I have a CANBUS device that has been running for a while. PICANFD HAT with RaspberryPi 4.
We decided to encrypt the micro SD card for security reason. We ran independent tests and installations with the Zymbit4 with no particular issue and to our satisfaction.
The problem came around when we tried to mix both.
Whenever we try to incorporate the Zymbit and the disk encryption, the initial installation of the Zymbit went well, it bind to the Raspberry Pi and went flashing every 3 seconds as expected.
Next step, when we wanted to created the disk crypto partition, it failed 100% of the time, breaking the micro SD integrity and refusing to perform the conversion from the usb drive, leaving both the usb and the micro SD drive unusable.
After trying and wasting our time for weeks, we ended up with these conclusions:
When we start fresh with a new instance of the RPi with the Zyhmbit at the begining and created the crypto Micro SD and then proceed with the rest of the installation, we are generally successful.
When we have all our software and our CANBUS environment installed, and then want to finish with the Zymbit and the encryption as suggested, it will fail all the time except if we pull the PiCAN board out for the time of the creation of the Crypto SD card. When that is successful, we put back the card and the rest resume correctly most of the time
To be more specific, in any other case the process fail when we call up the script:
curl -G https://s3.amazonws.com/zk-sw-repo/mk_encr_sd_rfs.sh | sudo bash -s
the Pican Card uses interrupt 25 and more info can be found
about it here PiCAN CAN Bus FD Board With Real-Time Clock For Raspberry Pi
This of course is very annoying and makes me wonder if the Zymbit is ready for deployment!!!
Anyone has a clue on this problem?
@marc - We’ll look into this for you. There are tens of thousands of Zymkeys successfully deployed world wide. Can you tell us which OS you are using?
The encryption process will do two automatic reboots. At what stage in the encryption process is it failing? If you have a console connected are you seeing any messages that may be helpful to troubleshoot?
thanks for putting your attention to this issue.
a) I am systematically starting my installation with a Linux 11 from the most recent edition from the Raspberry PI imager v1.7.5 to which I immediately install all updates
a) the process always fails at the first reboot
c) There is a ton of messages at the console. Tomorrow I will start over and recreated the fail and take pictures of the console message. ( I see no other way to provide these)
Here is step by step what is happening
-I reformat my 512 USB drive on my PC
I start the Zymbit script
The script grabs the USB key
Screen shot at the end of the first phase of the encryption script just before the reboot
Results after the reboot
I have no clue what I am doing wrong !!!
@marc - It looks like desktop is mounting the sdcard partition 2 automatically, which may be causing problems down the line. When you’re at that last stage, can you try and unmount the sdcard partition 2?
sudo umount /dev/mmcblk0p2
Then re-run the service that finishes up copy files from the USB stick back to the new encrypted volume,
sudo systemctl restart cfg_SD_crfs.service
You can monitor progress of that service with the following,
sudo journalctl -fu cfg_SD_crfs
You should see the LUKS key get setup, initramfs built, and all the root files copied back over. When done, the PI should reboot on to the new encrypted root file system, and restart the ZYMKEY. It should return to blinking once every three seconds.
If you see any errors in
journalctl, please post back here and I’ll have someone take a look.
Yes I can try, however, I am not clear when I should umount. I do this while it is doing the first phase of the encryption or I wait after the reboot and do this at the point where I see the boofs forlder on the desktop?
Ok here we are,
I ran the encryption again. It fails as described before.
here is the screen shot after the reboot with the journalctl
I then followed your instructions… umount and sudo systemtcl…
and then… the encryption process resumed copied files, rebooted and everything went back ok, with system up and running and a fully encrypted Micro SD card.
I am looking forward for the next steps.