Questions tagged [disk-encryption]
The disk-encryption tag has no summary.
136 questions
0 votes
0 answers
16 views
QNAP (QTS) Cache Acceleration Encryption
I have a QNAP running QTS v5.2.3. I just installed M.2 SSD drives to enable cache acceleration on a single volume in my storage pool, "Data". The "Data" volume is configured to ...
- 101
0 votes
0 answers
177 views
systemd-cryptsetup fails for Yubikey 5 w/ firmware 5.7.1, but works with 5.4.3
I am using Yubikey 5 NFC security tokens with firmware 5.4.3 to start my FDE Ubuntu 24.04 system successfully, i.e. I get asked for the FIDO2 PIN on system start, enter it, touch my key and after a ...
- 103
0 votes
0 answers
30 views
Give untrusted remote user read access to encrypted home folder
Say I'd like to provide an immutable offsite backup service for customers by installing a NAS at their site that will periodically update (weekly) rsync/syncthing jobs to my site where I'll rotate air-...
- 141
0 votes
1 answer
191 views
Linux LUKS Encryption - On-demand or FULL in advance?
When encrypting a device using LUKS, it seems to be encrypted "on-demand", I mean, apart from the encryption header data is encrypted "on-the-go" as it is written to the device and ...
- 117
1 vote
0 answers
413 views
Linux: encrypting a second disk without having to type the password on reboot
It is a long story but to make it short, we want to encrypt a newly attached disk but do not want to type the disk password on every boot -- inputting the disk password at the very first reboot is ...
0 votes
0 answers
156 views
Entire disk encryption doesn't seem to work in plain mode, but it does work ok with LUKS. Why?
I am working on a minimal linux distro that needs to be installed on embedded device. The way installation process works right now is that the installer is a Linux itself, with initramfs based on ...
- 27
0 votes
0 answers
828 views
LUKS full disk encryption with decryption key on USB drive
I have alma9 setup with luks full disk encryption. I want to put a decryption key on a usb drive to boot up without a password. Picking through the various tutorials (mostly for debian), I have this: #...
- 333
0 votes
3 answers
2k views
Do i need to encrypt the OS drive with Bitlocker if i store data only on a second different drive in the same PC?
I have a PC with two drives in it. One is used for OS and programs only and the other one is used to store data. I want to encrypt my data to prevent the PC to be stolen and for the thieves to ...
0 votes
1 answer
288 views
LUKS Encryption
I recently cloned my 250GB disk, installed with Fedora37, encrypted with LUKS. Currently approx. 20 GB disk space is used, the rest is free. I went ahead and booted from a fedora-live-usb and cloned ...
0 votes
0 answers
2k views
Unable to connect to dropbear SSH server to remotely unlock LUKS encrypted root partition on Arch Linux cloud server
I intended to setup encrypted LUKS arch linux system on a cloud server. I installed the latest arch linux version onto LUKS-encrypted partition, configured the initramfs (installed build hooks), then ...
0 votes
0 answers
3k views
How to generate a crypttab?
I installed Debian 11 on a new machine. The root filesystem is on an nvme. To copy data over I also had an old ssd in the computer while installing. Both disks were encrypted. Debian install somehow ...
- 237
-1 votes
2 answers
2k views
Encrypted Disk (LUKS): Upgrading from RHEL 8 to RHEL 9
Known limitations - Notable known limitations of Leapp currently include: Encryption of the whole disk or a partition, or file-system encryption currently cannot be used on a system targeted for an ...
- 129
0 votes
1 answer
4k views
Connecting to Dropbear SSH using keyfile not possible (Permission denied (publickey)) [closed]
I'm running my home server (Ubuntu 20.04 LTS) with encrypted root and try to use dropbear in initramfs to be able to unlock it remotely during boot. To setup the remote unlocking ability I was ...
- 11
1 vote
1 answer
2k views
How do you generate a new encryption key for a SED (Self Encrypting Drive)
So I'm currently learning more about NVMe drives that ship with a feature called SED (Self Encrypting Drive). Take the Samsung 970 EVO for instance. It clearly states that it features SED. The 970 ...
- 111
1 vote
0 answers
340 views
Full disk encryption method on Ubuntu VM instances on private cloud
I have an application that needs to meet certain security and compliances. And this application needs to be deployed on a private cloud/on-prem setup (The destination platform is not yet confirmed). ...
- 287
0 votes
1 answer
808 views
What is the optimal way to protect my data from my VPS provider? [closed]
What is the optimal way to protect my data (db and source code) from my hosting provider? Would using an encrypted volume, such as truecrypt, suffice? However - for my program to access data on the ...
- 75
2 votes
2 answers
3k views
Debian installation with encryption: "No root file system is defined"
I'm installing Debian, as I've done a million times, except this time I'm trying with full-disk encryption from the installation itself and partitioning manually, because I'm replacing an existing ...
- 181
1 vote
1 answer
194 views
Cryptsetup and partitions
I have the following Centos 7 system that I inherited. Here's the disk setup: # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 931.5G 0 disk ├─sda1 8:1 0 ...
- 11
2 votes
2 answers
5k views
How do I know a LUKS header is corrupt?
My computer froze for a long time and I pressed the reset button. After reboot, all FIVE luks-encrypted (LUKS 1) file systems will no longer open. The message I get is "No key available with this ...
- 21
0 votes
0 answers
135 views
Read files from an encrypted disk?
Is it possible to read from an LUKS-encrypted disk via the terminal, e.g. by booting from a live Linux system on a USB flash drive and accessing the encrypted host computer's hard drive?
- 101
0 votes
1 answer
207 views
Is it possible to umount a drive from where a program is running?
I want to run some confidential program on a cloud server. In order to protect it from being copied, I can encrypt it into a drive and mount the decrypted drive to run it. However I want to umount the ...
- 618
-1 votes
1 answer
343 views
When was LUKS first released?
When was Linux Unified Key Setup (LUKS) first released--both as an open standard and later made available as an implementation with cryptsetup?
- 1,091
0 votes
1 answer
243 views
Dynamic PVC/storage class encryption in GCP
I'm trying to create PVC which has the storage class encrypted. These PVCs are created dynamically. As per this link- https://kubernetes.io/docs/concepts/storage/storage-classes/#gce-pd for AWS EBS, ...
google-cloud-platform
1 vote
0 answers
134 views
How to set up LVM / LUKS to allow easy expansion / contraction of disk space?
Disclaimer: I've never used LVM or LUKS before. Context: I use CentOS 7 and have X disk space available. I want to set up this disk space to store some important data, hence why I want to use LUKS to ...
- 161
1 vote
0 answers
110 views
Cryptodevice on top of DRBD with CentOS7
I have created a replicated drbd device. On top, I have create an encrypted volume with cryptsetup and finally formatted with ext4. Additionally, I am using a keyfile to be able to automount the ...
- 123
5 votes
1 answer
3k views
Is possible execute crypttab config without rebooting making the encrypted device mapped and available?
I need turn a file into a encrypted device mapped on /dev/mapper/ and to do it the easier way I found is adding a named entry to /etc/crypttab pointing to image file and key file, it works fine and ...
- 141
1 vote
0 answers
224 views
making use of self encrypting SSD
Is something special needed? It is in a supermicro server having a AOM-TPM-9670V-S TPM 2.0 and a Broadcom/Avago MegaRAID 9361-24i card. Trying to use some Seagate Nytro SAS self encrypting SSD's; ...
- 875
3 votes
1 answer
2k views
Wiping Bitlocker Drive Key Sector
I have a 4TB drive that has been bitlocker encrypted (via password) since day one and want to wipe it before I sell it used. The process looks like it's going to take 100+ hours via nwipe but I was ...
- 165
3 votes
2 answers
431 views
Azure Disk Encryption without Azure AD
According to Microsoft's documentation and examples, it should be possible to configure Azure Disk Encryption without using Azure AD; for example at https://docs.microsoft.com/en-us/azure/security/...
- 9,045
0 votes
1 answer
326 views
linux: truecrypt/veracrypt/luks/etc without /dev/loop*
I'm using a linux system without any /dev/loop* devices and without the loop module compiled into the kernel, and I don't have the option of upgrading the system or kernel. I want to use luks, ...
- 250
0 votes
1 answer
217 views
Does BitLocker encrypt in-place?
I can't find explicit documentation on this anywhere: Is BitLocker doing an in-place encryption? As to, I can actually encrypt my whole running system, with the Windows partition itself, without ...
- 1
0 votes
2 answers
912 views
How can I analyze an encrypted HDD?
I have a HDD which I encrypted few years ago but I can't remember the tool I used. How can I find out if I have used TrueCrypt or VeraCrypt to encrypt my hard drive? Thanks.
- 19
1 vote
1 answer
343 views
Securely encrypt backup for postgres DB
I do not want to encrypt my postgres DB. However, I want encryption at OS level, such that if the files(such as backups or configurations) are moved to any other system, it should be unreadable or non ...
- 11
0 votes
0 answers
137 views
USB authentication and Encryption on Windows Environment
My boss ask me that he want to secure USB thumb drive usage on our company. He want the USB thumb drive data un-encrypted when some one authenticate to our Active Directory (AD) server whether locally ...
