Encrypting both SD and external USB HD

Hi folks. Loving the Zymkey on Raspberry Pi 4s with Ubuntu Server. Curious as to whether there might be some way to use the zymkey bootstrapping scripts to encrypt the SD card as the root disk, and then also encrypt a couple external USB HDs as well, and all of them unlock during the Ubuntu Server boot process. I’d be happy to cut-n-paste-n-possibly-modify scripts as needed to get this done, if guided in the right direction.

The application is for a cost-effective linux video surveillance setup, and I’d love for the two external USB HDs to be encrypted to secure the actual surveillance footage from physical theft.

Thank you.

Leaving a follow up note that after a bit of wrangling it’s all sorted out.

Encrypted the SD, but sliced the mk_encr_sd_rfs.sh script just a tiny but to save a backup of the key.bin as /root/key.bin instead of deleting it.

That /root/key.bin can be used to encrypt a fresh external USB HD. Piggy back the unlocking mechanism for the SD card during boot to also unlock the external USB HD (update /etc/crypttab and /etc/fstab as necessary). Make sure to shred that /root/key.bin if you want total security, or save it elsewhere offline (to your secure vault, etc) if you ever need to decrypt the drives down the road without the Zymkey, etc.

Glad to hear that you got it working. Can you send a copy of your changes in mk_encr_sd_rfs.sh, /etc/crypttab, and /etc/fstab to support@zymbit.com? I’d like to review. We’ve had similar requests from other customers in the past.

Bob