stereobastler Posted January 20, 2020 Share Posted January 20, 2020 Hi all, I am in the process of buying new hard drives for my Unraid system. I had problems with SAS drives (no spin down) and thus would like to switch to SATA. I was thinking about using the Seagate Exos X16 16TB drives. At the moment, the SATA models with SED (self-encryption) are much cheaper than without the feature, so I was thinking to just use the "transparent SED" mode without BIOS key management, and basically ignore the encryption happening on the disk. Are there any resources I can read, any experiences with SED in Unraid? I found this thread, but it is from 2017: https://forums.unraid.net/topic/54440-sed-disks-in-array/ Thanks in advance, BR Andreas Quote Link to comment
pras1011 Posted August 13, 2020 Share Posted August 13, 2020 Did you resolve this? Quote Link to comment
stereobastler Posted August 13, 2020 Author Share Posted August 13, 2020 The normal drive functionality works fine out of the box with seagate EXOS X16 16TB SATA SED drives. I did not test the key management and unlock-on-boot since I only really care about the quick erase functionality when decommissioning the drives. Hope that helps. Quote Link to comment
pras1011 Posted August 16, 2020 Share Posted August 16, 2020 So all of the sed functions are off by default? Sed drives are cheaper than the standard drives. Quote Link to comment
stereobastler Posted August 16, 2020 Author Share Posted August 16, 2020 (edited) Yes and no. The data that is physically stored on the platter is encrypted transparently with the key that was flashed at the factory. When you read it back, the drive decrypts it on the fly. This is what allows you to „wipe“ the drive instantly during decommissioning - change the key and the encrypted data becomes a garbled mess. what is not active by default is that you need to enter a password during boot which unlocks the key, which in turn allows to access the data. here be dragons: this does NOT protect your drive while the pc is in standby, it only helps when power is physically removed from the drive (e.g. somebody disconnects and steals your drive). PS: if my info helped you, please leave a thanks by clicking the heart in the bottom right corner so I can track how many people have similar problems. Edited August 16, 2020 by stereobastler 1 Quote Link to comment
bidmead Posted March 2, 2021 Share Posted March 2, 2021 Did you take SED any further, @stereobastler? I'm hoping to investigate the possibility of using hdparm to set the password on SED drives, rather than using the BIOS. There's an hdparm parameter, --sanitize-crypto-scramble, that I believe might do the trick, Do you, or anybody else here, know anything about this? -- Chris Quote Link to comment
stereobastler Posted March 2, 2021 Author Share Posted March 2, 2021 Not really, sorry to disappoint. There was a distinct lack of both technical information and interest from the community, so I did not investigate further. Also, it is not really a threat scenario for me since my server is located at home. I find the idea of SED drives quite charming, since you get the benefits of encryption without the performance loss that comes along with encrypting your array, so if you find a solution please do let me know. I cannot test this myself at the moment, since I have exactly 2 SED drives which are my data and parity drive. Andreas Quote Link to comment
oh-tomo Posted February 26 Share Posted February 26 I would like to use this quick erase functionality on an IronWolf Pro HDD. I downloaded the SeaChest utilities as described in this thread: But I get "RevertSP is not supported on this device" when using that option with Seagate's SeaChest_Erase tool. The SeaChest Erase readme has a section "Enabling TCG Commands In Linux" and the below thread describes how to set libata.allow_tpm to 1 on unRAID, which I did and rebooted. Still "RevertSP is not supported on this device." Then I tried connecting the HDD to a SATA port on the motherboard instead of LSI 9300-8i LBA to see if that made a difference with the libata change. Still "RevertSP is not supported on this device." I don't see anything on Seagate's website saying this model (ST16000NE000-2RW103) is *not* SED. Seagate chat support claimed it is SED and after more questions ended the chat with "The recommendation we could provide is to contact with unRAID to further support." There's a PSID on the label. Why would there be a PSID on the label if it wasn't SED capable? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.