Adding LUKS2 Drives

Hi All,

I was wondering if anyone had information on the following questions:

  1. Is there a way to use LUKS2 instead of LUKS1 when encrypting a new drive to be added. I didn’t see any options in the Web Interface. It would be nice to utilize the newer hashing algorithms available in LUKS2. I also, did not see anything about this in the documentation or forums for either the Web Interface or via the Terminal.

  2. Is it possible to add a previous LUKS encrypted drive that is using BTRFS?

Thank you.

-Mike

1 Like

@mikedotc Welcome to the Rockstor community.

I had assumed we were using LUKS2 already actually. It’s been a while since I’ve looked at that code but I don’t think I did anything to limit out capabilities re versions. And from memory I think it may well have been a 2 variant that the LUKS capability was build on.

This depends on the structure of the btrfs vol sub-vols within the LUKS encrypted devices. It’s definitely worth a try. You should be able to unlock the LUKS devices via the Web-UI, although again there are some limitations as Rockstor does have some limitations with regard to LUKS.

See the following pull request which may have some leads as to our current capabilities re LUKS:


and it’s associated LUKS specific follow up:

So from a quick review of those it looks like we do only support full disk LUKS so that may be a limiting factor in being able to import your existing LUKS drive.

Hope that helps.

1 Like