LUKS disk encryption plugin

  • Everything is running smoothly other than that little bug, I never feel the need to encrypt again after decryption...

    Try to fix it...


    I would suggest that the raid creation places a warning and/or completely wipes the drives before starting.

    You can wipe them in the physical disks tab.


    Or much better: Allow raids on top of partitions, not just full disks.

    Why are partitions better?


    Should I report this somewhere?

    http://bugtracker.openmediavault.org

    omv 5.5.2 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.3.3
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Quote from ryecoaaron

    Why are partitions better?

    Not sure, I only read that somewhere. Maybe something like, easier/more flexible to expand with additional larger disk where you only add a partition of needed size and reuse left space?
    Could be totally wrong however.


    What I wanted to say:
    The plugin is very reliable in OMV3, no hesitation to use it! :-)

  • @marcolino @madoasp @EruIluvatar


    New version of the plugin here. I think everything is finally working right. If no problems, I will put it in the testing repo.

    I love you, man!


    I can confirm that the new version unlocks the LUKS device correctly giving it the correct name (/dev/sda6 -> /dev/mapper/sda6-crypt)


    I can find the device in the available Device list (for example when I have to create a shared folder).


    However the strange behaviour of finding it in the File System list with a different name (in my case /dev/dm-0) still exists.


    I will try again a fresh install of OMV 3.x to discover if it was related to this.


    Thanks again.


    Marco

  • However the strange behaviour of finding it in the File System list with a different name (in my case /dev/dm-0) still exists.

    It shows up as /dev/mapper/vdd-crypt on my vm for btrfs but /dev/dm-0 for ext4. Although, if you show the parent device column, they all show /dev/disk/by-id/dm-name-vdX-crypt. I don't think this is a bug but just a display difference.

    omv 5.5.2 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.3.3
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Thanks for your work @ryecoaaron !!
    Seems fine for me now, no error-message about missing fsname attribute.


    The only thing I still notice is, that I'm not able to encrypt my drive again when it is unlocked.. But for me, thats not a feature i will ever need.


    Thanks!

  • The only thing I still notice is, that I'm not able to encrypt my drive again when it is unlocked.. But for me, thats not a feature i will ever need.

    Encrypt it again? Can you explain this process and how you would do this? Did it work in the OMV 2.x version?

    omv 5.5.2 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.3.3
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Oh, sorry, I've just noticed I told nonsense...
    Next to the Unlock button is the Lock-Button, this one is always grayed out in my OMV 3 installation...
    I thought it was possible in a OMV 2.x version, but i just noticed it isn't.



    So => Everything is fine for me :)

  • Hi guys,


    I've very new (today new!) to openmediavault and its plugins


    So I've just downloaded and installed the luks plugin. How to make it encrypt my drives?


    I have an SSD where omv is being install and 3 unmonted 4TB drives.


    - Do I need to encrypt the drive where the system is installed? (SSD)
    - I think that I need to mount the 3 other drives to proceed but then how to encrypt the drive?


    Thank you all.

  • Next to the Unlock button is the Lock-Button, this one is always grayed out in my OMV 3 installation...
    I thought it was possible in a OMV 2.x version, but i just noticed it isn't.

    Same thing, here.

    The lock button is greyed out/disable when the drive is in use in OMV. If it isn't being used, the lock button works fine. As madoasp said, his is the same behavior as OMV 2.x.

    omv 5.5.2 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.3.3
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • thx for your update,


    the new version is running flawless.


    i installed the both versions you postet in this thread using dpkg -i openmediavault-luksencryption_3.0.0_all.deb


    however openmediavault -> updates showing me now that i should update 3.0.0,
    when i do the update im back on the older version with fsnames exception.

    my questions:
    whats the best way to resolve this version issue?
    where is the luks config saved? can it be deleted by deleting the plugin or luks in general ?
    can i move a encrytped disk to another (clean) system and the plugin would detect this drive as encrypted?


    regards & thx

  • whats the best way to resolve this version issue?

    The version in the repo is the same as the one you downloaded. You must be installing a version cached on your system. Try the apt clean button in omv-extras.


    where is the luks config saved?

    There is no luks config for the plugin.


    can it be deleted by deleting the plugin or luks in general ?

    Wiping the drives or deleting the luks containers does this. Removing the packages will not do this.


    can i move a encrytped disk to another (clean) system and the plugin would detect this drive as encrypted?

    Yep

    omv 5.5.2 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.3.3
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Hi, I'm new to omv (great software).


    I setup an encrypted drive with the LUKS plugin and installed an ext4 filesystem on the encrypted drive. At boot time I always get:


    Code
    A start job is running for dev-disk-by\<UUID of the disk>.device (XXs / 1min 30s)


    I think it's because of the entry in "/etc/fstab" for that specific filesystem. On boot time it can't finde the filesystem on the disk and waits for it. But the filesystem can only be found if the drive is unlocked. I can workaround this by adding "x-systemd.device-timeout=1" to the options of that drive. Am I doing something wrong or is this intended? If it's intended, isn't it possible to add "x-systemd.device-timeout=1" to filesystems on LUKS containers?

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!