Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [disk-encryption]

129 questions
38
votes
12 answers

What do you do about staff and personal laptops?

Today, one of our developers had his laptop stolen from his house. Apparently, he had a full svn checkout of the company's source code, as well as a full copy of the SQL database. This is one massive reason why I'm personally against allowing…
Tom O'Connor
  • 27,440
  • 10
  • 72
  • 148
14
votes
4 answers

Can cryptsetup read mappings from /etc/crypttab?

I have a virtualized CentOS 7 server that needs to mount multiple password-protected encrypted volumes. I cannot automatically map the devices on boot, because I don't have access to the console during the boot process to enter the decryption…
Craig Finch
  • 370
  • 1
  • 4
  • 12
8
votes
1 answer

BitLocker with Windows DPAPI Encryption Key Management

We have a need to enforce resting encryption on an iSCSI LUN that is accessible from within a Hyper-V virtual machine. We have implementing a working solution using BitLocker, using Windows Server 2012 on a Hyper-V Virtual Server which has iSCSI…
bigmac
  • 459
  • 3
  • 8
  • 18
7
votes
2 answers

LUKS Error During Boot

alg: drbg: could not allocate DRNG handle for ... I only see this error on the console during the boot process of virtual machines we create. EDIT: 2/5/16 - I see it on some bare-metal installations, too. (It does proceed to boot completely.) I…
Aaron Copley
  • 12,345
  • 5
  • 46
  • 67
7
votes
1 answer

How to send "ATA Secure Erase" command to SSD?

A very good way to erase a SSD which have SED support is to change the password/key. But what to do with those that doesn't have SED support? This article says Fortunately it is possible to erase most SSDs, though this is closer to a “reset” than…
Jasmine Lognnes
  • 2,490
  • 8
  • 31
  • 51
7
votes
1 answer

Does LUKS also encrypt free space?

I have moved to Ubuntu 12 and chosen to use full disk encryption (encrypted LVM). So now I'm wondering: should I shred (eg: with secure-delete package, srm) the free disk space to remove any remnant windows might have left? Is free disk space…
HappyDeveloper
  • 654
  • 2
  • 6
  • 13
7
votes
2 answers

Approaches for Linux server disk encryption

What are the approaches available for fully encrypting a disk on a remote server (say, colocated in a datacenter)? On Windows, we can just turn on Bitlocker with a TPM. Then the server can reboot, and attacking either requires taking the machine…
MichaelGG
  • 1,739
  • 8
  • 25
  • 30
7
votes
1 answer

State of hardware-assisted disk encryption in Linux

I use dm-crypt to encrypt partitions. I am building a small office server from consumer (or pro-sumer) category hardware. It made me wonder, hardware-assisted encryption is a notion in the air for years, is it reality yet? The two crytical points of…
vbence
  • 213
  • 1
  • 12
6
votes
0 answers

cryptsetup cannot close mapped device

When I run: LANG=C cryptsetup --debug luksClose /dev/mapper/Pool-A it fails as follows: device-mapper: remove ioctl on Pool-A failed: Device or resource busy Device /dev/mapper/Pool-A is still in use. Command failed with code 16: Device or…
sebelk
  • 642
  • 3
  • 13
  • 32
6
votes
1 answer

Can servers with encrypted root filesystems be made reasonably highly available?

I have some servers I'd like to keep on encrypted disks, but I don't want to have to manually type a passphrase at every boot. I also don't want to keep the key on the machine unencrypted. TPM would be a natural fit here, but what if someone…
librett0
  • 79
  • 1
  • 3
6
votes
9 answers

Recommended drive encryption solution

I will soon be purchasing a number of laptops running Windows 7 for our mobile staff. Due to the nature of our business I will need drive encryption. Windows BitLocker seems the obvious choice, but it looks like I need to purchase either Windows 7…
Chris Driver
  • 512
  • 1
  • 5
  • 14
5
votes
1 answer

Determine if LUKS/dmcrypt key is present

I am writing a Chef LWRP to add a key to a LUKS container and I'm having difficulty coming up with a way to determine whether or not my key already exists. cryptsetup luksAddKey will happily add the same keyfile multiple times, so I can't simply…
Aaron Brown
  • 1,677
  • 1
  • 12
  • 21
5
votes
7 answers

Windows XP Full Disk Encryption - What are the options?

I've been ask to look at full disk encryption software for our mobile users. We're running Windows XP SP3 PCs on a domain and my understanding is that we will not be upgrading to Vista and have no current plans to upgrade to Windows 7. This would…
Carl C
  • 1,038
  • 3
  • 10
  • 19
5
votes
3 answers

When to use Truecrypt, and when not to?

I have about 30 (this number will most likely grow over the next few years to 50 or more) unencrypted laptops that I have been tasked to encrypt (entire drive). These machines will be used off site regularly by my users. These machines are running…
tm77
  • 63
  • 1
  • 4
4
votes
1 answer

Encrypt disks using SED and store keys in TPM?

I'm buying servers lately and all of them have disks that support TCG Opal full-disk encryption (aka SED). What I'd like to do is: Store data encrypted-at-rest on the disks (NVMe & SAS). Not be required to enter a password/passphrase at server…
Evan
  • 307
  • 1
  • 4
  • 12
1
2 3
8 9