Right now you can encrypt Shares using eCryptfs, but this has a number of significant drawbacks that make it useless for me.
- 1. 143 character filename length limit
2. NoteStation data isn't encrypted
3. Synology Office data isn't encrypted
4. Other metadata (photo, video, chat) stored in the on-board postgres database also isn't encrypted
Hacking this in wouldn't be too hard: compile a dm-crypt kernel module, manually recreate the volume with luks, modify the startup scripts to handle mounting. The tricky part is how to enter the password during the boot sequence. I decided that hacking a serial terminal was too much effort to have all of this wiped out on the next DSM release. I think someone in another thread mentioned a light web server that would launch before the volume mount and accept the password. That's how I would implement it too.
The Synology applications are awesome. I look forward to someday not worrying about someone stealing my NAS. Until then, I'll be exploring physical home safes that have ventilation