5 Replies Latest reply: Dec 2, 2012 9:41 PM by Christopher Murphy
nsexton Level 1 Level 1 (0 points)

Can't use filevault2 on my LaCie 2big 4TB Ext HD b/c apparently FV doesn't support RAID volume sets. Any known solutions? Will it work for a mirrored set rather than the striped set?


MacBook Pro, Mac OS X (10.7.5)
  • 1. Re: Filevault2 for ext HD
    ds store Level 7 Level 7 (30,305 points)

    Your asking for trouble using Filevault to begin with, then to compound it by wanting to use it on a RAID?

     

    Your potential for failure and losing your data is astronomically high.

     

    Filevault is cracked and Apple has to have the password to fix your machine and certainly there is a backdoor for the government to peak in.

     

    RAID is notoriously unstable, especially RAID 0. As it splits the data path.

     

    The drive you have is typically used as a "scratch disk" for more performance, not for reliable storage as if the electronics go dead on the enclosure then you lose all your data. If it was a single spindle drive, the internal drive can be takened out and put into another enclosue, can't always be done with the external as the RAID setup is based in the failed hardware of the enclosure. To get your data back would require the services of a platter recovery service.

     

    I never liked the "LaCie Big Disk" for storage needs because of it's potential for failure of all your data is 2x higher than normal. It's fine as long as you backup that data to another storage drive daily, provided you can find a single drive big enough.

     

     

    Your better RAID option is a RAID 5 with about 5 or more drives as there is redundancy of the data on the other drives, plus a  hardware based controller, not software based like in OS X which has to shuffle the data much more and subjected to glitches and malware.

     

    For security a external hardware based self encrypting hard drive with key/keypad is better, or a Iron Key for portable uses.

     

    Filevault  and TimeMachine locks you into only using a Mac to gain access to your files.

  • 2. Re: Filevault2 for ext HD
    Christopher Murphy Level 3 Level 3 (525 points)

    Click on the array icon (not the slice and not the RAID set; the thing that's mounted on the desktop, whatever that name is, is what you need to click on in Disk Utility. Go to the erase tab, and reformat the array as journaled HFS+ encrypted. Obviously this deletes any data on the array.

     

    If you want to convert an array with data already on it, you need to use the command line. Read the man page for diskutil:

     

    man diskutil

     

    The section you want is Core Storage, and the particular command you're looking for is convert. So the command is going to be something like:

     

    diskutil cs convert /dev/diskX -passphrase <passphrase>

     

    X = the number for the mounted array volume. You can get this information from:

     

    diskutil list

     

    I haven't actually tried this, so it may not work. An array is already a kind of logical volume. So you taking a logical volume and adding it to a logical volume group and then exporting it as another logical volume which happens to be encrypted. Presumably you'll get an error if this isn't supported but I recommend a backup just in case. RAID is not a backup, ever. But I've done this a number of times on linux and it is possible there to encrypt RAID arrays, and then add the encrypted virtual device as a PV to a VG, and then export any number of LV's in varous file systems. So I see no reason off hand why this couldn't be done on OS X (except, obviously OS X is not Linux).

     

    If it does work, it will conver the array just like File Vault 2 does, in that the array will remain on-line throughout the conversion process. You can use it for read/write. It will behave totally normally. And it will take a long time, unlike merely reformatting it as an encrypted disk with Disk Utility. The conversion on-line method of encryption causes the whole array to be encrypted on the fly including free space. So for a 2TB disk it takes 2-3 hours. For a large array it will take longer, possibly a day or days. Make sure it finishes. Don't sleep the computer until it's done. To get a status on the conversion you can:

     

    diskutil cs list

     

    You'll find it in the Logical Volume Family section.

     

    The command line conversion method is reversible, just like File Vault 2, that is you can decrypt the volume and restore it to a non-encrypted volume without deleting data. I don't think the encryption method with Disk Utility is revertible to a non-encrypted volume.

  • 3. Re: Filevault2 for ext HD
    Christopher Murphy Level 3 Level 3 (525 points)

    Pretty much all of this is false. Other than bugs, there is no reason why the potential for data loss would be higher. And File Vault is not cracked, that's like saying AES-XTS is cracked which is false. There is commercial software that is capable of locating the encryption key in memory via Thunderbolt. If the computer is off, or there isn't physical access, then it's not possible to get the encryption key.

     

    RAID is not notoriously unstable, but it isn't exactly easy to understand all of the issues either. All of the problem sources with one disk: the disk itself, the cables, the port, the controller, are all duplicated. Which means there are duplicate points for corruption or failure with RAID. So it's fair to say that it's more complicated, and it's fair to say problems are multiplied. But it's not correct to say its unstable as if the problem is RAID rather than the multiple points of failure.

