bitwarden

Post Reply
a334455
Posts: 7
Joined: Sun Mar 28, 2021 6:25 am
languages_spoken: english
ODROIDs: XU4
Has thanked: 0
Been thanked: 0
Contact:

Xu4 with whole FS encryption + Bitwarden

Post by a334455 »

Hi:

First of all thanks for your support. I have an XU4. I'm looking for:

- Linux with FS encrypted
- Mount Dockers + Bitwarden server.
- SFTP.

That's all.

I spend some time searching for the best way for perform full SD encryption. I saw https://wiki.archlinux.org/index.php/Dm ... ion_(GRUB) and some other tutorials. Since I was not able to boot from USB for creating my own image, I need to flash one of the existing linux images and then work on the encryption.. I was not able to install Grub on the images.

So.. my first question should be if install Grub and then follow https://wiki.archlinux.org/index.php/Dm ... ion_(GRUB) is fashionable.

If it's not for any reason, which is the best way of encrypt the full FS?.

I'm able to mount dockers + Bitwarden and SFTP without issues.. just encryption is my stopper.

Thanks

User avatar
odroid
Site Admin
Posts: 37204
Joined: Fri Feb 22, 2013 11:14 pm
languages_spoken: English, Korean
ODROIDs: ODROID
Has thanked: 1712 times
Been thanked: 1118 times
Contact:

Re: Xu4 with whole FS encryption + Bitwarden

Post by odroid »

We tested an encrypted file system on HC2/XU4 few years ago.
https://wiki.odroid.com/odroid-xu4/soft ... encryption

Since there is no grub support on the XU4, you probably need to tweak the boot.ini configuration file to mount a encrypted root file system.

a334455
Posts: 7
Joined: Sun Mar 28, 2021 6:25 am
languages_spoken: english
ODROIDs: XU4
Has thanked: 0
Been thanked: 0
Contact:

Re: Xu4 with whole FS encryption + Bitwarden

Post by a334455 »

Ok, thanks. I spent some hours on this. I saw that Uboot (https://source.denx.de/u-boot/u-boot) works on XU4 and I follow multiboot (viewtopic.php?t=15403) that allows me create an SD card on which there is a small boot partition. I saw the boot.ini. I found:

setenv bootrootfs "console=tty1 console=ttySAC2,115200n8 root=LABEL=sdlinux rootwait ro loglevel=3 fsck.repair=yes net.ifnames=0"

I think I reach a point on which I can deal with the encryption. This is what lsblk shows

(...)

sdc 8:32 1 119,1G 0 disk
├─sdc1 8:33 1 256M 0 part /media/bob/sduserdata
├─sdc2 8:34 1 8M 0 part
├─sdc3 8:35 1 8M 0 part
├─sdc4 8:36 1 1K 0 part
├─sdc5 8:37 1 8M 0 part
├─sdc6 8:38 1 256M 0 part
└─sdc7 8:39 1 118,5G 0 part /media/bob/sdlinux

I saw a lot of tutorials.. but it's not clear where do I have to start now, can anyone point me a simple list of steps for encrypt sdc7 (my rootfs) without format the content and point correctly on boot.ini this partition for starting up?

Thanks

User avatar
odroid
Site Admin
Posts: 37204
Joined: Fri Feb 22, 2013 11:14 pm
languages_spoken: English, Korean
ODROIDs: ODROID
Has thanked: 1712 times
Been thanked: 1118 times
Contact:

Re: Xu4 with whole FS encryption + Bitwarden

Post by odroid »

Is the first sdc1 partition for boot blobs?
https://wiki.odroid.com/odroid-xu4/soft ... droid-xu34
https://wiki.odroid.com/odroid-xu4/soft ... t_mainline

If you use Kernel 5.4, check boot.ini and config.ini files too.
https://github.com/mdrjr/5422_bootini/tree/5.4

a334455
Posts: 7
Joined: Sun Mar 28, 2021 6:25 am
languages_spoken: english
ODROIDs: XU4
Has thanked: 0
Been thanked: 0
Contact:

Re: Xu4 with whole FS encryption + Bitwarden

Post by a334455 »

Hola:

on sdc1 i have info for boot, yes.

sdc7 is the rootfs.

