Jump to content
Covecube Inc.
  • 0
hzz

Can't get DrivePool to initialiase with TrueCrypt

Question

Hi,
I am trying to pool 2 x 1.5TB drives into a single 2.xTB partition on Windows 7. I have converted the two disks to GPT disks for starters (to get around the 2TB limit the resultant DrivePool drive will be greater than). I then formatted the two disks as NTFS partitions and then added them to a new pool in DrivePool and I get a 2.72TB partition like I want (which I alloated to Z:). FYI both disks are plugged into a USB dual-bay hard drive dock (so dynamic volumes aren’t an option for me as I’m sure many would know). I already use TrueCrypt, however I cannot get the DrivePool-created drive (Z:) to be encrypted in TrueCrypt. 

I have tried the following:

 

1) Created the DrivePool as drive Z:. It is mounted in the o/s like a normal drive.

 

In TrueCrypt:

2) Selected "Tools" -> "Volume creation wizard"

3) "Encrypt a non-system partition drive"

4) "Standard TrueCrypt volume"

5) "Select device" -> "Z:"

6) "Encrypt partition in place", click "next" and get "Incorrect function" dialog, 

I click "OK", then I receive an error about the disk being damaged:
http://stablebit.com/Content/UploadedAssets/Images/f314147d-53eb-435c-92a5-6a2b464372c0.jpg

 
I click "OK" and another error about not being able to access the volume appears:
http://stablebit.com/Content/UploadedAssets/Images/bbb6614c-51f8-4602-be3f-6ccf15f018b7.jpg
 
So, instead of “Encrypt partition in place”, I chose “Create encrypted volume and format it”, “Aes” (default), default size, enter password, “Yes” to files over 4gb (Default=no), shows it’s selected “NTFS”, move the mouse around, click “Format”,  click ”Yes” to proceed, a second or two later I get an error telling me it can't dismount the partition:
http://stablebit.com/Content/UploadedAssets/Images/5b7ff999-63e0-4f9f-97fe-b16f2c53f41b.jpg
 
click “OK and then I receive and I get a final error saying it finally failed to create a volume:
http://stablebit.com/Content/UploadedAssets/Images/76ec2bb0-3384-450b-85a2-bec383328970.jpg

And I click “Cancel” to abort and that's where I am at. Can anyone tell me what needs to be done to get the encryption working? Thanks for any assistance anyone can offer.

 

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

Hi hzz, TrueCrypt encrypts at the physical block level, not at the file system level (let alone a virtual pool file system).

 

So: if you want it to have any chance of working, you need to FIRST encrypt your physical drives, THEN mount those encrypted drives, THEN pool the mounted encrypted drives, in that order. Does that make sense?

 

Caveat #1: I've not actually tried to pool TrueCrypt volumes (it's been on my "get around to it someday" list for a while), but the above is the only way it's going to work - assuming it works at all.

 

Caveat #2: DrivePool will want to see those drives when you next boot, so until you re-mount the TrueCrypt volumes DrivePool will be complaining about them being missing (if it works in the first place).

 

Sidenote: last I looked, dynamic volumes were not compatible with DrivePool anyway.

Share this post


Link to post
Share on other sites
  • 0

DrivePool doesn't support TrueCrypt, actually.

Namely this is because of how TrueCrypt presents the drives. 

 

I can try and provide more technical details, but simply put: the truecrypt volumes are not "true" disks, and because of that, DrivePool doesn't see them.

Share this post


Link to post
Share on other sites
  • 0

Is this also why VHDs aren't visible (1.3.x) or can't be added (2.0) to DrivePool?

 

Are there any plans to make TC and/or VHD disks poolable?

Share this post


Link to post
Share on other sites
  • 0

Are there any plans for DrivePool to support TrueCrypt? Are there any drive pooling products that support encryption? Does DrivePool support any other encryption tools?