     

    But then you go on to contradict yourself while also giving bad advice when you recommend RAID 5. For one, RAID 5 splits the data path among 3 or more drives. So while you complain about RAID 0 being unstable as it "splits the data path" you recommend something that "splits the data path" even more than RAID 0 does. You also then recommend 5 or more drives which very well may call for RAID 6 rather than RAID 5 due to: a.) increased rebuild time of large drives; b.) the statistical likelihood of encountering URE, which if it occurs will cause the reconstruction of a degraded RAID 5 array to fail during rebuild. So this is just bad advice. In effect RAID 5 is now the domain of nearline and enterprise drives. It's risky using RAID 5 with large capacity consumer SATA disks.

  • 4. Re: Filevault2 for ext HD
    ds store Level 7 Level 7 (30,305 points)

    Christopher Murphy wrote:

     

    Other than bugs, there is no reason why the potential for data loss would be higher.

     

     

    RAID 0 is certainly more risky as there is no data redundancy in case one of the drives fails.

     

    The LaCie Big Disk was a nightmare waiting to happen for many, because for a long time it's been so large and contain so much data that it can't be copied to a single spindle drive.

     

    There is commercial software that is capable of locating the encryption key in memory via Thunderbolt.

     

    If the computer is off, or there isn't physical access, then it's not possible to get the encryption key.

     

    Half cracked is still cracked. Wouldn't you agree?

     

    It's like saying OS X isn't cracked because Safari can't gain root, but it can delete all apps and upload one's personal files.

     

    Think about how many people sleep their machines instead of shutting them down.

     

    RAID is not notoriously unstable, but it isn't exactly easy to understand all of the issues either. All of the problem sources with one disk: the disk itself, the cables, the port, the controller, are all duplicated. Which means there are duplicate points for corruption or failure with RAID. So it's fair to say that it's more complicated, and it's fair to say problems are multiplied. But it's not correct to say its unstable as if the problem is RAID rather than the multiple points of failure.

     

    With RAID 0 is certainly is more unstable because it's one volume with 2 or more points of potential hardware failure that will take all the data if any of them goes.

     

    RAID 5 has redundacy of the data on the other drives is why I mentioned it as a less risky option than RAID 0 on the LaCie Big Disk.

     

    If you think RAID 6 is better, then I defer to your experience on the matter as all I was attempting was to recommend a safer option for large data requirements instead of the risky RAID 0 LaCie Big Disk.

  • 5. Re: Filevault2 for ext HD
    Christopher Murphy Level 3 Level 3 (525 points)

    RAID 0 is certainly more risky as there is no data redundancy in case one of the drives fails.

     

    Higher risk ≠ unstable. Data loss comes from the loss of the drive, not because of RAID 0.

     

    The LaCie Big Disk was a nightmare waiting to happen for many, because for a long time it's been so large and contain so much data that it can't be copied to a single spindle drive.

     

    The problem is not the product, it's users who simultaneously place important data on that product, and also don't back it up even if that means buying a 2nd one to have sufficient storage for the backup. The nightmare are lazy cheap users who treat their important data as though it's completely disposable without notice.

     

    Half cracked is still cracked. Wouldn't you agree?

     

    I don't agree. I recommend readling this including the comments.

     

    It's like saying OS X isn't cracked because Safari can't gain root, but it can delete all apps and upload one's personal files.

     

    It's not a particularly good analogy. One is a remote exploit, the other requires direct physical access and rather constrained conditions. They are not the same thing at all.

     

    With RAID 0 is certainly is more unstable because it's one volume with 2 or more points of potential hardware failure that will take all the data if any of them goes.

     

    Again the problem I have here is one of terminology. RAID 0 is higher risk. Higher risk ≠ unstable.

     

    RAID 5 has redundacy of the data on the other drives is why I mentioned it as a less risky option than RAID 0 on the LaCie Big Disk.

     

    Yeah but the OP question isn't even about these things. It's about how to encrypt a software RAID array. And encrypting the array doesn't increase risk.

     

    If you think RAID 6 is better, then I defer to your experience on the matter as all I was attempting was to recommend a safer option for large data requirements instead of the risky RAID 0 LaCie Big Disk.

     

    I suppose it's a fair point that if the OP values the data enough to encrypt it, that they should value the data enough to not use RAID 0 without a really rigorous backup strategy. Whether they encrypt the array or not, if they lose even one disk they lose the whole array.