Should be OS drive be redundant when using encryption?

[0x0]

I am currently building a small freeNAS machine and I am planning to encrypt the HDDs. I'm planning to use 2 SSDs in RAID1 and 1 SSD for the OS.
Now I'm wondering what would happen if the SSD died? Am I just screwed then? Or could I just install freeNAS onto a new SSD, replace it with the old one and all my data can be accessed again and all my settings will be the same as before?

So I'm wondering if I should buy another SSD and put the two in RAID1 or if there is maybe a way of backing the SSD up to a USB flash drive once a week or somehting like that.

 

[PhiloEpisteme]

Hi @0x0 welcome to the forums.

I am currently building a small freeNAS machine and I am planning to encrypt the HDDs.

I myself use encryption for one of my pools but please beware that encryption is a tool that can just as easily lock you out of your data as it can anyone trying to steal it. It it worth understanding exactly what FreeNAS encryption does and does not do.

What it does: FreeNAS encryption encrypts your pool by encrypting the underlying disks. In order to use the pool you must unlock it, thus unlocking the disks. Once unlocked the pool is available for use in shares etc and the data is accessible just as if you had not used encryption in the first place. The benefit of encryption is that if someone were to get access to your drives while locked (such as when the system is off) they could not access the data without your decryption keys and passphrase if you used one. Do note that the encryption keys are stored unencrypted on your boot device and without a passphrase the pool is automatically unlocked by your system. If this worries you, you should add a passphrase to your pool such that the key AND the passphrase are both required on reboot or after you manually lock the pool.

What it does not do: FreeNAS pool encryption does not protect your data while the pool is unlocked. It does not ensure data is encrypted while being sent to/from clients. It does not protect you from man-in-the-middle attacks, ransomeware, or a clever hacker getting access to your system while your pool is unlocked. FreeNAS pool encryption is intended to protect your data while "at rest". If someone stole your drives or you returned them your data is safe without your key and passphrase.

I'm planning to use 2 SSDs in RAID1

I'm going to nit here a little, but I promise it is ultimately helpful. FreeNAS uses ZFS and ZFS does not use RAID1. ZFS is a software raid solution which stores your data in pools which are made of vdevs which are made of disks. You can stripe many vdevs into a pool to increase storage size. If a single vdev fails your entire pool fails. To add data safety vdevs are built using a variety of redundant arrays of disks. mirror vdevs use 2 or more disks which contain identical copies. RAIDZ1 vdevs strip data across all disks and can tolerate a single drive failure but more than a single drive failure brings down the vdev and thus your pool. RAIDZ2 and RAIDZ3 vdevs are just like RAIDZ1 but can tolerate 2 and 3 drive failures respectively.

Using the correct terminology helps prevent miscommunicating on the forums. Which is why I nit over the wording. I assume since you're referring to only two disks you mean that you'd use a mirrored vdev for your data pool.

If you haven't already you may find it interesting to check out the resources section of these forums. There are a lot of useful discussions there regarding terminology and how FreeNAS works.

Now I'm wondering what would happen if the SSD died? Am I just screwed then? Or could I just install freeNAS onto a new SSD, replace it with the old one and all my data can be accessed again and all my settings will be the same as before?

If you keep regular backups of your system configuration then yes, you can just replace the SSD, upload the config and you're off to the races with the exception of a few small things such as some easily regenerated ssh keys. IMPORTANT NOTE: A system config backup DOES NOT back up any encryption keys in your system. You MUST back those up immediately upon creation or changes. The User Guide provides excellent advice regarding this.

So I'm wondering if I should buy another SSD and put the two in RAID1 or if there is maybe a way of backing the SSD up to a USB flash drive once a week or somehting like that.

Many people mirror their boot devices to provide some additional protection against a drive failure and avoid the hassle of downtime and reinstalling the os.

Should be OS drive be redundant when using encryption?

To answer your posts main question, if managed properly using an encrypted pool does not put additional pressure on the need for redundant OS devices.

Some users might rightfully say that using redundant boot pools decreases the likelihood that you'll accidentally lose your encryption keys to your pool if you forget to back them up and the boot device dies. They are correct, and many users on these forums have lost ALL of their data because their boot device died in an unrecoverable way and took their encryption keys with them.

