Hello, I have 2 disks currently as a RAID1, and want to encrypt it. I've done several tests with loopback devices, and found that I can either create a raid1 with the raw devices, and then encrypt the /dev/md device, eg: losetup /dev/loop1 /tmp/a losetup /dev/loop2 /tmp/b mdadm --create /dev/md3 --level=1 /dev/loop1 /dev/loop2 --raid-devices=2 cryptsetup luksFormat /dev/md3 cryptsetup luksOpen /dev/md3 md3 or instead encrypt each device, and then make the 2 encrypted devices into a raid, eg: losetup /dev/loop3 /tmp/c losetup /dev/loop4 /tmp/d cryptsetup luksFormat /dev/loop3 cryptsetup luksFormat /dev/loop4 cryptsetup luksOpen /dev/loop3 data3 cryptsetup luksOpen /dev/loop4 data4 mdadm --create /dev/md4 --level=1 /dev/mapper/data3 /dev/mapper/data4 --raid-devices=2 Is there a recommended way to do this? I've read the FAQ, especially the part about bad RAM, how single bit flip errors get amplified - would that mean encrypting each disk separately is safer, because a bit flip error would be only be copied to only one device instead of both? If that happened and a verification test spotted it, I could remove each device in turn to find which has the corruption, and repair it. I am planning on running the full set of RAM tests anyway. Is there any reason not to encrypt each device separately, or any other general advice here? Thanks, Laurence _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
