To promote understanding of the two disk encryption methods described in this thread, the net result of the disk encryption process done by sdm and 0x67757300's guide should be similar, with respect to the disk encryption itself. That is to say, the resulting encrypted rootfs will be nearly identical.
That said, there are differences between the sdm automated encryption method and 0x67757300's guide:
That said, there are differences between the sdm automated encryption method and 0x67757300's guide:
- New system install
- sdm
- Fully scripted and automatic except for typing one simple command in the initramfs
- No additional software beyond sdm need be installed on the host system
- Automatic ssd/sd card partitioning
- Total times rootfs is copied: 3
- Burning the disk
- Save rootfs during initramfs encryption process
- Restore rootfs during initramfs encryption process
- After encryption SSD/SD Card is fully personalized / configured with an encrypted rootfs
- 0x67757300 guide
- All manual steps following the guide, including manual ssd/sd card partitioning (not covered in the guide)
- cryptsetup and cryptsetup-bin must be installed on the host system (not covered in the guide)
- Total times rootfs is copied: 1
- Copy virgin rootfs from unmodified IMG into encrypted rootfs on SSD/SD Card
- SSD/SD Card rootfs is encrypted but is NOT fully personalized / configured after first boot
- sdm
- Encrypting the rootfs of an already-running system
- sdm
- Fully scripted and automatic except for typing one simple command in the initramfs (does not require full sdm install)
- Total times rootfs is copied: 2 (save / restore rootfs)
- 0x67757300 guide
- No guide provided at the current time
- Would require using an initramfs-based tool (not provided) to ensure rootfs is properly copied (no sw modifying it during the copy)
- Total times rootfs would be copied: 2 (save / restore rootfs)
- sdm
Statistics: Posted by bls — Mon Jan 29, 2024 6:12 pm