I'm thinking about using sedutil to encrypt the SSD that I have OMV installed on. It's a Samsung EVO 970 Plus NVME m.2 drive with two partitions (system and one with a shared folder on it).
My goal: to have data-at-rest protection so that when the server is powered off, everything is safe and locked away. (My storage HDDs are already LUKS-encrypted and automatically unlocked when OMV starts up.)
I know I would have to attach a keyboard and monitor to enter the SED password at bootup time (only from a powered-off state), and I'm aware that the system is unlocked as long as it's running. That's OK - I just want "no-power" security.
Is there any reason not to run OMV on a system drive with active SED encryption?
I know I'll have to do this carefully, step by step... take the server offline temporarily... and make a complete backup first, just in case. I don't mind, though.
Thoughts welcome and appreciated.