TerraMaster HyperLock-WORM File System

More about TOS 5 new features and improvements. Note: this forum is not for bug report! If you want to report bug, please go to the correct forum.
Post Reply
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

TerraMaster HyperLock-WORM File System

Post by TMroy »

Data is a precious asset of the vast majority of users, and data security is very important! Some data storage and custody are even regulated by law, such as court cases, medical cases, financial securities, company financial data, etc. These important data can only be read but not written within a specified time period according to the law. Therefore, such data needs to be protected against tampering. The WORM (Write Once Read Many) features provide a write-once-read-many technology, which is a commonly used method for data security access and archiving in the storage industry.

The WORM feature means that after the file is written, it can enter the read-only state by removing the write permission of the file. In this state, the file can only be read and cannot be deleted, modified, or renamed. By configuring the WORM feature to protect the stored data, it can be prevented from accidental manipulation.

TerraMaster HyperLock-WORM file system is a storage system with WORM characteristics, when you create a new filesystem in TOS, you will be given an option to create a Hyperlock-worm filesystem..Through the write-once-read-many technology, the integrity, confidentiality, and accessibility of the original data in the storage medium are guaranteed to satisfy the sensitive requirements of enterprises. Data security storage and legal supervision needs.

The characteristic of the TerraMaster HyperLock-WORM file system is that its WORM feature is developed based on the file system and is not limited by the file service type. It is suitable for most common file services, but can only be set by the administrator. Administrators can flexibly assign read and write permissions to users and set a protection period. During the protection period, the data uploaded to the device can only be read and cannot be deleted, modified, or renamed. The protection period can be set up to 70 years! In order to improve security, once the protection period is set, it can only be extended but not shortened.

Compared with other storage solutions with WORM features, the TerraMaster HyperLock-WORM file system has higher security. Once the TerraMaster HyperLock-WORM file system is created, even the administrator cannot delete or modify the storage partition from the menu page or the system background. As long as the storage device is safely placed in an isolated environment, anyone without access to the NAS hardware devices, even employees with administrator privileges or hackers, cannot pose a threat to the data.

TerraMaster HyperLock-WORM file system is an innovation in data security management, which can provide more secure protection for customers' important digital assets, and is suitable for industries with important data such as government, public health, law, finance, and enterprises.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
mightymouse
Posts: 14
Joined: 17 Dec 2023, 08:13

Re: TerraMaster HyperLock-WORM File System

Post by mightymouse »

I was testing this feature and set a HyperLock-WORM Volume for 7 days. Is there a way to see when the files and/or volume will be editable again? I could not find anywhere indicating the "end" date of the period. I can see the delete Volume button is disabled, will this be re-enabled after the 7 days?
User avatar
TMwuu
TerraMaster Team
Posts: 139
Joined: 13 Jun 2022, 16:57

Re: TerraMaster HyperLock-WORM File System

Post by TMwuu »

{L_BUTTON_AT}mightymouse

After 7 days, the files on the HyperLock-WORM volume can be deleted, but the volume cannot be deleted.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
mightymouse
Posts: 14
Joined: 17 Dec 2023, 08:13

Re: TerraMaster HyperLock-WORM File System

Post by mightymouse »

So is there no way to remove the volume at all, ever? Not even by removing the HDDs?
Edit: Okay I kinda answered my own question. Once the HDDs were removed the Volume disappeared from the TNAS.
TiggerMS
Posts: 15
Joined: 28 Mar 2020, 22:22
Germany

Re: TerraMaster HyperLock-WORM File System

Post by TiggerMS »

Hello,
I would like to know what you mean by the fact that after the hard drives were removed, the Hyper-Lock Worm partition disappeared. Were the disks physically removed or removed in the Control Panel? I would also like to delete the volume! Or do I have to reinstall the whole TOS? Would it finally be gone?
I thank you in advance for your answers.
User avatar
bidmead
Posts: 114
Joined: 18 Jan 2021, 02:25
Great Britain

Re: TerraMaster HyperLock-WORM File System

Post by bidmead »

I've been in correspondence with Terramaster support about how to remove the HyperLock-WORM feature from an NVMe drive.

Tested Technology has been reviewing the F4-223 and TOS5 and we wanted to include a discussion of this feature in our final article in the series. Our test set the WORM expiry date for seven days and in the absence of any warnings to the contrary, we expected to be able to deWORM the drive at any time after that expiry and return it to normal duty.

The drive was one of a pair of 2TB Seagate IronWolf 525 NVMes, pooled together and divided into two volumes. Only one of these volumes was set as WORM. We were using TRAID in the system so presumably the pool of two identical drives would have been effectively RAID 1.

The procedure to reclaim these NVMEs for other duty after the completion of our WORM test seemed simple: delete the files, delete both volumes, delete the pool, physically remove the drives.

