Both encrypted and not?


#1

Can I leave a partition on the Raspberry Pi being used as my master (read the one with the Zymbit card) that would be mounted to my endusers home directory that is not encrypted so they can use ssh to change the working parameters without going through the encryption decryption process and still retain good security?

In my application for your product I need to use at least three Raspberry Pi’s, hopefully with only one being the master and the other two collecting data and passing it to the master. I want to only use one Zymbit 4i card to handle all the encryption and use the SPI interface to communicate between the three devices.

How would I configure the master to handle this hopefully using LUKS on all three?


#2

Well it’s been a while and no answers…So now only one question?

Does having an, unrelated to the O/S but mounted, unencrypted partition compromise a LUKS encrypted Raspberry Pi file system when using Zimkey?


#3

Sorry for the late response. I’m not entirely sure that I understand the use case, but it sounds like you only want one Zymkey to share between 3 Pi single board computers. Is that correct?

Perhaps we could arrange a call sometime soon? If you could send us your details on our contact form, we could line that up.


#4

Scott, Thanks for getting back with me…
Yes we’d like to share among three Rpi’s, we were hoping for all the SPI interfaces to be able to be addressed by one of the three systems but I believe we found that isn’t possible so we are switching our thinking to using Ethernet to collect visual info from two additional encrypted Raspberry Pi’s and merge it with the local visual info collected by the Rpi with the Zymkey on it.

What my question was is it possible to collect that camera information, transmit it in an encrypted way, and store it on the encrypted file system of the bound Rpi (read Master) to take action on with code running on the “Master” Rpi and still have an unencrypted partition?

All this has to be is an end user configured area and we were hoping we could have an unencrypted /home/user/ partition that holds the startup and configuration information to run the system without compromising the security of the whole thing? This would allow the end user to make changes to the configuration files without having to go through the encryption / un-encryption process once delivered and the application code could just read the configuration files at startup?