Skip to content

Instantly share code, notes, and snippets.

@Vaipex

Vaipex/zfs-luks.md

Created March 29, 2025 13:38
Download ZIP
Proxmox ZFS LUKS
Raw
zfs-luks.md

Start by booting a different OS which can mount ZFS (debian 12 requires special package sources)

Backup

zfs snapshot -r rpool@migration
zfs send -R rpool@migration > ./yourpool_backup.zfs

Install dependencies

apt update
apt install -y cryptsetup cryptsetup-initramfs

Encrypt partition

cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --hash sha512 --use-random /dev/sda3
cryptsetup luksOpen /dev/sda3 luks-sda3

Create ZFS

zpool create rpool /dev/mapper/luks-sda3

Restore

cat ./yourpool_backup.zfs | zfs receive -F rpool

Mounting

mkdir -p /mnt/proxmox
zfs set mountpoint=/mnt/proxmox rpool/ROOT/pve-1
mount /dev/sda2 /mnt/proxmox/boot/efi  # If using UEFI
mount --bind /dev /mnt/proxmox/dev
mount --bind /proc /mnt/proxmox/proc
mount --bind /sys /mnt/proxmox/sys
chroot /mnt/proxmox

Installing and configuring

apt update
apt install -y cryptsetup cryptsetup-initramfs
blkid | grep "/dev/sda3"
echo 'luks-sda3 UUID="<partition UUID>" none luks,discard,initramfs' > /etc/crypttab
echo 'cryptdevice=/dev/sda3:luks-sda3 root=ZFS=rpool/ROOT/pve-1 boot=zfs' > /etc/kernel/cmdline
echo 'dmcrypt' >> /etc/initramfs-tools/modules

update-initramfs -u -k all
proxmox-boot-tool refresh
exit

weird issue

Boot into initramfs

zpool import -f rpool
zfs set mountpoint=/ rpool/ROOT/pve-1

Exit until the initramfs exists and Reboot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment