Encrypted RAID1

mark2048 · 2014-09-01 11:23:46

Hello,
I got 2 Samsung 840 EVO ssds, which supports hardware AES encryption enabled by the motherboard's bios password.

I want to put them on a software raid1 using mdadm, so i will get an virtual drive called /dev/md1.
I want to software-encrypt the /dev/md1 using luks + lvm.
Until now, the scheme would look like this:
Raid Scheme

Now, my problem is that i want to use also the hardware encryption, and i don't know if it will affect my raid,
how it will work, and in case of failure, the raid can be restored.
Where should the hardware encryption layer fit in that picture ?
Thanks.

Rob_H · 2014-09-01 13:55:08

If you're not already using the hardware encryption, it certainly will affect your existing RAID. You'd need to start over. Once you do, though, it should be transparent to all of the layers in your picture.

mark2048 · 2014-09-01 14:14:57

I don't have already an raid, i want to make a new setup.
Ok so there should not be any problems. Thanks for your answer.

jasonwryan · 2014-09-01 17:54:06

That image looks oddly familiar...

Please remember to mark your thread as [Solved] by editing your first post and prepending it to the title.

frostschutz · 2014-09-01 18:39:05

The hardware encryption should be entirely transparent to the OS, so you'd not even notice it's there. I guess the bios would ask you for the passwords for those disks. So, nothing would change in your image.

Be careful to not lock yourself out, e.g. hdparm sometimes lets you set a longer password than the bios supports and then you're in trouble if you can't get it unlocked/unfreezed again.

Last edited by frostschutz (2014-09-01 18:39:29)

Arch Linux

#1 2014-09-01 11:23:46

Encrypted RAID1

#2 2014-09-01 13:55:08

Re: Encrypted RAID1

#3 2014-09-01 14:14:57

Re: Encrypted RAID1

#4 2014-09-01 17:54:06

Re: Encrypted RAID1

#5 2014-09-01 18:39:05

Re: Encrypted RAID1

Board footer