[TUTORIAL] Adding Full Disk Encryption to Proxmox

[dmpm]

I'm just doing this again on another server and after the preparing to copy stage I noticed that when doing 'df -h' it shows a few missing GB in several places.

Filesystem                 Size  Used Avail Use% Mounted on
tmpfs                      3.2G  2.4M  3.2G   1% /run
efivarfs                   320K   74K  242K  24% /sys/firmware/efi/efivars
/dev/sda1                   29G  5.8G   23G  21% /cdrom
/cow                        16G  561M   16G   4% /
tmpfs                       16G  8.0K   16G   1% /dev/shm
tmpfs                      5.0M  8.0K  5.0M   1% /run/lock
tmpfs                       16G     0   16G   0% /tmp
tmpfs                      3.2G  168K  3.2G   1% /run/user/1000
tmpfs                      3.2G   84K  3.2G   1% /run/user/0
/dev/mapper/pve--new-root   30G   28K   28G   1% /mnt/new
/dev/nvme0n1p2             672M   28K  623M   1% /mnt/new/boot
/dev/nvme0n1p1             197M   512  197M   1% /mnt/new/boot/efi
/dev/mapper/pve-root        59G   16G   40G  28% /mnt/old
/dev/nvme1n1p2            1022M   12M 1011M   2% /mnt/old/boot/efi

As you can see, on /dev/mapper/pve--new-root/ there's only 28K used but only 28G is available out of 30G, so there's 2GB unaccounted for there. On /dev/nvme0n1p2 it's 49MB, and on /dev/mapper/pve-root it's 3GB.

 

[dmpm]

I found the solution to the problem with dropbear not working.

If dropbear.conf has

DROPBEAR_OPTIONS="-s -c cryptroot-unlock"

it prompts for the password but then gives a timeout error without sending any input to cryptsetup, and when I close the session it then sends something, but it's obviously not what I've typed because cryptsetup gives a "wrong password" error.

If I remove "-c cryptroot-unlock" from dropbear.conf, so it doesn't run that command automatically, and update-initramfs, I can type cryptroot-unlock manually after I connect and then when I enter the password it works fine.