dimes007 Posted February 3, 2017 Share Posted February 3, 2017 Anybody using one or multiple SED disk in array so that if the disk walks the contents would be unreadable? I realize that if the disk is pulled the data can be rebuilt on an insecure disk and accessed. Quote Link to comment
testdasi Posted February 3, 2017 Share Posted February 3, 2017 Silly question but what is a SED disk? And how does a disk walk? Quote Link to comment
limetech Posted February 3, 2017 Share Posted February 3, 2017 Silly question but what is a SED disk? And how does a disk walk? google is your friend and he's talking about someone physically stealing the storage device. Quote Link to comment
testdasi Posted February 3, 2017 Share Posted February 3, 2017 Silly question but what is a SED disk? And how does a disk walk? google is your friend and he's talking about someone physically stealing the storage device. Ahhh now that makes sense!!! Quote Link to comment
dimes007 Posted February 23, 2017 Author Share Posted February 23, 2017 (edited) Just in case people are interested in how this went. I bought a refurb Seagate Constellation ES.2 3TB disks for $60 just to test this stuff out before I spent any serious money on large, modern SED disks. In short... IT WORKS! Some considerations and hangups I had: I'm certain my five built in SATA ports support ATA passwords set in the BIOS. I'm not sure my 5 SCU ports or my Supermicro card support any way to pass ATA passwords that SED relies on at boot. You could always NOT autostart the array and pass the passwords using hdparm commands. A plugin/app could be developed to help with this as well. One hangup that did take time to sort out was that I was setting passwords and preclearing on a test/lab system to move to my main unraid box for addition the raid. That did not work because I was setting plain text passwords on the test machine with hdparm but my main server passes the plain text password through a hash (to protect against dictionary attacks) before passing through the SED disk. Until I figured out this issue I wasn't really sure what was wrong. Removing password and running preclear on one system and then setting passwords in BIOS on the system you'll be using is fine. You may also be able to update hdparm to support the hash algorithm of your system. Generally, a disk once removed from power is locked when power is restored. A disk that's "sleeping" (not sure which sleep state) is not using power and if removed from power and power is restored in an alien system the disk remains unlocked (reference) and available to read. I'm not sure which category an unraid data disk that's spun down falls in. Other ways to encrypt: Truecrypt, Veracrypt or Bitlocker file containers also serve well to encrypt data (I used bitlocker). If its possible, someone with the knowledge could spend the time to make a veracrypt for unraid docker that would put a container file on the array, require a password in the docker web gui on restarts. Once that password is given the encrypted file system in the docker is mounted by Tower via NFS and shared via SMB from the main tower. Edited February 23, 2017 by dimes007 Quote Link to comment
bidmead Posted February 17, 2021 Share Posted February 17, 2021 @dimes007 Did you take your SED investigation any further? I'm preparing an encryption supplement to the Tested Technology UnRAID story and would welcome any more information. -- Chris Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.