MiniGuide: Auto unlock LUKS volumes on boot. Works with MergerFS+SnapRaid too.

    • New
    Quote from eightbit

    As I'm just about to deal with this next step, did you solve it by storing the LUKS keys in the TPM chip?

    I moved to TrueNAS, then full HW rebuild, then I did not like TrueNAS permissions mess (ACLs x filesystem) and finally trialling Windows Server Storage Spaces now, yeah, I know :))

    I did massive research back in time, it was hot mess. Maybe now things are better, this looks promising, try to replicate maybe?


    Quote from bermuda

    EDIT: TPM is not secure. It just covers some cases to make it more convenient. As long as someone is in possession of the server, they will have access.

    ...

    Everywhere you encounter tutorials and howtos for luks encryption people will warn you of the consequences when using keys for automated unlocking. It's a important flaw in the whole concept of security. People should simply be aware of that.

    Have a look at Windows Bitlocker. It is secure and resists physical attacks. We are simply trying to replicate Bitlocker in Linux here.

    • New

    Hello again.

    TPM will in fact make it harder to compromise your security. But it is not as secure as a passphrase can be. That is my whole point. Of course a passphrase is also not 100% secure, since people can use a very simple one and make it easy to crack it via a brute force process. So it is all individual when you look at it that way. But a long passphrase will be secure enough to prevent any brute force decryption to have any success.


    We live in a time where surveillance is a valid threat to our privacy. We all know who is reading what when we move something into that free cloud space. I think people who use OMV see the benefits of having control over their own data. I have seen enough cases of people getting into the crosshair of authorities, just because they new someone who got into trouble. All their data devices where seized by a court order after their homes were searched. It can happen to anyone, even if you didn't do anything wrong.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login