luks

So after a couple additional days of troubleshooting i think i am finally quite close to getting it fully working and as soon as thats the case i am planing to write a full guide for all people that want to do a similar setup in the future since i couldnt find any real guides for proxmox /...

Hello everyone, I have been thinking about fully encrypting my Proxmox 8 server which is located in an external data center. I would like to use Luks so that the encryption password is requested when booting which I can then enter via SSH. Now I have found the following instructions and have...

If you want to encrypt your data, the best way is usually to start at the lowest layer possible to get as much data encrypted as possible. If you run all your VMs on top of Proxmox, then adding encryption to all disks in Proxmox is the natural solution, but there doesn't seem to be an official...

Steps to perform on proxmox VE (version 7.3-3): Step 0: apt-get install cryptsetup Step 1: fdisk /dev/sdb Step 2: cryptsetup luksFormat /dev/sdb Step 3: cryptsetup luksOpen /dev/sdb encrypted_disk Step 4: mkfs.ext4 /dev/mapper/encrypted_disk Step 5: mkdir...

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure. # My desired setup...

Hey guys, I am the dev behind Mortar, a framework for linking secureboot with LUKS to create fully encrypted, auto unlocking hypervisors. Proxmox support was the original target for this framework but it has since grown. My users and I have discovered that things simply don't work with PVE...

I have dell r620. (rather old intel hw). I installed debian 11 with unencrypted boot and encrypted root. Everything worked fine. Then I installed pve-kernel according: https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_11_Bullseye apt install pve-kernel-5.15 systemctl reboot Reboot...

I've now tried twice, with the process I'm using being a standard install of Debian 11 with an encrypted LVM, then following along the wiki guide to convert this install to PVE. Upon installing the pve-kernel, the system hangs on "loading initial ramdisk" on boot. So far I've tried both the...

Hello all I'm quite new on PVE but have so far played around with 2 thin clients on driffrent vlans running a few VMs each, mostly linux dist, HASS, and a few LXC. So I have some grasp on how to find my way around. But google and the forum have failed me on this, for me, pretty important...

I have experimented with Proxmox and Linux (new for me, though I have a unix-like background experience) and set up the following setup: Hardware: standard x86 Core i5 External 2TB SSD RAID (pvehost:/dev/sda) Internal 1TB SSD (pvehost:/dev/nvme0n1 hardware encrypted, key to be entered at boot)...

Hi, Right now I'm writing a tutorial on how to best setup an encrypted PVE node. But the question is now how to best set up the encrypted swap? As far as I see there are 3 options and none of them is really great: Option 1.) Just a LUKS encrypted swap partition on a single disk. Not that...

Hello, I have a bunch of questions about setting up storage in a recommended/safest way. My end goal is that I have a NAS with a few storage "buckets" that I can mount/share into other vm's or externally via samba, nfs, etc. The tricky thing is, I want all(or some) of the storage to be...

Hello all, I have seen an understand the benefits of setting up a base image/template with Cloud-Init, so similar VMs can very easily be setup when needed. My question is... can these Cloud-Init template/images can be setup with LUKS encryption without losing any features? Will it still be able...

This happend on osd creation on pve 7.1.2: create OSD on /dev/nvme0n1 (bluestore) wiping block device /dev/nvme0n1 /dev/nvme0n1: 8 bytes were erased at offset 0x00000200 (gpt): 45 46 49 20 50 41 52 54 /dev/nvme0n1: 8 bytes were erased at offset 0x5d268655e00 (gpt): 45 46 49 20 50 41 52 54...

Hi. One quick question. Is it a safe practice to passthrough LUKS encrypted disk to VM by pointing to /dev/mapper/ mounted disk ? I know VM can handle the whole encryption thing, but I have special needs :) Thanks in advance

Hey I think i've outdone myself here. For an encrypted VM which had uncertain memory requirements i chose to work with changing CPU configuration, memory ballooning and hotplug, enabling 1GB pages for the CPU, NUMA Despit multiple reboots in multiple configurations this now fails to recognise...

Hey all, this may be a silly or obvious question but I’m fairly new around here (relatively speaking) so here goes… I am looking to have my HDDs encrypted so that all data cannot be easily accessed if the drives are pulled out of my server. I have the following configuration: |Server |-HDD1...

I created a VM and installed Debian with LVM LUKS partition and booted into it with no problems. I then installed Proxmox over this as per wiki and booted into it with no problems BUT I cannot connect to the web interface. Proxmox is working and I can access the console. What am I doing wrong?

I acquired a Tiny/Mini/Micro PC to be my starter homelab, nothing fancy just a 4-core i5 from 2012 and 16gb non-ecc ddr3 with a 1TB SATA SSD (The SSD cost almost as much as the PC itself). Goal is for this to be various things including PiHole, backup of other devices, log collection and...

Hi. I'm using Proxmox 6.1 with Debian buster as host (and as guest while this is possible). I use several containers and in one I need to have a crypted mount point (it could even be the whole container). So, I use a lvmthin for just the system and a non-lvmthin for the data, and this is what...