As correct as this argument is, I would strongly strongly strongly urge you NOT to rely on redundancy of your boot pools to keep your encryption keys safe in your build and management plan. If you have a need for an encrypted pool you should be sure you understand how it works, how to replace drives on an encrypted pool, how to export/import drives in an encrypted pool, and how and when to backup encryption keys before you make use of an encrypted pool. I spent well over a week creating and destroying test pools to make sure I understood encryption before I started using it. Since then I've spent hours and hours playing with edge cases and exploring how the GUI handles an encrypted pool and keys during disk replacement, import/export, etc. There are quirks but from all of my testing the only way to keep your data safe is to always keep backups of your keys and to understand which operations automatically change your keys and thus require backing them up again.

Finally I'll leave you with this bit of advice that is often forgotten. No level of redundancy in a vdev is a substitute for a backup. If your server catches fire, is stole, etc all backups on that machine are gone. An ideal backup system involves an on-site and off-site backup. It is up to you to decide what backup strategy fits your budget, risk tolerance, and data.

Sorry to ramble somewhat. I realize I mentioned a lot here that only scratches the surface. You'll find a lot more information on the forums about any specific thing. Also happy to answer any specific question about the above or have someone correct any mistakes I may have made.

 

[0x0]

Thanks for the detailled response. I helped a lot!
I indeed have a couple of questions:

1. What is the point of the encryption key? The only scenario in which it would seem useful is if the thief only steals data drives and forgets about the OS drive and I guess it might add "salt" which could be benificial against rainbow table and dictionary kind of attacks if your password was weak. But for me the disadvantages seem to heavily overweigh the advantages.

2. Can I encrypt with a password only?

3. Is there a simple way to automatically copy the keys to a USB flash drive whenever it changes? And maybe also to other devices over the network?

4. Could the same be done for the settings that you otherwise would have to back up manually?

5. Is there a simple way to automatially backup the whole boot drive to a USB flash drive like once a week or whenever anything important changes?

6. When you talk about the "locked state" in which the drives are encrypted you mentioned "(such as when the system is off)". Is there a way to lock the drives without turning the NAS off entirely?

 

[0x0]

I meant to say "It helped a lot!" not "I helped a lot". I guess editing posts is not a thing here?

 

[PhiloEpisteme]

1. What is the point of the encryption key?

Here is an excellent post describing how the various encryption keys work in FreeNAS. In short, every drive in your encrypted pool is encrypted with a master key stored directly on the drive. That key is itself encrypted with up to two so-called user keys. These user keys are the ones FreeNAS uses to unlock the device. Without them the master keys on the drives are useless and you cannot access your data.

The only scenario in which it would seem useful is if the thief only steals data drives and forgets about the OS drive and I guess it might add "salt" which could be benificial against rainbow table and dictionary kind of attacks if your password was weak. But for me the disadvantages seem to heavily overweigh the advantages.

Yes and no. If you used a passphrase in addition then if someone stole your entire machine and tried to boot it up elsewhere they would have the key but not the passphrase and thus could not get into your data. Keep in mind that the usefulness may vary a lot on the type of data. Many companies for example require file system encryption of this type.

2. Can I encrypt with a password only?

No, the passphrase is actually used to unlock the user key itself. When a passphrase is set for a specific key the key and passphrase must be present. FreeNAS uses geli encryption which supports two user keys. Geli allows you to put a passphrase on either user key however FreeNAS only supports adding a passphrase to one of the keys. The terminology in the GUI is terrible but the oft-called "recovery" key (the one created when you click "Add Recovery Key" does not support a passphrase. This is safe because that key is never stored on the FreeNAS system and so cannot be stolen if someone steals the entire server.

3. Is there a simple way to automatically copy the keys to a USB flash drive whenever it changes? And maybe also to other devices over the network?

Generally whenever the keys change the GUI will force you to download the primary key because it will have been regenerated. It is regenerated when a system operation forces it to regenerate such as after resilvering. The primary key can automatically be backed up if you wish because it is stored on the boot pool, you could write a script. Depending on where you store the key you could be reducing your security if you go this route, especially if you do not use a passphrase. The "recovery key" cannot be backed up automatically because it is not stored on the system. What I would recommend is that any time you alter the pool in any way by adding, removing, or changing disks that you rekey the pool (regenerate the primary key), add the passphrase back (it will have been removed by rekeying), and recreate the recovery key. This process invalidates all keys and ensures all disks in your pool are using the same keys.

