[Hacksign]

Hi there, not sure whether posted under proper place.

Recently, I've got an cubieboard2 board with archlinuxarm installed, everthing works fine, until I decided to deploy an root-encrypted system on this board.

What I've done :
1. dd if=/dev/urandom bs=1 count=1024 | cryptsetup luksFormat /dev/tf/card/of/partition/two -
2. mount /dev/tf/card/of/partion/two /mnt
3. mount /dev/tf/card/of/partion/one /mnt/boot
4. download and extract ArchlinuxArm packages to /mnt
5. arch-chroot /mnt
6. pacman -S uboot-tools uboot-cubieboard2
7. edit /boot/boot.txt like below(partly) :
$this->bbcode_second_pass_quote('', 's')etenv bootargs console=${console} cryptdevice=/dev/mmcblk0p2:root root=/dev/mapper/root rw rootwait

[summers]

Haven't done it myself, but my guess is you need to ensure that the initramfs has enough information to access the encrypted rootfs. So I'll look into that myself ...

[Hacksign]

I need a separated keyfile store on an independence device.
So stored keyfile in initrd.img file do not meet my need.

[summers]

What I mean is the initramfs book will need to boot up enough, that its in a state where it can access the keystore, to unlock the encrypted hard disk.

[Hacksign]

well, understood. I will check the initrd's manual ...