SED disks in Array


dimes007

Recommended Posts

  • 3 weeks later...

Just in case people are interested in how this went.  
 

I bought a refurb Seagate Constellation ES.2 3TB disks for $60 just to test this stuff out before I spent any serious money on large, modern SED disks.    In short...

 

IT WORKS!

 

Some considerations and hangups I had:

I'm certain my five built in SATA ports support ATA passwords set in the BIOS.  I'm not sure my 5 SCU ports or my Supermicro card support any way to pass ATA passwords that SED relies on at boot.  You could always NOT autostart the array and pass the passwords using hdparm commands.  A plugin/app could be developed to help with this as well.

 

One hangup that did take time to sort out was that I was setting passwords and preclearing on a test/lab system to move to my main unraid box for addition the raid.  That did not work because I was setting plain text passwords on the test machine with hdparm but my main server passes the plain text password through a hash (to protect against dictionary attacks) before passing through the SED disk.  Until I figured out this issue I wasn't really sure what was wrong.   Removing password and running preclear on one system and then setting passwords in BIOS on the system you'll be using is fine.  You may also be able to update hdparm to support the hash algorithm of your system.

 

Generally, a disk once removed from power is locked when power is restored.  A disk that's "sleeping"  (not sure which sleep state) is not using power and if removed from power and power is restored in an alien system the disk remains unlocked (reference) and available to read.  I'm not sure which category an unraid data disk that's spun down falls in. 

 

Other ways to encrypt:

Truecrypt, Veracrypt or Bitlocker file containers also serve well to encrypt data (I used bitlocker).   If its possible, someone with the knowledge could spend the time to make a veracrypt for unraid docker that would put a container file on the array, require a password in the docker web gui on restarts.   Once that password is given the encrypted file system in the docker is mounted by Tower via NFS and shared via SMB from the main tower.

Edited by dimes007
Link to comment
  • 3 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.