0

I encrypted the root partition of my RPI 5 like this:

  1. Burn the image to the SD card and perform a regular boot.
  2. Install cryptsetup and cryptsetup-initramfs.
  3. Make the following modifications (see e.g. here):
  • /boot/config.txt: Set auto_initramfs=0 and append initramfs initramfs_2712 followkernel below.
  • /boot/cmdline.txt: Set root=/dev/mapper/sdcard and append cryptdevice=/dev/mmcblk0p2:sdcard.
  • /etc/fstab: Change / device to /dev/mapper/sdcard.
  • /etc/crypttab: Append sdcard /dev/mmcblk0p2 none luks.
  1. Shutdown. On a separate system, encrypt the root partition of the SD card (so that the underyling data remains unchanged) or follow this tutorial.

Now, on booting the disk, the initramfs seems to hang at some point. I quickly figured out that this is actually not the case. I can type my passphrase, hit enter and the boot process continues, but there was no "Please unlock..." printed.

How can I fix the missing "Please unlock..." prompt?

The operating system is Raspberry Pi OS Lite 64-bit, Kernel 6.6, Debian 12 (bookworm).

HerpDerpington
  • 101
  • 1

1 Answers1

1

Tell cryptsetup to explicitly use tty1, the HDMI console most people use.

To do this, add the following kernel parameter in /boot/cmdline.txt:

crypttty=/dev/tty1

So your /boot/cmdline.txt should look like (all on one line!):

console=serial0,115200 console=tty1 cryptdevice=/dev/mmcblk0p2:sdcard crypttty=/dev/tty1 root=/dev/mapper/sdcard rootfstype=ext4 rootwait

Keep console=serial0,115200 console=tty1 as-is and just add crypttty=/dev/tty1.

tepalia
  • 151
  • 3