Disk encryption Ubuntu 22.04 LTS

Anders Olsson 41 Reputation points
2022-12-22T13:25:10.553+00:00

We are switching to Ubuntu 22 LTS and/or Ubuntu Pro 22 LTS on Azure. When trying to do disk encryption the following message is returned:

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"VMExtensionProvisioningError","message":"VM has reported a failure when processing extension 'AzureDiskEncryptionForLinux'. Error message: \"Traceback (most recent call last):\n File \"/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.2.0.96/main/handle.py\", line 716, in enable\n cutil.precheck_for_fatal_failures(public_settings, encryption_status, DistroPatcher, existing_volume_type)\n File \"/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.2.0.96/main/check_util.py\", line 313, in precheck_for_fatal_failures\n self.is_supported_os(public_settings, DistroPatcher, encryption_status)\n File \"/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.2.0.96/main/check_util.py\", line 287, in is_supported_os\n raise Exception('Distro {0} {1} is not supported for OS encryption'.format(distro_name, distro_version))\nException: Distro Ubuntu 22.04 is not supported for OS encryption\n\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionADELinuxTroubleshoot "}]}

The important part of the above message is: Distro Ubuntu 22.04 is not supported for OS encryption

The documentation seems to be correct: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-overview#supported-vms-and-operating-systems

When can we expect disk encryption support for Ubuntu 22, it's soon a year old release...

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,105 questions
Accepted answer
  1. JamesTran-MSFT 36,361 Reputation points Microsoft Employee
    2022-12-27T22:17:42.22+00:00

    @Anders Olsson
    Thank you for your time and patience on this!

    I received a response from our ADE team and as of right now they're still working on enabling ADE on Ubuntu 22.04, but there isn't any ETA. Because ADE isn't supported for Ubuntu 22.04, if your VM needs to be encrypted you can leverage Storage Service Encryption (SSE) at the platform storage account layer, which may be an alternative to full disk encryption using dm-crypt.

    Additional Links:
    Encryption at host- When you enable encryption at host, data stored on the VM host is encrypted at rest and flows encrypted to the Storage service.
    Server-side encryption with customer-managed keys for managed disks - Manage encryption at the level of each managed disk, with your own keys.
    Azure updates - Get the latest updates on Azure products and features.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest