This post is assuming that every disk does not have any important data and/or no critical data on it. Encrypting disk(s) with data will cause data loss.
Why would we want to encrypt our disk(s)?
To prevent unauthorized users that have physical access to the disks and walk away with it.
To encrypt the disk drives, make sure to install the plugin called openmediavault-luksencryption. Once it is installed, a new tab named Encryption will be available.
- Navigate to Storage > Encryption then select Create
- In the new windows, select the disk you would like to encrypt from the Device drop-down menu
- Enter the encryption key in the Passphrase field (do NOT lose this Passphrase)
- Confirm the Passphrase then click on Create
- Then you will get a prompt if you are sure to encrypt the disk. Click Yes if you want to continue
- Once done, click Apply when the yellow banner appears
- Repeat steps 1 – 6 for each disk you would like to encrypt.
Now, we need to make a backup of the LUKS header.
- Navigate to Storage > Encryption then select the disk
- Click on Recovery
- Select the Backup-header
- Save this LUKS header because it may come in handy in the future
- Repeat steps 1 – 4 for each encrypted disk
When done, each disk needs to be unlocked for OMV to write and read data.
- Navigate to Storage > Encryption then select the disk
- Click Unlock
- Enter the passphrase in the Passphrase field
- Click on Unlock
- Repeat steps 1 – 4 for each encrypted disk. A blue dot should appear in the Unlock column once the disk has been unlocked
We need to format and set the file system to each disk and mount each disk to be usable
- Navigate to Storage > Files Systems
- Click on Create to add the newly encrypted disks
- Select the disk from the Device drop-down menu
- Enter a label that makes sense to you in the Label field
- Select the file system type from the File System drop-down menu
- Click Ok
- Click the newly formatted disk
- Click Mount
- Click on Apply
- Repeat steps 1 – 9 for each disk
That is pretty much it.
Cheers!
Would there be any reason the device name does not show up on the dropdown list?
Hello Roger, sorry for my late reply, I’ve been really busy. Are you talking about the drop-down when encrypting the disks in Figure 1?
Make sure that your disks are showing up in Storage > Disks.
Great write up! I followed the steps and was able to access my encrypted drive on windows 10 but it says I don’t have permission when I try to add files. I have read/write access set up for the credentials I mapped with. Any ide why it seems write only? Thanks
I would recommend checking out the OMV forum for smb related issues. I’m actually in a process of switching my NAS to a plain Debian 10 and install only the packages that I need.
With my mounted drive labeled “Data1”, it has about 1.5TB data. It does not show up in the Encryption device drop-down dialogue. Is it because it is not blank? Does the encryption need to be written to a blank driven In OMV?
Hi,
I am not 100% sure, but this must be one of those OMV weird behavior. I would recommend posting at https://forum.openmediavault.org/ just to be safe.
I’m getting an Error 0 when I try to create a File System after encrypting the disk. I’m using OMV5. Failed to execute command ‘export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; omv-salt deploy run –no-color quota 2>&1’ with exit code ‘1’: raspberrypi: ———- ID: quota_off_no_quotas_ Function: cmd.run Name: quotaoff –group –user /dev/disk/by-label/Backup || true Result: True Comment: Command “quotaoff –group –user /dev/disk/by-label/Backup || true” run Started: 21:42:15.466588 Duration: 27.029 ms Changes: ———- pid: 27986 retcode: 0 stderr: quotaoff: Cannot stat() given mountpoint /dev/disk/by-label/Backup: No such file or directory Skipping… quotaoff: No correct mountpoint specified. stdout: ———- ID: quota_check_no_quotas_ Function: cmd.run Name: quotacheck –user… Read more »
Did you decrypt/open the encrypted disk before you try to create a filesystem? You need to decrypt/open the encrypted disk before you can do anything about it. When you reboot your system, you have to decrypt the disk(s) again before you can use or access the data. I stopped using OMV due to bugs related to OMV itself and I ended up using a CentOS 8 minimal for my NAS and installed the packages that I need. I found that it is too much of a hassle to troubleshoot the OMV layer and it is hard to find the solution… Read more »
Hi, I followed these steps but retrieve this error message:
Error #0:
OMV\Exception: export LANG=C; partprobe ‘/dev/sda’ in /usr/share/openmediavault/engined/rpc/luks.inc:470
Stack trace:
#0 [internal function]: OMVRpcServiceLuksMgmt->createContainer(Array, Array)
#1 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#2 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod(‘createContainer’, Array, Array)
#3 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call(‘LuksMgmt’, ‘createContainer’, Array, Array, 1)
#4 {main}
Can’t find the reason for this… thanks for your help.
Hi,
By the looks of it, it seems like it is related to PHP and/or OMV UI. I would recommend posting your issue in the OMV forum to get proper help. I quit using OMV to due it is harder to fix OMV issues than a regular plain distro like Debian, CentOS or openSUSE as a NAS. Sorry man.
Thanks anyways…