Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [luks]

LUKS (Linux Unified Key Setup) is a disk-encryption specification. It is the standard for Linux hard disk encryption.

LUKS (Linux Unified Key Setup) is a disk-encryption specification. It is the standard for Linux hard disk encryption. LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.

Website: http://code.google.com/p/cryptsetup/

Wikipedia: http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

157 questions
7
votes
0 answers

Write performance is 5 times worse with LUKS on top of mdadm RAID10 than without LUKS

I have servers with many NVMe disks. I am testing disk performance with fio using the following: fio --name=asdf --rw=randwrite --direct=1 --ioengine=libaio --bs=16k --numjobs=8 --size=10G --runtime=60 --group_reporting For a single disk, LUKS…
tacos_tacos_tacos
  • 3,250
  • 18
  • 63
  • 100
6
votes
1 answer

Can servers with encrypted root filesystems be made reasonably highly available?

I have some servers I'd like to keep on encrypted disks, but I don't want to have to manually type a passphrase at every boot. I also don't want to keep the key on the machine unencrypted. TPM would be a natural fit here, but what if someone…
librett0
  • 79
  • 1
  • 3
6
votes
1 answer

High I/O latency with software RAID, LUKS encrypted and LVM partitioned KVM setup

I found out a performance problems with a Mumble server, which I described in a previous question are caused by an I/O latency problem of unknown origin. As I have no idea what is causing this and how to further debug it, I'm asking for your ideas…
aef
  • 1,745
  • 4
  • 25
  • 43
5
votes
1 answer

Cryptsetup luks - Check that kernel supports aes-xts-plain64 cipher

I encrypted a bunch of hard drives with cryptsetup luks encryption on CentOS 5. Everything was fine, until I upgraded my system to CentOS 6. Now I cannot mount the disks anymore. To mount with my keyphrase: sudo cryptsetup luksOpen /dev/sdc1 d2 I…
Crash Override
  • 601
  • 1
  • 10
  • 21
5
votes
2 answers

Removing failing drive from LVM volume group ... and recovering partial data from an incomplete LV (with a missing PV)

I've been fighting this issue for some time now. I have a Logical Volume with 3 disks, 1.5TB, 2TB and 3TB. The 1.5TB drive is failing. Lots of I/O errors and dead bad sectors. I started pvmove to move the existing extents on the failing drive to…
Sniku
  • 141
  • 1
  • 1
  • 6
5
votes
3 answers

Best way to secure Kickstart encrypted partition passwords

I have a CentOS 6.5 environment that boots up servers using Kickstart. One of the requirements of our Kickstart is that the partitions are encrypted. Since Anaconda can only take plain text passwords for LUKS encrypted partitions, what's the best…
chizou
  • 477
  • 3
  • 8
  • 18
5
votes
1 answer

Determine if LUKS/dmcrypt key is present

I am writing a Chef LWRP to add a key to a LUKS container and I'm having difficulty coming up with a way to determine whether or not my key already exists. cryptsetup luksAddKey will happily add the same keyfile multiple times, so I can't simply…
Aaron Brown
  • 1,697
  • 1
  • 12
  • 22
5
votes
1 answer

How to unlock multiple luks-devices using dropbear-initramfs

My system setup is as following: One single SSD with LUKS and LVM (and of course an unencrypted boot partition). The debian system is installed there. Two HDDs assembled as RAID0 with LUKS and LVM for some custom data To unlock to LUKS-devices at…
t777
  • 211
  • 1
  • 8
4
votes
1 answer

Creating ZFS pool from liveCD with ashift=9 becomes ashift=12 when rebooted into new OS

I have created a zpool while booted on a Linux Mint liveCD (with all the ZFS packages temp apt-installed) and created a zpool with command line containing ashift=9 because my ST4000NM0033 drives (8 each) have 512B sectors. Also created some ZFS…
GenerationTech
  • 51
  • 4
4
votes
3 answers

What is the failed dependency during cryptography setup of systemd?

I'm using Ubuntu 16.04 LTS Server in a VM with one unencrypted hard disk for / and an additional LUKS-encrypted one for some arbitrary data. The encrypted disk is opened and mounted with a password manually at the shell after the system has bootet…
Thorsten Schöning
  • 683
  • 7
  • 20
4
votes
1 answer

Encrypt/Decrypt filesystem container file with smartcard on linux

I want to encrypt and decrypt a file system container file with luks and a smartcard on debian linux. The smartcard is a Nitrokey Start which is basically a compact smartcard in a usb reader. I know how to create and mount a container file with dd,…
soulflyman
  • 141
  • 5
4
votes
1 answer

Exactly how does kickstart encrypt a partition?

Let's say for example I have this line in the pre section of my kickstart file: part / --asprimary --fstype="ext4" --size=10000 --encrypted --passphrase=pass1 Great, but, how does that work? Exactly how does "--encrypted" encrypt the partition?…
Everlight
  • 141
  • 1
  • 3
4
votes
1 answer

Filesystem Performance for LUKS Encrypted Volumes?

As you can format a LUKS volume with any filesystem you want, are certain filesystems better-suited to IO performance against an encrypted filesystem? Specifically, I'm wondering about a loop device with a file sitting on an ext4 partition. As all…
Will
  • 1,147
  • 10
  • 26
4
votes
0 answers

Dual primary DRBD with LUKS encryption

Is it possible to create a LUKS encrypted filesystem that is accessible by both nodes of a dual primary DRBD system? Here is what I tried to do: Create two nodes and establish a partition on each with an ext3 filesystem. Replicate the partition…
Doug
  • 49
  • 1
4
votes
1 answer

LUKS partition recovery

A drive with 2 partitions - the first partition is plain ext4, second one is encrypted LUKS. The partition table has been overwritten. I've found the beginning of the second partition, which I need to recover, thusly: #hexdump -s 400000m -C /dev/sdc…
hexedone
  • 41
  • 1
  • 2
1
2
3
10 11