I reached this as described in this HowTo. I used armbian jessie server, which is working out of the box without obvious errors or bugs up to now.
Trying this HowTo is on your own risk!
Assumptions:
- you are working on a linux system
- you know how to work with dd
- you know how to edit files in a console with e.g. nano
Needed:
- Odroid C2
- SD-Card
- USB-Stick with at least 2GB
Preparations on a linux machine - not on the odroid yet
First of all download the armbian image and unpack it. I tried this with the server image, but it should also work with the desktop image (untested).
Then write the image with dd to your sdcard and to an usb stick. It's the same command with different devices at the "of=" parameter:
Code: Select all
sudo dd if=/path/where/your/armbianimage/is/Armbian_5.06_Odroidc2_Debian_jessie_X.XX.XX.raw of=/dev/sdX
From now on we are working on the odroid!
If you want to do this already headless on the ODROID-C2, look up the ip-address and connect to it.
At the first startup you will be asked for the initial configuration like username and so on. This is not that important, because we won't use this fs later. But don't forget the pw you have entered!
On the odroid now your usb-device should be listed as sda. If not be careful using the instructions from now on!
Code: Select all
lsblk
Code: Select all
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 1 29.9G 0 disk
├─sda1 8:1 1 64M 0 part
└─sda2 8:2 1 1.4G 0 part
mmcblk0 179:0 0 57.7G 0 disk
├─mmcblk0p1 179:1 0 64M 0 part /boot
└─mmcblk0p2 179:2 0 57.6G 0 part /
Code: Select all
mount /dev/sda2 /mnt
Code: Select all
nano /mnt/etc/network/interfaces.default
Code: Select all
# Wired adapter #1
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.200
netmask 255.255.255.0
gateway 192.168.1.2
pre-up ip addr flush dev eth0
# iface eth0 inet dhcp
# hwaddress ether # if you want to set MAC manually
# pre-up /sbin/ifconfig eth0 mtu 3838 # setting MTU for DHCP, static just: mtu 3838
#
# Wired adapter #2
#auto eth1
# iface eth1 inet dhcp
# hwaddress ether # if you want to set MAC manually
# pre-up /sbin/ifconfig eth0 mtu 3838 # setting MTU for DHCP, static just: mtu 3838
#
# Wireless adapter #1
#auto wlan0
# iface wlan0 inet dhcp
# wpa-ssid SSID
# wpa-psk xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# to generate proper encrypted key: wpa_passphrase yourSSID yourpassword
#
# Local loopback
auto lo
iface lo inet loopback
Code: Select all
nano /mnt/etc/fstab
Code: Select all
/dev/sda2 / ext4 defaults,noatime,nodiratime,commit=600,errors=remount-ro 0 1
/dev/mmcblk0p1 /boot vfat defaults 0 2
tmpfs /tmp tmpfs defaults,rw,nosuid 0 0
The line containing the boot args should look like this:
Code: Select all
nano /boot/boot.ini
Code: Select all
# ...
# Boot Arguments
setenv bootargs "root=/dev/sda2 rootwait rootflags=data=writeback rw ${condev} no_console_suspend hdmimode=${m} m_bpp=${m_bpp} vout=${vout} fsck.repair=yes loglevel=${verbosity} net.ifnames=0"
# ...
Code: Select all
mkimage -C none -A arm -T script -d /boot//boot.ini /boot/boot.scr
update-initramfs -c -k all
mkimage -A arm64 -O linux -T ramdisk -C none -a 0 -e 0 -n "uInitrd $(uname -r)" -d /boot/initrd.img-$(uname -r) /tmp/uInitrd-$(uname -r)
cp /tmp/uInitrd-$(uname -r) /boot
cp /tmp/uInitrd-$(uname -r) /media/uInitrd
After the reboot you can connect again to the odroid-c2 and you will encounter, that you have to do again the initial configuration process. That's because we are now running from the usb drive. At this point enter your desired values, because this will be later our operating system.
To verify this correct drive once more check the current mounts after doing the configuration:
Code: Select all
mount | grep /dev/sda2
Code: Select all
/dev/sda2 on / type ext4 (rw,noatime,nodiratime,errors=remount-ro,commit=600,data=writeback)
Code: Select all
mkdir boot/backup_boot_from_usb
cp boot/* boot/backup_boot_from_usb/
Code: Select all
apt-get -y install lvm2 cryptsetup parted nano rsync dropbear
List the current partitions with parted:
Code: Select all
parted -l
Code: Select all
Model: Corsair Voyager 3.0 (scsi)
Disk /dev/sda: 32.1GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 68.2MB 67.1MB primary fat16 lba
2 68.2MB 1540MB 1472MB primary ext4
Model: SD SA64G (sd/mmc)
Disk /dev/mmcblk0: 61.9GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 68.2MB 67.1MB primary fat16 lba
2 68.2MB 61.9GB 61.9GB primary ext4
Code: Select all
parted
Code: Select all
GNU Parted 3.2
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) select /dev/mmcblk0
Using /dev/mmcblk0
(parted) rm 2
(parted) mkpart primary ext4
Start? 68.2MB
End? 100%
(parted) q
Information: You may need to update /etc/fstab.
