This how-to describes the necessary steps to set up a Raspberry PI 4 with a LUKS encrypted root partition, LVM and remote unlock via Dropbear SSH server in initramfs.

I’ve compiled this from various other tutorials, most notably Secure Kali PI 2018 and Raspberry Pi Encrypt Root Patition. The main differences are:

Note: because of a problem when creating the initramfs for the first time and the encrypted root partition is no yet fully set…


(Photo by Steve Buissinne on Pixabay)

The Docker daemon can be configured to allow remote access over HTTP by providing a TCP socket. Encryption and authorization can (or must!) be done by using TLS and the documentation contains a full page on how to do the setup. However, the OpenSSL command line tools are quite complex and far from intuitive if you don’t use them regularly. Or as the documentation states:

Using TLS and managing a CA is an advanced topic. Please familiarize yourself with OpenSSL, x509 and TLS before using it in production.

This is where Hashicorp’s Vault can shine. In a nutshell, Vault is…

Andreas Hug

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store