Share this post


Link to post
Share on other sites
  • 0

I would like to second this wish :)

 

(I must admit I didn't use the trial... Instead I bought it right away since my old Flexraid didn't know this "problem" I thought drivepool would be able to do this and stumbled upon this Problem now)

Share this post


Link to post
Share on other sites
  • 0

@TheRealJMC

While we may not have TrueCrypt support yet, we do fully support BitLocker encrypted volumes. Though if you want them automatically unlocked, that would require encrypting the system disk as well (which means you'd need a password and/or a USB key to boot the system every time.

Share this post


Link to post
Share on other sites
  • 0

@drashna:

Bitlocker is a bit tricky in this case (using this on my Notebooks since there is TPM and Fingerprint and PIN) - but the Server doesn't have TPM so I can only use an USB-Stick with a keyfile - and not an boot password. So that's not really an option for the Server.

 

Guess I'll have to stick with Flexraid then... really liked the combination of Drivepool and Scanner. If Truecrypt support will come I hope I can change to drivepool - but looking at the disks I don't see a Problem here as far as I can tell.

 

I know - or at least I can think - that there is a huge bunch of things on the ToDo - but I hope an ETA for this is somewhere in the near future. Guess there are a bunch of people out there discarding Drivepool because of the lack of Truecrypt support.

 

But thanks for the note!

Share this post


Link to post
Share on other sites
  • 0

@drashna:

Bitlocker is a bit tricky in this case (using this on my Notebooks since there is TPM and Fingerprint and PIN) - but the Server doesn't have TPM so I can only use an USB-Stick with a keyfile - and not an boot password. So that's not really an option for the Server.

 

Guess I'll have to stick with Flexraid then... really liked the combination of Drivepool and Scanner. If Truecrypt support will come I hope I can change to drivepool - but looking at the disks I don't see a Problem here as far as I can tell.

 

I know - or at least I can think - that there is a huge bunch of things on the ToDo - but I hope an ETA for this is somewhere in the near future. Guess there are a bunch of people out there discarding Drivepool because of the lack of Truecrypt support.

 

But thanks for the note!

 

You don't need a TPM for Bitlocker:

 

http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/

Share this post


Link to post
Share on other sites
  • 0

I know but it requieres an USB key... A bit useless for a server. Always plugged in then and so I can turn encryption off... which would be the same since a thief would have the USB key. Otherwise you won't be able to remote-start the server (if the usb key isn't attached) which is also bad since this is a Server not a workstation...

Share this post


Link to post
Share on other sites
  • 0

Are there any plans for DrivePool to support TrueCrypt? Are there any drive pooling products that support encryption? Does DrivePool support any other encryption tools?

 

I would like to second this wish :)

 

(I must admit I didn't use the trial... Instead I bought it right away since my old Flexraid didn't know this "problem" I thought drivepool would be able to do this and stumbled upon this Problem now)

 

I've looked into this pretty extensively actually and got pretty far as far as adding TrueCrypt support. Unfortunately I ran into kind of a big technical issue. TrueCrypt volumes do not reside on emulated physical disks. So for example, if you look at our DrivePool virtual volume in disk management you will see that it has an emulated virtual disk backing it. That's because DrivePool actually emulates a SCSI disk and lets the Windows Plug and Play system mount it as usual.

 

It turns out that TrueCrypt doesn't do this. It "hacks" its volume into existence, but there is no disk backing it. This presents a problem for DrivePool because it was written to work with physical disks (or even virtual disks, but there must be a disk there). Whenever a new pool part arrives in the system, DrivePool will query that pool part for some disk information including the physical storage unit index. This is critical to how real-time duplication functions because one or more pool parts can reside on the same physical disk (e.g. on multiple partitions). TrueCrypt doesn't know how to answer to these queries.

 

So the bottom line is that DrivePool's pool part management code needs to understand how to deal with volumes that don't reside on physical disk and I plan to implement this in the forthcoming 2.1 BETA.

