Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save cpainchaud/bac37abd5e3274c33f143c85c94dbed1 to your computer and use it in GitHub Desktop.
Save cpainchaud/bac37abd5e3274c33f143c85c94dbed1 to your computer and use it in GitHub Desktop.
OrangePI 5 - Debian 11 RootFS Encryption How To

inspired from https://habet.dev/blog/raspberry-pi-encrypted-boot-with-ssh/ (archived at https://web.archive.org/web/20220821171435/https://habet.dev/blog/raspberry-pi-encrypted-boot-with-ssh/)

Download Debian for Orange Pi 5 with custom kernel

http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/service-and-support/Orange-pi-5.html which currently points to https://drive.google.com/drive/folders/1F2uc8v_EQnvsNrevDihwoymOJlFgM-dZ

Use 2 sdcards: one for boot & make the final image and the other to write the image to.

Fix from tutorial (discard option was not added): Edit /etc/crypttab and add an entry with your encrypted (raw) partition’s UUID:

crypted UUID=aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa none luks,initramfs,discard

then update boot packages/initramfs with

update-initramfs -u

Remove OrangePi's default autologin:

rm /usr/lib/systemd/system/getty@.service.d/override.conf
rm /usr/lib/systemd/system/serial-getty@.service.d/override.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment