Disk Encryption

trymeout · 8 June 2021 16:23

Not sure if this is supported in OSMC OS but I thought I will request this if it isn’t.

Please add support for disk encryption where it will encrypt all the data on the main drive and require a password when booting up the system to decrypt the system and continue booting into the OS.

Many Linux distros support this such as Debian, Ubuntu, Mint, Arch, Manjaro, etc.

dillthedog · 8 June 2021 20:56

OSMC is based on Debian.

You haven’t specified which device you’re talking about. Sam will be better able to advise, but I have my doubts if it would work on a Vero4K/+.

trymeout · 9 June 2021 00:06

I would like to inquire in the Vero4K and Raspberry Pi devices

fzinken · 9 June 2021 00:28

Assuming that you are talking about the whole OS to be encrypted that surely will not happen as it would unnecessary complicate the system for its main purpose of being a media center.

If you want to encrypt your home folder or any data you store on the device you can use all Debian tools/solutions.

grahamh · 10 June 2021 08:27

@trymeout BTW veracrypt is not available via apt but it compiles easily for armv7.

sam_nazarko · 12 June 2021 00:57

Are you trying to use this on the root filesystem or for an external drive?

If it’s for the root filesystem, it would require initramfs changes, and the changes could be quite large and invasive.

Otherwise, this should be possible.

morti · 13 July 2023 18:01

Anybody has something new about this?
I would like to crypt at least the /home/pi/.kodi folder or parts of it on my rpi4.

sam_nazarko · 13 July 2023 23:19

What kind of encryption system would you be after?

morti · 14 July 2023 10:42

No specific one, just one that works. Can be veracrypt or any other.

morti · 8 August 2023 11:00

To crypt userdata like movie dbs etc, anything possible?
Guess after first boot one needs to unlock and probably restart osmc ui so dbs load successfully etc.

morti · 6 October 2023 18:44

Sounds like a no

sam_nazarko · 6 October 2023 19:20

After boot it shouldn’t be a problem.

morti · 6 October 2023 19:32

Hm yeah but as those db files are part of osmc/kodi it maybe still is a problem? Or one has to boot, decrypt, restart media center?!

sam_nazarko · 6 October 2023 20:21

That would work. Or add a systemd unit that runs before Kodi.

grahamh · 6 October 2023 23:02

I doubt you could start then restart Kodi. The first time it would either crash or generate new userdata.

Gotta say - if the card can be decrypted just by sticking it in a Pi and booting, what’s the point?

sam_nazarko · 6 October 2023 23:03

True - unless there’s a prompt for a password…

grahamh · 6 October 2023 23:05

So a hack to /usr/bin/mediacenter should do it.

sam_nazarko · 8 October 2023 13:00

Yes – but that would be replaced with updates.

A better option would be to use a systemd drop in for mediacenter.service and add a dependency on a new systemd unit which sets up the encrypted mount first.

morti · 26 November 2023 22:57

Yeah it would require entering password during boot/before mediacenter starts, otherwise it would be useless
But I dont know how to set it up in the way you mentioned