Now we have to set the correct label of the partition with fdisk:
Code: Select all
fdisk /dev/mmcblk0
Code: Select all
Welcome to fdisk (util-linux 2.25.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): t
Partition number (1,2, default 2): 2
Hex code (type L to list all codes): 8e
Changed type of partition 'Linux' to 'Linux LVM'.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Re-reading the partition table failed.: Device or resource busy
The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8).
Code: Select all
partprobe
Now our new partition is ready for the encryption. After entering this command you will be asked for a password. Select a strong one and do not forget it! Adjust the parameters, if needed:
Code: Select all
cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/mmcblk0p2
Code: Select all
cryptsetup luksOpen /dev/mmcblk0p2 lvm
Code: Select all
pvcreate /dev/mapper/lvm
vgcreate vg /dev/mapper/lvm
lvcreate -l 100%FREE -n root vg
Code: Select all
mkfs.ext4 /dev/mapper/vg-root
Code: Select all
mount /dev/mapper/vg-root /mnt
Code: Select all
rsync -av --exclude=/media --exclude=/mnt --exclude=/proc --exclude=/dev --exclude=/sys / /mnt
Code: Select all
mkdir -p /mnt/dev
mkdir -p /mnt/mnt
mkdir -p /mnt/proc
mkdir -p /mnt/sys
mkdir -p /mnt/media
mount -o rbind /dev /mnt/dev
mount -t proc proc /mnt/proc
mount -t sysfs sys /mnt/sys
mount -t vfat /dev/mmcblk0p1 /mnt/media
Code: Select all
chroot /mnt
If you want to come back to your regular root fs, type exit.
Write the UUID of the encrypted partition to /etc/crypttab[/ii]:
Code: Select all
echo lvm UUID=$(cryptsetup luksUUID /dev/mmcblk0p2) none luks|tee /etc/crypttab
Code: Select all
nano /etc/fstab
Code: Select all
/dev/mapper/vg-root / ext4 errors=remount-ro 0 1
/dev/mmcblk0p1 /boot vfat defaults 0 2
tmpfs /tmp tmpfs defaults,rw,nosuid 0 0
/var/swap none swap sw 0 0
Code: Select all
update-initramfs -t -u -k $(uname -r)
Code: Select all
mkimage -A arm64 -O linux -T ramdisk -C none -a 0 -e 0 -n "uInitrd $(uname -r)" -d /boot/initrd.img-$(uname -r) /tmp/uInitrd-$(uname -r)
Code: Select all
cp /tmp/uInitrd-$(uname -r) /boot
cp /tmp/uInitrd-$(uname -r) /media/uInitrd
Now exit chroot:
Code: Select all
exit
Code: Select all
nano /boot/boot.ini
Code: Select all
# ...
# Boot Arguments
setenv bootargs "root=/dev/mapper/vg-root cryptdevice=/dev/mmcblk0p2:lvm rootwait rootflags=data=writeback rw ${condev} no_console_suspend hdmimode=${m} m_bpp=${m_bpp} vout=${vout} fsck.repair=yes loglevel=${verbosity} net.ifnames=0"
# ...
Code: Select all
mkimage -C none -A arm -T script -d /boot//boot.ini /boot/boot.scr
Therefore we come back to our chroot fs:
Code: Select all
chroot /mnt
Code: Select all
echo DROPBEAR=y >> /etc/initramfs-tools/initramfs.conf
Code: Select all
nano /etc/initramfs-tools/initramfs.conf
Code: Select all
# ...
DEVICE=eth0 >> /etc/initramfs-tools/initramfs.conf
IP=192.168.1.222:::255.255.255.0::eth0:off
#...
Code: Select all
update-initramfs -t -u -k $(uname -r)
mkimage -A arm64 -O linux -T ramdisk -C none -a 0 -e 0 -n "uInitrd $(uname -r)" -d /boot/initrd.img-$(uname -r) /tmp/uInitrd-$(uname -r)
cp /tmp/uInitrd-$(uname -r) /boot
cp /tmp/uInitrd-$(uname -r) /media/uInitrd
Code: Select all
mkdir boot/backup_encrypted_rootfs
cp boot/* boot/backup_encrypted_rootfs/
Code: Select all
scp etc/initramfs-tools/root/.ssh/id_rsa user@192.168.1.333:/desired/path/
Code: Select all
exit
Code: Select all
ssh -i /desired/path/id_rsa root@192.168.1.222 # remember the ip configured in the initram.conf
Code: Select all
echo -n "Passphrase" > /lib/cryptsetup/passfifo; exit