This is a post containing the steps for encrypting your root file system offline using the Zymkey, HSM4, HSM6, or SCM on the bullseye 32 bit desktop image.
- Append “arm_64bit=0” to /boot/config.txt (necessary for 32bit OS to find Zymbit packages), enable i2c interface through raspi-config, and reboot
- Copy the attached scripts onto the pi
- [pi should be online for this part] Download the necessary packages on the pi: cat download_zk_packages.sh script | sudo bash
- Run the install script and reboot: cat install_zk_sw_offline.sh | sudo bash
- Connect a flash drive and confirm it mounts
- Run the encryption script: cat mk_encr_sd_rfs_offline.sh | sudo bash
- Wait for 2 automatic reboots. If all goes well, the Blue LED wil flash once every three seconds.
zk-scripts.zip (17.0 KB)