Re: [RAUC] Stumped, have a appfs partition that is encrypted, how to get RAUC to update it

["Jan Lübbe" <jlu@pengutronix.de>]

On Thu, 2021-07-22 at 08:11 -0400, Brian Hutchinson wrote:
> Hello again,

Hi!

> I'm wanting to have a rootfs that is read-only SquashFS and a appfs that is
> encrypted.

I assume you want to have a A/B appfs.

How do you encrypt your appfs? dm-crypt or fscrypt?

> And I'm kind of stumped.  I've searched the Documentation and archives and it
> doesn't look like RAUC has native support for encrypted partitions but in the
> archives I saw where one gentleman needed to create encrypted bundles so this
> might be similar to my problem.

Bundle encryption is independent of encryption in the rest of the system.

> I know a bundle can have pre and post triggers so maybe I can use those to
> cryptsetup luksOpen the partition and then mount it and then RAUC can do it's
> normal thing ... but I've not researched that enough to know if that's the way
> to go so thought I'd ask for some guidance to point me in the right direction
> first.

If you use dm-crypt, you can just use the device-mapper path for the slot's
device= propert in system.conf. That way, the encryption is transparent to rauc.

Regards,
Jna
-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
RAUC mailing list