We had no problem deleting the non-WORM volume. We then deleted all the files in the (expired) WORM volume and attempted to delete that volume. This is our resulting report to Terramaster support:

EXPECTED BEHAVIOUR: Following the expiry of the WORM period, the volume can be edited to untick the HyperLock-WORM entry. This allows the volume to be deleted and subsequently also allows removal from the system of the hardware comprising the volume.

ACTUAL BEHAVIOUR: Following expiry of the WORM period, the volume can apparently be edited to untick the HyperLock-WORM entry and this change is affirmed by the system. However, no change is actually made to the volume. It remains as a WORM device and cannot be deleted and therefore the underlying hardware cannot officially be removed from the system.

Terramaster's response is puzzling and I'm seeking clarification. The official line seems to be they don't regard the misleading apparent unticking of the HyperLock-WORM tag as a bug, and that they know of no way of removing WORM from the hardware. I find it very hard to get my head round this.

If this is indeed the case, why are there no warnings to the effect in the documentation and in the process of setting up the HyperLock-WORM?

But the documentation appears to offer a contradiction to what support is saying:

As long as the storage device is safely placed in an isolated environment, anyone without access to the NAS hardware devices, even employees with administrator privileges or hackers, cannot pose a threat to the data.

If the security of WORM is confined to "anyone without access", this must surely imply that anyone with access will have different privileges. Would they be able to delete the volume and reformat the drive?

It seems to me highly probable that the HyperLock-WORM feature lies entirely in the domain of the operating system and does not involve any special feature of the NVMe controller (which if WORMhood were to survive removal from the TOS5 environment it would need to do, wouldn't it?). If this is the case, removing the drive or perhaps even just sshing to it inside TOS5, might be enough to deWORM the device.

I haven't yet tried either of these approaches—I thought it best first to put this question about ssh and removal directly to support. The reply was that they "don't know if the method you mentioned is feasible".

The WORM feature is a valuable addition to TOS5 and the devs are to be congratulated for creating it. But it worries me that apparently not very much is known about it.

--
Chris
User avatar
mightymouse
Posts: 14
Joined: 17 Dec 2023, 08:13

Re: TerraMaster HyperLock-WORM File System

Post by mightymouse »

It's been a little while since I went through this but to add some more light on how I removed the WORM volume... I physically removed the HDD drives from the system. Similar to when a drive fails, if the Volume / Pool, is compromised beyond repair (i.e. you loose all drives or sufficient drives not to be able to recover the pool) the NAS determines the Volume is broken and removes it. Not much you can do about a "failed" pool...

I suspect if I put the drives back in untouched it may have recovered the pool and I'd be back to square one. However, after taking the drives out, I installed them in my old NAS and deleted all partitions (you could do this with any PC). After deleting the partitions, putting the HDDs back into the TerraMaster NAS it has no way to know those used to be WORM drives, they're simply just new, empty, drives as far as it's concerned. So you can start rebuilding you new (non-WORM) volumes.

Volumes are also listed in /etc/volume/volume.conf you can tidy that up before building extra / new volumes to have a continuity in volumes numbering.

In short... TOS respects Hyperlock-WORM and will prevent any users (including admins) doing any modifications to it. FACT. I doubt you can do any harm to it even by SSH.

However, other PC / NAS don't care about Hyperlock-WORM (and nor should they), they will happily format/wipe the drives.

So as long as the drives are in a TerraMaster NAS and you only have "digital" access to it, the data is safe.

Having physical access to the drives is a whole different ball game... Before anyone points this out as being a flaw, consider physical security (access to pulling a drive out) no different to having access to taking a sledgehammer to it. If that is a real risk, then physical security (and off site backups) needs to be considered...
User avatar
bidmead
Posts: 114
Joined: 18 Jan 2021, 02:25
Great Britain

Re: TerraMaster HyperLock-WORM File System

Post by bidmead »

Many thanks, @mightymouse, for that very full explanation. I had suspected that the HyperLock-WORM feature was solely a function of the TOS 5 domain but I was waiting for confirmation before physically removing the two NVMes providing the physical storage.

There was always a (very remote) possibility that TOS 5 was reprogramming the NVMe or SATA controllers to secure the lock outside TOS 5 and I'm very glad to be assured this isn't the case.

But it remains worrying that Terramaster support appears to know so little about this potentially valuable function. Further work needs to be done on it, I believe, before it can be recommended for production use.

The bug I've already documented here that apparently allows the WORMed volume to be edited to a de-WORMed state while actually maintaining the status quo is just one of the anomalies I've encountered. In Control Panel/Hard Drive/Hard Drive I have my two 2TB NVMes listed as Removed. As I've reported here, I've in fact left them in place. Revisiting them a couple of days later they are still marked as Removed. However, in the interim, TOS 5 has rebuilt the TRAID/RAID 1 array on these Removed drives! The pool has been reconstructed and the two volumes, one of them WORM are back in play. This is very far from expected behaviour.

--
Chris
Post Reply