What settings for nvme dedicated to nas

U

unecc

New Member
Aug 14, 2023
17
0
1
Hi everyone,
i just added a 4tb nvme that i want to use exclusively on my truenas virtual machine. Can you recommend the settings to use to make the most of my nvme and make it secure and avoid writing errors.
It will contain important data.

Thank you
 

Attachments

  • a.jpg
    a.jpg
    30.6 KB · Views: 7
  • b.jpg
    b.jpg
    30.6 KB · Views: 7
Last edited:
Thanks for your help. I checked that my system is pci passt compliant and all is well.
I've identified my nvme that I want to FULLY devote to truenas but it tells me "The selected Device is not in a seperate IOMMU group, make sure this is intended."
Can I still proceed or am I at risk?

root@naccinas:~# find /sys/kernel/iommu_groups/ -type l
/sys/kernel/iommu_groups/7/devices/0000:00:1a.0
/sys/kernel/iommu_groups/5/devices/0000:00:16.0
/sys/kernel/iommu_groups/5/devices/0000:00:16.3
/sys/kernel/iommu_groups/3/devices/0000:00:14.2
/sys/kernel/iommu_groups/3/devices/0000:00:14.0
/sys/kernel/iommu_groups/1/devices/0000:00:00.0
/sys/kernel/iommu_groups/8/devices/0000:00:1f.0
/sys/kernel/iommu_groups/8/devices/0000:00:1f.5
/sys/kernel/iommu_groups/8/devices/0000:00:1f.3
/sys/kernel/iommu_groups/8/devices/0000:00:1f.6
/sys/kernel/iommu_groups/8/devices/0000:00:1f.4
/sys/kernel/iommu_groups/6/devices/0000:00:17.0
/sys/kernel/iommu_groups/4/devices/0000:00:14.3
/sys/kernel/iommu_groups/2/devices/10000:e0:1a.0
/sys/kernel/iommu_groups/2/devices/10000:e0:17.0
/sys/kernel/iommu_groups/2/devices/10000:e0:1b.4
/sys/kernel/iommu_groups/2/devices/10000:e2:00.0
/sys/kernel/iommu_groups/2/devices/0000:00:0e.0
/sys/kernel/iommu_groups/2/devices/10000:e1:00.0
/sys/kernel/iommu_groups/2/devices/10000:e0:1b.0
/sys/kernel/iommu_groups/0/devices/0000:00:02.0
root@naccinas:~#
 

Attachments

  • asd.png
    asd.png
    30 KB · Views: 6
Last edited:
You can only passthrough whole IOMMU groups with all devices in it. The PCIe lanes of your M.2 slot are probably not directly connected to your CPU but to the mainboards chipset and therefore share a IOMMU group with all the other devices that are connected to the chipset (NICs, USB, SATA, whatever). If that is the case you would also passthrough your NIC, USB and so on which would probably crash your host or at least make it useless without any network connectivity.

You could try to switch M.2 slots until you find one that got it's own IOMMU group. "ACS override" could split your IOMMU groups but with that you also lose isolation so not great for security.
 
Last edited:
for acs override i've to use command:

"pcie_acs_override=downstream,multifunction" or "pcie_acs_override=downstream"

what's my risk?
 
Last edited:
You must log in or register to reply here.
Top Bottom