On Tue, Aug 23, 2016 at 8:34 AM, Matt Garman <matthew.garman@xxxxxxxxx> wrote: > On Tue, Aug 16, 2016 at 5:43 PM, Doug Dumitru <doug@xxxxxxxxxx> wrote: >> One last thing I would highly recommend is: >> >> Secure erase the replacement disk before rebuilding onto it. >> >> If the replacement disk is "pre conditioned" with random writes, even if >> very slowly, this will lower the write performance of the disk during the >> rebuild. > > Does that also apply to brand-new disks from the manufacturer? > > I.e., should we just always do a secure erase, or sometimes depending > on how the drive was sourced? The main issue is to get rid of previous fs signatures so there are no longer stale file systems. If the drive is/was ever partitioned, those signatures could be anywhere on the drive, so the ATA secure erase is a way to clobber all of them. An alternative is fully encrypting the drive. If you merely change the encryption key, cipher text on the drive becomes different "cipher text" as it's decrypted, so again everything that was on the drive is effectively obliterated, but is much faster. If security isn't a big concern, you can automate opening the LUKS device with a keyfile to avoid manually typing in passphrases. The other nice thing about it is if you ever have to return such a drive under warranty, or otherwise decommission it, you don't have to worry about drive contents. -- Chris Murphy -- To unsubscribe from this list: send the line "unsubscribe linux-raid" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
