Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [disk-encryption]

132 questions
2
votes
2 answers

Debian installation with encryption: "No root file system is defined"

I'm installing Debian, as I've done a million times, except this time I'm trying with full-disk encryption from the installation itself and partitioning manually, because I'm replacing an existing Linux partition (different distro) on a disk with…
Teekin
  • 181
  • 1
  • 1
  • 7
1
vote
0 answers

How to set up LVM / LUKS to allow easy expansion / contraction of disk space?

Disclaimer: I've never used LVM or LUKS before. Context: I use CentOS 7 and have X disk space available. I want to set up this disk space to store some important data, hence why I want to use LUKS to encrypt it. However I'm not sure X will be…
Radu Murzea
  • 161
  • 1
  • 6
1
vote
0 answers

Cryptodevice on top of DRBD with CentOS7

I have created a replicated drbd device. On top, I have create an encrypted volume with cryptsetup and finally formatted with ext4. Additionally, I am using a keyfile to be able to automount the crypted device. (Please do insist this being unsecure.…
Christian
  • 11
  • 2
1
vote
0 answers

making use of self encrypting SSD

Is something special needed? It is in a supermicro server having a AOM-TPM-9670V-S TPM 2.0 and a Broadcom/Avago MegaRAID 9361-24i card. Trying to use some Seagate Nytro SAS self encrypting SSD's; in the megaraid setup it identifies the disk as…
ron
  • 805
  • 3
  • 11
  • 21
1
vote
1 answer

Securely encrypt backup for postgres DB

I do not want to encrypt my postgres DB. However, I want encryption at OS level, such that if the files(such as backups or configurations) are moved to any other system, it should be unreadable or non modifiable for security reasons. I tried…
aswin s
  • 11
  • 1
1
vote
0 answers

Group policy setting to prevent asking user which encryption mode to use

Asked a similar question previously: Group policy setting to prevent asking user where to store recovery key I'm trying to enforce the encryption mode to the new XTS-AES so that if the users computer is not running the latest Win 10 (Version 1511)…
red888
  • 4,183
  • 18
  • 64
  • 111
1
vote
1 answer

Is mounting /boot in /etc/fstab automatically necessary?

Hello members of StackExchange, I am running a Debian 8.0 server with Full-Disk-Encryption and while I was doing some hardening I went through the /etc/fstab and I was wondering if some partitions were really necessary to be mounted…
comfreak
  • 1,501
  • 1
  • 21
  • 33
1
vote
2 answers

LUKS/dm-crypt security in the case of a break-in

This is an encryption topic I've been confused by for a while now. From what I understand of LUKS, once the LUKS volume is opened with a passphrase and the resulting device mapper device is mounted, it can be read from and written to until the point…
Aaron Hastings
  • 113
  • 3
1
vote
1 answer

BitLocker Already Configured Issue

System Configuration: Windows Server 2008 R2 Standard Disk Configuration: RAID1 We have a newly built system that is joined to a domain and has the proper GPOs for BitLocker already setup. We install bitlocker rebooting the machine as instructed. …
sekernan
  • 51
  • 6
1
vote
1 answer

Possible to decrypt FDE/SED Samsung 840 upon boot without native BIOS/UEFI support for ATA password?

It's possible to encrypt and decrypt a drive with hdparm coupled with Full Disk Encryption like some Samsung and Intel SSDs. What I'm curious about is if it's possible to use with a Desktop motherboard. Seeing as there is very little support for…
Maletor
  • 131
  • 4
1
vote
1 answer

Does filesystem encryption strain SSDs?

For security purposes we are required to implement full filesystem encryption on an upcoming server installation. We use the default encryption settings shipped with CentOS 7. My question: as our servers use SSD drives, should I be concerned that…
csvan
  • 123
  • 5
1
vote
1 answer

Expanding raid 5 luks partition

I have just bought 2 new drives to my raid 5 array. I have successfully added them to the array and resynced. I now have a /dev/md4 drive that is 16 TB, but the crypt-luks partition md4p1 is still 12 TB. I tried expanding it to use the whole drive…
prinsen
  • 162
  • 8
1
vote
1 answer

Troubleshooting I/O latency possibly caused by file system driver

I have a SQL Server instance (SQL Server 2008 R2, Windows 2008 R2) that complains, for very short, random periods of about 15-20 seconds, that some of its I/O requests are taking longer than 15 seconds. ("SQL Server has encountered x occurrence(s)…
Eldergriffon
  • 87
  • 1
  • 7
1
vote
1 answer

Will adding a Windows machine to a different domain adversely affect DPAPI encryption?

I am considering moving a machine on which DPAPI encryption is used from one domain to another. Will doing this break or otherwise adversely affect the DPAPI configuration - and already encrypted data?
BrianCooksey
  • 83
  • 1
  • 8
1
vote
1 answer

CentOS 6.3 drive encryption being on remove server

During the clean installation of CentOS 6.3, I choose to encrypt the primary partition / (the whole drive) (obviously except /boot). My point is to have fully encrypted drive (8 drives in RAID10) but at the same time being able to reboot via SSH and…
Ilia Ross
  • 1,086
  • 1
  • 10
  • 20
1 2 3
8 9