I have been playing around with encryption for a system for a while, 4th post contains my notes on what I have so far. If anyone has more experience with crypttab and knows how to allow booting with a missing device, input would be appreciated.
Presently I am attempting to set up a Proxmox node with complete disk encryption. The end goal is to have to enter two passwords for the encrypted zfs mirror Proxmox is booting from and have data drives be decrypted by keys stored on the boot drives.
The current state of this project is as follows. A Proxmox VM has been configured with two disks in a zfs mirror. The first step I am trying to accomplish is to encrypt a single disk and have the system boot and zfs recognize both boot disks at boot time.
I have tried following a variety of guides, and while data is kept on the drives and appears to work until reboot on reboot zfs does not recognize the encrypted drive.
Has anybody accomplished zfs on luks whole disk encryption and/or have a guide on how to implement it?
EDIT: added second config to current status spoiler
The current state of this project is as follows. A Proxmox VM has been configured with two disks in a zfs mirror. The first step I am trying to accomplish is to encrypt a single disk and have the system boot and zfs recognize both boot disks at boot time.
I have tried following a variety of guides, and while data is kept on the drives and appears to work until reboot on reboot zfs does not recognize the encrypted drive.
zfs on lvm on luks attempt (following guides to the letter)
zfs on crypt directly attempt before reboot
After reboot lukszfs1 is not recognized even though it is mounted by grub and initramfs.
zfs on crypt directly attempt before reboot
After reboot lukszfs1 is not recognized even though it is mounted by grub and initramfs.
Has anybody accomplished zfs on luks whole disk encryption and/or have a guide on how to implement it?
EDIT: added second config to current status spoiler
Last edited: