I’ve recently moved to a shared apartment and I have to place my RPI in the living room, near the router. So if any roommate wanted, he could just walk away with my RPI or remove the SD-card.
How can I encrypt my DietPi so that if any person steals my SD-card can’t see nothing?
Hi,
many thanks for your request. Basically it’s not possible to encrypt your entire SD card. As well DietPi is not supporting any file system encryption by default as of now. Maybe you like to have a look to the following link
https://www.raspberrypi.org/forums/viewtopic.php?t=181181
It might be possible to create an encrypted new partition or attach an encrypted USB stick where you go to transfer your data on. But it will have as well some downsides. Some DietPi services like Nextcloud or databases storing their data on dietpi user-data directly. Means, after a reboot services will fail until the partition was encrypted and mounted.
What if i use LUKS?
https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system
I guess that would be interesting for you 
https://github.com/MichaIng/DietPi/issues/3377
There we basically played with it already.
Is DietPi planning to support LUKS without manual hackarounds? It’s pretty much standard these days, no matter if desktop / notebook / server.
And even if the Pi doesn’t have full hardware acceleration, it’s still fast enough (~100 MB/sec).
It’s on the list but no time line behind. Fell free to follow the GitHub link shared above.
Googled a bit
TransparentEncryptionForHomeFolder
https://wiki.debian.org/TransparentEncryptionForHomeFolder
Which led to here
https://nuetzlich.net/gocryptfs/
https://github.com/rfjakob/gocryptfs
It’s for files, but not for the entire drive, as I understand it…a fully encrypted drive will need a password at boot to unlock
I played with full disk encryption on 32bit as well as 64bit
You can read thru the journey starting this GitHub post https://github.com/MichaIng/DietPi/issues/3377#issuecomment-895674210
I would absolutely love to have this built into the installer of DietPi. Especially if it’s implemented in a way to host the dropbear SSH service during boot, so that you can enter the encryption password during boot remotely.