Is there a way to mount LUKS encrypted drives in OSMC?
I have an external LUKS encrypted drive that I use to back up all my media onto, and currently the only way to mount it is to ssh into the box and run cryptsetup/mount. Not something my wife would be able to do
I am just curious if there is some sort of a helper or maybe an add-on that can do that?
I had something similar set up on my earlier box, but the problem is I had to store clear-text password on the box itself, which partially defeated the purpose of having an encrypted drive.
If there is nothing existing, that’s fine, I will figure something out.
@sam_nazarko I see you wrote several udisks-based units. Is it safe to install udisks2 alongside with them?
Nice. I manually mounted the drive after bootup, and updated the contents via rsync as and when I needed to. I had to install a few packages, and had to be careful about what filesystem features were compatible with the kernel on the Vero.
My other half is unlikely to ever delve into this stuff too…
Please excuse my limited perspective, but can anyone describe to me a use case where the use of an encrypted disk connected to a media player is useful/necessary?
I have a large backup drive where I store all my personal docs, including my media collection. Didn’t want to have 2 separate drives and didn’t feel like storing some of my personal data unencrypted.
Personally I just encrypt everything by default… there’s no reason why not to any more, other than minor inconvenience on occasion…
If nothing else it also means it’s safe to sell hdd on when you no longer need them.
@sam_nazarko is there a way for me to leverage OSMC udisks helpers instead of udisksctl to mount/unmount and lock/unlock partitions?
This way I can avoid dependency on udisks2.
It looks like armv7-udisks-osmc provides the old (version 1) udisks binary.
I was able to install udisks2 alongside with it and everything seemed to work… Just need to manually add a few polkit rules. @sam_nazarko will I break something by installing udisks2?
@sam_nazarko here are the options that I can see from my limited knowledge so far:
Adapt udisks-glue-osmc to use UDisks2 D-Bus API.
Adapt udisks-glue-osmc to use libudisks2.
Replace udisks-glue-osmc with a few udev rules and helpers scripts.
My understanding is that all the magic happens in the udisks-glue.conf file provided by diskmount-osmc. And, from what I can tell it basically mounts/unmounts a given device and exposes it via Samba.
You can use a key file generated by cryptsetup luksAddKey .... I think this is not a cleartext data format. I managed to mount a luks- encrypted hdd using /etc/fstab and /etc/crypttab.
Instead of a device path like /dev/sda1you can also use unqiue UUIDs. Example
I’ve been looking at the last section of the udisks-glue.conf file, specifically:
match disks {
post_insertion_command = '
if [ $(/bin/lsblk -n -d -o RM "%device_file") -eq 1 ] || [ $(/bin/lsblk -n -d -o ROTA "%device_file") -eq 0 ]; then
device=$(/bin/lsblk -n -d -o MAJ:MIN,TYPE -s "%device_file" | grep disk | sed "s/[^0-9:]*//g")
echo 1024 | sudo tee "/sys/dev/block/$device/queue/read_ahead_kb" > /dev/null
else
sudo /sbin/hdparm -S 240 %device_file
fi'
}
For removable (RM == 1) or non-rotational (ROTA == 0) media it sets read-ahead buffer to 1MB, and for rotational media it sets spin-down time to 20 minutes. In other words:
However, my testing of different media types gives the following results:
RM ROTA
int nvme 0 0
int mmc 0 0
int sata 0 0
ext sata 0 1 (via usb)
int optical 1 1
ext optical 1 1 (via usb)
usb flash 1 1
External drives (both SSD and HDD) are reported as non-removable, but rotational media.
Both internal and external optical drives are reported as removable media.
USB flash drives are reported as removable and rotational media.
In other words, the logic in the above section seems completely broken… Optical drives would get 1M read-ahead buffer and external SATA drives would get 20-minute spin-down time instead.