defaults: Add an initramfs script to reencrypt LUKS rootfs (!340) · Merge requests · Librem5 / librem5-base

Sebastian Krzyszkowiak requested to merge sebastian.krzyszkowiak/librem5-base:growcrypt into pureos/byzantium Feb 22, 2023

Reencryption happens before resizing, so it only takes about two minutes on the phone.

In order to use it, initial LUKS dump needs to be stored on the rootfs:

mkdir -p /var/lib/reencrypt
LUKSDEV=$(cryptsetup status crypt_root | awk -F: '$1~/device/ {gsub(/^[ \t]+/, "", $2); print $2}')
cryptsetup luksDump $LUKSDEV > /var/lib/reencrypt/dump

Admin message

defaults: Add an initramfs script to reencrypt LUKS rootfs

Merge request reports