Pablo,
I have performed a secure erase with MiniTool Partition Wizard 12 on Windows 10, and also a second time on Linux with the following command to prepare the disk for encryption.
Code: Select all
sudo cryptsetup open --type plain -d /dev/urandom /dev/sdb secure_erase
sudo dd if=/dev/zero of=/dev/mapper/secure_erase count=1024 bs=1024 status=progress
sudo cryptsetup close secure_erase
I have never encrypted my USB HDD; therefore, I do not need to wipe any previous LUKS header with the command bellow. In case some are reading this and need to do this, the command to type is below, regardless of LUKS version (LUKS1 = 256 bit // LUKS2 = 512 bit)
Code: Select all
sudo dd if=/dev/urandom of=/dev/sdX1 count=40960 bs=512
This
git page from Styper could perhaps be ported to CentOS 8 ? For me the issue is that both the HDMI ports on the Pi4 are no longer working and I cannot see the TV output, there was two tiny chips underneath the board, HDMI area, that were accidentally removed because of tape...
I am ready to create the partitions to later use with LVM2 and LUKS2.
OR instead, do I type "
pvcreate /dev/sdb" and later encrypt the "
/boot" partition with LUKS1 only? i am confused on this part. If I do this, then creating the partitions at this stage is not necessary.
Code: Select all
sudo fdisk /dev/sdb
** Device does not contain a recognized partition table.
g (create a new empty GPT partition table)
n (add a new partition)
1M (size)
t (change a partition type)
4 (BIOS boot)
n (add a new partition)
[enter] (use the rest of the disk)
w (write table to disk and exit)
sudo fdisk -l /dev/sdb
Device Start End Sectors Size Type
/dev/sdb1 2048 1048576 1046529 511M BIOS boot
/dev/sdb2 1050624 976773134 975722511 465.3G Linux filesystem
I am not sure if XFZ is supported yet on the Pi4 and CentOS 8, I got nothing for CentOS 8 and XFS on Google. I assume that at this point I can start creating the volumes and encrypting them, later I can use the command "
dd" to use your image
CentOS-Userland-8-aarch64-RaspberryPI-Minimal-4-sda.raw.xz, make the necessary changes and boot with an entire encrypted disk ?? I wonder how to decrypt automatically at boot with hardware or key file inside an USB drive only needed at boot to decrypt the device...
Cheers