Rasberry PI

JoeSmith · 04-11-2014, 01:31 AM

Hi guys, hope you could help me with my situation.

I possess RasberryPI with a 8GB card, and as a OS, I use Pidora, a modified Fedora on it.
I'm having big difficulties for cryping my folder on it.

Basicly I want my /opt folder crypted and at startup to be mounted (decrypted).
The startup proces can be done over a script.
Hope you can help me with this.

Regards,
Joe Smith.

TenTenths · 04-11-2014, 01:39 AM

Ok, so what have you tried so far?

You will be typing the decryption password in manually on startup yes?

JoeSmith · 04-11-2014, 01:42 AM

TenTenths, basicly I want my /opt folder encrypted, and on boot using a bash script decrypted, I've tried cryptsetup but have probles since /opt is not a parittion.

TenTenths · 04-11-2014, 01:47 AM

If you're storing the decryption key in the bash script then why bother encrypting /opt?

If you want /opt as a partition then why not re-install your O/S and create the partitioning scheme that way?

JoeSmith · 04-11-2014, 01:51 AM

TenTenths, it is a long story. /* why encrpting os when its gonna be in a bash script */

I just need it done that way. I have 2 partitions rootfs and boot.
I need /opt folder encrypted and the mounting to be done in boot proccess.

TenTenths · 04-11-2014, 02:16 AM

Ok, so go with my suggestion of re-partitioning with /opt on its own partition.

Alternatively an option where the data is encrypted in a file on the regular OS and the encrypted file is mounted on a standard mount-point. Something like: http://www.techrepublic.com/blog/lin...ems-on-linux/#.

JoeSmith · 04-11-2014, 03:32 AM

TenTenths, ok will go with a /opt as a parition.
But I have one more question for you.

Let me try to discribe you my problem, lets say you have 100 PI's and they are going to your clients. You want them protected from stealing information from you, how whould you do that?

My toughts are :
#1 SSH manually mounting partitions.
#2 Auto mounting partitions.

Do you have alternative options ?

TenTenths · 04-11-2014, 03:45 AM

It would depend on what you're encrypting, without knowing more about your requirement it's difficult to say.

Encrypting a partition is only useful if the password has to be entered manually each time or possibly if there is great physical security around the device to prevent people from booting in to single user mode and then mounting your partition with the information sitting there on the device. With a RasPi it's even easier as it's just a matter of pulling the SD card out of it as the vast majority of cases make it rather easy.

Just off the top of my head, have you thought about something like having the RasPi "phone home" over https to download the decryption password at boot time before it mounts the /opt partition?

JoeSmith · 04-11-2014, 03:48 AM

That whould be great, maybe even adding the a password on webserver and over curl to grab it and parse it into a bash script.

Thank you so much, will try to research how can I decrpyt it more.

TenTenths · 04-11-2014, 03:51 AM

You're welcome, just think "layers", the more you can add the better.