Adding FDE/SED SSDs to Linux as secondary drives
I have several production RHEL servers which use FC/SAN storage.
The FC/SAN storage is encrypted on the back-end array, but we need to add several TB of SSD to each box for local raw devices for database temporary store.
The business requires encryption, so I have been looking at various vendors (Intel/Samsung) which offer FDE/SED. All of the reading seems to indicate that the encryption key is entered at boot time, but that seems to apply when the host OS drive is being encrypted, not secondary drives. Since the OS is not attempting to boot from these SSD drives, im not sure how to "trigger" the key-entry logic to unlock the drive during runtime.
Can anyone offer advice on how to handle FDE/SED for secondary drives?
|