No built-in support.
We would recommend using RPi secure-boot to verify the kernel + initramfs loaded for the secure pre-boot and let the initramfs unlock the other regions on the drive assuming that you plan to use an OPAL2.0 style drive.
N.B. Data on the PCIe bus is not encrypted so there is a small risk that someone with access to both the SOC and the drive could snoop the bus if they have access to a PCIe analyser.
We would recommend using RPi secure-boot to verify the kernel + initramfs loaded for the secure pre-boot and let the initramfs unlock the other regions on the drive assuming that you plan to use an OPAL2.0 style drive.
N.B. Data on the PCIe bus is not encrypted so there is a small risk that someone with access to both the SOC and the drive could snoop the bus if they have access to a PCIe analyser.
Statistics: Posted by timg236 — Tue Jul 30, 2024 2:48 pm