SSD SED encryption (using sedutil) for OMV system disk?

  • I'm thinking about using sedutil to encrypt the SSD that I have OMV installed on. It's a Samsung EVO 970 Plus NVME m.2 drive with two partitions (system and one with a shared folder on it).

    My goal: to have data-at-rest protection so that when the server is powered off, everything is safe and locked away. (My storage HDDs are already LUKS-encrypted and automatically unlocked when OMV starts up.)

    I know I would have to attach a keyboard and monitor to enter the SED password at bootup time (only from a powered-off state), and I'm aware that the system is unlocked as long as it's running. That's OK - I just want "no-power" security.

    Is there any reason not to run OMV on a system drive with active SED encryption?

    I know I'll have to do this carefully, step by step... take the server offline temporarily... and make a complete backup first, just in case. I don't mind, though.

    Thoughts welcome and appreciated.

  • As there were no replies to my post above, I went ahead and (after a full offline backup with CloneZilla) followed the instructions given in the above link to a T.

    After minor snags - (I had to PSID-revert my Samsung Evo 970 Plus, apparently, though it didn't erase the data on it) - everything worked flawlessly. I have a password prompt at power-on and OMV boots just like before, completely unaware of the SED encryption.

    Happy camper here. :thumbup:

  • cubemin

    Added the Label resolved

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!