Share this post


Link to post
Share on other sites
  • 0

I know but it requieres an USB key... A bit useless for a server. Always plugged in then and so I can turn encryption off... which would be the same since a thief would have the USB key. Otherwise you won't be able to remote-start the server (if the usb key isn't attached) which is also bad since this is a Server not a workstation...

That last bit is definitely a legitimate concern.

 

But that's only if you want to automatically unlock the rest of the drives. If  you don't mind manually connecting into the server and unlocking the drives manually after every reboot.. but that's just a hassle.

 

 

And Alex has said, he is working on implementing it. 

But we definitely understand if you don't want to wait. But we hope you come back once we've got TrueCrypt support added.

Share this post


Link to post
Share on other sites
  • 0

Oh thanks, will bookmark this and take a look sometimes ;)

 

Hardlinks worked well before I started with Flexraid (hardlinking onto an empty partition so it's a little little bit like basic basic basic pooling ;)) so I think I will get around with it until Drivepool is TC-ready :)

Share this post


Link to post
Share on other sites
  • 0

I know but it requieres an USB key... A bit useless for a server. Always plugged in then and so I can turn encryption off... which would be the same since a thief would have the USB key. Otherwise you won't be able to remote-start the server (if the usb key isn't attached) which is also bad since this is a Server not a workstation...

 

...maybe an arrow into the blue...but as the key is a static file, where you only need read access...does it *have* to reside on a USB stick?

 

If your server got an IPMI feature you could remotely mount a disk-image or an ISO holding the key during boot, then easily "remove" it afterwards.

Share this post


Link to post
Share on other sites
  • 0

Well, all removable media I know of, that can be injected/mounted via IPMI is at least of type USB...although being of correct subtype floppy or cdrom, not of type disk/stick.

Also, entering the key manually via IPMI remote console on that server is also not an option (sorry, but I don't use bitlocker feature, all my servers are linux, encypted with LUKS/dmcrypt)?

Share this post


Link to post
Share on other sites
  • 0

...hmmm, ok...final try  ;)

HP iLO lets you (read-only) mount a local folder as a USB mass storage device, AFAIK.

I don't know how you export the key initially, but this would involve the ability of copying the key from the stick to a local folder.

Share this post


Link to post
Share on other sites
  • 0

That's right - but this way I can't use the iLO Remote App for iOS for example since I have to store an Image file reachable to the Server via HTTP ;)

Doesn't matter - I can wait for Drivepool to support Truecrypt :)

Share this post


Link to post
Share on other sites
  • 0

I'm currently building my first real home server and I was looking around for the best drive pooling/backup solution for the past couple of days. Drivepool seems like a really great software, but for me too, the lack of TrueCrypt support is a big turn off... In fact I was pretty much set to buy it until I read this.

 

In any case, please keep working on this issue for v2.1 and you'll get a new customer! Any timeline for the beta version by the way?

Share this post


Link to post
Share on other sites
  • 0

I know but it requieres an USB key... A bit useless for a server. Always plugged in then and so I can turn encryption off... which would be the same since a thief would have the USB key. Otherwise you won't be able to remote-start the server (if the usb key isn't attached) which is also bad since this is a Server not a workstation...

 

Hmm, I haven't tried this myself... but why would you need to leave the key in?  Doesn't Bitlocker support removal of the token after Bitlocker authenticaiton?    I would expect so (but I am assuming here).

 

Bitlocker is also much faster than Truecrypt so I'd think it would be more desirable.

 

Lastly just get a TPM based motherboard /wink. 

Share this post


Link to post
Share on other sites
  • 0

Yes, it definitely supports removing the key. However, if you need to reboot remotely... you'd be SOL without it.

 

I'm not sure about faster, as I haven't really tested out speeds, but I know that BitLocker is a lot more integrated and seamless.

 

And yeah, motherboards with TPM modules are becoming a lot more common from what I've seen.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...