You are not logged in.
- Topics: Active | Unanswered
#1 2023-10-19 04:59:45
- spookee
- Member
- Registered: 2023-10-19
- Posts: 2
Is RAID1 with full disk encryption possible ?
Hello,
I'm trying to install Arch Linux with RAID1 (on two SSDs) with full disk encryption, including the boot partition, and LVM on LUKS.
I tried few times but failed everytime.
I just want to know if it's possible to do it or if I'm trying something impossible. I don't ask for the method but just if it's possible.
Thanks : )
Offline
#2 2023-10-20 20:56:23
- pgoetz
- Member
- From: Austin, Texas
- Registered: 2014-02-21
- Posts: 355
Re: Is RAID1 with full disk encryption possible ?
You didn't specify what you're using for RAID1; presumably not a hardware raid controller, as this would be transparent to the OS. If software RAID (mdadm), you can set up separate RAID1 devices on the boot and root partitions; e.g.
mdadm --create /dev/md0 --metadata 1.0 --raid-devices=2 --level=1 /dev/sd[ab]1
mdadm --create /dev/md1 --raid-devices=2 --level=1 /dev/sd[ab]2but UEFI doesn't know anything about RAID, so just specify /dev/sda1 and /dev/sdb1 as independent boot devices in the UEFI configuration. For similar reasons you can't encrypt the boot partition, nor can I fathom why anyone would want to do this, nor do I understand the reason for LVM, however you can treat /dev/md1 (as per the example above) as an ordinary block device and do whatever you want with it.
The important detail: you must treat the boot and root partitions separately unless you have a hardware RAID device.
Hope that helps.
Offline
#3 2023-10-20 21:31:06
- spookee
- Member
- Registered: 2023-10-19
- Posts: 2
Re: Is RAID1 with full disk encryption possible ?
You didn't specify what you're using for RAID1; presumably not a hardware raid controller, as this would be transparent to the OS. If software RAID (mdadm), you can set up separate RAID1 devices on the boot and root partitions; e.g.
mdadm --create /dev/md0 --metadata 1.0 --raid-devices=2 --level=1 /dev/sd[ab]1 mdadm --create /dev/md1 --raid-devices=2 --level=1 /dev/sd[ab]2but UEFI doesn't know anything about RAID, so just specify /dev/sda1 and /dev/sdb1 as independent boot devices in the UEFI configuration. For similar reasons you can't encrypt the boot partition, nor can I fathom why anyone would want to do this, nor do I understand the reason for LVM, however you can treat /dev/md1 (as per the example above) as an ordinary block device and do whatever you want with it.
The important detail: you must treat the boot and root partitions separately unless you have a hardware RAID device.
Hope that helps.
Thanks for the reply.
I'm using software RAID, with mdadm indeed.
I tried only to RAID1 a single encrypted partition, so boot partition included but as you tell me, it's not okay. I'll try two separate partitions.
And I'm using LVM just because I'm used to it. ^^
[edit] I forgot to say, I'm not using UEFI but just because I'm curious and the boot partition has to be unencrypted, I'll try.
Last edited by spookee (2023-10-20 21:34:09)
Offline