Encrypting pi, without password on boot?

This is not exactly node red, but the community here is also awesome on related topics.

If you use node red on pi, and have multiple such raspberry pis running on different customer sites. How to encrypt? Because if you encrypt sd card, you still need to enter password on boot? But how can you make it boot without manually enter password? And if you use usb stick for password, then same problem there. An ideal solution would be to have pi encrypt/decrypt itself, but if you take out the sd card everything is encrypted. Not sure if LUKS or a full disk encryption works without prompt to enter password.

1 Like

What is it that you want to encrypt, and why?

1 Like

So something like this? GitHub - ceremcem/unlock-luks-partition: Unlock a LUKS partition via SSH
I never tested this... :see_no_evil_monkey:

1 Like

The main problem that you have is that, unlike a laptop or desktop device, a Pi does not contain a TPM or similar hardware security encryption chip.

Without some form of HSM, anything you do is likely to be of relatively low security if at all possible.

Which would be a manual process wouldn't it? Probably not very scalable :grin:

1 Like

I agree with you, the missing TPM makes all solutions relatively easy to intercept.

Googeling a bit about LUKS encryption, you can add a keyfile the unlock the partition.
The you only have the Problem to get the keyfile at runtime to the pi. But this script or node-red-flow musst be stored on the unencrypted partition, so..

1 Like

Yes. In truth, if you really need to encrypt remote devices, you need to use a device with built-in hardware encryption or one that allows the addition of a Hardware Security Module (HSM).

In fact, most phones and tablets should have hardware encryption and so would be suitable. Though most of them suffer from physical USB vulnerabilities.

1 Like

Would need to encrypt a password that allows to write telemetry to a remote service. But I think there are TPM add-ons to pi. Even with that, I don't quite understand how and why a tpm would be secure, can't HW-fingerprints and firmware versions be faked? It would still help a lot for sure.

With a TPM or HSM, the en-/de-cryption happens inside the hardware module, not in software. The keys are never exposed to general purpose computing.

In most cases, it IS possible to still compromise things but without military-grade equipment and local access, it is effectively impossible