Does/will the Vero support external drives encrypted with LUKS?

Since my old HTPC died I’ve been trying (fruitlessly) to use various distributions on my RPi and get seamless support for my encrypted external drive through LUKS. I’m now pretty much done with the RPi and just want to buy something else to solve the problem - will or does the Vero and its software support external drives encrypted through LUKS? At this point I’m not even interested in any custom setup - it just has to work for me - ideally with a key file that I can place on the Vero’s SDCard.

Hi

I don’t know much about LUKS, but from what I can tell you should be able to install the userspace application via the Debian apt repository (OSMC is based on Debian and you have full access to that repo on Vero).

It seems some kernel modules are needed too: probably dmcrypt. If there are specific kernel modules needed for this to function I’m happy to add them, just let me know

Cheers

Sam

Thanks for the reply Sam. Yeah, there are user-space and kernel-space components, but in practice the user-space scripts/programs to set it all up seem the most finicky on Raspbmc. There is /etc/crypttab which will set up the device mapper with the LUKS volume so that it can be accessed as a decrypted volume, but then I’ve been hitting issues when having that automatically mounted afterwards. Either the startup scripts aren’t doing the decryption setup before attempting to mount things or they just aren’t working.

I guess if the support isn’t there yet, you’d just need some examples of what is needed to add the support. I’ll do some thinking and get back to you if I need further help.

Hi

I don’t think we’ll ever add support in a GUI / addon form as it’s likely in quite minimal demand, but I could help you get it running in a way that won’t break update-to-update.

I think udisks-glue is probably trying to automount your disk as soon as it’s inserted. You have two choices here:

  • Lose automount (probably not ideal). However if your drive is always in, you could set up mounting as a startup script and tell udisks-glue to ignore this disk.
  • Set up a ‘pre-mount’ rule (in /etc/udisks-glue.conf) which runs the command needed to decrypt the disk? I assume here that the device mapper must be set up before you try and mount the device.

If you walk me through the process of inserting a disk to mounting a volume I am sure I could give you some advice.

Sam

I had have an encrypted disk I wanted to mount. I needed a couple of dependencies first:

sudo apt-get install cryptsetup lvm2

You can get the name of your volume group from sudo vgscan

Then I wrote a short shell script that I run from ssh.

sudo cryptsetup luksOpen /dev/sda5 crypto    # unlocks the encrypted section
sudo vgscan                                  # detects the groups
sudo vgchange -ay my_volume                  # activates the groups/volume as found in vgscan

# already created External mountpoint using mkdir
sudo mount /dev/my_volume/root /home/osmc/External -o rw,user

I’m sure there is a neater way to do this, but it got my drive mounted. Hope this helps someone.