Can one create a bootable software RAID0, RAID5, or JBOD containing a Windows installation?
The answer is No. One cannot run an operating system from a software RAID0, RAID 5, or spanned volume.
A hardware RAID controller is required to be able to make a RAID bootable.
It is not possible to boot off the software RAID because the RAID is not readable until the operating system is fully loaded, and the OS itself is on the RAID.
One can only start an OS from a software RAID1, and even that is not trivial. To boot from a "second" hard drive of a software RAID1, you probably need to manually copy the MBR first.
Monday, March 28, 2011
Tuesday, March 8, 2011
Hard Drives with Full Encryption
Certain modern hard drives have built-in a hardware-based 256-bit AES encryption.
Surprisingly though, the content on these is encrypted even if no password was set. If the encryption chip quits, the cipher key is lost and hence data cannot be recovered despite the fact the storage itself is OK. Considering that in real life a failure of the encryption chip is higher probability even than the drive getting into enemy hands, the continuous encryption is likely not a very bright idea.
Why the heck did they do that in such a way? The rationale behind such a decision is a speed of a password change. If there is a policy of "no password = no encryption", once the password is set or changed, the full capacity of the disk needs to be re-encrypted, taking some hours. And this even before we start looking into other complications like multiple consequent power failures during reciphering. The same consideration exists when the password is removed.
So the engineers implement the faster option. The master encryption key which is actually used to encrypt the data is initialized during the production and flashed into controller's NVRAM. All the data on the disk is encrypted using this master key, regardless if the user sets the password. If user requests a password to be set, the master key is encrypted with that password. The contents of the drive being encrypted from the start, you cannot read data not having the master key, and the key is not accessible unless you have the correct password.
Now if the encryption module burns, the data is not accessible at all.
These drives are often used in external enclosures and laptops (anticipating a higher probability of actually losing the drive compared to an internal desktop hard drives), forming a special class of devices in addition to this list. These external drives are fairly hard to recover.
Surprisingly though, the content on these is encrypted even if no password was set. If the encryption chip quits, the cipher key is lost and hence data cannot be recovered despite the fact the storage itself is OK. Considering that in real life a failure of the encryption chip is higher probability even than the drive getting into enemy hands, the continuous encryption is likely not a very bright idea.
Why the heck did they do that in such a way? The rationale behind such a decision is a speed of a password change. If there is a policy of "no password = no encryption", once the password is set or changed, the full capacity of the disk needs to be re-encrypted, taking some hours. And this even before we start looking into other complications like multiple consequent power failures during reciphering. The same consideration exists when the password is removed.
So the engineers implement the faster option. The master encryption key which is actually used to encrypt the data is initialized during the production and flashed into controller's NVRAM. All the data on the disk is encrypted using this master key, regardless if the user sets the password. If user requests a password to be set, the master key is encrypted with that password. The contents of the drive being encrypted from the start, you cannot read data not having the master key, and the key is not accessible unless you have the correct password.
Now if the encryption module burns, the data is not accessible at all.
These drives are often used in external enclosures and laptops (anticipating a higher probability of actually losing the drive compared to an internal desktop hard drives), forming a special class of devices in addition to this list. These external drives are fairly hard to recover.
Subscribe to:
Posts (Atom)