Re: Encrytion on a QNAP
On Tue, 2014-06-24 at 17:18 +0200, Lee Williams wrote:
> Hello,
>
>
> since I have to reinstall my NAS on a new HDD, I thought it would be a
> good idea to set up encryption this time. But I'm not sure how exactly
> I should start on this.
>
>
> I think the standard way to do this is using the dm-crypt facilities
> built into the Debian installer. Now, will this work with a headless
> machine where I can't enter anything on boot time?
That was my thought too. Out of the box? Probably not.
> If it's possible to disable SWAP and encrypt /home,
The installer will allow this I think (you'll need to ignore the warning
about no swap)
> could it be mounted remotely after boot?
You'd likely have to arrange for all that yourself and you'd be going
pretty far of the beaten track I think, which probably means hacking
something up yourself (even after googling for prior art would be my
guess) but if you are willing to spend the time making it work it ought
to be possible in theory.
> And what about services that run on those volumes, they should surely
> start after the mount, shouldn't they?
They would certainly normally start after the mount, but if you were
deferring the mount somehow then you might need to arrange to defer
those services too. Or otherwise to stall the boot process until things
were remotely enabled somehow.
> Finally, is this even a good idea? Will it cost too much performance?
> I'm using a TS-119 and am not sure if any crypto would be accelerated.
TS-119 is kirkwood based I think, so there is some hardware acceleration
(md5, sha-1, aes) and an associated kernel driver (mv_cesa). I don't
know to what extent that is useful for dm-crypt etc though (md5
obviously not so much ;-)).
Ian.
Reply to: