Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

SED disks in Array

Featured Replies

Anybody using one or multiple SED disk in array so that if the disk walks the contents would be unreadable?

 

I realize that if the disk is pulled the data can be rebuilt on an insecure disk and accessed. 

Silly question but what is a SED disk? And how does a disk walk?

Silly question but what is a SED disk? And how does a disk walk?

 

google is your friend and he's talking about someone physically stealing the storage device.

Silly question but what is a SED disk? And how does a disk walk?

 

google is your friend and he's talking about someone physically stealing the storage device.

 

Ahhh now that makes sense!!!

  • 3 weeks later...
  • Author

Just in case people are interested in how this went.  
 

I bought a refurb Seagate Constellation ES.2 3TB disks for $60 just to test this stuff out before I spent any serious money on large, modern SED disks.    In short...

 

IT WORKS!

 

Some considerations and hangups I had:

I'm certain my five built in SATA ports support ATA passwords set in the BIOS.  I'm not sure my 5 SCU ports or my Supermicro card support any way to pass ATA passwords that SED relies on at boot.  You could always NOT autostart the array and pass the passwords using hdparm commands.  A plugin/app could be developed to help with this as well.

 

One hangup that did take time to sort out was that I was setting passwords and preclearing on a test/lab system to move to my main unraid box for addition the raid.  That did not work because I was setting plain text passwords on the test machine with hdparm but my main server passes the plain text password through a hash (to protect against dictionary attacks) before passing through the SED disk.  Until I figured out this issue I wasn't really sure what was wrong.   Removing password and running preclear on one system and then setting passwords in BIOS on the system you'll be using is fine.  You may also be able to update hdparm to support the hash algorithm of your system.

 

Generally, a disk once removed from power is locked when power is restored.  A disk that's "sleeping"  (not sure which sleep state) is not using power and if removed from power and power is restored in an alien system the disk remains unlocked (reference) and available to read.  I'm not sure which category an unraid data disk that's spun down falls in. 

 

Other ways to encrypt:

Truecrypt, Veracrypt or Bitlocker file containers also serve well to encrypt data (I used bitlocker).   If its possible, someone with the knowledge could spend the time to make a veracrypt for unraid docker that would put a container file on the array, require a password in the docker web gui on restarts.   Once that password is given the encrypted file system in the docker is mounted by Tower via NFS and shared via SMB from the main tower.

Edited by dimes007

  • 3 years later...

@dimes007 Did you take your SED investigation any further? I'm preparing an encryption supplement to the Tested Technology UnRAID story and would welcome any more information.

 

-- 

Chris

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.