Questions tagged [disk-encryption]
129 questions
38
votes
12 answers
What do you do about staff and personal laptops?
Today, one of our developers had his laptop stolen from his house. Apparently, he had a full svn checkout of the company's source code, as well as a full copy of the SQL database.
This is one massive reason why I'm personally against allowing…
Tom O'Connor
- 27,440
- 10
- 72
- 148
14
votes
4 answers
Can cryptsetup read mappings from /etc/crypttab?
I have a virtualized CentOS 7 server that needs to mount multiple password-protected encrypted volumes. I cannot automatically map the devices on boot, because I don't have access to the console during the boot process to enter the decryption…
Craig Finch
- 370
- 1
- 4
- 12
8
votes
1 answer
BitLocker with Windows DPAPI Encryption Key Management
We have a need to enforce resting encryption on an iSCSI LUN that is accessible from within a Hyper-V virtual machine.
We have implementing a working solution using BitLocker, using Windows Server 2012 on a Hyper-V Virtual Server which has iSCSI…
bigmac
- 459
- 3
- 8
- 18
7
votes
2 answers
LUKS Error During Boot
alg: drbg: could not allocate DRNG handle for ...
I only see this error on the console during the boot process of virtual machines we create. EDIT: 2/5/16 - I see it on some bare-metal installations, too. (It does proceed to boot completely.) I…
Aaron Copley
- 12,345
- 5
- 46
- 67
7
votes
1 answer
How to send "ATA Secure Erase" command to SSD?
A very good way to erase a SSD which have SED support is to change the password/key. But what to do with those that doesn't have SED support?
This article says
Fortunately it is possible to erase most SSDs, though this is closer
to a “reset” than…
Jasmine Lognnes
- 2,490
- 8
- 31
- 51
7
votes
1 answer
Does LUKS also encrypt free space?
I have moved to Ubuntu 12 and chosen to use full disk encryption (encrypted LVM).
So now I'm wondering: should I shred (eg: with secure-delete package, srm) the free disk space to remove any remnant windows might have left?
Is free disk space…
HappyDeveloper
- 654
- 2
- 6
- 13
7
votes
2 answers
Approaches for Linux server disk encryption
What are the approaches available for fully encrypting a disk on a remote server (say, colocated in a datacenter)? On Windows, we can just turn on Bitlocker with a TPM. Then the server can reboot, and attacking either requires taking the machine…
MichaelGG
- 1,739
- 8
- 25
- 30
7
votes
1 answer
State of hardware-assisted disk encryption in Linux
I use dm-crypt to encrypt partitions. I am building a small office server from consumer (or pro-sumer) category hardware. It made me wonder, hardware-assisted encryption is a notion in the air for years, is it reality yet?
The two crytical points of…
vbence
- 213
- 1
- 12
6
votes
0 answers
cryptsetup cannot close mapped device
When I run:
LANG=C cryptsetup --debug luksClose /dev/mapper/Pool-A
it fails as follows:
device-mapper: remove ioctl on Pool-A failed: Device or resource busy
Device /dev/mapper/Pool-A is still in use.
Command failed with code 16: Device or…
sebelk
- 642
- 3
- 13
- 32
6
votes
1 answer
Can servers with encrypted root filesystems be made reasonably highly available?
I have some servers I'd like to keep on encrypted disks, but I don't want to have to manually type a passphrase at every boot. I also don't want to keep the key on the machine unencrypted. TPM would be a natural fit here, but what if someone…
librett0
- 79
- 1
- 3
6
votes
9 answers
Recommended drive encryption solution
I will soon be purchasing a number of laptops running Windows 7 for our mobile staff. Due to the nature of our business I will need drive encryption. Windows BitLocker seems the obvious choice, but it looks like I need to purchase either Windows 7…
Chris Driver
- 512
- 1
- 5
- 14
5
votes
1 answer
Determine if LUKS/dmcrypt key is present
I am writing a Chef LWRP to add a key to a LUKS container and I'm having difficulty coming up with a way to determine whether or not my key already exists. cryptsetup luksAddKey will happily add the same keyfile multiple times, so I can't simply…
Aaron Brown
- 1,677
- 1
- 12
- 21
5
votes
7 answers
Windows XP Full Disk Encryption - What are the options?
I've been ask to look at full disk encryption software for our mobile users. We're running Windows XP SP3 PCs on a domain and my understanding is that we will not be upgrading to Vista and have no current plans to upgrade to Windows 7. This would…
Carl C
- 1,038
- 3
- 10
- 19
5
votes
3 answers
When to use Truecrypt, and when not to?
I have about 30 (this number will most likely grow over the next few years to 50 or more) unencrypted laptops that I have been tasked to encrypt (entire drive). These machines will be used off site regularly by my users. These machines are running…
tm77
- 63
- 1
- 4
4
votes
1 answer
Encrypt disks using SED and store keys in TPM?
I'm buying servers lately and all of them have disks that support TCG Opal full-disk encryption (aka SED). What I'd like to do is:
Store data encrypted-at-rest on the disks (NVMe & SAS).
Not be required to enter a password/passphrase at server…
Evan
- 307
- 1
- 4
- 12