This how-to helps you to install Arch Linux on a Raspberry Pi, using an encrypted root filesystem. You will need to enter the passphrase every time you boot the device. Write speed will be slower, we got around 6-8MB/sec sequential write throughput.
p1 = 200M # /boot, set bootable flag, FAT32 (LBA) p2 = 4G # /, Linux Example fdisk output: /dev/mmcblk0p1 2048 411647 409600 200M c W95 FAT32 (LBA) /dev/mmcblk0p2 411648 8800255 8388608 4G 83 Linux
mkfs.vfat /dev/mmcblk0p1
/
(root) filesystem:cryptsetup luksFormat /dev/mmcblk0p2 WARNING! ======== This will overwrite data on /dev/mmcblk0p2 irrevocably. Are you sure? (Type uppercase yes): YES Enter passphrase: Verify passphrase:
cryptsetup open /dev/mmcblk0p2 sdroot
mkfs.ext4 /dev/mapper/sdroot
/boot
and /
(root) filesystems:cd /mnt mkdir boot root mount /dev/mmcblk0p1 /mnt/boot mount /dev/mapper/sdroot /mnt/root
wget http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-2-latest.tar.gz bsdtar -xpf ArchLinuxARM-rpi-2-latest.tar.gz -C root sync mv root/boot/* boot umount /mnt/boot mount /dev/mmcblk0p1 /mnt/root/boot
The next steps will modify the Arch Linux install on the SD card. So it can use the encrypted root filesystem.
dnf install qemu
cd /mnt/root systemd-nspawn --bind /usr/bin/qemu-arm-static -b -D /mnt/root # exit when finished with 'poweroff'
root:root
or alarm:alarm
./etc/resolv.conf
manually.rm /etc/resolv.conf #symlink vi /etc/resolv.conf
pacman -Suy poweroff
systemd-nspawn --bind /usr/bin/qemu-arm-static -b -D /mnt/root
pacman -S lvm2 cryptsetup
/etc/mkinitcpio.conf
:HOOKS="base udev autodetect modconf block lvm2 encrypt filesystems keyboard fsck"
/usr/lib/modules/
:mkinitcpio -k 4.9.28-2-ARCH -g /boot/initramfs-linux.img
Add: root=/dev/mapper/crypt_sdcard cryptdevice=/dev/mmcblk0p2:crypt_sdcard rootfstype=ext4 Example: root=/dev/mapper/sdroot cryptdevice=/dev/mmcblk0p2:sdroot rootfstype=ext4 rw rootwait console =ttyAMA0,115200 console=tty1 selinux=0 plymouth.enable=0 smsc95xx.turbo_mode=N dwc_otg.lpm_en able=0 kgdboc=ttyAMA0,115200 elevator=noop
poweroff umount /mnt/root/boot umount /mnt/root
Insert the SD card in the Raspberry Pi, power on and configure it!
hostnamectl set-hostname archpi
timedatectl set-timezone Europe/Amsterdam
vi /etc/locale.gen locale-gen localectl set-locale LANG=en_US.UTF-8
wpa_passphrase SSID PASSPHRASE > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
ctrl_interface=/run/wpa_supplicant ctrl_interface_group=wheel update_config=1 country=NL
chmod 600 wpa_supplicant-wlan0.conf systemctl enable wpa_supplicant@wlan0 systemctl enable dhcpcd@wlan0
pacman -S chrony vi /etc/chrony.conf systemctl start chrony systemctl enable chrony chronyc sources
pacman -S ufw ufw default deny ufw allow SSH ufw enable systemctl enable ufw ufw status
break=premount
to /boot/cmdline.txt. You can resume booting by exiting the shell.