Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [luks]

LUKS (Linux Unified Key Setup) is a disk-encryption specification. It is the standard for Linux hard disk encryption.

LUKS (Linux Unified Key Setup) is a disk-encryption specification. It is the standard for Linux hard disk encryption. LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.

Website: http://code.google.com/p/cryptsetup/

Wikipedia: http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

150 questions
6
votes
1 answer

Can servers with encrypted root filesystems be made reasonably highly available?

I have some servers I'd like to keep on encrypted disks, but I don't want to have to manually type a passphrase at every boot. I also don't want to keep the key on the machine unencrypted. TPM would be a natural fit here, but what if someone…
librett0
  • 79
  • 1
  • 3
6
votes
1 answer

High I/O latency with software RAID, LUKS encrypted and LVM partitioned KVM setup

I found out a performance problems with a Mumble server, which I described in a previous question are caused by an I/O latency problem of unknown origin. As I have no idea what is causing this and how to further debug it, I'm asking for your ideas…
aef
  • 1,705
  • 4
  • 24
  • 41
5
votes
4 answers

LUKS Automatic unlock of with key file on remote ubuntu server

Is there a way to automatically unlock a LUKS drive at boot time with the key-file being stored on a remote machine. The idea is to make sure servers may restart without any user input. Servers are on a public cloud and I can't encrypt the root…
ludofet
  • 151
  • 1
  • 3
5
votes
2 answers

Removing failing drive from LVM volume group ... and recovering partial data from an incomplete LV (with a missing PV)

I've been fighting this issue for some time now. I have a Logical Volume with 3 disks, 1.5TB, 2TB and 3TB. The 1.5TB drive is failing. Lots of I/O errors and dead bad sectors. I started pvmove to move the existing extents on the failing drive to…
Sniku
  • 121
  • 1
  • 1
  • 6
5
votes
3 answers

Best way to secure Kickstart encrypted partition passwords

I have a CentOS 6.5 environment that boots up servers using Kickstart. One of the requirements of our Kickstart is that the partitions are encrypted. Since Anaconda can only take plain text passwords for LUKS encrypted partitions, what's the best…
chizou
  • 457
  • 3
  • 8
  • 15
5
votes
1 answer

Determine if LUKS/dmcrypt key is present

I am writing a Chef LWRP to add a key to a LUKS container and I'm having difficulty coming up with a way to determine whether or not my key already exists. cryptsetup luksAddKey will happily add the same keyfile multiple times, so I can't simply…
Aaron Brown
  • 1,677
  • 1
  • 12
  • 21
4
votes
1 answer

Creating ZFS pool from liveCD with ashift=9 becomes ashift=12 when rebooted into new OS

I have created a zpool while booted on a Linux Mint liveCD (with all the ZFS packages temp apt-installed) and created a zpool with command line containing ashift=9 because my ST4000NM0033 drives (8 each) have 512B sectors. Also created some ZFS…
GenerationTech
  • 51
  • 4
4
votes
3 answers

What is the failed dependency during cryptography setup of systemd?

I'm using Ubuntu 16.04 LTS Server in a VM with one unencrypted hard disk for / and an additional LUKS-encrypted one for some arbitrary data. The encrypted disk is opened and mounted with a password manually at the shell after the system has bootet…
Thorsten Schöning
  • 643
  • 5
  • 16
4
votes
1 answer

Exactly how does kickstart encrypt a partition?

Let's say for example I have this line in the pre section of my kickstart file: part / --asprimary --fstype="ext4" --size=10000 --encrypted --passphrase=pass1 Great, but, how does that work? Exactly how does "--encrypted" encrypt the partition?…
Everlight
  • 141
  • 1
  • 3
4
votes
1 answer

Filesystem Performance for LUKS Encrypted Volumes?

As you can format a LUKS volume with any filesystem you want, are certain filesystems better-suited to IO performance against an encrypted filesystem? Specifically, I'm wondering about a loop device with a file sitting on an ext4 partition. As all…
Will
  • 1,127
  • 10
  • 25
4
votes
1 answer

Cryptsetup luks - Check that kernel supports aes-xts-plain64 cipher

I encrypted a bunch of hard drives with cryptsetup luks encryption on CentOS 5. Everything was fine, until I upgraded my system to CentOS 6. Now I cannot mount the disks anymore. To mount with my keyphrase: sudo cryptsetup luksOpen /dev/sdc1 d2 I…
Crash Override
  • 571
  • 1
  • 8
  • 20
4
votes
0 answers

Dual primary DRBD with LUKS encryption

Is it possible to create a LUKS encrypted filesystem that is accessible by both nodes of a dual primary DRBD system? Here is what I tried to do: Create two nodes and establish a partition on each with an ext3 filesystem. Replicate the partition…
Doug
  • 49
  • 1
4
votes
1 answer

LUKS partition recovery

A drive with 2 partitions - the first partition is plain ext4, second one is encrypted LUKS. The partition table has been overwritten. I've found the beginning of the second partition, which I need to recover, thusly: #hexdump -s 400000m -C /dev/sdc…
hexedone
  • 41
  • 1
  • 2
4
votes
2 answers

BTRFS and Luks integration

I would like to build a RAID1/BTRFS/Luks setup. What I found about it so far is: An encrypted Btrfs file system can be created on top of the dm_crypt disk encryption subsystem and Linux Unified Key Setup (LUKS) layer, which supports a variety of…
Doodle
  • 41
  • 1
  • 2
4
votes
1 answer

ZFS on LUKS not recognized at boot

I've got 6 physical drives in RAID-Z2, which I intend to one-by-one convert to dm-crypt devices. My process was roughly: dd if=/dev/zero of=/dev/sdf Create keyfile /etc/crypttab.d/crypt-1.key cryptsetup luksFormat /dev/sdf Append crypt-1…
Chris Tonkinson
  • 465
  • 2
  • 6
  • 18
1
2
3
9 10