Enter decryption passphrase at boot time remotely (without a keyboard or a mouse) on Raspberry Pi 4

Manjaro ARM
, ,
#1

Hello, I need help with entering the decryption password for my LUKS setup. Basically I want to be able to remotely boot the encrypted Raspberry Pi, without a keyboard or a mouse. After it boots, I can use VNC or ssh to connect to it from my phone. But I don’t know how to enter the decryption passphrase before it even boots.
And can I somehow start the hotspot automatically during (or right after) boot so I can use VNC or ssh into it whenever I’m not home?

Any help is appreciated and thank you so much in advance!

#2

This, without external hardware, probably won't be possible for the / partition. For other, not for the boot process relevant partitions you probably can set up some scripts to execute by hand on a ssh connection.

If that's not what you want, you could try to get a vnc server booted up with grub (if it's used on the raspberry pi, and even then, it's probably gonna get hard). In other cases, I would recommend to run the encrypted system in a hypervisor that supports VNC access.

1 Like
#3

Thank you for your answer, but can you please explain a bit the hypervisor thing?

#4

A hypervisor is a application that can run other systems inside itself using virtualization. Maybe you've heard of VirtualBox, QEMU/KVM or VMware, those are hypervisors. Using a hypervisor, you can access the screen, the keyboard and the mouse (...) from outside, either the hypervisor displays a window on your screen, or you can connect to a vnc server. Also, using a hypervisor, you need assign the virtual machines (the "other systems") ram and cpu. At first I thought that a RaspberryPi's maximum was 512mb, which was already incredibly little to run ONE system, not talking yet of more. But then I crawled out from under the stone and noticed that there was a new version, the RasPi 4 with a maximum of 4GB RAM, which would make sense. So I googled and found this article from 2018. I didn't read it fully, but maybe that'll help you.

#5

I don’t think that this is what I want, but thank you and I really do appreciate the time that you put into helping me.

1 Like
#6

You're welcome :slight_smile:

1 Like
#7

Did you looked at the Arch Wiki?

https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_of_the_root_(or_other)_partition

I use the systemd-tool approach. But it is on a X86_64 Plattform via Ethernet. The boot partion needs to be unencrypted and the image gets quite big. The systemd-tool uses tinyssh, which means only certs with ed25519

It looks like if it can be used on a raspberry-pi. Read the doc of mkinitcpio-systemd-tool carfully. It has a lot of options.

2 Likes
#8

This topic was automatically closed after 90 days. New replies are no longer allowed.

Forum kindly sponsored by