LUKS disk encryption plugin

  • # /etc/fstab: static file system information.

    # <file system> <mount point> <type> <options> <dump> <pass>

    # / was on /dev/sda1 during installation

    UUID=53f4854f-fe0e-4c7c-9e4f-234a07deeb02 / ext4 errors=remount-ro 0 1

    # swap was on /dev/sda5 during installation

    UUID=df34ec30-1e76-4864-8127-7471b742b817 none swap sw 0 0

    # >>> [openmediavault]

    /dev/disk/by-label/storage /srv/dev-disk-by-label-storage ext4 defaults,nofail,user_xattr,noexec,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,acl 0 2

    # <<< [openmediavault]

  • I posted a workaround for the moment here


    https://github.com/OpenMediaVa…35#issuecomment-628359318


    People new to omv not comfortable editing xml, just edit /etc/fstab as long as you're not adding disks or shares to nfs, fstab should stay the same


    I also posted there what was is the actual problem. I think we can fix the issue with code in the plugin but for the moment btrfs will be left out due to the fact the old code that Ian Grant left there might not be valid in current btrfs-tools, the main problem is btrfs multi devices.


    edit: Don't use this


  • I would like to use LUKS BUT in the same time to use btrfs as filesystem, since i want to be ready for OMV next release. What would you suggest i should do in this case? I am now setting up my new OMV build, so still investigating software possibilities....

  • I would like to use LUKS BUT in the same time to use btrfs as filesystem, since i want to be ready for OMV next release

    I am not so sure btrfs will be left as the only choice for omv. that hasn't been decided. The next major release is just gonna be redoing the frontend in angular.


    Don't know what to tell you maybe someone with btrfs-luks expertise can contribute some code, basically some scripts check on how to handle multidevice btrfs.


    Because I don't how what would happen if i try to mount a btrfs member without all the devices ready

  • I am not so sure btrfs will be left as the only choice for omv. that hasn't been decided. The next major release is just gonna be redoing the frontend in angular.


    Don't know what to tell you maybe someone with btrfs-luks expertise can contribute some code, basically some scripts check on how to handle multidevice btrfs.


    Because I don't how what would happen if i try to mount a btrfs member without all the devices ready

    Sorry for the offtopic, however it seems that mergerfs + snapraid + luks on btrfs seems overedundant for the time being.


    Better stick with mergerfs + snapraid + luks on ext4 that seems to be the norm...

  • Hi

    After a new installation I have the same issue with boot after unlock and mount encrypted hard drivers.

    I used this guide here https://michaelxander.com/diy-nas/

    One year ago the installtion was perfect working.

    Now I reinstalled it 3 times, because I thought I did something wrong.

    Thanks to the guides it goes fast. And the same mistake appears again and again.


    [Time] Time out waiting for device /dev/disk/by-label/data01

    [Depend] Dependency failed for File System Check on/dev/disk/by-label/data01

    [Depend] Dependency failed for /srv/dev-disk-by-label-data01


    And the system is waiting before even network configuration was active.

    Any Idea how I can solve this?


    sorry for my bad english

  • Hi


    Okey I was not able to solved this by my one so I fall back to OMV 4

    After some trouble with network drivers (new main-board) it was relative easy to install and configure openmediavault with luks encryption snapraid and MergeFS.

    I love this software.

    thanks for your time...

  • The plugin encrypts a disk. Then you create a filesystem on it. So, as far as I know you cannot encrypt a pool with data. Not sure if you can create a pool of filesystems on encrypted drives, but you test it in a virtual machine.


    Edit: just tried it in a VM. You can encrypt the drives, unlock the drives, create file systems, mount them and build a pool.

  • The plugin encrypts a disk. Then you create a filesystem on it. So, as far as I know you cannot encrypt a pool with data. Not sure if you can create a pool of filesystems on encrypted drives, but you test it in a virtual machine.


    Edit: just tried it in a VM. You can encrypt the drives, unlock the drives, create file systems, mount them and build a pool.


    Thank you! :thumbup:

  • I was having a read through this whole thread because I am considering encrypt two HC2s. Two things are still very unclear to me:


    1) What is best practice if I do want to boot from the HDD in a separate partition?


    2) What's the performance with an Odroid HC2? Does it get significantly hotter because of CPU usage? Is the speed bearable for usage as a media folder that should also host a large photo collection with Lightroom?

  • 1) What is best practice if I do want to boot from the HDD in a separate partition?


    2) What's the performance with an Odroid HC2? Does it get significantly hotter because of CPU usage? Is the speed bearable for usage as a media folder that should also host a large photo collection with Lightroom?

    1) Why would you want this?

    My devices boot from SD-Cards, a XU4 also from EMMC

    2)

    - 4.6 MBytes/s when copying. 1 GByte in ~ 4 minutes transferred.

    - temperature insignificant during file transfer

    - sometimes I use my NAS ODROIDs to display fotos on my TVs, I would not use it for heavy editing (possible though)

    On my ODROIDs I run syncthing to keep files/directories synced between all my devices, foto editing is done locally and immediately synced after editing -> I do not care about the speed since it is done in the background anyway

  • Thanks for the heads up.

    1) Yes, I will stick to the SD-Card as boot device so the while HDD / SDD is encrypted

    2) and yes, the performance as file storage is absolutely fine. If I do video editing, I will use the external HDD connected to Thunderbolt / USB anyway.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!