gandalfb / openmediavault-full-disk-encryption Goto Github PK

I just saw your guide in the forum, i ended up here.

Like two months ago i did some sort of enhancement of the luks encryption plugin. The source is here

https://github.com/subzero79/openmediavault-luksencryption/tree/advsettings

This was based on this work

https://blog.iwakd.de/headless-luks-decryption-via-ssh

What this fork of the plugin does:

• Allows you to activate a before-decrypt target, where only basic services (including ssh will be running)
• Includes a decrypt drives script to be run. The script will prompt for password for the drives. Another option is two give a secondary drive (with keyfiles) to use for auto-decrypting. If the key disk is encrypted then you will need to log into ssh to run it as it will prompt for the password of the disk.

Feel free to test it or add more features.

The plugin does some heavy interventions in the /etc/fstab and db omv lines to work properly, especially if the before-decrypt target is activated. It will add noauto,nofail as this essential to not delay boot. Also deactivates sharedfolders systemd units.

The fstab drives and sharedfolders units are mounted once the drives are decrypted and multi-user target reached (just look at mkconf/luks.d/03systemd folder). The idea of the plugin was not to boot omv and have numerous services failing to start because the un-decrypted drives were not available.

This plugin doesn't handle the rootfs encryption. If you think you can add the feature somehow let me know

Please add a license to the repository

Hi, thank you very much for your tutorial.
In my case I want to install OVM on the same drive with a Windows 10 installation to have a backup gaming machine. So my setup deviates in 2 points. The first is that I had to install OVM on top of a minimal debian setup (wich I suppose isn't a problem) and my partition structure is different (wich I suppose causes my problems). Windows occupies nvme0n1p1 to nvme0n1p3. cfdisk forced me to make nvme0n1p4 an extend volume in order to fit the 3 additional partitions for ovm (nvme0n1p5 = /boot, nvme0n1p6= swap, nvme0n1p7 = /).

Now formatting, encrypting and mounting works fine, but i get a lot of warnings for this part:
update-initramfs -u -k all
update-grub
grub-install /dev/nvme0n1

first initramfs has some warnings:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
update-initramfs: Generating /boot/initrd.img-4.19.0-12-amd64
dropbear: WARNING: Setting DROPBEAR in /etc/initramfs-tools/initramfs.conf is deprecated and will be ignored in a future release
W: Possible missing firmware /lib/firmware/nvidia/gp100/gr/sw_method_init.bin for module nouveau
...
W: mkconf: MD subsystem is not loaded, thus I cannot scan for arrays.
W: mdadm: failed to auto-generate temporary mdadm.conf file.
update-initramfs: Generating /boot/initrd.img-4.19.0-11-amd64
dropbear: WARNING: Setting DROPBEAR in /etc/initramfs-tools/initramfs.conf is deprecated and will be ignored in a future release
...
W: mkconf: MD subsystem is not loaded, thus I cannot scan for arrays.
W: mdadm: failed to auto-generate temporary mdadm.conf file.

and then update-grub endlessly shows the same warning for all partitions:
Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-4.19.0-12-amd64
Found initrd image: /boot/initrd.img-4.19.0-12-amd64
Found linux image: /boot/vmlinuz-4.19.0-11-amd64
Found initrd image: /boot/initrd.img-4.19.0-11-amd64
WARNING: Device /dev/nvme0n1 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
WARNING: Device /dev/sda not initialized in udev database even after waiting 10000000 microseconds.

When I try to boot OVM, grub lists Debian and Windows. Windows works but Debian shows an error with the old UUID that could not be found as well as the missing vmlinuz-4.19.0-12-amd64. I tried to manually enter the new UUID in the grub.cfg but the missing vmlinuz-4.19.0-12-amd64 stays. I suspect either the extended volume structure, some legacy vs uefi or some deprecated functions to be the issue. Any idea how to fix this?

Unfortunately this doesn't work with OMV6 - initramfs doesn't ask for password.