Enter decryption passphrase at boot time remotely (without a keyboard or a mouse) on Raspberry Pi 4

Hello, I need help with entering the decryption password for my LUKS setup. Basically I want to be able to remotely boot the encrypted Raspberry Pi, without a keyboard or a mouse. After it boots, I can use VNC or ssh to connect to it from my phone. But I don’t know how to enter the decryption passphrase before it even boots.
And can I somehow start the hotspot automatically during (or right after) boot so I can use VNC or ssh into it whenever I’m not home?

Any help is appreciated and thank you so much in advance!

This, without external hardware, probably won't be possible for the / partition. For other, not for the boot process relevant partitions you probably can set up some scripts to execute by hand on a ssh connection.

If that's not what you want, you could try to get a vnc server booted up with grub (if it's used on the raspberry pi, and even then, it's probably gonna get hard). In other cases, I would recommend to run the encrypted system in a hypervisor that supports VNC access.

1 Like

Thank you for your answer, but can you please explain a bit the hypervisor thing?

A hypervisor is a application that can run other systems inside itself using virtualization. Maybe you've heard of VirtualBox, QEMU/KVM or VMware, those are hypervisors. Using a hypervisor, you can access the screen, the keyboard and the mouse (...) from outside, either the hypervisor displays a window on your screen, or you can connect to a vnc server. Also, using a hypervisor, you need assign the virtual machines (the "other systems") ram and cpu. At first I thought that a RaspberryPi's maximum was 512mb, which was already incredibly little to run ONE system, not talking yet of more. But then I crawled out from under the stone and noticed that there was a new version, the RasPi 4 with a maximum of 4GB RAM, which would make sense. So I googled and found this article from 2018. I didn't read it fully, but maybe that'll help you.

I don’t think that this is what I want, but thank you and I really do appreciate the time that you put into helping me.

1 Like

You're welcome :slight_smile:

1 Like

Did you looked at the Arch Wiki?

https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_of_the_root_(or_other)_partition

I use the systemd-tool approach. But it is on a X86_64 Plattform via Ethernet. The boot partion needs to be unencrypted and the image gets quite big. The systemd-tool uses tinyssh, which means only certs with ed25519

It looks like if it can be used on a raspberry-pi. Read the doc of mkinitcpio-systemd-tool carfully. It has a lot of options.

2 Likes

This topic was automatically closed after 90 days. New replies are no longer allowed.

Forum kindly sponsored by