LUKS stands for Linux Unified Key Setup and you can read more about it at https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup.
LUKS disk encryption is a feature that requires the use of the Security Onion Pro license.
Note
This is an enterprise-level feature of Security Onion. Contact Security Onion Solutions, LLC via our website at https://securityonion.com/pro for more information about purchasing a Security Onion Pro license to enable this feature.
The recommended way to use LUKS with Security Onion is to install via our Security Onion ISO image. At the ISO boot menu, you'll need to modify the boot command. This can be done using the e key in UEFI boot mode or the Tab key in BIOS boot mode before it automatically boots. Then append luks=1 (and possibly other options like :ref:`fips` and :ref:`stig`) to the boot parameters and continue the boot process.
During the initial install of the ISO, the user will be prompted to enter a password to use to encrypt the LUKS partitions. If multiple drives are detected then the user has the option of just encrypting /nsm. Please note that this password will be required at each boot.
If a TPM module is installed in the system you will have the option of storing the key in the TPM to unlock the drives automatically at boot. This process uses clevis in order to manage this process.
There may be a case where you have already installed Security Onion with LUKS enabled, but did not opt-in to use your TPM for automatic decryption at boot. In this case, you can use the so-luks-tpm-regen script to enroll the TPM and configure it for automatic decryption.
SSH to the Security Onion node and run the following command:
sudo so-luks-tpm-regen --enroll-tpm
Similarly, if for any reason automatic decryption was previously enabled using the ISO and has now stopped working you can re-enroll the TPM.
sudo so-luks-tpm-regen