[solved]luks encrypted NAS question

shoelesshunter · 2022-01-02 03:49:46

I am planning a NAS. it will have one system nvme drive (unencrypted) and four luks containers for media (btrfs).

I have experience with luks on my laptop-- single drive, promoted by grub, but how do I unlock an array after booting a server since I can't log in before the prompt is completed?

since the OS disk will be unencrypted, I imagine I can log into the server and unlock the array, do btrfs device scan and mount. for that I considered creating a small luks partition on the OS disk, and create a key there. I would open that partition with a passphrase after logging in, then the four btrfs drives would unlock via the newly revealed key.

am I headed in the right direction, or is there a simpler way?

thanks.

Last edited by shoelesshunter (2022-01-16 07:29:04)

jasonwryan · 2022-01-02 04:14:54

If the OS is unencrypted, I'm not sure why you would bother encrypting the data...

You can have an SSH daemon running in the initramfs and unencrypt your system remotely. See https://wiki.archlinux.org/title/Dm-cry … yssh,_ppp)

shoelesshunter · 2022-01-16 06:30:32

thanks. as tobthe question, the NAS will hold backups of an encrypted laptops data. is it really necessary to lock down the entire OS? I do that on the laptop, but is a simple ssd with subvolumes.

shoelesshunter · 2022-01-16 07:30:55

I'll simply set the array crypttab and fstab with noauto and write a login script to check for the volumes and unlock if needed.

I'm very new. so, before I do this, if anyone sees a hole in this approach, please educate me.

Arch Linux

#1 2022-01-02 03:49:46

[solved]luks encrypted NAS question

#2 2022-01-02 04:14:54

Re: [solved]luks encrypted NAS question

#3 2022-01-16 06:30:32

Re: [solved]luks encrypted NAS question

#4 2022-01-16 07:30:55

Re: [solved]luks encrypted NAS question

Board footer