4. Could the same be done for the settings that you otherwise would have to back up manually?

If you mean the system config, yes, these can easily be backed up automatically. There should be posts abound in the forums for how to do this.

5. Is there a simple way to automatially backup the whole boot drive to a USB flash drive like once a week or whenever anything important changes?

This wouldn't be necessary I don't think. If you back up your encryption keys per the process I outlined above (and follow the User Guide to the letter) and back up your system config you shouldn't need to do this.

6. When you talk about the "locked state" in which the drives are encrypted you mentioned "(such as when the system is off)". Is there a way to lock the drives without turning the NAS off entirely?

Absolutely, if you have a passphrase on the pool you can lock and unlock it via the GUI. You unlock it by providing the passphrase and FreeNAS will automatically use the stored primary user key together to unlock your pool.

 

[Heracles]

Hey 0x0,

I wrote a thread about pool encryption with many warnings about it. I suggest you go read it before turning encryption On. If you really insist to do it, then start by practicing it a lot with fake data first. Create your encrypted pool, do your backups, re-install FreeNAS from scratch, unlock your pool, restore you key for the pool to re-open normally (after basic recovery, the encryption config will be considered as foreign only), replace a drive in that pool and more.

After managing to do all of that, destroy everything and re-do it a second time.

Once successful, you re-re-do it and write yourself a complete procedure about how to do it.

An then you re-re-re-re-do it to test your written procedures.

If you are not perfect while doing your encryption, the only one who will be kept out of your data will be yourself.

Be very cautious about that,

 

[garm]

3. Is there a simple way to automatically copy the keys to a USB flash drive whenever it changes?

So, you are getting yourself the ultimate storage solution. A next gen filesystem that will protect the integrity of your data for the foreseeable future. And you wish to encrypt it and store the key on a usb flash drive...

The main reason I use ZFS is because it is aware of data integrity. It guarantees that the data that was written is the same data that is being read back, regardless of when it was written. I have data that are many generations of disks old.

Consider your entire risk profile. You have a filesystem that protects your data from flipped bits and disk degradation, and you store the encryption key on an USB flash drive.. you might as well just use NTFS.. it will be cheaper.

Really really really convince yourself you need encryption before even starting to practice with it. And reevaluate that need as you practice with it. The slightest mistake and you lose all your stuff.

 

[0x0]

@PhiloEpisteme Okay thanks, I will definitely not create a recovery key then.
The user key that I would have to back up only needs to be re-generated when I seriously mess with the pool (like after replacing/adding/removing drives), correct? It would not be generated again just because I changed a system config or something like that, right?
So essentially I would only have to do this twice every four years for my 2-bay NAS (assuming that drives need to be replaced every 4 years)?
I think in that case it wouldn't really bother me too much to manually back up the key.

So, you are getting yourself the ultimate storage solution. A next gen filesystem that will protect the integrity of your data for the foreseeable future. And you wish to encrypt it and store the key on a USB flash drive...

Well from what I understand so far, they key will be stored on the boot device anyway (in unencrypted form). So security-wise it wouldn't make a difference if I automatically copied it to a USB flash drive.
Obviously I would use a password in addition to the key and not store that password anywhere.

If I should actually be stupid enough to lose access to my NAS I wouldn't really lose access to my most important data. I keep copies of important data on my Linux notebook which is already set up with full disk encryption.

But yeah, I will definitely "practice" first before storing my data on it.

 

[PhiloEpisteme]

I will definitely not create a recovery key then.

It is generally safer to create one, just don't keep it lying around. I keep mine stored in two places that one wouldn't easily stumble on, one on-site one off-site. The system doesn't store it so if you keep it in a safe place you should be fine.

The user key that I would have to back up only needs to be re-generated when I seriously mess with the pool (like after replacing/adding/removing drives), correct? It would not be generated again just because I changed a system config or something like that, right?

Correct. And if you're ever in doubt it is very easy to rekey the pool, reset the passphrase, download the main key, and recreate a new recovery key.

 

[0x0]

It is generally safer to create one, just don't keep it lying around. I keep mine stored in two places that one wouldn't easily stumble on, one on-site one off-site. The system doesn't store it so if you keep it in a safe place you should be fine.

That doesn't sound like a good idea imo. I should be fine with the password protected key. Maybe I'll safe the password in my password safe, but honestly, if I forget my password then I deserve to lose my data.