Linux - HardwareThis forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Location: I live in a town so small, if I tell you the name of the town you will know where I live.
Distribution: Fedora, Debian, and Arch
Posts: 16
Rep:
Looking for a good raid controller...
I have been using Areca products for a long time, but recently I realized that maybe there are better solutions out there... having no real experience with any, I figured I'd come here...
I am getting tired of the raid controller taking longer to post than my entire system takes to boot. so I think I want a faster to post raid controller... but more importantly, I am looking for a raid controller that supports Full Disk Encryption (FDE). I note that a lot of storage companies are touting their drives having FDE built in but without a raid controller to support it, it's just a gimmic. also, I note that the only two controllers out there that DO support FDE are not Hardware raid, they are host raid (which Linux doesn't really do).
Assuming price is not an object (because it really isn't) what is a good Hardware raid controller that supports full disk encryption?
one last note; no, this is not for a server. I just like a workstation with some power under the hood... I like having a system that no matter what I throw at it, it works and has enough resources to spare for Minecraft at the same time! :P
What kind of raid level are you looking to obtain? You say you want some power so is this going to be like a striped mirror or something of that nature?
Location: I live in a town so small, if I tell you the name of the town you will know where I live.
Distribution: Fedora, Debian, and Arch
Posts: 16
Original Poster
Rep:
I have 5 drives in the system.
2 SSDs (OCZ Agility 2 60GB SATA II) and 3 MHDs (Seagate Momentus 750GB SATA II)
before my areca 1280 bit the dust, my disks were setup like thus:
Raid 0 stripe on SSDs - 120GB
/boot - 2GB
SWAP - 16GB
/ - remainder of stripe ~100GB
Raid 5 array on MHDs - 1500GB
/Home - 1.5TB
I kept my OS and all resource hungry applications running on the stripe (raid 0 is not really a correct term) and used the raid 5 array as /home storage... home storage doesn't require the heavy access I/O of running applications.
I would LIKE to get me swap onto a separate SSD from the root partition, but securing it would be harder...
I guess I should mention, I suffer from extreme paranoia... hence me looking into FDE.
[EDIT] I guess I should ALSO mention, I have no qualms about getting all new drives... SATA3 looks speedy fast... but I like to build my rigs around the storage controller first then the proc and system-board, I find this is the performance bottleneck almost no one looks at.
Last edited by rudepeople; 01-18-2013 at 04:59 PM.
It is easy to encrypt swap, whether the rest is encrypted or not - a number of tutorials abound. While there may be some speed benefits to a hardware raid controller, unless you keep a spare (especially if using hw encryption) you are better off with software raid. The performance impact on most modern systems is negligible.
Check out LSI's products as they have some models that may suit your needs. Intel may also be an option for you. However, virtually all hardware RAID controllers will slow the POST time at boot.
My personal workstation is running a RAID 1 array using mdadm and is FDE via LUKS. Swap is also encrypted and the boot partition is on a small USB key which when removed renders the system useless. Backups are to an external HDD and are also encrypted. There is no noticeable performance impact in normal daily use.
Location: I live in a town so small, if I tell you the name of the town you will know where I live.
Distribution: Fedora, Debian, and Arch
Posts: 16
Original Poster
Rep:
Quote:
Originally Posted by NyteOwl
It is easy to encrypt swap, whether the rest is encrypted or not - a number of tutorials abound. While there may be some speed benefits to a hardware raid controller, unless you keep a spare (especially if using hw encryption) you are better off with software raid. The performance impact on most modern systems is negligible.
Check out LSI's products as they have some models that may suit your needs. Intel may also be an option for you. However, virtually all hardware RAID controllers will slow the POST time at boot.
My personal workstation is running a RAID 1 array using mdadm and is FDE via LUKS. Swap is also encrypted and the boot partition is on a small USB key which when removed renders the system useless. Backups are to an external HDD and are also encrypted. There is no noticeable performance impact in normal daily use.
I figured this would be the typical response... and I really don't have a reason for wanting hardware raid anymore I guess...
I guess I should just get me a PCIe SSD card in the 16~32 gig range and put my swap out there. I could also throw my boot partition on it so I don't have to surrender any space to "/boot" from "/"
My only real concern is this, how easy is it to hack the standard luks encryption setup? is there any way to mitigate that risk?
LUKS uses the encryption algorithms available to the kernel. This includes AES, Blowfish, Twofish, Serpent and others. None of those mentioned have been compromised to date (or the NSA, CSE or GCHQ aren't talking). Note that LUKS, like most block level drive encryptions protect data at rest. Once mounted and unlocked the contents are as vulnerable as any non-encrypted drive. This is true of hardware FDE as well. To protect data contents at the file elvel you have to layer FDE with an encrypted filesystem (such as encfs for example).
All in all, I would say LUKS is secure enough for all consumer and virtually all business grade use. Possibly much government use as well for that matter.
Location: I live in a town so small, if I tell you the name of the town you will know where I live.
Distribution: Fedora, Debian, and Arch
Posts: 16
Original Poster
Rep:
Quote:
Originally Posted by NyteOwl
LUKS uses the encryption algorithms available to the kernel. This includes AES, Blowfish, Twofish, Serpent and others. None of those mentioned have been compromised to date (or the NSA, CSE or GCHQ aren't talking). Note that LUKS, like most block level drive encryptions protect data at rest. Once mounted and unlocked the contents are as vulnerable as any non-encrypted drive. This is true of hardware FDE as well. To protect data contents at the file elvel you have to layer FDE with an encrypted filesystem (such as encfs for example).
All in all, I would say LUKS is secure enough for all consumer and virtually all business grade use. Possibly much government use as well for that matter.
Outstanding!
I am researching encrypted filesystems as well... Thank you!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.