Hello, and thanks for your answer and regarding to how you got where you are: the first main post shows all commands and steps to achieve my exact specific state. Anyway at the end, I was able to solve, it wasn't that easy but I have done it. Possibly tomorrow I will post here my solutions steps and yes, I'd suggest sdm too and the problem was exactly that initramfs was not able to find crypto setup as I needed to install modules hooks manually to let it to be able to find them. I don't even know how I succeed without disrupting the entire SSD
Hi. aka gitbls here. Without knowing how you got to where you are, the only thing I can suggest is that you need a bit of code in the initramfs to run /lib/cryptsetup/askpass, which prompts for the luks unlock passphrase and unlocks the encrypted luks partition. sdm-cryptconfig does this automatically.
This is all a bit touchy, which is why I built sdm's rootfs encryption capability to be as simple as possible. But, as you've noted, trying to pick from it how to make it work in your situation is a bit challenging/confusing. sdm does the rootfs encryption while running in the initramfs and copies the rootfs to a scratch disk, creates an encrypted rootfs partition, and then copies the rootfs contents back to the encrypted rootfs. You obviously don't need that part.
One suggestion I might offer is to build a test RasPiOS disk and use sdm-cryptconfig to encrypt it. After that's done, you can pick through it to see how everything is configured and then (hopefully) wrangle the missing bits into your "production" encrypted rootfs.
Also, the /boot/firwmare requires not to just "copy files" and paste but it should be a dedicated partition that raspberrypi will mount at boot, so since i was missing this partition from the beginning i had to use gparted to insert a new partition dedicated to /boot/firmware between the /dev/sda1 (boot partition) and /dev/sda2 (encrypted filesystem). As already said I'll post the solution hopefully to help others in future.
Statistics: Posted by virgula0 — Sat Nov 29, 2025 8:20 pm