Tag Archives: Pine64

Linux

Pinebook Pro Encrypted Home with OpenSUSE

Leave a comment

Just a quick tutorial for setting up an encrypted /home partition on your Pinebook Pro with OpenSUSE Tumbleweed.

This assumes you are doing a fresh install. If not, be sure to backup your data.

Initial Installation

Follow OpenSUSE’s tutorial for creating an bootable SD card, booting from it, and putting the same image on the eMMC here:

https://en.opensuse.org/HCL:Pinebook-Pro-RK3399

(I’ll be using the KDE Image and Tow-Boot)

Once you have imaged OpenSUSE to the eMMC, restart and boot from the SD card again.

Resizing Root

Open Konsole (or another terminal) and install the KDE partition manager to the SD card.

zypper install partitionmanager

Open KDE Partition Manager from the Application Launcher

Choose the eMMC device on the left and resize the root partition. I shrink it so roughly 32GB is free for my /home partition at the end of the drive.

Shutdown and remove the SD card.

Boot from the eMMC.

Log in as root.

Once again, install KDE Partition Manager (this time on the eMMC) by opening Konsole and running:

zypper install partitionmanager

Open KDE Partition Manager from the Application Launcher

Create a new partition in the new blank space.

Choose BTRFS with LUKS encryption.

Set a password (you’ll need to enter this password every time you boot, so make sure it’s one you’re remember).

Open Konsole

Ensure that the new partition is unlocked, entering the password if prompted:

cryptsetup luksOpen /dev/mmcblk0p4 luks-`cryptsetup luksUUID /dev/mmcblk0p4`

Added the encrypted partition to crypttab so I can be automatically mounted at boot:

echo luks-`cryptsetup luksUUID /dev/mmcblk0p4` UUID=`cryptsetup luksUUID /dev/mmcblk0p4` none luks >> /etc/crypttab

Add the encrypted partition to fstab so it’s automatically mounted at boot:

echo /dev/mapper/luks-`cryptsetup luksUUID /dev/mmcblk0p4` /home btrfs defaults 0 0 >> /etc/fstab

Reboot. You should be asked for encryption password during the boot process.

Log in as root and open Konsole again.

lsblk

You should see something like this:

You should see something like this:
NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
mmcblk0                                       179:0    0  58.2G  0 disk
├─mmcblk0p1                                   179:1    0    16M  0 part  /boot/efi
├─mmcblk0p2                                   179:2    0   500M  0 part  [SWAP]
├─mmcblk0p3                                   179:3    0  32.7G  0 part  /
└─mmcblk0p4                                   179:4    0    25G  0 part
  └─luks-26a9eb0a-fc68-47f5-917c-89281603cfa8 254:0    0    25G  0 crypt /home

The last partition should be type “crypt” mounted as “/home”. If so, you’re all set!

Finally, create a real user. Their home directory will default to the encrypted /home mount.