- 105
0 votes
0 answers
156 views
FreeIPA or similar with encrypted home for ubuntu?
I am new to sys-admin work. My objective is to setup a couple of computers with Ubuntu 16.04 which satisfy two objectives: home folders encrypted central authentication management Currently I am ...
- 103
2 votes
0 answers
726 views
Linux dm-crypt slowness with fast SSD
I'm experiencing slowness with an encrypted filesystem. Here are the details: # /dev/sdd: TOSHIBA PX05SVQ192B AX02 /dev/sdd # gdisk -l /dev/sdd GPT fdisk (gdisk) version 0.7.1 Partition ...
4 votes
1 answer
1k views
Encrypt disks using SED and store keys in TPM?
I'm buying servers lately and all of them have disks that support TCG Opal full-disk encryption (aka SED). What I'd like to do is: Store data encrypted-at-rest on the disks (NVMe & SAS). Not be ...
- 497
2 votes
0 answers
572 views
FreeBSD: How to extend an encrypted ZFS zroot pool
I installed a vanilla FreeBSD 11.0 (amd64) and chose the installation option "ZFS on / (encrypted)" (or however it is really called). Now I have a nice ZFS pool: root@storage:~ # zpool list NAME ...
0 votes
1 answer
2k views
Does disk encryption on a hyper-v partition work and is it effective and stable?
I have a new health care IT customer requirement. They're file server is a virtual 2012 R2 running on a Dell PE with 2012 R2 Hyper-V. The Dell PE with 2012 R2 Hyper-V server has two partitions. 1st ...
9 votes
1 answer
9k views
cryptsetup cannot close mapped device
When I run: LANG=C cryptsetup --debug luksClose /dev/mapper/Pool-A it fails as follows: device-mapper: remove ioctl on Pool-A failed: Device or resource busy Device /dev/mapper/Pool-A is still ...
- 722
0 votes
1 answer
346 views
Azure Site Recovery support and/or alternatives for VMs with encrypted drives
Azure Recovery docs indicate that encrypted drives are not supported,we currently utilize another hosting solution that uses vormetric to encrypt our data drives, is there any supported path that ...
- 41
0 votes
1 answer
1k views
How to encrypt a Windows Server hard-drive remotely?
I have a couple of dedicated servers running Windows 2012 on the other side of the country. My only access to these servers are through RDP. For compliance reasons, I will need to encrypt their hard-...
- 101
0 votes
1 answer
428 views
Encrypting volumes of a mongo/elasticsearch cluster
I have mongodb and elasticsearch cluster. I want to encrypt the volumes associated with all the instances running in the cluster. If I encrypt only one volume among the cluster than the cluster will ...
- 141
2 votes
1 answer
5k views
Encrypting mapped network drives in Windows
I have Win Server 2012 and the drives of one of the HDDs connected to it are mapped as network drives in a Windows 10 client. If I encrypt those drives using bitlocker with the user account on the ...
- 23
2 votes
1 answer
1k views
how do I view current tpm owner in windows?
How do I see if a TPM owner has already been set? All see are examples of how to clear the TPM, reset owner password, change owner. I just want to see if the owner is set and possibly who it is set to....
- 4,383
2 votes
0 answers
540 views
How to encrypt data on an Ubuntu server built on RAID + LVM?
I'm managing a file server with two disks. The server is running Ubuntu 14.04, and it's already configured with software RAID1 (/dev/md0), and LVM on top of it. Important data is stored in /var and /...
- 265
1 vote
0 answers
82 views
Group policy setting to prevent asking user which encryption mode to use
Asked a similar question previously: Group policy setting to prevent asking user where to store recovery key I'm trying to enforce the encryption mode to the new XTS-AES so that if the users ...
- 4,383
0 votes
1 answer
83 views
Bitlocker decryption trouble
today I started the procedure to access a bitlocker encypted data storage hard disk. At first I unlocked it and then I turned off bitlocker. The turning off took some time, but it ended without any ...
2 votes
1 answer
1k views
Encrypted root partition not booting properly
I have a Debian 8 VPS with an encrypted root partition. After a kernel update a few months ago (package version 3.2.73-2+deb7u3), it stopped being able to decrypt properly on boot. As far as I can ...
- 41
0 votes
1 answer
183 views
Firmware RAID5 and SED on Linux
I have three HDD's (Seagate ST4000NM0053) in a RAID5 set-up using firmware RAID (RSTe 4.0, Intel® C612 chipset) on Debian 8.4. They are SED, so I would like to set the ATA password. Unfortunately, my ...
- 199