I see on SDC1 boot.ini... and so on..

User avatar
odroid
Site Admin
Posts: 37204
Joined: Fri Feb 22, 2013 11:14 pm
languages_spoken: English, Korean
ODROIDs: ODROID
Has thanked: 1712 times
Been thanked: 1118 times
Contact:

Re: Xu4 with whole FS encryption + Bitwarden

Post by odroid »

If think you need to change the UUID in the bootargs string in your boot.ini file.

a334455
Posts: 7
Joined: Sun Mar 28, 2021 6:25 am
languages_spoken: english
ODROIDs: XU4
Has thanked: 0
Been thanked: 0
Contact:

Re: Xu4 with whole FS encryption + Bitwarden

Post by a334455 »

I'm working on it.. is there any place for following the correct steps?.. I saw many places.. but I'm not sure exactly how to progress now.

Thanks

a334455
Posts: 7
Joined: Sun Mar 28, 2021 6:25 am
languages_spoken: english
ODROIDs: XU4
Has thanked: 0
Been thanked: 0
Contact:

Re: Xu4 with whole FS encryption + Bitwarden

Post by a334455 »

Well... I tried to change the boot.ini.. no success..

1) I encrypted the RootFS partition. I backup and restore the content with rsync -a.
2) I edit boot.ini. I added the crypt command for mapping the encrypted partition.

cryptosetup open /dev/sdc4 encodroid

3) I modififed boot.ini

original:



setenv bootrootfs "console=tty1 console=ttySAC2,115200n8 root=LABEL=sdlinux rootwait ro loglevel=3 fsck.repair=yes net.ifnames=0" to setenv bootrootfs "console=tty1 console=ttySAC2,115200n8 root=UUID=sdlinux rootwait ro loglevel=3 fsck.repair=yes net.ifnames=0"

Modified:

setenv bootrootfs "console=tty1 console=ttySAC2,115200n8 root=LABEL=sdlinux rootwait ro loglevel=3 fsck.repair=yes net.ifnames=0" to setenv bootrootfs "console=tty1 console=ttySAC2,115200n8 root=/dev/mapper/encodroid cryptdevice/dev/sd4:encodroid rootwait ro loglevel=3 fsck.repair=yes net.ifnames=0"


Didnt work.

Any cliue?

Thanks

a334455
Posts: 7
Joined: Sun Mar 28, 2021 6:25 am
languages_spoken: english
ODROIDs: XU4
Has thanked: 0
Been thanked: 0
Contact:

Re: Xu4 with whole FS encryption + Bitwarden

Post by a334455 »

Well... I think I'll give it up. I'm not able to do it.

One workaround could be run a livecd on SD card for creating the installation with the FS already encrypted.

any one can assist here¿

Thanks

InsideOut
Posts: 12
Joined: Sun May 13, 2018 4:02 pm
languages_spoken: english
ODROIDs: HC2
Has thanked: 3 times
Been thanked: 1 time
Contact:

Re: Xu4 with whole FS encryption + Bitwarden

Post by InsideOut »

I'm wondering why you need an encrypted file system to run bitwarden server?

Bitwarden encrypts passwords in the database.

a334455
Posts: 7
Joined: Sun Mar 28, 2021 6:25 am
languages_spoken: english
ODROIDs: XU4
Has thanked: 0
Been thanked: 0
Contact:

Re: Xu4 with whole FS encryption + Bitwarden

Post by a334455 »

Good to know, thanks. I was not completely sure about this. On top, I'm looking also for use SFTP, and the files that I'll use over SFTP, has to be encrypted on the server.

Well, I spent some more time trying to run initial linux install over my XU4, but I was not able to.

I'm out of ideas here.

Post Reply

Return to “Projects”

Who is online

Users browsing this forum: No registered users and 2 guests