Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to have 1 partition from each drive mirrored, RAID1
I would like this RAID array encrypted.
Is it possible to set up the blank drive with a missing RAID parition, then implement encryption on it, then copy the data from the other drive, then build the raid mirror?
I'm a little bit confused at what you want to do. Do you have two empty partitions, do you want to migrate from single drive to RAID? I have encrypted a RAID using LUKS...
Basically, it would go like this: Create and build RAID. Encrypt raid using LUKS (I'm assuming your using LUKS). Then unlock the mount volume. Then create an FS on the unlocked encrypted volume. Hope this helps! Let me know if this helps or exactly what you want.
Is it possible to set up the blank drive with a missing RAID parition, then implement encryption on it, then copy the data from the other drive, then build the raid mirror?
What's the best way to do this?
Yes, and it sounds like you answered your own question. That's exactly what I did, setup RAID with "missing", put LUKS on it, set it up to boot in grub as an alternate to the "regular" existing setup, verify that it works, then add the other partition to the RAID, which will, of course, copy over the LUKS etc.
Last edited by mostlyharmless; 02-20-2009 at 03:01 PM.
Reason: typo
WOW. it is 24 hours and running - i am now using 'cp -a' to copy data to the encrypted partition - CPU is at 100% and the copying is VERY slow. I didnt expect this much overhead.!!!
My setup isn't slow either; must have to do with your hardware setup, or there's something else going on.
There are a lot of issues getting RAID to be speedy. I's better, for example, for the disks to not be on the same bus, particularly if it's IDE. If the disks are external and USB, well then, they'll be slow, in general.
Heres my benchmark. The first one shows the speed of the unencrypted drive (SATA, 5000RPM, Laptop) and the second one shows the speed of the encrypted drive:
[wsduvall@Asar ~]$ sudo hdparm -Tt /dev/sda
Code:
/dev/sda:
Timing cached reads: 2492 MB in 2.00 seconds = 1247.39 MB/sec
Timing buffered disk reads: 118 MB in 3.03 seconds = 39.00 MB/sec
[wsduvall@Asar ~]$ sudo hdparm -Tt /dev/mapper/
control home root swap
[wsduvall@Asar ~]$ sudo hdparm -Tt /dev/mapper/home
/dev/mapper/home:
Timing cached reads: 2468 MB in 2.00 seconds = 1234.74 MB/sec
Timing buffered disk reads: 112 MB in 3.00 seconds = 37.28 MB/sec
I would be very interested to see the results from your setup.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.